prsm webinar feb 2012
DESCRIPTION
TRANSCRIPT
Are You & Your Facility Ready? What’s New in Business Continuity, Personal Resiliency & Preparedness
Mike Thomson Manager, Client Services & Business Continuity Programs
ImpactReady @ ImpactWeather, Inc.
Anthony Pizzitola, CFM, CBCP, MBCI
Facilities & Disaster Recovery Manager
Goode Company
First, what are we solving for ? •Business Continuity Management is defined as a holistic management
process that identifies potential impacts that threaten an organization and
provides a framework for building resilience with the capability for an
effective response that safeguards the interests of its key stakeholders,
reputation and value creating activities.
•The primary objective of Business Continuity Management is to allow the
Executive to continue to manage business operations under adverse
conditions, by the introduction of appropriate resilience strategies,
recovery objectives, business continuity, operational risk management
considerations and crisis management plans.
Disaster Recovery Institute International
Business Continuity Helps Manage Risk in Many Ways
• Protects 85% of the business • Nearly 170% return on investment • Non-compliant companies paid $9.4M in fines, penalties & lost revenue • Compliant companies paid $3.5M
22
.
Life Safety Emergency
Response
Operations
Work
Planning
Adherence to
Regulations
Corporate
Governance
and InfrastructureProperty, Facilities
Physical
Security
Financial
Capacity
Cash & Credit
Management
Enterprise Risk
Management
Business
Risk or
Interruption
Intellectual
Property,
Processes &
Vital Records*
Business Continuity
Planning
How are the Threats Identified to Prepare and
Prevent a Disaster?
•Don’t just visit the site, inspect the site!
•Collaborate with your colleagues and vendor base to ID the top 10 threats
in each category.
ID regional natural threats, have a backup plan.
ID manmade threats, launch control measures.
ID technological threats, have a backup plan.
•Is lack of compliance with OSHA and ADA a threat? Yes!
•Is lack of Preventive & Predictive Maintenance a threat? Yes, just wait until
Friday afternoon or Saturday evening.
•Prepare a plan based on the above, implement controls , inspect and test!
Assess
Respond
Manage Recover
Resume
Pandemic
Fire Flood
Storm
Terrorism
???
Normal
Business Operations
Security
Regulatory
Continuity Planning and Response Move in a Cycle
Develop A Disaster Preparation, Response and
Recovery Plan
•How So? Start by Identifying the Threats, their Probability and their
Impacts to the Organization. How can the threats be controlled.
•What are the threats?
Natural
Manmade
Technological
•Lack of preparation and a plan can threaten your career!
•Lack of preparation and a plan is a call for the lawyers!
Businesses Will Use Their Continuity Plans Regularly
Business Preparedness Involves Five Important Steps
1. Develop a Program (for what you will do
in an emergency)
2. Have Back-ups (for critical people,
equipments and supplies)
3. Practice Your Plan (at least once each
year)
4. Be Informed (about what might happen)
5. Get Involved (in preparing with your
community)
You Need Six Essential Tools in Your Preparedness Program
1. Severe Weather Alerts
2. Emergency Notification System
3. Incident Management Program
4. ePlan Documentation
5. Situational Awareness Monitoring
6. Personal Preparedness/Resiliency
Weather Disasters at Highest Levels Ever Recorded
Source: NOAA
Billions
Total economic damage = $52B, Most $1B+ Disaster Ever
Forecasting, Monitoring and Alerting
Tropical storm & hurricane analysis Severe weather analysis 24/7 alerting (including “all clear”) Domestic and International coverage Web-based weather briefings for key personnel 24/7 access to meteorologists for additional consultation and pre-scheduled conference calls
Consulting and Support Programs
Corporate Business Continuity & Emergency Preparedness: consulting services and training programs Personal Preparedness: Seminars, Webinars, and Personal Preparedness tools
#1 – Essential Tool
Severe Weather Services
Capability Resident Meteorologist National Weather Service Web-based Weather Services Dedicated Weather Service
Available 24x7x365 No Yes Limited, w/Advertisements Yes
Domestic & International No No Limited Yes
All Weather Services – Severe,
Tropical, Marine Yes No No
Yes
Customized Alerts & Forecasts Yes No No Yes
Any Time, Live Help Limited No No Yes
Meteorologist Needed On-Site Possible No No Yes
Imbedded “Calls to Action” Yes No No Yes
Integrated Business Continuity
Services No No No
Yes
Certified Crisis Experts On-call Limited No No Yes
Branded, Direct Access Website Possible Yes No Yes
All-Hazards Data Feeds/Alerting No No No Yes
“Single Pane of Glass” No No No Yes
All Clear Notices Limited No No Yes
Video Production Studio No No No Yes
Crisis Webconferences Possible No No Yes
Daily Branded Weather Videos No No No Yes
Site-specific, All-Hazard Trigger
Reports Possible No No
Yes
Best Practice Web & Seminars No No No Yes
Delivery to Any Device Yes No No Yes
“Manually dialed telephone call trees are no longer acceptable for emergency notification. Effective incident management requires automation to ensure business continuity.” -Gartner, Inc.
#2 – Essential Tool
Emergency Notification System
Incident
Detected Incident Management Team
(IMT) Member Aware
Incident Commander (IC)
*Division VP
*Manager of Administration
Notified
Initial Incident
Assessment
Site Back to
Normal
Standard
Operating
Procedures
Incident
Briefing
Impact
Assessment
Incident
Assessment
Incident
Objectives
- Develop IAP
- SITREP
Alternate
Operating
Procedures
Recovery
Procedures
Site Back to
Normal
Resume
Normal
Operations
Critique IMT
Response
Need to
Update Plan
Plan
Maintenance
and Update
End
Major
> 8 hrs
Minor
< 8 hrs
> 8
hrs
No
Yes < 8 hrs
No
NoYes
Demobilization
Report to
Executive
Oversight
CommitteeYes
IMT
Assembled
*Foreseen Events
#3 – Essential Tool
Incident Management Program
• Repository for all IM, BC, ER and DR plans
• Component of comprehensive Business Continuity effort
• Modules for both planning and incident management
• Linked with emergency notification system
• NIMS Compliant
#4 – Essential Tool
ePlan Documentation
– Crisis management is moving from offices or command rooms to sophisticated mobile and online environments…
– Breaking threats in dozens of risk categories now delivered as targeted alerts, anytime, anywhere…
#5 – Essential Tool
Situational Awareness Monitoring
Most individuals, and thus their employers, are unprepared
for a disaster
“Only 7% of Americans have taken the
necessary steps to prepare for disasters”
Source: American Red Cross
#6 – Essential Tool
Personal Preparedness
“75% of company plans do not support employee resiliency”
Source: Forrester Research
#6 – Essential Tool
Personal Preparedness
Most individuals, and thus their employers, are
unprepared for a disaster
# 6 – Essential Tool
Employee Education Works
• Annual Preparedness Programs • Speakers, Demos, Handouts • Company Intranet Campaigns • Home, Office Videos & Checklists • Contact Info Updates
• Cost effective, 100x ROI • Save $2,800 per employee • Overcame Complacency • Mitigated Damages, Impact • Less Time Responding • More Effective Action
Ready Today = Ready in Crisis
© Personal Recovery Concepts, All rights reserved
You Need To Be Prepared for Many Reasons • Protection (people, reputation, resources)
• Legal (regulatory compliance, litigation)
• Financial (more revenue, reduced costs)
• Decision-making (one source, more confidence)
• Good Business (stakeholders, market share)
Contingency Planning in Many Areas is Highly
Regulated
• Required to have an “all
hazards” plan
• Weather is leading hazard
causing business interruption
• Plan must follow a Standard
• All standards include
preparedness of the
workforce that the plan relies
upon before, during and after
a continuity event
• PS-Prep will translate that
requirement to any private
sector company
PS-Prep will Impact Every Private Sector Company Title IX, PL 110-53 (Private Sector Preparedness Act) • Outgrowth of 9/11 Commission Report
• Independent certification of private sector emergency preparedness (including disaster/emergency management & business continuity)
• Administer outside government by third parties
• Give special consideration to small businesses (15 USC 632)
• Based on standards (3 already approved)
• FEMA Administrator is responsible • DHS is encouraging multiple standards • Initial certifications will be “conformity or non-conformity” based • Process slowed by change of administrations • Integrate, recognize & credit existing industry efforts, standards,
best practices and reporting
Should Vendors Comply with PS-Prep?
•If business units are prepared, their supply chain should be equally
prepared.
•A resilient supply chain is prepared for natural disasters, business
interruptions and terrorism.
•Preparedness guarantees quality products with on-time deliveries to
business units.
•You can’t do business with an empty wagon.
•The purpose of PS-Prep is to enhance nationwide resilience against
all hazards and to support business preparedness.
Some Benefits of Preparedness May Not be Obvious
Minimizing Impact of Business Disruptions
Insurance Benefits
Rating Agency Acknowledgement
Mitigating Legal Liability
Post-Event
Supply Chain Resiliency
Corporate Governance
Reputational and other Benefits
Greater PreparednessGreater PreparednessGreater Preparedness
90% of Requirements Are Common in All Standards
1. Policy statement
2. Management commitment
3. Risk identification, assessment & analysis
4. Protect proprietary & confidential information
5. Incident management procedures & controls
6. Data control & backup (documents & information)
7. Continuity of critical operations
8. Exercises & testing
9. Independent audits
First (or Next) Steps to Take to Mitigate Your Risks
1. Assess your current level of emergency preparedness against industry best practices (report & gap analysis)
2. Select a standard to use (e.g. FFEIC, OCC, ASIS, etc)
3. Supplement and/or improve your existing preparedness processes, plans & activities to meet intent of desired standard(s)
4. Contract with accredited certification body for formal assessment and certification
5. Conduct on-going surveillance and continual improvement processes
Plan, Do, Check, Act
Someone Will Ask for Your Business Preparedness Plan
• Regulatory Auditors • Customers • Strategic Partners • Suppliers & Vendors • Fire & Law Enforcement
Preparedness Increases Revenue and Reduces Costs
• Oxford University study • Everyone loses value after crisis • Effective crisis response recovers quicker • 22% higher market cap 8 months after crisis • Cost of downtime = $84,000 -$90,000 per hour
Q&A
Have questions??
Mike Thomson Manager, Client Services & Business Continuity Programs ImpactReady @ ImpactWeather, Inc. 877-792-3220 [email protected]
Anthony Pizzitola Facilities & Disaster Recovery Manager Goode Company 713-667-9001 [email protected]
CONTACT