BUSINESS RESUMPTION PLANNING: EXERCISING THE DISASTER MANAGEMENT TEAM

BUSINESS RESUMPTION PLANNING: EXERCISING THE DISASTER MANAGEMENT TEAM By: Paul H. Rosenthal Information Systems Department School of Business & Economics California State University, Los Angeles 5151 State University Drive Los Angeles, California 90032 213/343-2923 Gene Sheniuk Abstract Disaster simulation exercises are used to test the staffing, management, and decision making of both the computer and non-computer related aspects of an organization's business continuity and life-safety plans. Special simulation methods must be used to exercise the Disaster Management Team and their Emergency Operations Center. A proven approach to designing and conducting this type of simulation is presented, including a full script from a recent simulation exercise. Keywords: Disaster simulation, contingency planning, business resumption planning, business continuity planning, life-safety, command center * * * * * INTRODUCTION During the 1980's, contingency planning evolved from data center backup planning, to business resumption planning (BRP). Business resumption planning involves arranging for emergency business and data center operations and recovery planning following a disaster. The growth of commercial backup data centers has made available inexpensive data center contingency resources for all but the largest organizations. The commercial hot/cold backup sites are available for testing of critical applications, so that most organizations had, by the late 1980's, fully tested data center contingency plans. However, the vast majority of data center users has only a vague idea of how they might operate during a disaster that destroys the data center or their operating locations. Data processing management has gradually persuaded their users that they need a business resumption plan that integrates with the data center plans. Data processing management also needs to persuade their users that there is a need for simultaneously testing the data center and the user's business resumption plans through disaster simulation exercises similar to those described in this paper and by Rosenthal and Himel [2]. However, unless these BRPs are periodically tested, they are seldom usable operationally. Plans that were initially operationally viable become obsolete very quickly unless periodic tests force every department and work group to maintain

off-site: up-to-date contact lists; files and processing resources; communications resources; and current programs, procedures, and forms. Disaster simulation exercises are now widely used to exercise the staffing, procedures, and resources for both the computer and non-computer related aspects of an organization's business continuity and life-safety plans. The scenarios and simulation methods normally used for these exercises are designed to test the various functional teams charged with recovering business operations while assuring the safety of personnel and facilities. The disaster management team charged with coordinating the actions of the functional teams during notification, mobilization, activation, emergency operations, and recovery are normally involved in these simulations as observers. This lack of involvement results from the need to use highly structured scenarios that include the expected decisions of the management team. Separate simulation exercises are therefore normally required to test the preparation of the Disaster Management Team (DMT) and the configuration of their Emergency Operations Center (EOC). FUNCTIONS OF OPERATIONAL & SIMULATION TESTING There are two primary activities involved in testing a BRP: Operational Testing Performing critical computer and non-computer related tasks using backup resources and facilities. Simulation Testing Performing the notification, mobilization, activation, emergency operations, and recovery phases of a BRP based on a typical disaster. The methodologies for operational testing are well known. Organizations with available backup resources, normally adequately test their emergency operations capability. However, the use of simulation for testing the managerial aspects of their BRPs is rare, and the methods for planning and conducting such simulations are poorly understood. This paper, therefore, presents a proven methodology for BRP simulation that has been used in several simulations conducted in the Los Angeles basin. In addition to the methodology, a script from a recent exercise is included that was recently used by a major Los Angeles financial firm. BUSINESS RESUMPTION PLANNING (BRP) LIFE CYCLE Rothberg [6] defines a disaster as "...any event that causes significant disruption to operations, thereby threatening the business' survival." Business resumption planning (BRP), the newest term for disaster recovery planning, can be conceptually divided into three major phases: prevention, planning, and testing. Figure 1 lists the major life cycle tasks needed to protect against such disasters. Exercising the disaster management team (DMT), the subject of this paper, is the last step in the BRP life cycle. It is usually the least performed activity in the BRP life cycle.

FIGURE 1. Business Resumption Planning Life Cycle I. Prevention - Threat Analysis - Physical Security & Protection Program - Data Security & Protection Program II. III. Planning - Critical Function/Application Analysis - Design of Normal & Emergency Processing Architectures for:.. computer & telecommunications.. manual processing and record storage - Obtain Backup Resources for:.. off-site storage.. computer processing.. manual processing.. data and voice communications.. management control - Arrange Disaster Response Team Staffing for:.. damage assessment and recovery planning.. emergency operations.. disaster response management Testing - Desk Top Walk Through.. backup resource utilization.. team responsibilities.. emergency operations approaches - Operations Testing.. computer processing based applications.. manual processing based applications - Simulation Testing.. emergency response teams.. disaster management team An excellent example of a BRP for a university data center can be found in Rohde and Haskett [5]. They, as do most other authors, stop short of the testing phase. Without both periodic operational testing (performing critical business functions using backup resources) and simulation testing (exercising the decision making portions of the plan), a plan quickly becomes unusable. Phase I- Prevention

The first steps in a the BRP program, is to determine the possible extent of exposure to a disaster, and then to minimize the probability of a disaster occurring. The initial step in any BRP program is that of obtaining the substantial funding normally required. This requires selling the Board of Directors on the reality of a possible disaster and the impact on the ability of the organization to survive. According to Yetter [8], an inadequate understanding of the potential threats and their possible impact is often the weak link in many disaster security and recovery programs. His paper is an excellent presentation of the quantitative approach to threat evaluation. The results of such a quantitative study is used to rate the potential severity of each hazard as a guide for prevention and recovery spending. The detailed quantitative approach to risk analysis is popular with government and large industrial firms with major consulting budgets. The board of directors of most firms however, respond better to a fiduciary responsibility analysis. A list of risks to which the firm's facilities and personnel is exposed is presented and a case study approach is used to demonstrate realistic risk exposure. Estimates are made of the financial impact on various business functions, computer related and non-computer related, of a loss in resource capability. When the impacts include financial or service level losses that can effect the firms survival, then the board members fiduciary responsibility requires a prudent level of protection and recovery capability. Funding for an adequate BRP is then made available, often as a priority project. Physical security planning primarily involves access controls, fire and water protection, earthquake and storm hardening, and critical records security. Most firms have a physical security program in place covering these areas prior to the implementation of a BRP program. The second step in the BRP is therefore simply an assessment of the program, and improvement if necessary. The authors experience indicates that the critical records area, particularly for non-computerized files, are frequently the major weak point. Data security and protection programs are not as wide spread as physical security programs. Few firms have high quality data oriented security programs, particularly in the personal computer area and for non-financial & personnel manual records involving off-site backup of critical records. This area frequently requires a major effort. Phase II- Planning The disaster planning process outlined in Figure 1 is often initiated by the data center, as it implements applications critical to the day-to-day operations of the organization. The data processing oriented disaster planning selling job to the board often alerts them to the risk presented by the non-computerized portions of the firms operations, and as discussed in Orr [4] a total recovery planning effort is initiated. A good overview of the BRP process can be found in Janulaitis [3]. Phase III- Testing

Desk top walk through- Prior to any detailed testing, key stakeholders in the BRP are convened in a conference room, and a detailed review is performed of the plan. Many small events are described and the participants are asked to state how the plan would guide their reactions. The events should require utilization of: major backup resources, emergency operations approaches, and all emergency response teams. Following this step, operations and simulation tests are scheduled. Operational testing- Few organizations operationally test the complete disaster reaction cycle of: activation, life-safety, damage assessment, mobilization, emergency operations using off-site files and backup resources, and recovery planning. Only the data processing emergency operations area can be tested without involving a substantial number of persons during business hours. The scope of most operational tests therefore, includes: a semi-annual off-hour call to the manager of data center operations, assembly of the backup site operations team, acquisition of backup materials from an off-site location, travel to a backup hot/cold site, installation of systems and applications software, loading production data, and systems test of several critical applications. Simulation testing- Simulation is the most feasible approach for testing the decision making aspects of disaster reaction activities. The use of simulation exercises for BRP has been spreading slowly over the last decade. Unlike their counterpart military war games that use computer driven scenarios to perform very realistic exercises, BRP exercises are paper and pencil simulations. Teams are placed at tables representing their backup locations, and the description of an evolving disaster is presented. The teams communicate using backup communication resources or forms, make decisions, and everyone pretends that what is ordered actually happens. Debriefings and evaluation studies follow to correct any flaws in the BRP. Most simulation exercises are very successful in that they force personnel to learn the BRP while working together, and find flaws and inconsistencies in policies and plans. The remainder of this paper presents a detailed methodology and the disaster scenario used recently by a major Los Angeles firm for performing such a simulation exercise for their Disaster Management Team. Details of a similar approach for the simulation testing of Emergency Response Teams representing business functions or operational activities, can be found in Himel and Rosenthal [2]. FUNCTIONS OF BRP TEAMS Most organizations with mature business resumption plans have a three tier BRP organization structure (for an example see Coleman [1]), including: Top tier- Second tier- Third tier- Policy Group Disaster Management Team (DMT) Emergency Response Teams (ERT) The top tier Policy Group consists of upper-level executives that are available for approving major DMT decisions involving customer service impact, major expenditures or major potential liabilities. For example, after the Bay Area earthquake a major bank opened their branches the

next day without power and full cleanup and repairs. The ability to provide much needed cash to customers was deemed more important than the potential for accidents or robberies. The middle tier DMT includes representatives of key departments and functions involved in lifesafety and business contingency planning. Figure 2 lists the functional organizations often represented on a DMT. Selecting the chairperson of the DMT is often a difficult and politically sensitive decision. The pressure to appoint a senior executive should be resisted. Senior executives belong in the Policy Group among their peers. The chair of the DMT, and therefore the coordinator of the EOC, should be an extremely knowledgeable peer of the other members of the DMT. The chair should not however, be associated with any ERT. The chair is frequently the supervisor of the Project Head, Business Continuity Planning. FIGURE 2 Typical Disaster Management Team (DMT) Membership Manager, Planning- DMT Chairperson Manager, Facility Operations Manager, Transportation/Logistics Manager, Security/Safety Manager, Human Relations Manager, Public Relations Manager, Marketing/Customer Service Manager, Manufacturing/Operations Manager, Data Processing Project Head- Business Continuity Planning, and DMT Secretary The third tier is made up of a large number of Emergency Response Teams (ERT). For example, the data processing area might have specialized logistics, backup data center operations, network operations, and user support ERTs. The safety area might include a dozen or more ERTs with first aid and evacuation responsibilities, each headed by a floor warden. PERIODIC TESTING OF YOUR BRP Every six months your plans should be operationally tested using your backup facilities and offsite storage resources. Every year the management aspects of your plan should be simulation tested. These two activities assure the currency of your plan and the readiness of your staff. The remainder of this paper discusses the planning of simulation tests for second tier- disaster management teams.

FUNCTIONS OF DISASTER MANAGEMENT TEAM (DMT) During a disaster the DMT has two primary functions: Life-Safety Management Coordinating the efforts of emergency response teams to assure the safety of personnel and to minimize the damage to their facilities following a disaster. A life-safety DMT is normally organized for every major facility or campus. Business Continuity Planning Planning and coordinating emergency operations and restoration of normal operations following a disaster. A business continuity DMT is normally responsible for a total business unit, frequently involving multiple and wide-spread facilities. A combined life-safety and business continuity simulation test is feasible for organizations with a single facility or campus. However, for organizations with multiple facilities, separate life-safety tests for each locations plus a separate integrated business resumption test are normally performed. THE EMERGENCY OPERATIONS CENTER (EOC) The EOCs observed by the author are of two basic structural types: the single conference room approach, and the dual room approach. Figure 3, the EOC of the firm that used the scenario presented in this paper, illustrates the most common and least expensive approach, the converted conference room. Large conference rooms at two or more widely separated locations are converted to EOCs. Furnishing and equipment required include:! Telephone consoles for each participant; including an EOC rotary line, a dedicated incoming line for each function, and a line for outgoing calls.! Tvs and radios to monitor news and public announcements.! White boards, tack boards, and flip charts.! Facility maps and area maps with medical and emergency service facilities identified.! Multiple radios with multiple channels for use in communicating with emergency response teams and the outside world. At least one of the EOCs will often house a portable satellite communication unit.! Room power connected to the building's emergency power system.! Food, water, and rest facilities for primary and alternate DMT members.

California firms often have Los Angeles and San Francisco EOCs and DMTs because of the possibility of an area wide disaster due to a major earthquake. Other areas of the world may not need this much separation between locations. Figure 4, the EOC of a major Los Angeles utility, illustrates the dual room EOC approach. It is normally used by organizations with frequent operational emergencies, such as utilities exposed to power outages or pipeline breaks. The EOC is used for both operational emergencies and for disasters affecting non-operational facilities and personnel. A second conference room type EOC is also normally available at a site remote from the primary EOC. EOC testing involves two functions: a periodic walk-through of all equipment by the Project Head- Business Continuity Planning, and periodically performing DMT simulations in the EOC. DESIGNING A DMT SIMULATION SCENARIO Proper planning of a scenario requires a detailed knowledge of the risk exposures and business continuity plans for all impacted facilities and organizations. As discussed in Rosenthal and Himel [2], a scenario should:! be solvable for most of the life safety and business functions participating, using existing plans and backup resources! represent the occurrence of realistic risk exposure! be capable of being partitioned into four to six time steps, each representing a unique but solvable set of problems. The simulation scenario which follows was derived from a State of California earthquake planning scenario [7]. It is based on a major earthquake occurring at the southern edge of the Los Angeles basin. Scenario Period One Period One simulated time of 3:00 p.m., as described in Exhibit 1, was immediately after a major earthquake in the Los Angeles basin approximately 15 miles from the firms location. Exhibit 1 was read to the participants at the start of the time step, and a copy was given to them as reference material. This same process was repeated for each time-step. The EOC was considered to have been activated and the DMT had to assess the status of their facilities, handle life-safety activities, and plan for their employees safety and confort.

Scenario Period Two Period Two simulated time of 8:00 p.m., as described in Exhibit 2, was five hours after the earthquake. Travel throughout the Los Angeles Basin is extremely difficult, and a curfew is starting. The DMT must implement a sleep-over program and protect their facilities. Scenario Period Three Period Three simulated time of 11:00 p.m., as described in Exhibit 3, was immediately after a strong aftershock. Significant additional damage and employee hysteria require the DMT to revise their sleep-over and next-day life-safety and business resumption plans. Scenario Period Four Period Four simulated time, as described in exhibit 4, was 8:00 a.m. the next day. The curfew is over, and the DMT must plan to sent as many employees as possible home, while implementing short term business resumption plans. Scenario Period Five Period Five simulated time, as described in Exhibit 5, was 6:00 p.m. the next day. The DMT must create a business recovery and facility repair plan. Solution Work-sheets Exhibits 6, 7, 8, 9, and 10 present solution work-sheets for each time step that were prepared prior to the simulation by the test administration team. Above the lines are the information gathering activities expected of each participant. Below the lines are the DMT decisions and actions expected. The scenario and solution work-sheets have been edited to delete material relating to the firms specific facilities and business operations. The scenario and solutions therefore do not represent the full set of responses that were expected from the organization. ADMINISTERING A DMT SIMULATION EXERCISE As discussed in Rosenthal and Himel [2], operational simulation tests of emergency response teams are evaluated following the simulation. DMT simulations are of most value however, when an evaluation and redirection period occurs at the close of each scenario time period. This improves the learning experience and assures consistency between the following time periods scenarios and DMT planning. Simulation exercises of single emergency response teams can also be handled in the same manner.

Figure 5 shows personnel assignments during a typical DMT simulation exercise. As shown, the members of the test administration team were able to listen to the conversations of assigned DMT members and check off the actions completed on the Exhibit 6-10 control forms. External communications to the Policy Group and to the emergency response teams can be handled in two ways:! the chairperson of all emergency response teams can be briefed prior to the simulation exercise and are available to produced planned responses through the emergency radio or telephone network. The Policy Group responses are however handled by a member of the test administration team.! The test administration team can simulate all external responses and provide all input information. Most DMT members prefer the second alternative since it does not expose their mistakes to persons that work for them. The time allocated to the DMT to generate a solution to each scenario stage and then review the solution with the administration team normally takes 45-60 minutes for the first time step, reducing to 20-30 minutes for the final time step. EVALUATING THE SIMULATION Following the simulation exercise, the Test Administration Team with the Project Head- Business Continuity Planning, should plan to spend at least a half day evaluating the impacted BRP policies and procedures as well as each DMT members knowledge. Brief individual briefings should then be held with each DMT member and their alternates, and action plans to correct any deficiencies prepared. The Project Head- Business Continuity Planning must then monitor the implementation of the action plans in preparation for the following years DMT simulation exercise. CONCLUSIONS At the disaster management team exercises that I have observed, the participants indicated that the review of policies and procedures, and the lessons learned were extremely valuable. They were also surprised at the number of omissions and inconsistencies found in their life safety and business resumption plans. The primary value of a DMT simulation exercise is the realization by management, that the extensive testing conducted for the emergency response teams had little impact on the Disaster

Policy and Disaster Management Teams preparation. They realize how important it is that simulation exercises similar to the one described in this paper for the Disaster Management Team be conducted every few years. Additionally a Desk Top Walk Through for the Disaster Policy Team should also be conducted periodically. REFERENCES 1. Coleman, Paul. "The First Interstate Fire: Plan, Preparation And Activation." Contingency Journal. (1:2) April-June 1990, pp. 16. 2. Rosenthal, Paul and Himel, Barry. "Business Resumption Planning: Exercising Your Emergency Response Teams." Computers & Security. (10:6) October 1991, pp. 497-514. 3. Janulaitis, M. Victor. "Creating a Disaster Recovery Plan." Info Systems. (32:2) February 1985, pp. 42-43. 4. Orr, Daniel. "Toronto Dominion Bank: Management Support and Expert Systems Tools Speed Contingency Planning." Contingency Journal. (1:2) April-June 1990, pp. 24. 5. Rohde, Renete and Haskett, Jim. "Disaster Recovery Planning For Academic Computing Centers." Communications of the ACM. (33:6) June 1990, pp. 652-657. 6. Rothberg, M. L. "Disaster Plans: Added Complexity." Computer Decisions. (21:2) February 1989, pp. 16. 7. Toppozada, T. R., Bennett, J. H., Borchardt, G., Saul, R. and Davis, J. F. Planning Scenario For A Major Earthquake On The Newport-Inglewood Fault Zone. (Special Publication 99) Sacramento, California: California Department of Conservation, Division of Mines and Geology, 1988. 8. Yetter, David L. "Hazard Analysis Techniques For Business And Industry." Contingency Journal. (1:2) April-June 1990, pp. 6. About the Authors Paul Rosenthal is a Professor of Information Systems at California State University, Los Angeles' School of Business & Economics. He has a B.S. in Ed. and an M.A. in Mathematics from Temple University, an M.B.A. from U.C.L.A., and a D.B.A. from U.S.C. His research interests include planning of information systems projects, sourcing methodologies, and business resumption planning for both information systems and user activities. He is a member of ACM and SIM International.

Simulated Time: 3:00 pm, Wednesday Exhibit 1A: Scenario 1 Announcement! Earthquake Magnitude 7.0-7.4, Major Quake- major destruction within 5-10 miles, significant destruction within 10-15 miles, major damage within 15-20 miles.! Epicenter Near Long Beach! Southbay Roads and Freeways Impassable and badly damaged. A mile of I-405 east of Long Beach Freeway destroyed.! Significant Damage to Roads and Freeways Throughout the LA Basin- Traffic at a Standstill. Concrete ruble surrounding interchanges and many bridges.! Streets and Walkways close to High-rise and Masonry Buildings impassable and unsafe due to Falling Glass and Debris. Vehicles can not move through streets adjacent to highrise buildings.! Utilities Unavailable, Telephone System Reserved for Emergency Agencies Uses Only. No dial-tone for outgoing calls.! Downtown Buildings have suffered Significant Damage to Contents, Walls, Ceiling, and Windows, Plus Extensive Water Damage From Leaking Pipes & Sprinklers. Furniture and computer components have traveled across rooms severing wires and cables.! High-Rise Buildings have Suffered Extensive Loss of Glass on Upper Floors. Widespread Cracking of Glass on Lower Floors. Floors above tenth are not occupiable.! The Emergency Operations Center (EOC) has been activated and occupied. What would you do? What are your plans?

Exhibit 1B: Report from Project Head, BRP The following information is based on initial radio reports, Simulated Time: 3:30 pm Wednesday! A 7.0-7.4 Intensity earthquake has occurred on the Newport-Inglewood fault centered in the Long Beach area.! Damage from the quake in the Long Beach area is equivalent to Level XI Intensity Shaking: Bridges destroyed, Broad fissures in ground, underground pipelines completely out of service, earth slumps and land slips in soft ground. Few masonry structures standing, many well built wooden structures destroyed, great damage in specially designed (high rise) buildings.! Damage from the quake in the area surrounding Long Beach (within approximately 10-15 miles) would be equivalent to Level X Intensity Shaking: Ground badly cracked, shifted sand & mud, landslides from steep slopes. Some well-built wooden structures destroyed, most masonry and frame structures destroyed, severe damage in specially designed (high rise) buildings.! Damage from the earthquake in the areas between 15-20 miles (includes downtown Los Angeles) would be equivalent to Level IX Intensity Shaking: Damage considerable in specially designed buildings (high rise), damage great in substantial buildings with partial collapse, many buildings shifted off foundations. High rise Buildings will lose substantial glass above 10 stories and almost total loss of glass above 20 stories, with violent shifting of contents in upper floors.

Exhibit 1C: Report from the Damage Assessment Team! Epicenter of Quake Reported Just West of Long Beach Airport.! Severe Destruction in Long Beach and Surrounding Areas. Simulated Time: 4:00 pm Wednesday! Extensive Damage Throughout LA Basin, No Utilities, Traffic at a Standstill, Most Freeway Interchanges Closed. Utilities will require several days to restore outside the LB area, SFV and eastern areas may have services on thursday.! Telephone Systems Locked-out From Other Than Emergency Locations.! Dusk to Dawn Curfew Announced for LA County for all persons without Emergency Services Passes. Violators will be detained and heavily fined.! LAX and LB Airports Closed, Others Open for Incoming Emergency Personnel Only.! Mayor's Announcement- Don't Travel, Take Cover, Be Ready for Major After-Shocks! No Structural Damage to our Downtown Buildings.! Upper floors of all buildings reporting extensive damage, broken and missing windows, furniture has moved across rooms.! Computer Center is badly shaken. Many pieces of equipment have moved an broken their cables. All systems are being shut down as gracefully as possible, luckily our UPS worked.! Many minor injuries in all buildings. First Aid Teams are handling.! Many people are hysterical, everyone upset.

Simulated Time: 8:00 pm., Wednesday Exhibit 2 Scenario 2 Announcement! Curfew Going Into Effect. Streets almost empty of people.! First Aid Facilities Overloaded with injured.! Traffic Within 10 Miles of Long Beach at a Standstill, cars being abandoned.! LA Basin Freeways & Interchanges Closed Until Inspected, Due To Possible Bridge Damage. Caltrans hopes to open most northern LA Basin Freeways by late Thursday.! Many Surface Streets Blocked By Debris and Abandoned Cars. Major streets in area show light traffic.! Public & Private Contractor/Construction Personnel Are Being Mobilized to Clear Major Streets & Freeways.! Telephone System Operational But Overloaded. Everyone requested to use phones for medical emergency use only. Dial-tone after half-hour wait. Local calls getting fast busy. Long distance calls going through.! Military Personnel Deploying Throughout the LA Basin, Particularly in Business & Shopping Areas. National Guard being deployed, army expected during night.! Many Displaced and Homeless Persons Trying To Enter Our Buildings Seeking Shelter.! What are your plans for this evening and night?

Simulated Time: 11:00 pm., Wednesday Exhibit 3 Scenario 3 Announcement! Major 6.0-6.4 After-Shock Near Culver City.! Major Damage In Areas South-West of Downtown.! Additional Significant Damage to All Our Buildings, including Structural Damage to Headquarters Building. Cracks and wall-to-support beam separation. Extensive glass cracking and some loss on lower floors, including ground floors.! Widespread Hysteria and Some Minor Injuries- Primarily in Headquarters Building.! Fires Visible In Night Sky West & South of Downtown.! What should you do and announce? Exhibit 4 Scenario 4 Announcement Simulated Time: 8:00 am, Thursday (Next Day)! Curfew Over, Military Everywhere.! Limited Open Travel Routes to be Announced at 10:00 am, Curfew To Continue for Several Nights.! Utility Services to be Restored by Neighborhood during Next Several Days (except for Long Beach Area). Utilities will be restored to downtown over weekend, residential areas are being given priority.! Access to Long Beach Area Open to Residents Only! Smoke from Fires Visible in Areas West & South of Downtown! What are your plans for today and Friday?

Exhibit 5 Scenario 5 Announcement Simulated Time 6:00 pm, Thursday (Next Day)! Except for some single personnel living in the Long Beach area and selected key security personnel, all of our employees have returned home.! Numerous members of our Emergency Response Teams, including approximately half of the team leaders, have called from home for instructions.! Utilities will start to be restored in much of the LA Basin tonight and tomorrow. Most main roads and some freeways outside the Long Beach and west side area are open and running reasonably well.! Damage assessment team estimates that approximately half our total LA Basin floor space will be available Monday. Headquarters Building space will probable not be available for several weeks.! What are your plans for the rest of this week?

Exhibit 6: Scenario 1 Solutions Checklist DMT Chair & BRP Head Security Logistics Human & Public Relations Customer Service Manufacturing/ Operations Facilities Data Processing -Announce BRP Activation -Open EOC Log -Establish Policy Group Contact -Assess Move to Shelter Areas vs Evacuation of Building -Activate EOC -Make Initial Buildings Announcements -Activate EOC & ERT's Communications -Verify Supplies Available to Area ERTs -Assess Potential For Personnel Returning Home -Initiate Collection of Injured as Feasible -Assess EOC/ External Communications -Assess EOC/ Employee Communications -Monitor Public Information -Initiate Building Announcements -Determine Status of Potential Repair & Supply Vendors -Activate Emergency Building Operations -Initiate Damage Assessment -Initiate Security Program for Building & Surrounding Area -Activate Backup Data Center -Activate EOC/ Data Center Communications -Assess Data Center Status -Assess Voice & Data Network Status - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Coordinate Notification & Shelter Planning - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Asses Status & Initial Response -Develop Policy for Admission of External People -Review Plans with Legal -Brief Policy Team on Status and Plans -Monitor Egress and Dispatch of Personnel -Initiate Sleepover Plan -Assign Groups to Shelters -Assign First- Aid Personnel to Injured Collection Areas -Assign Volunteers to Replace Telephone Handsets -Initiate Employee Status Reporting -Initiate Public Announcements as Feasible -Announce Shelter Plan & Initiate Movement of Personnel -Assign HR Support Staff to Shelter Areas -Produce Periodic Announcements -Inform Other Company Locations of Status & Plans as Possible -Attempt Contact with Out of Area Repair & Supply Vendors -Activate Building Login & Logout Procedures -Initiate Periodic Building & Area Status Reporting -Activate Contingency Plans Using Out of Area Personnel, Tapes and Supplies -Arrange for Dispatch, when Feasible, of Tapes and Teams to Backup Data Center

Exhibit 7: Scenario 2 Solutions Checklist DMT Chair & BRP Head Security Logistics Human & Public Relations Customer Service Manufacturing/ Operations Facilities Data Processing -Arrange for EOC Rotation -Monitor Status Reports from ERT Teams -Activate Overnight Area and Building Security Program -Report Onsite, Logout & Login Statistics -Analyze Staff Egress Potential -Initiate Route Maps Preparation -Distribute Backup Food and Supplies -Plan Public & Family Information Plan -Draft Overnight Shelter Plan Announcements -Draft Emotional Support Plan Announcement -Determine Status of Out of Area Support -Adjust Shelter Occupancy Patterns as Needed -Activate Fire watch Program -Activate Shelter Registration Program -Monitor Activation of Backup Data Center by Out of Area Personnel -Staff Family Response System - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Coordinate Finalization of Overnight Plans - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Brief Policy Team -Establish Rules for Confidential Information With Policy Team -Verify Security & Fire Watch Programs -Close Off Area Perimeters -Monitor Traffic Reports for Use in Route Maps -Announce the Shelter, Support, and Family Information Plan -Activate Family Call and Information Plan -Inform Out of Area Management of Status and Plans -Activate Out of Area Support for Next Day -Reserve Hotel Space for EOC & Other Watch Personnel -Plan Cleanup and Repair Projects -Initiate Data Center Close Down

Exhibit 8: Scenario 3 Solutions Checklist DMT Chair & BRP Head Security Logistics Human & Public Relations Customer Service Manufacturing/ Operations Facilities Data Processing -Assess Total Situation -Maintain EOC Rotation -Verify EOC/ Shelters Communications -Arrange Evacuation of any Newly Damaged Areas -Activate Plan for Collection of Injured -Draft Revised Announcements -Initiate Facility Inspections -Check All Communications - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Coordinate Employee Announcements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Brief Policy Team -Verify Evacuations -Inspect Area, Building, and Shelter Security -Continue Route Map Preparation -Assign Volunteers to Replace Phone Handsets -Announce Status and Plans to Personnel