OPTIONS FOR EDUCATION AND TRAINING...3 LEARNING RESOURCES...5 TABLE TOP EXERCISE: POWER OUTAGE SCENARIO...7



Similar documents
Subject Area 9 Public Relations and Crisis Coordination

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

The easy way to prepare your business for the unexpected.

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore

Center for Health and Homeland Security ver. 4.0 FOR OFFICIAL USE ONLY RE - 1

HB A Practitioners Guide to Business Continuity Management

Situation Manual Orange County Florida

Cornell University PREPAREDNESS PLAN

Fundamentals of Business Continuity Planning Have a Plan!

How To Prepare For A Disaster

Conference Sponsorship Opportunities

Maryland Preparedness Planning Certificate Program Pilot Packet July 2014 June 2015

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

UNION COLLEGE INCIDENT RESPONSE PLAN

Emergency Preparedness Tips and Actions for the Workplace

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability

PREPARE YOUR BUSINESS FOR THE UNEXPECTED

Best Practices in Disaster Recovery Planning and Testing

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

Developing a Continuity of Operations Program. An Overview

Department of Environmental Health & Safety Con6nuity Planning Program Training - Partnership - Compliance. Continuity Planning Training

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

Contingency Planning & Disaster Recovery

July 2015-August 2016

ELCC Lifelong Learning Program Learning for life Learning for All

2016 ALAMO AREA TRAINING INSTITUTE

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

BCP/DR Coordinating and Communicating with Your Landlord

Federal Emergency Management Agency

Putting all of your pieces in place. Continuity Planning for Nonprofit Organizations

2012 Business Continuity Conference Friday, November 9, 2012

Western Washington University Basic Plan A part of Western s Comprehensive Emergency Management Plan

Angie M. Santiago President, CPAC Triangle Chapter

DSS ESF-6 Training Requirements for Emergency Personnel

Business Continuity Position Description

STATE UNIVERSITY OF NEW YORK COLLEGE OF TECHNOLOGY CANTON, NEW YORK COURSE OUTLINE EADM 400 INCIDENT COMMAND: SYSTEM COORDINATION AND ASSESSMENT

What is an Exercise? Agenda. Types of Exercises. Tabletop Exercises for Executives. Defining the Tabletop Exercise. Types of Tabletop Exercises

SECURITY-BASED TABLETOP EXERCISE

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

Office of the United States Surgeon General

2014 Polk County ESF #3 Public Works and Engineering: Damage Assessment Section

Training Opportunities

Is Business Continuity Certification Right for Your Organization?

Public Health System Training in Disaster Recovery (PH STriDR)

" # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12

B E F O R E T H E E M E R G E N C Y

Flooding Emergency Response Exercise

Tampa Bay Catastrophic Plan ANNEX L: HURRICANE PHOENIX EXERCISE

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Disaster Ready. By: Katie Tucker, Sales Representative, Rolyn Companies, Inc

SUPPORT ANNEX 16 TRAINING AND EXERCISES

Business Continuity Training and Testing: Narrowing the Gaps

Disaster Preparedness for

This document contains the text of Secretary of the State regulations concerning

for Human Service Providers Scott Ellis Scott Elliott Erin Sember-Chase 1

The International Association of Emergency Managers

BUSINESS CONTINUITY PLANNING AT THE NATIONAL GALLERY OF AUSTRALIA. Erica Persak

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business Continuity & Disaster Recovery

Building an effective Tabletop Exercise. Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Emergency Response and Crisis Managemen Technical Assistance Center STEPS FOR DEVELOPING A SCHOOL EMERGENCY MANAGEMENT PLAN

Small Business Continuity Workshop. Region 1- Vermont

Statewide Disaster Recovery Coordinator Meeting. October 31, 2012

Chatham County Disaster Recovery Plan Recovery Planning Update. Mark Misczak, Brock Long, & Corey Reynolds Hagerty Consulting April 7, 2015

Agenda. Creating a Robust Testing Program. Notification Tests. Overview of Testing. Beverly Schulz, CBCP

Emergency Response Simulation

Critical Infrastructure Security & Resilience Month 2014 Toolkit

University of San Francisco EMERGENCY OPERATIONS PLAN

Expecting the Unexpected. Disaster Preparedness Strategies for Small Business

Business Emergency Operations Center (VSBEOC)

BUSINESS CONTINUITY PROGRAM (BCP) HANDBOOK FOR DEPARTMENT BCP TEAMS

University of Victoria EMERGENCY RESPONSE PLAN

Health and Homeland Alert Network Alert Level License Training

Online Student Orientation

MARQUIS DISASTER RECOVERY PLAN (DRP)

Disaster Preparedness & Response

Business Continuity Standards A Primer

2014 NABRICO Conference

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

GEORGIA STATE UNIVERSITY (SCHOOL OF PUBLIC ADMINISTRATION)

Desktop Scenario Self Assessment Exercise Page 1

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

G-Cloud Framework. Page 1. Document for Service Definition Audit management System. In response to G Cloud 6 Requirements

16-week online course COURSE DESCRIPTION: Business 001 COURSE TEXT: ISBN COURSE OBJECTIVES

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

Putting SEO and Marketing PR to Work for Your Business

Subject Area 1 Project Initiation and Management

CIS 523/423 Disaster Recovery Business Continuity

How to Plan for Disaster Recovery and Business Continuity

Technology Recovery Plan Instructions

A guide to reducing the number of false alarms from fire-detection and fire-alarm systems

CERTIFICATION IN BUSINESS CONTINUITY By Walter G. Green III, Ph.D., CRP

Introduction to Business Continuity Planning

Salem Community College Course Title: Course Code: Lecture Hours Lab Hours: Credits: Prerequisite Course Description: Place in College Curriculum:

NORTH CAROLINA EMERGENCY MANAGEMENT CERTIFICATION PROGRAM

A BCP Tale: From Theory to Practice

Transcription:

CONTENTS INTRODUCTION...2 AWARENESS EDUCATION... 2 TRAINING AND EXERCISING... 2 OPTIONS FOR EDUCATION AND TRAINING...3 LEARNING RESOURCES...5 TABLE TOP EXERCISE: POWER OUTAGE SCENARIO...7 DISCUSSION QUESTIONS... 7 EXERCISE DEBRIEF... 9 EXERCISE WRAP UP... 9 For a list of key resources used in developing the Open for Business Advanced Track, click HERE. IBHS 2010 1 P age

Introduction Welcome to the Employee Awareness, Training, and Exercises session of the Open for Business Advanced Track. This session discusses how to present your completed plan to the rest of the organization and then validate its quality and effectiveness. First, keep in mind that the employees who have developed, will implement, and must execute recovery and continuity activities are as important as the plan itself. Their ability to understand, activate and execute documented strategies and procedures, particularly those outside the normal work routine, is often the difference between theory-based and reality-based planning. Not everyone needs to know every aspect of the plan. Some need only an overview of the organization s strategies for response, recovery and business continuity, while others need to learn the associated procedures in order to ensure a successful recovery effort. To do this you need to establish a program divided into awareness education and training and exercising. Awareness Education: To teach the fundamentals of your response, recovery and business continuity strategies organization wide. Training and Exercising: To transfer the knowledge and skills necessary to execute procedures to those individuals who have been assigned specific responsibilities, such as activating an Emergency Notification System and sending a message. Awareness Education The purpose of your Awareness Education Program is to make the information in your continuity plan available in a form useable to everyone. For example, you may choose to inform everyone about the new plan by posting messages on an employee website or by producing brochures and other handouts. The goal is to make sure everyone is familiar with the fundamentals of the plan. You should choose the method you feel is the best and most effective way to make sure everyone knows what to expect when a business disruption occurs. It would also be helpful to share lessons learned from industry publications or to educate employees about the risks most prevalent for your organization. There are many topics you could cover, based on what is most relevant to your organization. Training and Exercising The purpose of your Training and Exercise program is to transfer the skills necessary to execute activities or the specific steps you expect assigned individuals to follow when your plan must be activated. To do this effectively, you need to teach the procedures associated with each strategy and then validate how well everyone can perform them in a timely manner. Individuals who have been assigned responsibility for performing activities must be given a copy of the plan to review. Consider giving them enough time to review it and then test their knowledge through IBHS 2010 2 P age

some type of interview, quiz or exam. Once you are certain they understand what is expected, you should then organize one or two exercises or drills per year to validate whether the plan will actually work when needed. This is the difference between planning based on theory versus reality. All plans start out as theory until they have been exercised. Only then will you be certain your organization can recover successfully. Exercising is one of the most effective ways to engage people and train them. Open for Business Scorecard and Wrap Up (Session 8) includes an exercise scenario based on a building fire. At the end of this document is a second scenario, one that deals with a power outage. Once you learn the basics of conducting an exercise, you can easily generate your own scenario based on the two scenarios provided. For example, at the end of a staff meeting, you could set up this situation: If the alarm in this building were to go off, we would exit the building. Once outside we are told that we cannot go back into the building for one week. What would you do? How would you continue to work? This will get people thinking about the possibilities and get them on board with your program. Options for Education and Training Depending on the size and complexity of your organization, you will want to choose a method that fits your current culture. For example, if you already have a training program to teach employees about your organization or specific job responsibilities, use the same style and format to deliver training on your continuity plan and the process you have put in place for response, control and management of an event. If you do not currently have a program, consider the options presented below. How formal your program will be depends on how complex your plan is and how many people need to be trained. There are a number of options, including their advantages and disadvantages. Most organizations use several styles for training, often called blended learning. Since you know your organization best, choose what fits your specific requirements. All plans start out as theory until they have been exercised. How formal your program will be depends on how complex your plan is and how many people need to be trained. IBHS 2010 3 P age

Training Format Classroom or Presentation Printed brochures, newsletters or booklets. Online: emails, websites, blogs Lunch and Learn Online: structured elearning Printed selfstudy Cost Fairly inexpensive assuming space availability. Fairly inexpensive depending on ability to produce or acquire materials. Inexpensive Inexpensive Costs can be moderate to high, depending on amount of content and number of users. Costs can be moderate to high. Time to develop Generally the fastest to develop and modify. Depends on quality of production, but can be fairly quick. Fairly fast, depending on computer and internet skills. Short to moderate development time. Can be moderate to long development time. Moderate time to develop. Access Time Required Motivation/Measurement Participants must all be present for classes or presentations. Materials can be presented to large numbers at the same time. A very large number of people can use anytime, but must have access to internet. Participation can be required or voluntary. Structure of content is dependent on numbers participating. A very large number of people can use anytime. Ensures the ability to deliver consistent training. Is not dependent on having access to computer or internet. Dedicated time slots must be scheduled for all participants. Employees can read materials when they have time, taking as long as required. Employees can use materials when they have time, taking as long as required. Minimal time required. Employees can learn at their own pace. Employees can learn at their own pace. Motivation can be high. Progress can be seen in participation and enthusiasm of students as well as quiz or test results. Quality of learning is dependent on instructor. Motivation depends on skill of design and measurement is limited to indirect methods. Best for high level or general awareness training. Motivation depends on skill of design and measurement is limited to indirect methods. Motivation can be high due to limited time required. Best for high level or general awareness training. Employees can manage their time to fit their schedules and are able to complete the training more easily. Measuring results is very easy with the addition of a Learning Management System that automatically tracks users. Motivation depends on quality of design. Measurement can be built into workbooks and quizzes. Guidance is limited. IBHS 2010 4 P age

Learning Resources The following is a list of resources to learn more about a variety of training options and exercise methodologies. American Red Cross Among other disaster preparedness and response services, offers a number of preparedness training programs and resources for workplaces, families, and individuals. www.redcross.org Association of Contingency Planners (ACP) Founded in 1983 in Los Angeles, ACP is the leading association serving the business continuity profession in the United States. ACP provides a forum for the exchange of experiences and information through a network of local chapters. http://www.acpinternational.com Business Continuity Institute (BCI) Established in 1994 in the United Kingdom, BCI s mission is to define and promote business continuity professional competencies. BCI offers an internationally recognized certification program and professional development. http://www.thebci.org Continuity Compliance A website to provide readers with tools, resources, and information on business continuity and contingency planning, geared towards organizations ranging in size from the enterprise level to the small business category, including micro businesses and/or single proprietor owned home-based businesses. www.continuitycompliance.org Continuity Insights - Provides an in-depth and unbiased perspective on key business continuity issues and challenges through free online webinars, podcasts, white papers, online archives, and Continuity Insights print magazine and e-newsletter. It also organizes an annual Spring Continuity Insights Management Conference and a Fall virtual event. More information and a free subscription are available at: www.continuityinsights.com. Department of Homeland Security (DHS) Leads the unified national effort to secure the country and preserve its freedoms, and to prepare for and respond to all hazards and disasters. The Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) is mandated by Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007. Congress directed DHS to develop and implement a voluntary program of accreditation and certification of private entities using standards adopted by DHS that promote private sector preparedness, including disaster management, emergency management and business continuity programs. www.fema.gov Disaster Recovery Institute International (DRII) Founded in 1988 in the United States to develop a base of knowledge in contingency planning and the management of risk, DRII has become the largest business continuity planner professional education and certification organization in the world. DRII publishes a set of 10 Professional Practices for Business Continuity Professionals. www.drii.org Disaster Recovery Journal (DRJ) Founded in 1987, DRJ offers many free resources for continuity professionals through their website. These include a draft Business Continuity Generally Accepted Practices (GAP) document produced with DRII and NFPA; industry news and events; a portal for new IBHS 2010 5 P age

planners; sample continuity plans; a glossary of business continuity terms; a magazine; a pandemic planning portal; and various blogs, podcasts, webcasts, and a chat board. DRJ sponsors the world s largest conferences in the industry, held twice a year in the United States. http://www.drj.com Disaster Resource Guide Comprehensive source for articles and information related to business continuity, emergency preparedness, disaster recovery and homeland security. Website also features a bookstore, links to other industry resources, an event calendar, enews, and access to a large vendor directory. www.disaster-resource.com Federal Emergency Management Agency (FEMA) FEMA s website maintains a library of major U.S. disaster declarations, alert services, training opportunities at their Emergency Management Institute (EMI), information on the National Incident Management System (NIMS), a range of emergency planning guides; and links to other FEMA sites (www.ready.gov; www.flu.gov; www.citizencorps.gov, etc.). www.fema.gov National Fire Protection Association (NFPA) A nonprofit organization focused on safety codes and standards, education to protect life and property, and professional development and certification. In 2000, the agency issued the NFPA 1600 standard on Disaster/Emergency Management and Business Continuity Programs, a guide for both the public and private sectors in disaster preparedness, response, and recovery. The most recent update, NFPA 1600 2010 Edition, is available at www.nfpa.org IBHS 2010 6 P age

Table Top Exercise: Power Outage Scenario It is a hot, rainy Friday morning. The current time is 11:30 AM. Suddenly, the lights go out and all of the computers, printers, and copiers turn off. For a few seconds, there is silence before the chatter begins to pick up. One of your emergency lights comes on, but the rest are not working. While many of the offices have windows to provide minimal light, the majority of the hallways and interior rooms are left in the dark. Discussion Questions: Take the first 10 minutes to discuss what you will do next. Note: It is now 1:00 PM and the lights still are not on. The building HVAC has been off now for 1-1/2 hours and the temperature inside the building is gradually becoming unbearable. Your entire power grid is without power. There is no word from the electric company about restoration of power. Now what are you going to do? Is your technology or computer room being dealt with? By whom? Has someone turned off all computers, printers, and equipment to prevent electrical surge when power is restored? Is your phone system down? How are you going to manage the phone lines? Note: It is now 2:00 PM. Employees are asking if they can leave early. The word around town is that the power might not be restored for several days. How will you communicate this message? What instructions will you convey to your employees? Customers? Vendors? IBHS 2010 7 P age

Are you going to declare a disaster in order to activate your business continuity plan? CONTINUE YOUR DISCUSSION WITH THE FOLLOWING QUESTIONS How are people within the organization communicating with each other (i.e., sending and receiving messages, information, and response details)? With other stakeholders (i.e., your customers and clients, the media)? Is there a pre-determined and agreed upon central meeting place for company leaders, management, and employees? Is there a copy of your business continuity plan that you can easily retrieve? Are there any business processes you can manually workaround? If so, discuss how that would happen. How would you find an appropriate place to operate from for the remainder of the day? For the next one or two weeks, if necessary? Have you begun an assessment that includes an evaluation of the status of employees, customers, operations, and external utilities? IBHS 2010 8 P age

How would you ensure that customer concerns are managed? Have you begun to determine how much data was lost and how that will affect your operations? Some employees are asking, How will I know if I should come to work Monday? Note: It is now 7:30 AM on Monday, three days later. The power is still out and the Health Department has determined that no building without running water can open for business. Clients are calling and the company voicemail system is full. Employees are texting the Human Resources Director asking for guidance. What do you tell them? Exercise Debrief: What is missing from your plan? What worked well in this scenario? What did not work so well? What could you do differently next time that would improve your response? List the actions you will take to improve your plans. Exercise Wrap Up: This completes the exercise. In order to maximize what can be learned from this effort, have all participants write down their thoughts and concerns. You can address these and the debrief issues at future meetings. IBHS 2010 9 P age

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information