2008 SAEMS Gatekeeper Seminar

Paul KramkowskiProgram Manager

MS Enterprise Preparedness and Business Continuity

Business Continuity Planning

Copyright © 2007 Raytheon Company. All rights reserved.Customer Success Is Our Mission is a trademark of Raytheon Company.

Page 2

TopicsWhy Business Continuity?– Examples

What BCP isWhat BCP isn’tBusiness case for BCPThe Plan– Formats– Process– Contents

Standards / Laws

Page 3

Why?

Page 4

Crisis Management ExampleSeptember 29, 1982 – 12 year old Mary Kellerman of Elk Grove Village, IL dies.Adam Janus of Arlington Heights, IL dies.Soon thereafter, Janus’s wife and brother die. Having gathered to mourn Adam’s death, they both take aspirin.

“We believe our first responsibility is to doctors, nurses, and patients, to mothers and fathers and all others

who use our products and services.”

Robert Johnson – 1943

Crisis Management Gold StandardCrisis Management Gold Standard

Page 5

“Crisis”– He lost a laptop with sensitive company/customer information– Major fuel pipeline breaks– The death of an employee or customer– A blackout– Pandemic influenza– Wildfire– Product contamination/tampering– Leadership improprieties– Legal/regulatory action

IssueIssue ThreatThreat CrisisCrisis

Page 6

Basic AssumptionsEvery crisis is differentThe plan is not a recipeGoal = reducing risk vulnerability

What’s At RiskRevenue LossData LossBusiness Reputation LossMarket Share Loss

Page 7

Business Continuity Planning… it is:

a process to minimize the impact of a major disruption to normal operationsa process to enable restoration of critical assetsa process to restore normalcy to business as soon as possible after a crisis.

… it is not just:recovery of information technology resources

Page 8

Business Continuity Planning… and it is the phase of crisis management that follows the immediate actions taken to protect life and property and contain the event

… it begins when the situation has been stabilized.

ResilienceResilience

Page 9

Plan FormatBusiness Continuity Plan (BCP)Business Resumption Plan (BRP)Continuity of Operations Plan (COOP)Continuity of Government (COG)Disaster Recovery Plan (DRP)

ContentsPeopleProcessSystems

Page 10

Plan Process (Cycle)Identify TeamAnalysis– Risk Assessment– Business Impact AnalysisWrite the PlanImplement the PlanTestImprove

AnalysisAnalysis

DesignDesign

ImplementImplement

TestingTesting

MaintenanceMaintenance

Page 11

Plan ElementsBusiness Recovery TeamCustomersCritical Elements– Processes– Personnel– Suppliers– Equipment– Infrastructure

Vital RecordsRecovery Strategies (Priorities)

Page 12

Standards & LawsNFPA 1600 - national standard for both the public and private sectors

Title IX of “Implementing The 9/11 Commission Recommendations Act of 2007” (Public Law 110-53).– Signed into law by the President on

August 3, 2007.– Private Sector certification of BCP– NFPA 1600 - recommendation of

commission for standard– Voluntary, Non-Punitive

Page 13

Raytheon Enterprise Preparedness