View
214
Download
0
Category
Tags:
Preview:
Citation preview
September 14, 2010
Project 03-18:Operational and Business Continuity Planning for Prolonged Airport Disruptions
AGTA Meeting
Round II Workshop – 3:00 PM
Michael J. Corby, CISSP, CCP, PMP
Principal Investigator
ACRPAirport Cooperative Research Program
2
Agenda
– Traditional Business Continuity Planning
– Specifics of ACRP 03-18
– Project Team Structure and Current Activities
– Scope of Included Operations
– Research Plan
– Targeted Deliverables
– Wrap-up
3
Traditional Business Continuity Planning Process
BusinessBusinessImpact Impact AnalysisAnalysis
Gap Analysis &Gap Analysis &StrategyStrategy
PlanPlan Development Development& Integration& Integration
Testing &Testing &MaintenanceMaintenance
Establish steering committeeIdentify roles and responsibilitiesDevelop project planCustomize status reporting toolsPrepare kickoff presentation
Kickoff PresentationBIA QuestionnairePeriodic Status Reports
Conduct BIA interviews/ workshopsDistribute and complete BIA questionnairesReview BIAs and conduct follow-up interviews
BIA WorkshopsBusiness Requirements Summary
Identify and document resource requirements based on BIAsConduct gap analysisPrepare strategy options presentation
Gap Analysis and Strategy Options presentationStrategy Development workshop
Conduct Manual Workaround and Data Restoration workshopComplete Business Relocation PlanPrepare plan model with completed BCP
Business Relocation PlansManual workaroundsData restoration plans
Plan and conduct structured walkthrough/ tabletop exercisePrepare maintenance and testing procedures
Walkthrough testingMaintenance and testing procedures
ACTIONS
RESULTS
Project Project ManagementManagement
APPROACH
4
ACRP 03-18 Background
ACRP is authorized by Congress and funded as part of the annual FAA appropriation process.
Project 3-18 is a fifteen month project to:
– survey, research, review and analyze the current practice of business and operational continuity at US airports of all kinds (approach, status, strengths, weaknesses, successes, failures),
– create a best practices Guidebook, Interactive Tool, and Critical Path Flowchart for use by ALL types of airports, and
– outreach and presentations to the industry to help promote understanding, adoption and use.
5
Background
Research project, not a commercial project
Very precise project management and reporting process
– Program Officer – Theresia “Sia” Schatz
– Project Panel comprised of airport industry experts we deal with each of their issues, comments, input
monthly
– Monthly formal written reports: Cover letter
Complete accounting of work completed
Outline of work to be done next month
Any problems encountered, recommended fixes (or statement of none)
6
Role Summaries
Principal Investigator– Drives substance of data collection, analysis, document review
– Interfaces with BCP standards, guidance bodies
– Speaks at targeted events
– Hands-on BCP work – airport facing
– Heavy documentation
– Drives approach and content of deliverables
Senior Business Continuity Planners– Owns the BCAP process execution – business-facing
– Owns the pro forma BCP implementations
– Speaks at targeted events
– Heavy documentation
– Core contributors of content for deliverables
Technical Writer– Technical project management and ProjectManager.com
– Schedule coordination
– Direct reporting – format
7
Critical Project Focus
Business and operational continuity for prolonged airport disruptions
Effects of disruptions, NOT their causes (so NOT emergency management or crisis management or safety/security oriented)
Scope is – horizontal - across the entire airport operation, from the
municipalities, counties and authorities <and private companies> that own/operate airports, including offsite systems in play
– vertical – addressing all airport-sited, airport-affected, airport-proximate organizations that can be affected by prolonged disruptions and are in the “airport economic footprint”
Car rental, restaurants, hotels, extra-modal transportation, Hudson News, TSA, General Aviation commercial ops (FBO’s, SASO’s) and non-commercial ops (corporate flight departments), FAA, and all landside and airside operations of all kinds
Deliverables must be highly practical, useable, applicable, and implementable by non-BCP personnel
8
Types of Airports
Airport Types Primary
– Large Hub
– Medium Hub
– Small Hub
– Non-hub
Non-primary commercial
Cargo
Reliever
General Aviation
FBOs and Other Entities Airside Entities, for example:
– Fuel – Maintenance – Airlines Operations
Groundside Entities, for example: – Security – Baggage Handling – Ticketing
Government Entities – TSA – FAA – CBP – ICE – Military Air Operations
9
Partial In-Scope Operations List
Airport Administration – General Manager
Airport Facility Maintenance Air Traffic Control Commercial Establishments of all
types – restaurants, news/books, car rental operations, and all airside third party operators
Emergency Services (Law Enforcement, Security, Fire, Medical, ARFF, Office of Emergency Management)
General Aviation – commercial entities, operators, businesses (FBO’s, SASO’s) and non-commercial entities like corporate flight departments
FAA Facility Management
FAA Facility Maintenance
Facility Engineering
Finance/Administration
Legal
Organization and Procedures
Other Modal Departments (Sea, Road, Rail)
Personnel
Planning
Properties and Development
Public Relations
10
Partial In-Scope Operations List
Landside Operations Access Management Air Traffic Control Baggage Cargo, Mail Concessionaires Curbside Management Ground handlers Ground Transportation Leasing companies Local authorities and municipalities Meteorology Parking lots and parking technology Passenger processing (ticketing,
security, screening) Passenger services Public transportation Roads Suppliers Utilities Waste Management
Airside Operations Aircraft Operators Aircraft maintenance Baggage Catering/duty free Cleaning Customs/Immigration De-icing Fuel supplies and fueling Gates Ground Support Equipment Noise monitoring Push back/Towing Runways, Taxiways, Ramps Sanitary services Waste Management Wildlife Control
11
Research Plan
Ongoing Project Management and Reporting Stage 1 – Research &
Document Review Stage 2 – Implementation Stage 3 - Development Stage 4 - Completion
Task 1 Task 2 Task 3 Task 4 Task 5 Task 6 Task 7 Task 8
Proj
ect
Kic
k-O
ff w
ith
Seni
or P
rogr
am
Offi
cer
Review & analyze available
standards, guidelines,
industry and extra-
industry best practices, literature,
case studies, and plans.
Submit Amplified Research
Plan.
Develop & submit a
multi-point data
collection plan across
representative airport types,
sizes, ownership, mission, security
category and EM/Rescue
index.
Implement the data collection
plan through focus groups at industry
conferences, personal
interviews, online
surveys and via a custom
designed data
collection tool.
Prepare and submit an
interim report
identifying current
practices, including a draft outline
of the Guidebook
with a framework, templates
findings and recom-
mendations.
Through standard BIA
process, develop
guidelines for
restoration of operations in all areas of airport
and contiguous operations that have economic impact.
Develop and submit a
comprehensive critical path framework, risk matrix, response
templates and a business
continuity plan development too based on best practices and relevant standards.
Prepare the draft
Guidebook with detailed
recovery priorities
based on a critical impact
framework.
Submit the completed Guidebook, interactive business continuity
planning tool, final report and documentation.
We are
here
12
Document Review
Aviation – AGTA (ground transportation), ACI-NA (airport owner/operators), AAAE (airport executives), NBAA (national business aviation association), AFFRWG (aircraft rescue firefighting working group), ALEAN (airport law enforcement agencies network), ALPA (airline pilots association), IAASP (international association of airport and seaport police), NATCA (national air traffic controllers association), CAP (Civil Air patrol), ICAO (international civil aviation organization)
Government – FAA, TSA, NTSB, Immigration & Customs Enforcement, HLS (PS-Prep), US Air Force, CBP, CFR’s
BCP Credentialing Bodies – DRII, BCI
Risk Management – Willis Aviation Practice, Key Airport Underwriters
Consulting Firms – Professional Services Firms with Aviation, Airport, Aerospace Practices/Clients
Standards Bodies – ISO, NFPA, BSI, ANSI, ASIS, NIST…..
Airports – Branson, Buffalo, Denver, LaGuardia, JFK……
Credentialing letter from TRB for enhanced access?
13
Data Collection Plan
Document, standards, guidance review, analysis and documentation.
BCAP style Q&A (paper to database, Bold Systems tool…..IF we get credible access to email lists) re: a) knowledge, capacity and practice; b) “strategic BIA”– Attendance at key industry conferences:
AGTA, ACI-NA, AAAE, Hub Operations, Facilities Management, Regional's, Leasing Policies/Minimum Standards, Gen’l Aviation Issues, Small Airports, Airport Law Workshop, Essentials of Airport Business Management, National Airports, Airports and Car Rental Workshop, Parking and Landside Management Workshop, Airport Concessions, Airport Economic Forum….may add vertical industry group conferences (e.g. airport lessees)
via sponsored focus group, session, presentation – GoToMeetings/GoToWebinars sponsored by industry groups– One-on-One interviews with representative airport executives – Use of “airport” team members to gain trusted access
14
Data Collection Plan
Meetings with key governmental agencies in DC (HLS, FAA, TSA, NTSB, etc.), Industry associations (AGTA, ACI-NA, AAAE, NBAA)
Meetings with key verticals – – General Aviation organizations– Car rentals – i.e. Hertz and Avis– Hotels – i.e. Marriot, Sheraton– Retailers – i.e. Hudson News, PGA, McDonalds– Airlines – i.e. Continental, Delta
Meetings with key labor:– Pilots– Flight attendants– Airline workers– Baggage handlers– ATC
15
Data Collection Plan
3-5 Pro Forma BCP Implementations at representative airport types
16
Sample Deliverables
Project Plan Project Organizational Chart Executive Dashboards
ID Task Name
1 HGSI BCP and ERP Project Plan
2 Business Continuity Planning
3 Phase 1: Business Impact Analysis, Gap Analysis
14 Phase 2: Gap Analysis and Recov ery Strategy Options
19 Gap and Strategy Options Presentation to Steering Committee
20 Steeri ng Committee to make Recovery Strategy Selection
21 Phase 3: Plan Development
22 Business Continuity Plan
27 Business Continuity Planning
28 Plan Dev elopment
29 Develop Business Continuity Plan Template
30 Manual Workarounds
33 Call Lists
35 Customize Functi onal Recovery Plans
36 Deliver to Participants for Review
37 Phase 4: Testing, Maintenance and Awareness
38 Structured Walkthrough Testing
39 Prepare Walkthrough Scenario and Test Condit ions
40 Schedule Structured Walkthrough Sessi ons
41 Conduct Structured Walkthrough Sessions
42 Update and Finalize Business Unit BCPs
43 Electronic Plan Toolkit Dev elopment and Deployment
44 HTML Toolkit Front-End Dev elopment
45 Identi fy Toolkit Hosti ng Location
46 Prepare HTML front-end dashboard
47 Load Toolkit and Dashboard to Hosting Location
48 HGSI BCP Project Completi on
49 Emergency Response Planning
86%
80%
100%
100%
5/16
0%
97%
100%
92%
92%
100%
100%
100%
90%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
0%
10/22
100%
Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul AugQtr 3, 2007 Qtr 4, 2007 Qtr 1, 2008 Qtr 2, 2008 Qtr 3, 2008 Qtr 4, 2008 Qtr 1, 2009 Qtr 2, 2009 Qtr 3, 2009 Qtr 4, 2009 Qtr 1, 2010 Qtr 2, 2010 Qtr 3, 2010 Qtr 4, 2010 Qtr 1, 2011 Qtr 2, 2011 Qtr 3, 2011
El PasoPrimary Recovery Team LeaderAlternate Recovery Team Leader
Crisis Management Team (CMT)Mark Baydarian, Lee Raynor
Crisis Management TeamInformation Technology (Robert MacTaggart; Tim Flick)Human Resources (Mark Fogel, Kim Shepard)Finance (Mark Baydarian; Michael Dang)Legal (Don Richenthal, Meir Blonder)Security (Diana Alexander; Fred Schaefer)Corporate Communications (Joe Zaccaria; Pam Winikoff)Logistics (Hank Franzone; Phil Clouden)Manufacturing (Ed Plaia, Hakki Tansi)Customer Service (Dianne Corso; Randi Gilday)
Bold names are primary respondents
Spanish SpringsPrimary Recovery Team LeaderAlternate Recovery Team Leader:
Recovery Organization
Business Continuity Manager/Leader (Lee Raynor)
BIA Questionnaire BIA Summary Reports Dependency Mapping
17
Sample Deliverables
Recovery Strategy Options Summary
High-Level Cost Estimate BR and DR Roadmaps
Manual Workaround Procedures
Incident Management Model Plan Documents
18
Sample Deliverables
Tabletop Scenario Maintenance Checklist Maintenance Dashboard
19
Interactive Tool
20
Wrap-up
Questions?
Comments?
Volunteers?
Recommended