Disaster management basics rev 1

Disaster Management Basics

It IS All About Survivability

Copyright 2013, Logical Management Systems, Corp., all rights reserved

Disaster Management Basics

We tend to
subconsciously
decide what to
do before figuring
out why we want
to do it.

Business: what is it?
Business is driven by strategy carried out in the
form of plans by people who operate in existing
and evolving markets.

Every organization’s “strategic plan” (developed
either formally or informally) identifies their
critical objectives.

What is a disaster?
Merriam Webster:
 something (such as a flood, tornado, fire, plane
crash, etc.) that happens suddenly and causes
much suffering or loss to many people
 something that has a very bad effect or result

 a complete or terrible failure

What is a disaster for your organization?


Is Your Organization’s Planning Brittle?
 Do the organization’s plans stand in silos of excellence?
 Are activation and implementation of plans independent
and uncoordinated?
 Does the organization face critical junctures of survival
every time an event or certain shocks affect it?
 Does analysis of “worst case” scenarios underlay the basis
for planning?
 Do the plans reflect the strategy, goals and objectives of the
organization?


 We live in a complex and interdependent world, filled with
complex systems that are full of interdependencies (touchpoints)
that are hard to detect.
 The result is nonlinearity in responses to events, especially
random events/shocks.
 The odds of rare events are simply not computable.
 Model error swells when it comes to small probabilities.
 The rarer the event; the less tractable, and the less we know
about how frequent its occurrence.


Complexity
Touchpoints
Responsiveness

Resource Constraints

It is much easier to
sell: “Look what I
did for you”
than
“Look what I
avoided for you.”


Business Continuity – From What?
What is going to cause discontinuity?

Natural Disaster?
Sabotage?
People?

Fraud?

Operations?
Mismanagement?

Internal Factors?

EHS Issues?

Workplace Violence?
Power Failure?
Cyber-threats?
Nuclear, Chemical, Biological?

Terrorism?

What is the single highest probable
failure factor for your business?

External Factors?


How much Analysis are you doing right now?
Symmetric Threats – Natural, Normal, Abnormal
Natural Disasters
•Hurricanes
•Earthquakes
•Floods
•Tornadoes
•Drought

Physical Disasters
•Industrial Accidents
•Supply Chain
•Value Chain
•Product Failure
•Fires
•Environmental
•Health & Safety

Information Disasters
•Theft of Proprietary Information
•Hacking, Data Tampering
•Cyber Attacks

Personnel Disasters
•Strikes
•Workplace Violence
•Vandalism
•Employee Fraud
Economic Disasters
•Recessions
•Stock Market Downturns
•Rating Agency Downgrade

Criminal Disasters
•Product Tampering
•Terrorism
•Kidnapping & Hostages
Reputation Disasters
•Rumors
•Regulatory Issues
•Litigation
•Product Liability
•Media Investigations
•Internet Reputation
•Social Media

How much Analysis are you doing right now?
Asymmetric Threats – Known is replaced by the invisible foe
Put simply, asymmetric threats are
a version of “not fighting fair,” that
can include surprise, unplannable
and unpredictable events, impacts
to your touchpoints that have not
been anticipated.
Not fighting fair also includes the
prospect of an opponent designing
a strategy that fundamentally
alters the markets that you
compete in.

Business Impact Analysis
what are we analyzing?

We know now what to
measure, we know the current
performance and we have
discovered some problem
areas.
Now we have to understand
why problems are generated,
and what the causes for these
problems are.

Prediction – Projection
If you don’t know what you
don’t know, how can you
prepare for it?
Conventional practices leave us
vulnerable to random,
potentially catastrophic events,
that cannot be predicted based
on simple extrapolations from
the past or projections of the
future.

Emerging Risks – Likelihood, Impact & Velocity
High
Global Workforce

Environmental

Competition
Sovereign Debt
Geo-Political
Infrastructure

Markets
RISK VELOCITY

Likelihood

Economies

Very Rapid
Foreign Sources
Alternatives
Technology

Impact of the risk would
be evident in a month

Rapid
be evident in a quarter

Slow

Social Trends

be evident in a year

Low
Low

Impact

High

•Traditional risk assessments that prioritize risk on probability and impact are outpaced by the speed
at which risks move throughout the organization.
•While 70% of finance executives agree that risk velocity is a core consideration, only 11% have
introduced it into their risk assessments.
Source: Deloitte; Risk Integration Strategy Council Research


Six Key Questions
STRATEGY:
What are we committed to?

CONCEPT OF OPERATIONS:
How will we fulfill these commitments?

STRUCTURE:
Do we have an organization that serves our needs?

RESOURCE MANAGEMENT:
How will we manage our resources?

CORE COMPETENCIES:
What skills do we expect from our organization?

PRAGMATIC LEADERSHIP:
How will we optimize authority, decision-making,
workflow, information sharing?

Decision Making Issues Related to Risk
Neutralize
Share
Diversify
Mitigate

Transfer
Contain

Identify

Alter

Offset Effects
Reduce Exposure

Control

Alleviate Impact
Change Negative – Positive
Insure Against Loss
Monitor
Hedge
Derivatives
Discount

Living in a Non-Predictive World
A stone and its weight in pebbles – size matters.

A collection of small units with semi-independent variations
produces vastly different risk characteristics than a single large unit

Business Continuity Lifecycle
Recovery Management
Crisis Management
Emergency Response
Response
Mitigation
Termination

Normal Business
Operations

Transition
Point 1
 Activation
 Reactive Response
 Chaos

Business Recovery
Systems/Information Recovery
Reentry
Restoration
Resumption

Transition
Point 2
 Unplanned
Disruption

Resumption
Transition to New
Normal Operations
Transition
Point 3
 Planned
Disruption

New Normal
Business
Operations

Transition
Point 4
 Termination


How Well Will Your Organization Transition?
Transition Point 1
Activation
Reactive Response
Chaos/Uncertainty

Transition Point 3

Planned Disruption

?
Transition Point 2

Transition Point 4

Unplanned
Disruption

Termination


Plan – Respond – Recover – Restore – Resume
Plan
High

Resume

Event
Response

Restore

RTO
Recovery
RPO
Level of Service

(Image and Profile
affect degree of
disruption)

Graceful Degradation

Stability Levels

Agile Restoration

MTO
Low

CTL
Time (Time Critical)
(Time Sensitive)
(Time Dependent)

Business Continuity Lifecycle
Graceful Degradation + Agile Restoration = Resilience
Full Functionality

Detectors/Indicators of
change

Minimum Stable
Functionality
Maximum Stable
Level of Service

Devolve to most robust less functional configuration

(Personnel, Time, Product, Services)


RMR3 – Flexibility
Management
Operations

Logistics
Seamless
Communications
Finance

Administration

Internal/External Relations

Infrastructure
Planning


Building an effective crisis management team
Why Crisis Management Teams Fail:
 Crisis Management Team does not know its own reaction
time;
 Communications;
 Micro-Managing;
 Decisions are left at low levels;
 Allowing problems to compound.

Building an effective crisis management team
Your biggest challenge:

Getting the team to work together when they
generally do not function every day as a team
Your next biggest challenge:

Getting the team to comprehend their crisis
management roles, responsibilities, functions and
how they differ from their day-to-day roles,
responsibilities and functions


Crisis Management Team (CMT)
Team Competencies (TC)
How good are the team members?
Are they still struggling with basic procedures?

Team Identity (TI)
Does everyone know who does what?
Do they help each other out?
Is anyone micro-managing?
Is anyone “out of it”?

Team Metacognition (TM)
Who’s taking responsibility?
Do they spot and correct problems?
Do they get crunched for time?
Are they “territorial”?

Team Cognition (TC-1)
Is the CMT heading for the same goals?
Does everyone have the same picture?
Are they consistently in a reactive mode?
Do they get paralyzed by uncertainty?

Gary Klein:
“Sources of Power: How People Make Decisions”

Business Continuity – Three Levels
Strategic Level –
Saving the business

Operational Level –
Containing Business Unit Impacts

Key Functions
Leadership (Management)
Planning
Operations
Logistics
Finance
Administration
Infrastructure
Internal/External Relations

Tactical Level –
Operational Actions


Three Spheres of Concern
SPHERE OF INFLUENCE
Your assets and capabilities can affect the
courses of action of others
SPHERE OF RESPONSIBILITY
Your corporate mission, vision, values,
goals, objectives
SPHERE OF INTEREST
Assets and Capabilities of others can effect
your courses of action


“If you keep doing what you’ve
always done – you’ll keep getting
what you’ve always gotten.”

Geary W. Sikich
Principal
Logical Management Systems, Corp.

www.logicalmanagement.com
gsikich@logicalmanagement.com
g.sikich@att.net

+1 (219) 922-7718

Disaster management basics rev 1

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Disaster management basics rev 1

Similar to Disaster management basics rev 1 (20)

Recently uploaded

Recently uploaded (20)

Disaster management basics rev 1

Editor's Notes