Are You & Your Facility Ready?What’s New in Business Continuity, Personal Resiliency & Preparedness Mike Thomson Manager, Client Services & Business Continuity Programs ImpactReady @ ImpactWeather, Inc. Anthony Pizzitola, CFM, CBCP, MBCI Facilities & Disaster Recovery Manager Goode Company
First, what are we solving for ?•Business Continuity Management is defined as a holistic managementprocess that identifies potential impacts that threaten an organization andprovides a framework for building resilience with the capability for aneffective response that safeguards the interests of its key stakeholders,reputation and value creating activities.•The primary objective of Business Continuity Management is to allow theExecutive to continue to manage business operations under adverseconditions, by the introduction of appropriate resilience strategies,recovery objectives, business continuity, operational risk managementconsiderations and crisis management plans. Disaster Recovery Institute International
Business Continuity Helps Manage Risk in Many Ways Cash & Credit Business Continuity Management Planning Intellectual • Protects 85% of the business Financial Property, Capacity Processes & Vital Records* Physical Security Property, Facilities and Infrastructure Life Safety Emergency Response • Nearly 170% return on investment Adherence to Business Risk or • Non-compliant companies paid $9.4M in Regulations Interruption Corporate Governance Operations Enterprise Risk fines, penalties & lost revenue • Compliant companies paid $3.5M Management Work Planning 2
How are the Threats Identified to Prepare and Prevent a Disaster?•Don’t just visit the site, inspect the site!•Collaborate with your colleagues and vendor base to ID the top 10 threatsin each category. ID regional natural threats, have a backup plan. ID manmade threats, launch control measures. ID technological threats, have a backup plan.•Is lack of compliance with OSHA and ADA a threat? Yes!•Is lack of Preventive & Predictive Maintenance a threat? Yes, just wait untilFriday afternoon or Saturday evening.•Prepare a plan based on the above, implement controls , inspect and test!
Continuity Planning and Response Move in a Cycle Assess Normal Business Operations Security Fire Flood Resume Regulatory Respond Terrorism Pandemic Storm ??? Recover Manage
Develop A Disaster Preparation, Response and Recovery Plan•How So? Start by Identifying the Threats, their Probability and theirImpacts to the Organization. How can the threats be controlled.•What are the threats? Natural Manmade Technological•Lack of preparation and a plan can threaten your career!•Lack of preparation and a plan is a call for the lawyers!
Businesses Will Use Their Continuity Plans Regularly
Business Preparedness Involves Five Important Steps1. Develop a Program (for what you will do in an emergency)2. Have Back-ups (for critical people, equipments and supplies)3. Practice Your Plan (at least once each year)4. Be Informed (about what might happen)5. Get Involved (in preparing with your community)
You Need Six Essential Tools in Your Preparedness Program 1. Severe Weather Alerts 2. Emergency Notification System 3. Incident Management Program 4. ePlan Documentation 5. Situational Awareness Monitoring 6. Personal Preparedness/Resiliency
Weather Disasters at Highest Levels Ever Recorded Billions Source: NOAA Total economic damage = $52B, Most $1B+ Disaster Ever
#1 – Essential ToolSevere Weather ServicesForecasting, Monitoring and Alerting Tropical storm & hurricane analysis Severe weather analysis 24/7 alerting (including “all clear”) Domestic and International coverage Web-based weather briefings for key personnel 24/7 access to meteorologists for additional consultation and pre-scheduled conference callsConsulting and Support Programs Corporate Business Continuity & Emergency Preparedness: consulting services and training programs Personal Preparedness: Seminars, Webinars, and Personal Preparedness tools
Capability Resident Meteorologist National Weather Service Web-based Weather Services Dedicated Weather Service Available 24x7x365 No Yes Limited, w/Advertisements Yes Domestic & International No No Limited YesAll Weather Services – Severe, Yes Yes No No Tropical, MarineCustomized Alerts & Forecasts Yes No No Yes Any Time, Live Help Limited No No Yes Meteorologist Needed On-Site Possible No No Yes Imbedded “Calls to Action” Yes No No YesIntegrated Business Continuity Yes No No No ServicesCertified Crisis Experts On-call Limited No No YesBranded, Direct Access Website Possible Yes No YesAll-Hazards Data Feeds/Alerting No No No Yes “Single Pane of Glass” No No No Yes All Clear Notices Limited No No Yes Video Production Studio No No No Yes Crisis Webconferences Possible No No YesDaily Branded Weather Videos No No No YesSite-specific, All-Hazard Trigger Yes Possible No No ReportsBest Practice Web & Seminars No No No Yes Delivery to Any Device Yes No No Yes
#2 – Essential Tool Emergency Notification System“Manually dialed telephone call trees are no longer acceptable for emergency notification. Effectiveincident management requires automation to ensure business continuity.” -Gartner, Inc.
#3 – Essential ToolIncident Management Program Incident Detected Incident Management Team (IMT) Member Aware Incident Commander (IC) Site Back to *Division VP Normal *Manager of Administration Notified No Minor Major < 8 hrs > 8 hrs Standard Initial Incident IMT Operating Assessment Assembled Procedures Incident Briefing Impact Assessment Yes < 8 hrs > 8 hrs Incident Assessment Resume Normal Operations Incident Yes Objectives No Need to Critique IMT - Develop IAP Update Plan Response - SITREP Plan No Maintenance Report to and Update Alternate Executive Recovery Demobilization Operating Oversight Yes Procedures Procedures Committee End Site Back to *Foreseen Events Normal
#4 – Essential Tool ePlan Documentation• Repository for all IM, BC, ER and DR plans• Component of comprehensive Business Continuity effort• Modules for both planning and incident management• Linked with emergency notification system• NIMS Compliant
#5 – Essential Tool Situational Awareness Monitoring– Crisis management is moving from offices or command rooms to sophisticated mobile and online environments…– Breaking threats in dozens of risk categories now delivered as targeted alerts, anytime, anywhere…
#6 – Essential Tool Personal PreparednessMost individuals, and thus their employers, are unprepared for a disaster Source: American Red Cross “Only 7% of Americans have taken the necessary steps to prepare for disasters”
#6 – Essential Tool Personal PreparednessMost individuals, and thus their employers, are unprepared for a disaster “75% of company plans do not support employee resiliency” Source: Forrester Research
You Need To Be Prepared for Many Reasons• Protection (people, reputation, resources)• Legal (regulatory compliance, litigation)• Financial (more revenue, reduced costs)• Decision-making (one source, more confidence)• Good Business (stakeholders, market share)
Contingency Planning in Many Areas is Highly Regulated • Required to have an “all hazards” plan • Weather is leading hazard causing business interruption • Plan must follow a Standard • All standards include preparedness of the workforce that the plan relies upon before, during and after a continuity event • PS-Prep will translate that requirement to any private sector company
PS-Prep will Impact Every Private Sector CompanyTitle IX, PL 110-53 (Private Sector Preparedness Act)• Outgrowth of 9/11 Commission Report• Independent certification of private sector emergency preparedness (including disaster/emergency management & business continuity)• Administer outside government by third parties• Give special consideration to small businesses (15 USC 632)• Based on standards (3 already approved) • FEMA Administrator is responsible • DHS is encouraging multiple standards • Initial certifications will be “conformity or non-conformity” based • Process slowed by change of administrations • Integrate, recognize & credit existing industry efforts, standards, best practices and reporting
Should Vendors Comply with PS-Prep?•If business units are prepared, their supply chain should be equallyprepared.•A resilient supply chain is prepared for natural disasters, businessinterruptions and terrorism.•Preparedness guarantees quality products with on-time deliveries tobusiness units.•You can’t do business with an empty wagon.•The purpose of PS-Prep is to enhance nationwide resilience againstall hazards and to support business preparedness.
Some Benefits of Preparedness May Not be Obvious Minimizing Impact of Business Disruptions Insurance Supply Chain Resiliency Benefits Rating Agency Corporate Governance Acknowledgement Mitigating Reputational and other Legal Liability Benefits Post-Event Greater Preparedness Greater Preparedness
90% of Requirements Are Common in All Standards1. Policy statement2. Management commitment3. Risk identification, assessment & analysis4. Protect proprietary & confidential information5. Incident management procedures & controls6. Data control & backup (documents & information)7. Continuity of critical operations8. Exercises & testing9. Independent audits
Plan, Do, Check, Act First (or Next) Steps to Take to Mitigate Your Risks 1. Assess your current level of emergency preparedness against industry best practices (report & gap analysis) 2. Select a standard to use (e.g. FFEIC, OCC, ASIS, etc) 3. Supplement and/or improve your existing preparedness processes, plans & activities to meet intent of desired standard(s) 4. Contract with accredited certification body for formal assessment and certification 5. Conduct on-going surveillance and continual improvement processes
Someone Will Ask for Your Business Preparedness Plan • Regulatory Auditors • Customers • Strategic Partners • Suppliers & Vendors • Fire & Law Enforcement
Preparedness Increases Revenue and Reduces Costs • Oxford University study • Everyone loses value after crisis • Effective crisis response recovers quicker • 22% higher market cap 8 months after crisis • Cost of downtime = $84,000 -$90,000 per hour
Q&A Have questions?? CONTACTMike Thomson Anthony PizzitolaManager, Client Services & Business Continuity Programs Facilities & Disaster Recovery ManagerImpactReady @ ImpactWeather, Inc. Goode Company877-792-3220 email@example.com firstname.lastname@example.org