Integrating Pandemic Readiness into Your Organization's Resiliency Model.



Similar documents
Into the cybersecurity breach

U.S. CFO Program The Four Faces of the CFO Deloitte Touche Tohmatsu

BCM and DRP - RFP Template

An approach to planning for a pandemic

Risk Considerations for Internal Audit

Pandemic Accord Continuity Exercise Series

Developing Your Strategic Plan

How Kaiser Permanente Prepares for Emergencies

Global Statement of Business Continuity

3 rd -party Security Risk Assessment

Enterprise Risk Services. Aware vs. committed where do you stand? Business continuity management

The Pandemic 101 Program

ERP Administrative Challenges Brian Jensen

Business Resiliency Business Continuity Management - January 14, 2014

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Interagency Statement on Pandemic Planning

BUSINESS CONTINUITY POLICY

Ontario Pandemic Influenza Plan for Continuity of Electricity Operations

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Business Continuity Planning for Risk Reduction

Business Continuity Overview

Deloitte Consulting High Impact HR Operating Model. Point of View

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

Cybersecurity The role of Internal Audit

3 rd Party Vendor Risk Management

TELUS Business Continuity Program past and future

Test the organisation, not just the plan

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business Continuity Management AIRM Presentation

Disaster Recovery and Business Continuity Planning Workshop. Jane Drews University IT Security Officer June 30, 2009

Auditing the Unthinkable: Business Continuity and Disaster Recovery. Agenda

Work Toward Your Bachelor s Degree

C H E C K L I S T F O R P a n d e m i c

State of South Carolina Policy Guidance and Training

Business Continuity & Disaster Recovery

Prepared by Rod Davis, ABCP, MCSA November, 2011

Blending Corporate Governance with. Information Security

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

The Importance of Performance Metrics in Business Continuity Paul Kirvan, FBCI, CISA

BUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers

Third Party Security: Are your vendors compromising the security of your Agency?

Key Cyber Risks at the ERP Level

Coping with a major business disruption. Some practical advice

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

Business Continuity / Disaster Recovery Context

Key Considerations of Regulatory Compliance in the Public Cloud

2014 NABRICO Conference

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Business Continuity Policy

Mary E. Galligan Director Deloitte & Touche LLP August 4, 2015

Enterprise Risk Management taking on new dimensions

Business Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM

Sustainability Analytics The three-minute guide

Lessons from Defending Cyberspace

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013

Business Continuity Planning. Presentation and. Direction

Release Management: Effective practices for IT delivery

Business Continuity Policy and Business Continuity Management System

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

fs viewpoint

How to Exercise a Business Continuity Plan (BCP)

Business Continuity Planning (BCP) 101

Enterprise risk management and business continuity management Together at last

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Business Continuity and Disaster Recovery Planning

Business Continuity Management Emerging Trends

Corporate Health Management. Corporate Health Policy Deutsche Post DHL

Business Continuity Planning in Indian Perspective

University of Ottawa Pandemic Plan

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

10-POINT FRAMEWORK. for Pandemic Influenza Business Preparedness

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

PANDEMIC RESPONSE CHECKLIST

BUSINESS CONTINUITY PLAN OVERVIEW

Transcription:

Integrating Pandemic Readiness into Your Organization's Resiliency Model. David M. Sarabacha Senior Manager MBCP, MBCI, CISSP, CISA, CISM Deloitte & Touche LLP

Agenda TOPIC SCHEDULE Session Overview Introduction & Background on Companies BCM Program Components 5 min 10 min 10 min BCM Approach 10 min Focus of Solutions for Pandemic Preparedness 15 min Key Pandemic Planning Components 20 min Take-Aways 5 min

Introductions Panelists: Moderator: David Sarabacha Western Region Business Continuity Management Practice Leader Deloitte & Touche LLP

Disclaimer This presentation materials and the comments presented during the corresponding session contains general information and generalized examples only and Deloitte & Touche LLP along with the other participating organizations are not, by means of this presentation or session, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation and session are not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte & Touche LLP, its affiliates and related entities and any other participating organizations shall not be responsible for any loss sustained by any person who relies on this presentation or session.

People BCM Program Components Crisis Management Core BCM Disciplines Emergency Response Program Scope Business Continuity Disaster Recovery Lifecycle ** Risk Management Components Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Security /Controls Information & Communication Monitoring Strategic Foundation Governance Policy & Standards Key Program Elements Process Enablers ** Consistent with COSO Enterprise Risk Management Framework

BCM Approach An Approach to Business Continuity Management Analyze Develop Implement Current State Assessment Governance Resource Acquisition & Implementation Risk Assessment Availability/ Recoverability Strategies Training Business Impact Analysis Procedures Testing Continuous Improvement / Quality Assurance

What is BETH3? BETH3 summarizes the elements that can be impacted in the event of a disaster. The BETH3 elements are: Buildings (Facilities) Equipment Technology (IT Hardware/Software/Infrastructure) Human Resources 3 rd Parties (Dependencies)

A Framework for Pandemic Planning A pandemic would impact a business in its ability to mobilize its work force to create products and serve its customers. All three of these aspects of planning an preparedness must be addressed. Our approach supplements these by identifying key components of a Pandemic Plan and an approach to developing such a plan. Employee Wellness Key Components Trading Partners Human Capital Continuity HR Policies and Procedures Product Continuity Planning Vigilance Pandemic Preparation...... Leadership/Decision Making Education Response Customer Continuity Key Business Processes Public/Private Partnerships Communication Teleworking Risk and Legal Key Components Preparedness Key Components

The Threads of Pandemic Planning Human Capital Continuity Employees are a critical resource to business and when they do not work or work inefficiently or ineffectively, business losses are incurred. The metrics for this objective are Days of work lost to illness The costs of hiring and training new employees Insurance costs for self-insured employers Standard measures of workplace efficiency specific to each industry Businesses must also protect their employee s families in order to reduce revenue lost due to leave taken to care for a sick family member and insurance costs for self-insured employers Product and Service Continuity Businesses must preserve their primary and secondary revenue streams. The metric for this objective is lost revenue. Customer and Strategic Partner Continuity This involves determining how a pandemic might impact them and minimizing this impact. Strategic partners of note might include suppliers, manufacturers, distributors and regulators

Key Pandemic Planning Components Key Components Key Business Processes Leadership/Decision Making Education Public/Private Partnerships Communication Teleworking Risk and Legal HR Policies & Procedures Trading Partners Employee Wellness Develop policies and processes to maintain operational effectiveness during a pandemic Implement a Pandemic Planning and Coordination Unit (PPCU) as part of the existing Business Continuity Planning (BCP) function Increase awareness and knowledge about influenza prevention and treatment through clear, consistent, medically accurate information Develop and maintain valuable partnerships with trading partners and critical stakeholders such as unions and public health agencies Communicate the response plan and approach to employees and families, customers, suppliers, and partners Identify organizational and technical infrastructure requirements to minimize the potential disruption resulting from a pandemic Identify likely threats in order to decrease the risk of threat occurrence and contain damage Develop risk mitigation policies and procedures Identify core staff and functions and establish policies and procedures during the pandemic Review demand, distribution, and production plans and link strategies with key trading partners to ensure that critical business processes are maintained Review contracts with health plans and provider networks to ensure coverage and provision of services such as vaccinations and access to medical facilities

The Core Activities of Pandemic Planning Pandemic preparation is continuous process to help a business Plan, Prepare, Respond and Monitor their activities before, during, and after an outbreak Planning Review the current state and develop formal strategies to prepare the business Preparedness Train, acquire resources and infrastructure, and manage inventory in case of a pandemic Planning Preparedness Vigilance Response Vigilance Monitor and evaluate the response and update the plan based on reactions Response Execute the plan and strategies in the face of a pandemic

Methodology for Planning & Preparing This approach to Pandemic Planning builds on experiences with Business Continuity Planning and applies it to the unique requirements of the pandemic threat. PLANNING Analyze PREPAREDNESS Develop RESPONSE Implement Planning Preparedness Current State Assessment Management Succession Pandemic Response Strategies Rollout and Implementation Training Vigilance Response Business Impact Analysis Preparation Testing VIGILANCE Continuous Improvement/Quality Assurance

Take-Aways Take precautions to protect your PEOPLE through HR policies, preventive healthcare practices and responsible response activities planned in advance Planning can not only protect your assets, through a well developed complete response, but also illuminate potential areas where market share could be gained by changing products and/or processes. Develop a comprehensive BCM solution: This is not just an HR issue, legal issue, technology issue, facilities issue, security issue, process issue, it must be an Integrated Response.

A Final Word & For More Information Plans are nothing Planning is Everything. -- Dwight Eisenhower David M. Sarabacha MBCP, MBCI, CISSP, CISA, CISM Deloitte & Touche LLP 111 SW Fifth Avenue US Bank Corp Tower - Suite 3900 Portland, OR 97204-3642 Senior Manager Security & Privacy Services Tel: + 1 503 727 5360 Mobile: +1 503 308 2490 Fax: +1 503 219 0379 dsarabacha@deloitte.com Member of Deloitte Touche Tohmatsu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information