Business Continuity Program. EPC Quarterly Meeting November 5 th 2009 New York Presbyterian Cornell Campus



Similar documents
Business Continuity in Healthcare

Integrated Healthcare, Hospital and Medical Contingency Planning

Business Continuity / Disaster Recovery Context

Desktop Scenario Self Assessment Exercise Page 1

Business Resiliency Business Continuity Management - January 14, 2014

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

State of South Carolina Policy Guidance and Training

PBSi Business Continuity Planning

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

Unit Guide to Business Continuity/Resumption Planning

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Tips and techniques a typical audit programme

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business continuity management policy

How Kaiser Permanente Prepares for Emergencies

Business Continuity Management

Business Continuity Planning and Disaster Recovery Planning

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006

Boston College. Departmental Business Continuity Planning

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

The Role of Internal Audit In Business Continuity Planning

BUSINESS CONTINUITY STRATEGY

Business Continuity and Disaster Recovery Planning

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Mission Continuity Program Elements of the BETH3 Model: Loss of Human Resources

Business Continuity (Policy & Procedure)

Disaster Recovery and Business Continuity Plan

BUSINESS CONTINUITY PLANNING GUIDELINES

Business Continuity Management Policy

Mission Continuity Program Elements of the BETH3 Model: Loss of Technology

Business Continuity. Port environment

Business Continuity Management Software

Solihull Clinical Commissioning Group

Business Continuity Planning (800)

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Cornell University EMERGENCY MANAGEMENT PROGRAM

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

Business Continuity Management Framework

Rethinking contingency planning for an integrated world

Business Continuity Management Program Development Guide

Fundamentals of Business Continuity Planning Have a Plan!

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Contingency Planning and Disaster Recovery for BOMA

Business Continuity & Disaster Recovery

Business Continuity Planning advice for Businesses with employees

Business Continuity Planning. Presentation and. Direction

Disaster Recovery Planning Procedures and Guidelines

How To Plan A Crisis Management Program

Business Continuity Planning FAQ

Business Continuity Management Policy and Framework

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Business Continuity Management

The Business Continuity Maturity Continuum

Tufts Health Plan Corporate Continuity Strategy

Integrating Pandemic Readiness into Your Organization's Resiliency Model.

Evaluating and Improving Your Business Continuity Plan

A BCP Tale: From Theory to Practice

Business Continuity Plan

Proposal for Business Continuity Plan and Management Review 6 August 2008

Continuity of Business

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

ITIL Essentials Study Guide

EMERGENCY MANAGEMENT BUSINESS CONTINUITY PLANNING TEMPLATE

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Business Continuity Planning:

BUSINESS CONTINUITY PLANNING

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.

Pilot Nursing Home Emergency Management Assessment Tool

Business Continuity Plan. Components and sequencing description

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

EMERGENCY MANAGEMENT POLICY

Prepared by Rod Davis, ABCP, MCSA November, 2011

BUSINESS CONTINUITY POLICY

VISION FOR LEARNING AND DEVELOPMENT

Business Continuity Planning: Bridging the Gap Between IT and Business

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

External Supplier Control Requirements BCM

Business Continuity Planning for Risk Reduction

How to measure your business resiliency

London Borough of Merton

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

VMIA Business Continuity Initiatives

Overview of how to test a. Business Continuity Plan

Continuity of Operations Planning. A step by step guide for business

The PNC Financial Services Group, Inc. Business Continuity Program

University of Victoria EMERGENCY RESPONSE PLAN

HB A Practitioners Guide to Business Continuity Management

Business Continuity Business Impact Analysis arrangements

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Continuity of operations for critical infrastructure. Disclosure of critical information to the government.

Transcription:

Business Continuity Program EPC Quarterly Meeting November 5 th 2009 New York Presbyterian Cornell Campus

A new era 2

GBeyond Emergency Management if 30%+ of MSK workforce is unavailable for work if IT systems are unavailable if a building & its contents are inaccessible if key suppliers and business partners couldn t fulfill their obligations What happens if disruptions are long term? 3

To close for comfort NYC steam explosion: Lex. & 41 st. MSK Business offices: 3 rd & 41 st. HR, IT, Pt. Accounts, EM Finance, Payroll, Billing, Security, Compliance, Public Affairs, Pharmacy, Research, Clinical Info. Chanin Building: Closed for 1 month 4

What is Business Continuity? Creation & validation of a practiced logistical plan to recover and restore partially or completely interrupted critical functions within a predetermined time after an extended disruption. Goal: Minimize or eliminate the impact of events that disrupt critical clinical & business operations, functions, and services. 5

What is Business Continuity? BC process integrates the following disciplines: Incident/Emergency Management Clinical and Business Recovery Strategies Technology Recovery Security Management (IT & Physical) 6

Landscape of Healthcare BC Most hospitals have not initiated formal BC Mostly response oriented IT-centric disaster recovery programs exist Expense in conducting a formal BC program 7

Landscape of Healthcare BC Just in time supply practices reduce inventory costs, but leave hospitals vulnerable to surge events Aging facilities & infrastructure = risk TJC EP elements increased 34% in 2008 and 2009 8

Origin of MSK BC Program Findings of Risk Management Assessment : MSK robust in short term crisis management Geographical vulnerabilities, (NYC, 633, 53 rd ) Potential for long term disruptions w/high Impact 9

Origin of MSK BC Program Findings of Risk Management Assessment : High reliance on IT functions. Still growing Research assets also at risk in long term crisis Standardized BC strategy for MSK desirable 10

TJC emphasizes BC, DR & resiliency Develop capability to self sustain (96+hours) Maintain/restore critical systems/services Providing care, treatment, services Safe discontinuance of services and/or evacuation Recovery process or plan Knowing interdependencies key Objectively defining impact of disruption Documenting practical work around procedures

Risk vs. Cost vs. Benefit JCAHO TJC Service To Our Customers Institutional Best Practices Reputation HIPAA Int. Audit Int. Audit Business Continuity Disaster Recovery and Contingency Operations Protect Information and Processes Mission Research Ext. Audit Industry Standard. NYS-DOH 12

MSKC leadership approves Business Continuity program Project Owners: Finance & Emergency Management 13

14

Essentially, we re looking for someone to take the blame for everything that goes wrong around here. 15

16

From Virtual s Initial Briefing May, 30 2008 The Business Continuity Program Life Cycle modified U.S. DoD graphic Normal Operations Incident Occurs Recovery Time Objective Return to Normal Operations Capability Minimum Acceptable Level of Capability Risk Avoidance Emergency Response Risk Mitigation Recovery Restoration Contingency Planning and Crisis Management Proactive BCM Activities Prevention and Preparedness Risk Avoidance Time Reactive BCM Activities Response, Recovery & Restoration Proactive BCM Activities Prevention and Preparedness

The Business Continuity Plans 6 BC Plans Working Together Incident Occurs Normal Operations Emergency Response and Damage Assessment Mitigation Action Plan may allow organization to avoid disruption Crisis Management Plan Activated Preparing for Recovery of Critical Operations Normal Operations Minimal Acceptable Level of Capability Operating in Recovery mode Disaster Recovery Plan Activated Implement Restoration Plan Time Hour 0 Recovery Begins Recovery in place Restoration Begins Back to Normal Emergency Response Plan Save lives and protect assets Conduct damage assessment Site Emergency Operations Center (EOC) Crisis Management Plan Executive Command Center (ECC) Regional and/or higher ECC(s) activated Command, Control, and Communications Mitigation Action Plan Tasks to initiate mitigation action(s) Avoid or minimize disruption Business Recovery Plan Ensure that critical functions continue to be performed Departmental Recovery Plans Requires EOC communications and authorizations Disaster Recovery Plan Ensure critical technical infrastructure is available Hot site recovery Restoration Plan A plan to return to normal operations

Intuitive BC Application & Process Sustainable Planner (SP) IT application/tool to manage BC Process User friendly, survey-based custom templates Healthcare centric consultants Program & IT application self sustainable 19

Phase I Assessment of MSK BC Status Assessment of key clinical and business Functions/Departments. Document gaps & strengths of current BC planning to: Better understand corporate competencies proven to sustain BC planning capabilities Evaluate BC disciplines and integration Recommendations for methods & tools for BC planning at MSK. 20

Phase I Assessment of MSK BC Status Key questions to be answered: Where are we now? Where do we ultimately want to be? Where should we be next? The Business Continuity Maturity Model Method & tool used to conduct self-assessment http://www.virtual-corp.net/html/bcmm.html 21

BC Assessment Results 22

BC Assessment Results Some levels very mature others not Strengths & gaps identified 7 recommendations Short term target = level 4 at all competences 23

Key Findings Only certain personnel had key BC related knowledge for their departments (succession) Need to establish of enterprise level business continuity goal & formalization Need to Identify, codify & share process flows & IT interdependencies, i.e. validate IT/DR 24

Key Findings Need to identify, codify & share clinical & business recovery strategies Need to conduct enterprise wide Business impact analysis (BIA). Business continuity must be treated as a sustainable process, not a project 25

And the work begins. Plans are nothing; Planning is everything. Dwight D. Eisenhower 26

Business Continuity Focus Recovery Event Classes Loss of access: (Workplace, floor, bldg, campus, region) Key personnel IT applications Services and suppliers Critical assets 27

CBR Pilot Scope Pilot Functions Scope Location Admitting Entire Function 1275 York Ave Facilities Main Campus Plant Ops 1275 York Ave Facilities Trade - Electricians 1275 York Ave Finance & Payroll Entire Function 633 3rd Ave IT Entire NJ Data Center Lyndhurst, NJ Pharmacy Main Pharmacy, Rockefeller Pharmacy, Sleepy Hollow Pharmacy Main Campus 53rd Street Sleepy Hollow Radiology Entire Function 1275 York Ave Rockefeller Pavilion Admin / Executive 53rd Street Rockefeller Pavilion Support Services 53rd Street Security Entire Function 1275 York Ave SKI Vivarium Zuckerman, Basement SKI Immunology Research Zuckerman, Flrs 14,15,16 Sleepy Hollow Entire Site Sleepy Hollow, NY Urgent Care Center Entire Function 1275 York Ave

BC Pilot Activities by Step Step 1 Scope BC Project Identify planning teams Prepare for data collection Step 2 Collect BC Data Gather business impact & dependency data in SP Step 3 Conduct Impact Analysis Validate recovery objectives Step 4 Formulate Strategies Conduct strategy workshops Finalize strategy documentation Step 5 Document BC Plan Finalize all plan documents Generate plans Conduct desk checks

BC Planning Outcomes Document processes to maintain continuity of clinical operations & business Document impacts caused if critical functions or services disrupted Document functional interdependencies 30

BC Planning Outcomes Define alternate process requirements for each component Document workaround and/or manual procedures and alternate resources for operational continuity Ensure interdependent business processes can be synched up 31

BC Program: Next Steps Phase 2 Conduct BC Program Pilots Design BC program specs based on assessment Build SP templates for BC/EM & BIA analysis Conduct clinical and administrative pilots (underway) Phase 3 Deploy BC program across MSK Most likely a 2 2.5 year process to completion Phase 4 Maintain BC program 32

"There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction". The time to fix the roof is when the sun is shining John F. Kennedy 33

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information