In fact, over 70,000 disasters occur annually in the U.S. alone. They can’t be scheduled, but they can be predicted and planned for. The consequences can be managed and Mitigated.
DO NOT CLICK UNTIL READY TO ADVANCE TO NEXT SLIDE. Not all threats are equal. Not all apply. Not all have the same impact. Everything should be considered, evaluated, and understood. Look at all your locations. Look at your employees. Look at your vendors. Look at your customers.
Firestorm Solutions, LLC. welcome you to today’s seminar “Luck is Not a Strategic Plan.” We all face a world today that has a complex pattern of growing risks and threats. Insurance addresses some of the impacts, but does not prevent impacts or mitigate all losses. Business Continuity is a strategic governance issue. Unfortunately, many minimize exposures that have not been personally experienced. Failure to adequately Predict. Plan. Perform. will create a corporate environment destined for disaster.
More than an IT issue. Data and access are critical. There can be no recovery without people.
Y- & X-AXES APPEAR AUTOMATICALLY. CLICK TO BRING UP ‘NORMAL OPERATIONS’, THEN ‘WARNING,’ THEN ‘DANGER’. Low impacts are managed by normal operations regardless of certainty. The potential of high impacts even though low certainty should be identified. There must be a decision process in place to address all high impact vulnerabilities. “ Never bet the company.” Some events can place the survival of the organization at risk. Good governance and fiduciary responsibilities mandate formal direct attention and require a strategic business continuity plan.
CLICK FOR EACH POINT. Everything is foreseeable. Anyone can be found accountable. If directors and officers neglect to prevent or mitigate foreseeable disasters or prepare for those that are not preventable, the business-judgment rule will not shield them. They are exposed to liability if they fail to act in good faith and exercise due care. Some of you may already be thinking about the disaster recovery plan your company has or considering purchasing a pre-packaged plan. It may be nicely packaged in a fat binder on the bookshelf – you’ve probably never really read it, but you figure your people have. Certainly the IT staff has, and the security team. And, you would hope, human resources. A plan alone does not guarantee that you have everything in place. As we all have observed, what happens in minutes can take have tremendous long term personal and business impacts. Crisis and consequence management are part and parcel of responsible corporate governance. In fact, it is a liability issue, and one that may not seem either foreseeable, much less fair. You may not be aware that the Port Authority of New York, the landlord of the World Trade Center, was found to be twice as liable as the terrorists who did the bombing in 1993. It was held that the Port Authority should have foreseen the possibility.
CLICK TO BRING UP EACH ELEMENT OF THE IMAGE. If directors and officers neglect to prevent or mitigate foreseeable disasters, or prepare for those that are not preventable, the business-judgment rule will not shield them. They are exposed to liability if they fail to act in good faith and exercise due care. Corporate boards and senior management are responsible for duty of care to shareholders and employees to identify and prepare for foreseeable, likely risk threats. Today everything is foreseeable . Failure to plan is negligence, regardless of ignorance or denial. This failure is a breach of a legal duty by not employing the standard of care that a reasonably prudent individual would use in comparable circumstances, thereby directly causing the foreseeable damage. National standards and recognized global threats have put businesses on notice that ongoing planning, implementation, and funding are required of management. A jury found the Port Authority of New York and New Jersey guilty of negligence in the 1993 bombing of the World Trade Center. The jury was swayed by a 1985 report in which the Port Authority’s own security officials warned that the facility’s 400-space garage was a likely terrorist target. Juror Ray Gonzales said the report was “very prominent” in the panel’s deliberations, adding that the Port Authority “dropped the ball.” Another cause of concern from this case to future defendants in other disasters or crises, the jury allocated 68 percent (or two-thirds) of the blame for the attack on the Port Authority, holding that the Authority was twice as liable for the attack as the actual attackers. In 2003, a federal judge in New York ruled that a plane flying into the World Trade Center was “within the class of foreseeable hazards,” thus allowing 9/11-related negligence litigation. These landmark cases create precedents for employees, customers, business partners, shareholders, municipalities, and other “stakeholders” to successfully sue organizations for negligent security and business continuity planning. This shows that failure to plan is negligence and grounds for liability for companies, CEOs, CFOs, other “C-suite” executives and directors. In summary from a legal perspective, due diligence and sound governance demand that organizations develop, maintain, and test comprehensive business continuity plans since: Organizations are susceptible to a variety of disasters and crises, both natural and man made; Disasters and crises are predictable; Organizations with business continuity plans are better prepared to survive a disaster if one occurs.
Change title to “readiness” or “disaster due diligence” to be more inclusive Today’s seminar is designed to assist you and your organization in analyzing your current status of disaster preparedness and vulnerability. The agenda for today’s seminar is designed to provide you information, complete a case study, and to answer questions. You and your organization have many policies, procedures, and systems in place to manage disasters and crises. Congratulations. Please focus today on identifying action items and areas requiring additional information. If you or your employees can not immediately identify the necessary steps to address the vulnerabilities discussed, then your company’s survival depends on creating a new corporate culture of preparedness. Firestorm has found that there are strategic advantage initiatives for your organization relative to your competition or similar organizations in managing a disaster or crisis.
CLICK ONCE TO BRING UP IMAGE, AND THEN STOP. DO NOT CLICK UNTIL READY TO ADVANCE TO NEXT SLIDE. The disaster environment is complex. Everyone and anyone can be impacted. Your company does not have to be directly hit to be impacted. The ending of an event does not stop the impacts. Consequence management can take years. What comes to mind with the mention of “Columbine” - not the state flower of Colorado. Ten years to settle claims. Lives changed forever.
This is a continual process . . .
Firestorm has published a book entitled “ Disaster Ready People for a Disaster Ready America .” This book is a guide for individuals to address their disaster preparedness needs at home. If individuals are prepared at home, they are more likely to be available to assist in the organization’s business recovery. If you are interested in receiving a copy of the book, please let me know. The Firestorm web site can be accessed at: http:// www.firestorm.com /
What now? You invent the future.
Interested in measuring your program? Or discussing your program needs Day 1
Mailcom 2010 Las Vegas Ss278
Course #: SS278 Title: Using 3 "P's" to prevent 3 "D's" Scheduled For: Monday, Round Seven, 4:30-5:30 pm Presented By: Dave Flora, Principal MAILCOM Conference
Presidential Proclamation- NATIONAL PREPAREDNESS MONTH, 2010 <ul><li>BY THE PRESIDENT OF THE UNITED STATES OF AMERICA: </li></ul><ul><ul><li>During National Preparedness Month, we stress the importance of strengthening the security and resiliency of our Nation through systematic preparation for the full range of hazards threatening the United States in the 21st century, including natural disasters, cyber attacks, pandemic disease, and acts of terrorism. This year marks the fifth anniversary of Hurricane Katrina, one of the most tragic and destructive disasters in American history. In remembrance of this national tragedy, we must reaffirm our commitment to readiness and the necessity of preparedness. </li></ul></ul>
Presidential Proclamation- NATIONAL PREPAREDNESS MONTH, 2010 <ul><li>My Administration has made emergency and disaster preparedness a top priority, and is dedicated to a comprehensive approach that relies upon the responsiveness and cooperation of government at all levels, the private and nonprofit sectors, and individual citizens. </li></ul><ul><li> I also encourage Americans to get involved with the thousands of organizations in the National Preparedness Month Coalition, which will share preparedness information and hold preparedness events and activities across the United States. By strengthening citizen preparedness now, we can be ready when disaster strikes. </li></ul>
<ul><li>“ 85% of US infrastructure is in the private sector.” </li></ul><ul><li>Source: The 9/11 Commission Report </li></ul><ul><li>Food Chain </li></ul><ul><li>Energy Supply </li></ul><ul><li>Healthcare System </li></ul>
<ul><li>“ 83% of business will lose 20% to 30% of shareholder value within 5 years of a crisis or disaster.” </li></ul><ul><li>Source: Oxford Metrica </li></ul>
9/11. Katrina. Virginia Tech. The worst disaster you will see is the one that happens to y ou or your business
Extreme Heat Fires Floods Global Warming Hazardous Materials Hurricanes Compliance Multi-Hazard Nuclear Earnings Pandemic Power Outages Thunderstorms Unions Winter Storms Workplace Violence Dam Safety Economy Terrorism Tsunamis Tornadoes Extreme Heat Floods Global Warming Hazardous Materials Hurricanes Nuclear Pandemic Terrorism Fires Power Outages Landslides Thunderstorms Tsunamis Unions Volcanoes Winter Storms Earthquakes Flu Global Warming INS Media Tornadoes Floods IRS Power Outages Thunderstorms Terrorism Succession Planning Nuclear
<ul><li>Almost every disaster, incident of school/workplace violence, act of terrorism or corporate failure was preceded by warning signals. </li></ul>
t “ Preparedness is not a luxury; it is a cost of doing business.” Source: The 9/11 Commission Report
Business Continuity represents assurance that an enterprise has the ability to continually meet their commitments, i.e., “run the business” ……. no matter what .
<ul><li>SYSTEMS DO NOT PROTECT PEOPLE </li></ul><ul><li>SERVERS CANNOT INITIATE ACTION </li></ul><ul><li>NETWORKS WILL NOT BE HELD ACCOUNTABLE </li></ul><ul><li>NO PEOPLE -> NO RECOVERY </li></ul>Every Crisis is a Human Crisis.
<ul><li>80% of continuity plans have never been tested </li></ul><ul><li>Source: AT&T </li></ul>
NORMAL OPERATIONS AWARENESS & CONTINGENCY PLANNING CORPORATE GOVERNANCE & PREACTION PLAN CERTAINTY IMPACT
“ There cannot be a crisis next week. My schedule is already full.” Henry Kissinger
The 3 “D’s” <ul><li>Distraction </li></ul><ul><ul><li>Hurricane forming, Snowstorm coming, Flu season starting </li></ul></ul><ul><li>Disruption </li></ul><ul><ul><li>Power outage, Water main break, Earthquake rattle </li></ul></ul><ul><li>Disaster </li></ul><ul><ul><li>Loss of facility, loss of life, loss of shareholder value </li></ul></ul>
YOUR COMPANY/CLIENTS Employees Family & Friends Work & School Critical Suppliers Customers Stake holders
Predicting Mail Center Vulnerabilities <ul><li>A process used to determine what controls are needed to protect critical or sensitive assets adequately & cost-effectively </li></ul><ul><li>The process examines five variable functions: </li></ul><ul><ul><li>1. Specific Assets to be protected (value) </li></ul></ul><ul><ul><li>2. Potential Threats to the various assets </li></ul></ul><ul><ul><li>3. Vulnerabilities that would allow the threats to materialize </li></ul></ul><ul><ul><li>4. Kinds of Losses that the threats could cause </li></ul></ul><ul><ul><li>5. Safeguards that would reduce the loss or eliminate the threats </li></ul></ul>
Every business function needs Plans for three backups: <ul><li>People (to do the actual work) </li></ul><ul><li>Places (for butts & chairs) </li></ul><ul><li>Processes ( ways to do the actual work) </li></ul>
Mail Centers need to Perform When the time comes <ul><ul><li>Five Key Sins: </li></ul></ul><ul><ul><li>Failure to identify all threats ,vulnerabilities, options </li></ul></ul><ul><ul><li>Failure to conduct critical supply chain analysis </li></ul></ul><ul><ul><li>Failure to rigorously test assumptions and plans </li></ul></ul><ul><ul><li>Failure to educate and train employees </li></ul></ul><ul><ul><li>Failure to have a detailed communications strategy </li></ul></ul>
<ul><li>70% of businesses have no workplace violence plan </li></ul><ul><li>Source: ASIS </li></ul>
<ul><li>If you had to respond now, would you be ready? </li></ul>PREDICT. PLAN. PERFORM. ™
Contact: David Flora Firestorm Solutions dflora @firestorm.com 847-540-9365