Upload
tb8851
View
171
Download
1
Tags:
Embed Size (px)
DESCRIPTION
An overview presentation to help faith-based organizations understand the business continuity process and why it should be important to them
Citation preview
1
FEBRUARY 2 , 2012
TIM BONNOTIM BONNO CONSULTING
Read my b log a t : www. t imbonno.wordpress . com
Fo l l ow me on Twi t te r
2012 Faith-basedPreparedness Conference
“Business Continuity Plan Overview”
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
What Role Does Your Faith Play In Your Disaster Preparedness?
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
3
Why Is Faith Important?
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
Statistics confirm that: 96% of Americans profess to believe in God over 90% pray nearly 70% are members of churches, synagogues or
mosques, and over 40% will have attended a house of worship in any
given week.
4
Who We Turn To
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
A Caravan ORC poll conducted October 5-12, 2001 found that:
59% of disaster victims preferred to receive support from a clergy or religious counselor compared to 45% seeking a physician and 40% seeking a mental health professional.
What this implies is … disaster victims desire Spiritual Care and that the presence of Spiritual Care can be a useful referral source for other helping individuals. “Light Our Way - A Guide for Spiritual Care in Times of Disaster for
Disaster Response Volunteers, First Responders and Disaster Planners”
5
How Disasters Affect Spirituality
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
Faced with any loss, but especially sudden and profound loss such as in disaster, one’s sense of meaning and purpose—indeed everything one may have thought about how the world works—is turned upside down.This sense of disruption can pervade an entire community.
6
The Entire Community
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
Individuals/families/communities who have lost homes or have been displaced
Individuals/families/communities who have lost businesses or whose businesses have been shut down
Individuals/families who have become separated Families/businesses/congregations who have lost loved ones or
been displaced The seriously injured First responders Clergy Relief workers Community leaders Emergency Room and hospital personnel Survivors of previous disasters and traumas
7
What We’ll Talk About
What Would You Do?What is “Business
Continuity”Getting startedSetting a path forwardAdditional helpQ&A
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
9
A water main in your building broke
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
14
You Were Told To “Shelter In Place”
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
15
Lost Without a Shepherd?
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
When he saw the crowds, he had compassion on them, because they were harassed and helpless, like sheep without a shepherd. Then he said to his disciples, “The harvest is plentiful but the workers are few. Ask the Lord of the harvest, therefore, to send out workers into His harvest field.”
MATTHEW 9:36-39, NIV
16
By Definition
Business Continuity develops plans and conducts exercises that enable the organization to:
respond to a disruption with minimum harm to life and resources;
recover, resume and restore functions within time frames which ensure continuing viability; and
provide crisis communications to all stakeholders.
Note: the program and its outputs are based upon risk evaluation and impact assessment; and require management support, staff training and coordination with external agencies.
Disaster Recovery Journal ( www.drj.com )
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
17
What’s a disaster ?
“A (sudden unplanned) calamitous event that causes great damage or loss. In the business environment, it is any event that causes an inability on an organization’s part to provide the critical business functions for a predetermined period of time.”
DRII-“Introduction To Disaster Recovery
Planning”
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
18
Types of Disasters
Natural : caused by natural events that pose a threat to lives, property, and other assets.
Technological : caused by the tools, machines, and substances we use in everyday life.
Manmade : are deliberate damaging acts caused by people (i.e. fire, vandalism, cyber-attacks, or terrorism).
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
19
Disasters May Not Be What You Think …
A/C FailureAcid LeakAsbestosBomb ThreatBomb BlastBrown OutBurst PipeCable CutChemical SpillCO FireCondensationConstructionCoolant LeakCooling Tower LeakCorrupted DataDiesel GeneratorEarthquakeElectrical ShortEpidemicErased Tapes
EvacuationExplosionFireFloodFraudFrozen PipesHackerHail StormHalon DischargeHuman ErrorHumidityHurricaneHVAC FailureH/W ErrorIce StormInsectsLightingLogic BombLost Data
Low VoltageMicrowave FadeNetwork FailurePCB ContaminationPlane CrashPower OutagePower SpikePower SurgeProgrammer ErrorRaw SewageRelocation DelayRodentsRoof Cave InSabotageShotgun BlastShredded DataSmoke DamageSnow StormSprinkler Discharge
Static ElectricityStrike ActionS/W ErrorS/W RansomTerrorismTheftToilet OverflowTornadoTrain DerailmentTransformer FileUPS FailureVandalismVehicle CrashVirusWater (Various)Wind StormVolcano
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
20
Similar toNatural Disasters
Different
Mass casualtiesProperty damageOccur with or without
warningEvacuations –
potentially for an extended period of time.
Capitalize & build on the similarities
Intentional – caused by people with a purpose
Crime scenes – preservation/collection of evidence is critical.
May not be recognized until there are multiple casualties.
May be multiple events
What About Terrorism?
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
21
Overarching Goals
Save lives.Prevent injuries.Protect property and the environment.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
22
Reduction vs. Response vs. Recovery vs. Return
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
23
Consequences of Outages
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
Impact Severity
$$$
Cost
of
Ou
tag
e $
$$
Idle Resources
Idle Labor
Restoration Costs
Lost Parishioners
Loss of life
Litigation
Lost opportunities
24
Economic Impacts
Without a “viable” BC plan Decision to Recover
$
Time
ProductivityLost
Productivity
$$$
RecoveryResources
$$$
Without a BC plan
$
Time
Productivity
Lost Productivity$$$
No Recovery
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
26
Risk Assessment
Risk Assessment: Process for identifying the risks (threats, events or
situations that could affect an organization) and the mitigating controls (safeguards or processes) that are in place that reduce their effects. This is normally expressed as a probability of occurrence.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
27
Risk Assessment
Objective of a Risk Assessment. Identify the possible risks/threats to an
organization. Identify the mitigating controls (e.g., backup
power, off-site storage, etc.) for those risks/threats.
Determine the effect of those mitigating controls on the risks/threats, whether they can deter the possibility of the risk occurring, or if the control can minimize the loss.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
28
Risk Assessment
Focus on the most probable risks or threats that have the greatest impact.
The Risk Assessment identifies the most probable threats to consider when evaluating potential recovery strategies.
The Risk Assessment should be used to develop action plans to improve the current state of mitigating controls.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
29
Business Impact Analysis
BIA: Measuring the losses from or additional costs/impacts
of not conducting business over time as it pertains to each separate process or function. This measurement is not dependent on the type of occurrence.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
30
Why Conduct a BIA?
To identify the current processes or functions and those that are essential for survival.
To understand what effects a disruption will have on the entity
It identifies resources (personnel, equipment, dollar costs) associated with running the entity and those functions.
To provide direction for creation of business continuity plans.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
31
When to Conduct a BIA?
The sooner the better! It should be done in the Functional
Requirements Phase of the continuity planning process.
As changes occur within (to) the entity. A BIA should always be a part of your
ongoing disaster readiness planning process.
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
32
What’s a critical function ?
Important to the strategic mission of the organization
Directly affects cash flowInformation & technologies that must
be recovered quickly to ensure the survival of the organization
Those that the boss says are criticalDetermined by “timing” and “time done
without”Don’t forget R&D
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
33
What is a Continuity Plan ?
Documented: Strategies Procedures Resources Organizational structure Information database
Utilized by an organization to respond to and recover from a substantial incident
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
34
Continuity Assumptions
Will not produce business as usualThe organization will still lose some time
and moneyMay not recover everything at first
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
36
Why Aren’t Things the Same?
By nature, an emergency or disaster is: Dangerous Dynamic Complex Confusing
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
37
Remember
You must control the situation orit will control you!
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
38
Goals of a Continuity Plan
Shorten the “Recovery Window”Minimize lost productivityMinimize additional recovery resources
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
39
Recovery objectives should:
ID strategic business unitsID administrative staff support unitsID what actions are to be takenID who will perform the actionsID how the actions will be performedID resources needed
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
40
Recovery objectives should:
ID technology neededID hardware, software, documentation
neededID workstation requirementsID recovery time framesID interdependencies
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
41
Products of a plan
Where to go to recoverWho will do the recoveryWhat will be required for the recoveryHow will the recovery be done (procedures)
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
42
Consider the following ...
Singular, community-wide, or HAZMAT Address denied access (24-72 hours)Identify your recovery team(s) and tasks Notification list and how to contact Who declares a disaster?Who authorizes the move off-site?Pre-identify off-site locations
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
43
Consider the following ...
Pre-identify critical resources Vendors and suppliers must be availableAccess to vital recordsTracking disaster-specific costsPre-identify lodging in case of outside
assistance
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
44
First Responders Per Capita
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
1 firefighter for every 280 people
1 sworn officer for every 385 people
1 EMT/paramedic for every 325 people
White House Homeland Security website and EMS Magazine July 2002
Contact: (314) 960-9472 email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
45
In 95% of all emergencies, bystanders or victims themselves are the first to provide
emergency assistance or to perform a rescue
46
CERT
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
Community Emergency Response Team20 hours of training
Disaster Preparedness Fire Safety Emergency Medical Light Search and Rescue CERT Organization Disaster Psychology Terrorism
47
10 Action Steps
1. Speak with your insurance provider2. Get leadership commitment3. Set STRATEGIC direction4. Assemble a team5. Identify/Mitigate risk6. Identify your ESSENTIAL functions7. Develop a plan8. Educate staff and members9. Practice your plan10.Rinse and repeat
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
48
Additional Resources
Disaster Recovery Journalwww.drj.com
Federal Emergency Management Agencywww.fema.gov
Emergency Management Guide for Business & Industrywww.fema.gov/business/guide/index.shtm
Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) Resource Centerwww.fema.gov/privatesector/preparedness/
READYwww.ready.gov/business
CERTwww.citizencorps.gov/partnersandaffiliates/cert.shtm
SBAwww.sba.gov/
American Red Cross www.redcross.org National Voluntary Organizations In Disaster www.nvoad.org/ “Ready In 3” www.dhss.mo.gov/Ready_in_3
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno
50
How to contact me:
Tim Bonno
E-mail: [email protected]
LinkedIn: www.linkedin.com/in/timbonno
Read my blog at: www.timbonno.wordpress.com
Follow me on Twitter
email: [email protected] LinkedIn: www.linkedin.com/in/timbonno