Philip Stack


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Due Diligence and Reasonable What is reasonable Very contextual What is standard procedure in the industry What would the informed individual in these circumstances have done A reasonable person is one who knows the law and who knows the workplace Legal Penalties Penalties under regulatory law are to: Motivate people to pay attention to their obligation to take reasonable care
  • Due Diligence and Reasonable What is reasonable Very contextual What is standard procedure in the industry What would the informed individual in these circumstances have done A reasonable person is one who knows the law and who knows the workplace Legal Penalties Penalties under regulatory law are to: Motivate people to pay attention to their obligation to take reasonable care
  • Chain of Command structure An orderly line of authority Someone who is a lead during normal work may not be the commander when the EOC or incident demands Characteristics of a Team (1): Strong leader Empowered members Shared vision Continuous access to the same information Mutual respect – every job is important
  • Philip Stack

    1. 1. CAUBO Annual Meeting Winnipeg, Manitoba June 16, 2008 Concurrent Session Business Continuity and IT Disaster Recovery: Ensuring an Integrated Approach
    2. 2. Overview of Presenters Gerry Miller University of Manitoba Philip Stack Associate Vice President Risk Management Services University of Alberta
    3. 3. Presentation Outline Part 1 Overview of Integrated Emergency Management Part 2 IT Disaster Recovery
    4. 4. “ An emergency will occur at some point in the history of the university. Never assume it only happens to someone else.” (1999 Harrell, G. North Carolina Hurricane) ___________________________________________ “ The Whole Place is Underwater!” Teaching, research completely halted by rising floodwaters Another Campus Shooting University mourns. President under fire for lack of preparation Radiation Leak Stuns Administrators University authorities didn’t even know the dangers, says prof
    5. 5. <ul><li>Unexpected </li></ul><ul><li>Unscheduled </li></ul><ul><li>Unplanned </li></ul><ul><li>Unprecedented </li></ul><ul><li>Definitely Unpleasant </li></ul><ul><li>“ It’s not a matter of whether a disaster or emergency scenario will confront a campus but when. I have confronted numerous emergency situations requiring rapid decisions, such as several campus evacuations and extended closures that threatened the institution’s academic program. </li></ul><ul><li>Dealing with the long-term trauma people faced was a humbling and daunting experience. </li></ul><ul><li>“ Our decision to create comprehensive plans and to continually monitor and update these plans has proved to be one of the best uses of our time and resources.” </li></ul><ul><li>John Cavanaugh, President University of West Florida </li></ul>An Emergency at the University/College
    6. 6. Why Worry about Emergency Management? 1/2 <ul><li>Society’s Tolerance - more informed, wiser society not willing to accept uncertainty as in the past. </li></ul><ul><li>Institutional Accountability – to the Community, the Board, Government, to Us. New legislation closes gaps for corporate immunity e.g. the directing mind. </li></ul><ul><li>Legal Risk - an act or lack of an act could land the University in court and someone potentially with a record. The trend to hold the University responsible for failing to take reasonable steps to prevent a crisis. Or, for failing to be adequately prepared to manage a crisis situation. </li></ul>Making emergency preparedness a priority may require building crisis management into job descriptions, personnel evaluations and audits. - Poland (1994)
    7. 7. Why Worry About Emergency Management? 2/2 <ul><li>Reputation - Potential damage to the University’s reputation, and, just as important, damage to your own reputation. </li></ul><ul><li>Fragile - The systems may be overloaded and the infrastructure easily broken. Large interdependencies can result in disastrous failures e.g. power outage in eastern Canada and USA, failure of the IT system, failure of communications. </li></ul><ul><li>Educational institutions - are not exempt from regulations e.g. WH&S/OH&S and the need to provide a safe environment. They may be different in inherent risks and operational risks – but they are still accountable. </li></ul>“ The key to risk management is delivering risk information, in a timely and succinct fashion, while assuring that key decision makers have the time, the tools, and the incentive to act upon it…it follows that the biggest single responsibility of the risk management function is intelligent communication”. Kloman, Felix. (Risk Management Reports, 2001)
    8. 8. What are we trying to achieve? <ul><li>Integrated Emergency Management Program </li></ul><ul><li>Involvement of Faculties, Departments and Planning </li></ul><ul><li>Business Continuity including Pandemic readiness </li></ul><ul><li>Enhancing Emergency Preparedness and Management components </li></ul>
    9. 9. Preparedness Response Recovery Prevention-Mitigation The Goal <ul><li>Increase readiness </li></ul><ul><li>Building capacity and reliability </li></ul><ul><li>University wide approach </li></ul><ul><li>Systems, adaptable and flexible </li></ul><ul><li>Emergency management principles </li></ul><ul><li>Strengthen practices and decision making </li></ul><ul><li>Protect the core businesses </li></ul>
    10. 10. Level 1 Initial Emergency Response Faculty/Department Action Disaster/ Major Emergency/ Outage Level 2 or 3 EOC Activation CMT Activation Faculty/Department Unit Action Plan Assessment Recovery Restoration Resumption Continuity CRISIS COMMUNICATION PLAN Internal and External Stakeholders Normal Operations Prevention Plans Preparedness Training IEMP When The Wheels Come Off !
    11. 11. University of Alberta Crisis Communications Plan University of Alberta Emergency Master Plan Faculty/Department Action Plan Department/Unit Action Plan University’s Integrated Emergency Management Program Health Authorities Emergency Response Departments Government Agencies Layered Planning and Interoperability
    12. 12. Administration and Maintenance Risk, Prevention, Preparedness Action Plans: Response, Recovery, Res. Roles, Responsibilities, Checklists Incident Command System and SOPs Incident Command System Appendix Post Incident Measures Resources and Forms Emergency Contacts - In/Ex Activation and Notification, Operation U of A Integrated Emergency Management Program General, Introduction, Policy, Overview Loss of Critical vendor Loss of IT, Communications Loss of Utilities Loss of People Capacity Loss of Equipment/Vehicles Loss of Facility/ Office/Workspace Business Continuity -Action Plans Emergency Master Plan & Faculty/Department Action Plans. Contingency Plans, Alternative Measures, Mitigation and Protection Crisis Communication Plan and Teams Supporting: Preparedness, Response, Recovery and Resumption - University wide Business Continuity Planning
    13. 13. <ul><li>Business Continuity to Action Plans </li></ul><ul><li>Phased Development: </li></ul><ul><ul><li>Analysis </li></ul></ul><ul><ul><li>Alternate Measures, Solutions and </li></ul></ul><ul><ul><li>Strategies </li></ul></ul><ul><ul><li>3. Implementation (Faculty/Department: Emergency Operations Plan/Action Plan) </li></ul></ul><ul><ul><li>4. Maintenance </li></ul></ul>How do you get there?
    14. 14. Business Impact Analysis <ul><li>Critical business services </li></ul><ul><li>Work flows </li></ul><ul><li>Maximum acceptable </li></ul><ul><li>downtime </li></ul><ul><li>Vital records and documents </li></ul><ul><li>Priorities for recovery and resumption </li></ul><ul><li>Interdependencies </li></ul>Caring, Protecting, Responsible Planning For A Catastrophe Is Positive Thinking. Not Thinking Is A Disaster!
    15. 15. Scenario Planning <ul><ul><li>Loss of access </li></ul></ul><ul><ul><li>Loss of utility </li></ul></ul><ul><ul><li>Loss of facility </li></ul></ul><ul><ul><li>Loss of people </li></ul></ul><ul><ul><li>Loss of IT and or Telecommunications </li></ul></ul><ul><ul><li>Loss of critical vendor </li></ul></ul>Caring, Protecting, Responsible How to Recover Lost Business Services and Functions
    16. 16. University and Risks <ul><li>Risk of fire, flood, tornado: Water, structural damage </li></ul><ul><li>Risk of crime, disorder, terrorism : Theft, bomb threat, work place violence, civil disturbance, hostage, shooter, fraud </li></ul><ul><li>Public Health Emergency : avian pandemic, meningitis </li></ul><ul><li>Risk to utilities: High temperatures, High or low humidity </li></ul><ul><li>Risk to environment: Mold and mildew, pests, asbestos </li></ul><ul><li>Risk of hazards on roads </li></ul><ul><li>Human error </li></ul><ul><li>IT risks </li></ul><ul><li>Financial Risks </li></ul><ul><li>Regulatory Risks </li></ul><ul><li>Reputation Risk </li></ul>You are in the Risk Management Business!
    17. 17. Potential Consequences <ul><li>Health, safety and security </li></ul><ul><li>Injuries or loss of life </li></ul><ul><li>Animal care </li></ul><ul><li>Specimens, data, vital records </li></ul><ul><li>Legal </li></ul><ul><li>Regulatory </li></ul><ul><li>Financial </li></ul><ul><li>Infrastructure </li></ul><ul><li>Reputation </li></ul><ul><li>Loss of students </li></ul><ul><li>Loss of Faculty and Staff </li></ul><ul><li>Loss of collections </li></ul><ul><li>Loss of valuable documents </li></ul><ul><li>Morale </li></ul>Risk Does Not Respect Boundaries!
    18. 18. Risk Analysis Tool Caring, Protecting, Responsible Natural Disaster / Man-Made Emergency Probability Severity Risk Level Priority Fire Remote Catastrophic Medium 3 Flood Occasional Catastrophic High 2 Major Power Outage Probable Critical High 1 Bomb Threat Improbable Critical Low 4 Risk: What can go wrong? How likely is it? What are the consequences? Source: Natural Technical Man-Made
    19. 19. Response Staff U of A PHR Strategy Crisis Communications Plan U of A Integrated Emergency Management Program U of A Emergency Master Plan Faculties Research Administration Facilities and Operations Essential Services Animal care Labs Teaching IT and Records Campus Security EH&S Power Human Resources Water Planning Residence Services Communications Heat Staff Sponsors Finance Payroll Redeployment Grounds Buildings Operations Communications Perishables IT Analysis and Action Plans
    20. 20. Integrated Emergency Management Program - Model Leadership and Commitment Risk Management Culture Functions, Services, Systems and Processes Ready, Resilient and Robust University
    21. 21. Incident Command System – The Building Blocks Command Command Staff General Staff Doers Thinkers Getters Payers First Responders
    22. 22. Sample Emergency Operations Centre EOC Director University President University Emergency Policy Group: VPs and General Counsel Finance & Administration Section Chief Operations Section Chief Liaison Officer Faculty and Deans Liaison Officer: Internal/External Public Information Officer Registrar Public Safety HR Facilities Management Student/Residents Services Financial Services Risk Mgnt & Insurance Contracts EOC Coordinator Planning and Intelligence Section Chief Documentation Unit leader Situation Status Demobilization Logistics Section Chief Facilities Management IT & Telecomm Supply Management Capital Projects Resource Tracking Deputy EOC Director Financial Services
    23. 23. <ul><li>Emergencies prompt a change in management style </li></ul><ul><li>From Consultative to Command and Control </li></ul>Management Style During an Emergency at a University “ You’ve got to take stock of the damage and how you’ll recover from it. You’ve also got to take stock of your human resources, who’s available and what’s their work capacity. Remember that damage isn’t just physical. Take stock of outside resources. Who can help? The big thing: Take control. As president, as a CIO, you’re in the best position to look out for your own institution. Don’t rely upon FEMA (Emergency Management Alberta, Public Safety Canada ). Don’t rely upon the government. Don’t rely upon the state (province). Take control of the situation.” John Lawson, VP Information Technology and CIO, Tulane
    24. 24. <ul><li>In Summary </li></ul><ul><ul><li>Leadership commitment </li></ul></ul><ul><ul><li>Integrated approach </li></ul></ul><ul><ul><li>Build a risk culture </li></ul></ul><ul><ul><li>Train and exercise </li></ul></ul>
    25. 25. Here‘s why we need to be ready for emergencies...
    26. 26. Seventh place...
    27. 28. 6th place Sixth place...
    28. 30. 5th place Fifth place...
    29. 32. 4th place Fourth place...
    30. 34. 3rd place Third place...
    31. 36. 2nd place Second place...
    32. 38. And the WINNER is...