logging in or signing up InfraGuard Consequence Based Planning print Melinda Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 83 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 05, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Consequence-based Planning: Making disaster response a part of your daily work: Consequence-based Planning: Making disaster response a part of your daily work Central Texas InfraGard January 13, 2005 Ed Schaefer Emergency Management Coordinator Lower Colorado River AuthoritySome caveats . . .: This presentation represents only one approach to Business Continuity Planning. The concepts may not work for all organizations. Business Continuity Planning must be carried out in concert with emergency response planning– they must be coordinated, but they are not identical. Some caveats . . .My personal planning principles . . . : My personal planning principles . . . “Ready . . . Aim . . . Fire.” Define your objective before beginning to plan. The plan is not the objective. My personal planning principles . . . : My personal planning principles . . . Every organization has a plan. Just ask the people who do the work, they’ll tell you. Much of this planning has a long history of successful implementation. My personal planning principles . . . : My personal planning principles . . . “K.I.S.S. (Keep it simple, Sister.)” The importance of simplicity is directly proportional to the criticality of the incident. When things are going wrong really quickly, no one has time read the plan.My personal planning principles . . . : My personal planning principles . . . “If you want to see the forest, you have to look at the trees.” Recovery of the organization depends upon recovery of the individual functional units. Unit-level recovery is the responsibility of unit-level personnel. Organizational recovery is the responsibility of management. Existing organizational structures and processes are the most efficient tools for recoveryMy personal planning principles . . . : My personal planning principles . . . Day-to-day job training is the basis for recovery training. Most functional units face minor disruptions on a regular basis and have procedures in place to deal with them. A well-trained employee will know what to do, how to do it, where to do it, and what he/she needs in order to do it. Recovery training and drills focus on how to adapt when things change. The starting point is the assessment of what has changed– e.g., the consequences.My personal planning principles . . . : My personal planning principles . . . “It doesn’t matter why Humpty-Dumpty fell.” Consequences are the starting point for recovery actions. Recovery planning ought to be consequence based. Scenarios are the focus of after-action reports.Consequence-based Planning– Phases: Consequence-based Planning– Phases Phase 1– Plan to recover the pieces Identify the components/elements of your organization Focus planning on individual components/elements (limited linkage) Start with what you have Plan to go from total loss to complete recovery Phase 2– Plan to recover the functions Phase 3– Plan to respondBuilding a Business– the Essentials: Building a Business– the Essentials What gives our organization a reason to exist?Building a Business– the Essentials: Building a Business– the Essentials Who are our customers? Who uses our products?Building a Business– the Essentials: Other Marketing Production Management Payroll Purchasing Maintenance Building a Business– the Essentials What do we produce? What is our function?Consequence-based Planning– the Concept: People Consequence-based Planning– the Concept Who does the work in our organization?Consequence-based Planning– the Concept: People Provisions Consequence-based Planning– the Concept What do we need in order to do the work? Raw materials, supplies, etc.?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept Where is the work done? What facilities do we have?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept What is our information infrastructure?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept How do we do our work? What procedures do we use?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept How do we ensure that our organization is safe?Consequence-based Planning– the Concept: People Places Provisions Consequence-based Planning– the Concept Provisions People Places ReceivingScenario-based Planning: Scenario-based Planning Places Products People Provisions Lightning Plan Scenario-based Planning: Scenario-based Planning Places People Provisions Tornado Plan Lightning Plan ProductsScenario-based Planning: Scenario-based Planning Earthquake Plan Tornado Plan Lightning Plan ProductsScenario-based Planning: Scenario-based Planning Places Products People Provisions Biohazard Plan Earthquake Plan Tornado Plan Lightning Plan Scenario-based Planning: Scenario-based Planning Event Scenario-based Planning: Scenario-based Planning Business Continuity PlansScenario-based Planning: Scenario-based Planning Business Continuity Plans Plan development is multi-disciplinary and requires coordination of all functional groups. This may be the optimum approach but it can prove to be time-consuming. Content may be repeated in multiple documents, making it difficult to keep all plans current.Consequence-based Planning: Consequence-based Planning Consequence-based Planning: Consequence-based Planning Business Continuity PlanConsequence-based Planning: Consequence-based Planning Business Continuity Plan Plan development is usually confined to one or two functional groups. Concurrent planning can be conducted by the functional groups. Repetitive content is minimized, facilitating plan maintenance.Planning considerations– People: Planning considerations– People Includes: Key personnel involved in executing critical business processes Supervisory/management personnel with direct responsibility for critical business functions Customers or consumers of our productsPlanning considerations– People: Planning considerations– People Issues: Personnel safety is the top planning priority. This includes: Ensuring physical safety Providing emergency medical care and crisis counseling Protecting employees families Cross-training and succession planning mitigate sudden loss of key employees People inside and outside of the organization need information Personnel associated with critical functions are the best source of information in plan development.Planning considerations– Provisions: Planning considerations– Provisions Includes: Raw materials Business supplies and equipment Data Utilities (electricity, natural gas, water) Fuel for vehicles Dedicated emergency suppliesPlanning considerations– Provisions: Planning considerations– Provisions Issues: Reliability of suppliers Alternative suppliers Alternative delivery routes and locations Data backup and restoration Temporary source of key supplies Emergency generators for backup electrical power On-site potable water storage Gasoline/diesel storage Planning considerations– Places: Planning considerations– Places Includes: Buildings and facilities Some organizations may have multiple locations Some organizations may rely heavily on telecommutingPlanning considerations– Places: Planning considerations– Places Issues: The current space allocation is the starting point for calculating space needs If 100% restoration isn’t possible, consider implementing a phased approach Non-critical functions are not allocated workspace during initial recovery efforts Each business unit involved in a critical business function initially is allocated a percentage of its current space Adjustments to this allocation can be made as planning continuesPlanning considerations– Pipes: Planning considerations– Pipes Includes: Telecommunications infrastructure Telephones Radio communications Information technology (IT) infrastructure Local Area Networks (LANs) Wide Area Networks (WANs) Internet connectivityPlanning considerations– Pipes: Planning considerations– Pipes Issues: Must identify critical communications paths Single-points-of-failure must be identified Redundancy should be provided Personnel must be trained on use of alternate communications paths Documentation, equipment and supplies must be readily available to implement backup plans Emergency communications must be planned Planning considerations– Protection: Planning considerations– Protection Includes: Physical security Locks Security personnel Surveillance cameras Personnel awareness Cyber security Firewalls Intrusion detection processes User-initiated workstation security proceduresPlanning considerations– Protection: Planning considerations– Protection Issues: Access control Automatic door locks-- fail open or closed? Availability of additional security personnel Off-site monitoring of surveillance equipment Awareness training for all personnel– security is everyone’s job Consequence-based Planning– Phases: Consequence-based Planning– Phases Phase 1– Plan to recover the pieces Phase 2– Plan to recover the functions Identify business functions Prioritize business functions Link functions to elements Develop function-specific plans Phase 3– Plan to respond Function Analysis - Process overview 10 Easy Steps: Function Analysis - Process overview 10 Easy Steps Identify key functions ( and/or sub-functions) Determine the impact of each function Estimate probability of failure Estimate the amount of time before failure has an effect on ability to deliver essential services Estimate the amount of time to restore the function Score each function = (( Impact x Probability x Time to effect) / Time to restore) Rank each function by relative importance List critical elements, dependencies and plans for each function Determine the order for creating the functional recovery plans based on the ranks and scores Complete the plansConsequence-based Planning– Phases: Consequence-based Planning– Phases Phase 1– Plan to recover the pieces Phase 2– Plan to recover the functions Phase 3– Plan to respond Organize for flexible response Begin with an assessment of which elements have been lost or damaged Prioritize response actions Plan to respond– Assess: Plan to respond– Assess Begin with an assessment of which elements have been lost or damaged Assess physical damage Assess functional damage Assess ancillary impact Plan to respond– Prioritize: Plan to respond– Prioritize Prioritize response actions What must be done to ensure personnel safety? What must be done to stabilize the incident? What must be done to protect property? What must be done to restore functionality? Plan to respond– organize response: Plan to respond– organize response Organize for a flexible response– concepts Use all available resources Continuity of responsibilities Phased response An emergency will be met at the lowest and most suitable level. If resources available to a facility or business unit are inadequate to meet the need, additional resources will be provided. Requests for additional resources will generally be made within the business units most directly affected, but assistance from other business units may be requested as needed. Events which have the potential to generate widespread publicity or which require a major commitment of resources will be coordinated through the Emergency Operations Center (EOC). Plan to respond– organize response : Plan to respond– organize response Organize for a flexible response– functions Core functions Command = making the decisions Planning = figuring out what we need to do Operations = taking action Logistics = getting the “stuff” we need Finance/Administration = tracking costs and paying bills Ancillary functions Communication = public information and employee communication Safety = making sure no one gets hurt Liaison = coordinating activities with other organizationsPlan to respond– organize response: Plan to respond– organize response Incident Command System (ICS)Follow-up questions: Follow-up questions How do we determine the information within the disaster recovery plan that is vital for every employee to know? How do we ensure that the role of each employee within the response team is communicated and understood? Is there a simple and effective way to develop training sessions and drills that reinforce planned disaster responses? What steps to we take to ensure the correct messages get to the right people? Follow-up questions: Follow-up questions How do we determine the information within the disaster recovery plan that is vital for every employee to know? Each employee needs to know how to do his/her job in both routine and extraordinary circumstances. Each employee needs to know that the day-to-day organizational structure will be the basis for the crisis response organizational structure. Line managers need to be familiar with the linkages between their functions and other functional groups. Mid-level managers need to understand the degree to which each of their functional units is critical to the organization. Upper-level managers need to understand the interface between the organization and other response organizations that may be involved. Follow-up questions: Follow-up questions How do we ensure that the role of each employee within the response team is communicated and understood? In this model, each employee is part of the response team for their functional unit. Because they know how to perform their job tasks and are familiar with the tools, supplies and facilities they need, they can be effective in implementing recovery actions. Supervisors and functional unit managers should regularly discuss business continuity actions and alternatives with staff members. Routine disruptions should be used to stimulate discussion about response to more significant disruptions.Follow-up questions: Follow-up questions Is there a simple and effective way to develop training sessions and drills that reinforce planned disaster responses? Training in response and recovery operations should be both formal and informal. Formal training includes workshops, seminars and scripted training exercises. Informal training includes concurrent critique of minor events, “tailboard” meetings to discuss work activities, and impromptu question and answer sessions during staff meetings or periods of limited activity. Competition between work teams can be used to stimulate interest and provoke critical analysis of recovery issues. Follow-up questions: Follow-up questions What steps to we take to ensure the correct messages get to the right people? Be inclusive rather than exclusive– assume that all members of the work team need to know how to recover their unit’s function. Encourage two-way communication– work group members may have suggestions for a better approach. Keep the message simple– break it into small, easily understood concepts. Repeat, repeat, repeat– and then start over. Ask for feedback.Slide53: ? ed.schaefer@lcra.org You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
InfraGuard Consequence Based Planning print Melinda Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 83 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 05, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Consequence-based Planning: Making disaster response a part of your daily work: Consequence-based Planning: Making disaster response a part of your daily work Central Texas InfraGard January 13, 2005 Ed Schaefer Emergency Management Coordinator Lower Colorado River AuthoritySome caveats . . .: This presentation represents only one approach to Business Continuity Planning. The concepts may not work for all organizations. Business Continuity Planning must be carried out in concert with emergency response planning– they must be coordinated, but they are not identical. Some caveats . . .My personal planning principles . . . : My personal planning principles . . . “Ready . . . Aim . . . Fire.” Define your objective before beginning to plan. The plan is not the objective. My personal planning principles . . . : My personal planning principles . . . Every organization has a plan. Just ask the people who do the work, they’ll tell you. Much of this planning has a long history of successful implementation. My personal planning principles . . . : My personal planning principles . . . “K.I.S.S. (Keep it simple, Sister.)” The importance of simplicity is directly proportional to the criticality of the incident. When things are going wrong really quickly, no one has time read the plan.My personal planning principles . . . : My personal planning principles . . . “If you want to see the forest, you have to look at the trees.” Recovery of the organization depends upon recovery of the individual functional units. Unit-level recovery is the responsibility of unit-level personnel. Organizational recovery is the responsibility of management. Existing organizational structures and processes are the most efficient tools for recoveryMy personal planning principles . . . : My personal planning principles . . . Day-to-day job training is the basis for recovery training. Most functional units face minor disruptions on a regular basis and have procedures in place to deal with them. A well-trained employee will know what to do, how to do it, where to do it, and what he/she needs in order to do it. Recovery training and drills focus on how to adapt when things change. The starting point is the assessment of what has changed– e.g., the consequences.My personal planning principles . . . : My personal planning principles . . . “It doesn’t matter why Humpty-Dumpty fell.” Consequences are the starting point for recovery actions. Recovery planning ought to be consequence based. Scenarios are the focus of after-action reports.Consequence-based Planning– Phases: Consequence-based Planning– Phases Phase 1– Plan to recover the pieces Identify the components/elements of your organization Focus planning on individual components/elements (limited linkage) Start with what you have Plan to go from total loss to complete recovery Phase 2– Plan to recover the functions Phase 3– Plan to respondBuilding a Business– the Essentials: Building a Business– the Essentials What gives our organization a reason to exist?Building a Business– the Essentials: Building a Business– the Essentials Who are our customers? Who uses our products?Building a Business– the Essentials: Other Marketing Production Management Payroll Purchasing Maintenance Building a Business– the Essentials What do we produce? What is our function?Consequence-based Planning– the Concept: People Consequence-based Planning– the Concept Who does the work in our organization?Consequence-based Planning– the Concept: People Provisions Consequence-based Planning– the Concept What do we need in order to do the work? Raw materials, supplies, etc.?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept Where is the work done? What facilities do we have?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept What is our information infrastructure?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept How do we do our work? What procedures do we use?Consequence-based Planning– the Concept: People Provisions Places Consequence-based Planning– the Concept How do we ensure that our organization is safe?Consequence-based Planning– the Concept: People Places Provisions Consequence-based Planning– the Concept Provisions People Places ReceivingScenario-based Planning: Scenario-based Planning Places Products People Provisions Lightning Plan Scenario-based Planning: Scenario-based Planning Places People Provisions Tornado Plan Lightning Plan ProductsScenario-based Planning: Scenario-based Planning Earthquake Plan Tornado Plan Lightning Plan ProductsScenario-based Planning: Scenario-based Planning Places Products People Provisions Biohazard Plan Earthquake Plan Tornado Plan Lightning Plan Scenario-based Planning: Scenario-based Planning Event Scenario-based Planning: Scenario-based Planning Business Continuity PlansScenario-based Planning: Scenario-based Planning Business Continuity Plans Plan development is multi-disciplinary and requires coordination of all functional groups. This may be the optimum approach but it can prove to be time-consuming. Content may be repeated in multiple documents, making it difficult to keep all plans current.Consequence-based Planning: Consequence-based Planning Consequence-based Planning: Consequence-based Planning Business Continuity PlanConsequence-based Planning: Consequence-based Planning Business Continuity Plan Plan development is usually confined to one or two functional groups. Concurrent planning can be conducted by the functional groups. Repetitive content is minimized, facilitating plan maintenance.Planning considerations– People: Planning considerations– People Includes: Key personnel involved in executing critical business processes Supervisory/management personnel with direct responsibility for critical business functions Customers or consumers of our productsPlanning considerations– People: Planning considerations– People Issues: Personnel safety is the top planning priority. This includes: Ensuring physical safety Providing emergency medical care and crisis counseling Protecting employees families Cross-training and succession planning mitigate sudden loss of key employees People inside and outside of the organization need information Personnel associated with critical functions are the best source of information in plan development.Planning considerations– Provisions: Planning considerations– Provisions Includes: Raw materials Business supplies and equipment Data Utilities (electricity, natural gas, water) Fuel for vehicles Dedicated emergency suppliesPlanning considerations– Provisions: Planning considerations– Provisions Issues: Reliability of suppliers Alternative suppliers Alternative delivery routes and locations Data backup and restoration Temporary source of key supplies Emergency generators for backup electrical power On-site potable water storage Gasoline/diesel storage Planning considerations– Places: Planning considerations– Places Includes: Buildings and facilities Some organizations may have multiple locations Some organizations may rely heavily on telecommutingPlanning considerations– Places: Planning considerations– Places Issues: The current space allocation is the starting point for calculating space needs If 100% restoration isn’t possible, consider implementing a phased approach Non-critical functions are not allocated workspace during initial recovery efforts Each business unit involved in a critical business function initially is allocated a percentage of its current space Adjustments to this allocation can be made as planning continuesPlanning considerations– Pipes: Planning considerations– Pipes Includes: Telecommunications infrastructure Telephones Radio communications Information technology (IT) infrastructure Local Area Networks (LANs) Wide Area Networks (WANs) Internet connectivityPlanning considerations– Pipes: Planning considerations– Pipes Issues: Must identify critical communications paths Single-points-of-failure must be identified Redundancy should be provided Personnel must be trained on use of alternate communications paths Documentation, equipment and supplies must be readily available to implement backup plans Emergency communications must be planned Planning considerations– Protection: Planning considerations– Protection Includes: Physical security Locks Security personnel Surveillance cameras Personnel awareness Cyber security Firewalls Intrusion detection processes User-initiated workstation security proceduresPlanning considerations– Protection: Planning considerations– Protection Issues: Access control Automatic door locks-- fail open or closed? Availability of additional security personnel Off-site monitoring of surveillance equipment Awareness training for all personnel– security is everyone’s job Consequence-based Planning– Phases: Consequence-based Planning– Phases Phase 1– Plan to recover the pieces Phase 2– Plan to recover the functions Identify business functions Prioritize business functions Link functions to elements Develop function-specific plans Phase 3– Plan to respond Function Analysis - Process overview 10 Easy Steps: Function Analysis - Process overview 10 Easy Steps Identify key functions ( and/or sub-functions) Determine the impact of each function Estimate probability of failure Estimate the amount of time before failure has an effect on ability to deliver essential services Estimate the amount of time to restore the function Score each function = (( Impact x Probability x Time to effect) / Time to restore) Rank each function by relative importance List critical elements, dependencies and plans for each function Determine the order for creating the functional recovery plans based on the ranks and scores Complete the plansConsequence-based Planning– Phases: Consequence-based Planning– Phases Phase 1– Plan to recover the pieces Phase 2– Plan to recover the functions Phase 3– Plan to respond Organize for flexible response Begin with an assessment of which elements have been lost or damaged Prioritize response actions Plan to respond– Assess: Plan to respond– Assess Begin with an assessment of which elements have been lost or damaged Assess physical damage Assess functional damage Assess ancillary impact Plan to respond– Prioritize: Plan to respond– Prioritize Prioritize response actions What must be done to ensure personnel safety? What must be done to stabilize the incident? What must be done to protect property? What must be done to restore functionality? Plan to respond– organize response: Plan to respond– organize response Organize for a flexible response– concepts Use all available resources Continuity of responsibilities Phased response An emergency will be met at the lowest and most suitable level. If resources available to a facility or business unit are inadequate to meet the need, additional resources will be provided. Requests for additional resources will generally be made within the business units most directly affected, but assistance from other business units may be requested as needed. Events which have the potential to generate widespread publicity or which require a major commitment of resources will be coordinated through the Emergency Operations Center (EOC). Plan to respond– organize response : Plan to respond– organize response Organize for a flexible response– functions Core functions Command = making the decisions Planning = figuring out what we need to do Operations = taking action Logistics = getting the “stuff” we need Finance/Administration = tracking costs and paying bills Ancillary functions Communication = public information and employee communication Safety = making sure no one gets hurt Liaison = coordinating activities with other organizationsPlan to respond– organize response: Plan to respond– organize response Incident Command System (ICS)Follow-up questions: Follow-up questions How do we determine the information within the disaster recovery plan that is vital for every employee to know? How do we ensure that the role of each employee within the response team is communicated and understood? Is there a simple and effective way to develop training sessions and drills that reinforce planned disaster responses? What steps to we take to ensure the correct messages get to the right people? Follow-up questions: Follow-up questions How do we determine the information within the disaster recovery plan that is vital for every employee to know? Each employee needs to know how to do his/her job in both routine and extraordinary circumstances. Each employee needs to know that the day-to-day organizational structure will be the basis for the crisis response organizational structure. Line managers need to be familiar with the linkages between their functions and other functional groups. Mid-level managers need to understand the degree to which each of their functional units is critical to the organization. Upper-level managers need to understand the interface between the organization and other response organizations that may be involved. Follow-up questions: Follow-up questions How do we ensure that the role of each employee within the response team is communicated and understood? In this model, each employee is part of the response team for their functional unit. Because they know how to perform their job tasks and are familiar with the tools, supplies and facilities they need, they can be effective in implementing recovery actions. Supervisors and functional unit managers should regularly discuss business continuity actions and alternatives with staff members. Routine disruptions should be used to stimulate discussion about response to more significant disruptions.Follow-up questions: Follow-up questions Is there a simple and effective way to develop training sessions and drills that reinforce planned disaster responses? Training in response and recovery operations should be both formal and informal. Formal training includes workshops, seminars and scripted training exercises. Informal training includes concurrent critique of minor events, “tailboard” meetings to discuss work activities, and impromptu question and answer sessions during staff meetings or periods of limited activity. Competition between work teams can be used to stimulate interest and provoke critical analysis of recovery issues. Follow-up questions: Follow-up questions What steps to we take to ensure the correct messages get to the right people? Be inclusive rather than exclusive– assume that all members of the work team need to know how to recover their unit’s function. Encourage two-way communication– work group members may have suggestions for a better approach. Keep the message simple– break it into small, easily understood concepts. Repeat, repeat, repeat– and then start over. Ask for feedback.Slide53: ? ed.schaefer@lcra.org