ICS IN THE PRIVATE SECTOR - abm-website … in the private sector jason merante, cbcp, cissp senior manager, bcm capability lead accenture. ... xxx-xxx-xxxx o: xxx-xxx-xxxx it incident

ICS IN THE PRIVATE SECTOR

JASON MERANTE, CBCP, CISSPSENIOR MANAGER, BCM CAPABILITY LEAD

ACCENTURE

April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona

Agenda

• Introduction

• Incident Command System (ICS) Overview

• Practical Example of ICS in the Private Sector

2


Introduction

• Problem: Lack of simple, effective crisis management framework in the private sector– Lack of formal protocols– Perceived lack of business need– Business functions operating in silos

• Solution: The Incident Command System (ICS) – Flexible, scalable framework – Works in the private sector– Easy to deploy

3


ICS Definition

• ICS is a flexible framework designed to achieve effective communication and management during response to and recovery from a disaster

4


FEMA ICS Structure*

5

Command Staff

Gen

eral Staff

Incident Commander

Operations Planning Logistics Finance/Admin.

*Source: http://training.fema.gov/EMIWeb/IS/ICSResource/assets/ICSOrganization.pdf

• ICS is a simple framework that can be used in the public and private sector


ICS History

• 1970s: Created in response to California fires

• 1980s: Localized expansion and adoption

• 1990s: Continued national expansion

• 2000s: Formal adoption

6


ICS Applications

• ICS is a component of the National Incident Management System (NIMS), a FEMA standard

• ICS compliance is a requirement for DHS funding

• ICS is a core component of local CERT training

• ICS web based training and certification is applicable to public and private sector

7


• Asked by a global retailer to build a crisis management plan for the IT department

• Pitched the idea of building the plan around ICS framework

Case Study Background

8


Plan Development Drivers

• IT leadership mandate

• Typical drivers were not a factor

9


Timing & Team

• 10 week project

• Core project team of 2 full time people

• Extended team of > 36 contributors/reviewers

• Coordinated across multiple providers / locations

10


Guiding Principles

• Use ICS as the core framework

• Map employees into ICS sections

• Manage all levels of IT events

• Integrate into corporate business continuity

• Keep the plan simple and action oriented

• Designate at least two (2) contacts for each role

11


Crisis Management Plan Scope

12

• The crisis management plan was built to bridge the gap between emergency management and the invocation of recovery plans

Corporate BC Plan

• Documents procedures for getting critical IT systems up and running in an alternate mode

• Includes the transition back to normal operations after the incident is over

Emergency Evacuation Plan

Crisis Management Plan

IT Systems DR Plan

• Addresses the initial stages of any event

• Usually includes specific actions associated with specific events: tornado, blizzard, fire, workplace violence

• Transitions into crisis management plan and/or BC plans and DR plans

• Includes the executive management team

• Oversees and coordinates required response to the incident

• Articulates procedures for communication to executive management

• Provides oversight to monitor recovery efforts

• Transitions into BC plans and DR plans

• Addresses business process recovery (including people)

• Documents procedures for getting critical business units and processes up and running in an alternate mode

• Includes the transition back to normal operations after the incident is over


IT Crisis Management Mapped to ICS

13

• The client IT organization was mapped into the ICS structure


Plan Contents Overview

14

Introduction

Declaration Process

Roles / Responsibilities

Plan Administration

Appendix


Plan Example: Introduction

• This section of the plan is written to be a “tear‐away”executive summary

• Contains key information, such as:– Plan owner, alternate, and

contact information– Summary process diagram– Communication flow

diagram (call tree)– Team member mappings to

ICS

15


Classification System Details

• Introduced three (3) levels of event:– Minor: expected duration < 24 hours; minimal to moderate damage; resolution by IT

incident management

– Moderate: expected duration < 72 hours; moderate damage; resolution by invoking select DR plans

– Severe: expected duration > 72 hours; severe damage; resolution by invoking many DR plans

• Used a four (4) step process, along with timing guidelines, to manage crisis

– Notification (within 30 minutes)

– Assessment (within 45 minutes)

– Classification (within 60 minutes)

– Declaration (within 90 minutes)

16


Pre‐Declaration Call Tree

17

• The flow of the call tree varies by event classification

Sources Vary

Automated Notification

IT Incident Manager

C: XXX-XXX-XXXXO: XXX-XXX-XXXX

IT Incident Manager

IT Incident Management Process

Support / Service Managers

Varies

IT Incident

Automated Notification

IT Incident Manager


Infrastructure


IT Executive Team

(See section 7.3 for contact list)

Infrastructure


Business Continuity


Vendor Incident

Phone Call or Email

Facility or Other Incident

Phone Call or Email

Vendors

(See section 13.3 for contact list)

Crisis Management Team

(See section 2.4 & 2.5 for contact list)

Minor Crisis Moderate/Severe Crisis

Notification

Assessment

Classification

Declaration

Step

IT Incident Manager

IT Incident Management Process


ICS Team Structure

• The ICS structure was used as the basis for the team

18


Plan Example: Declaration Process

• This section of the plan provides details on the disaster declaration process and associated communications– Details on each step of the process

– Detailed process flow diagrams

19


IT Crisis Management Process Summary

20

Incident Command

Planning

Operations

Logistics

Finance

1 - Notification Next Steps 4 - Declaration2 - Assessment 3 - Classification Within 30 minutes Within 45 minutes Within 60 minutes Within 90 minutes As Necessary

Gen

eral

Sta

ff C

omm

and

Staf

f

Event

Other

Classification LevelIncident Command

IT Incident Management

Safety/Security

Incident CommandIncident Command

IT Incident Management

Planning

Operations

Logistics

Finance

Enterprise BC

Internal Communications

External Comms

StepTiming


Plan Example: Roles & Responsibilities

• This section of the plan describes detailedroles for each ICS section aligned team member– Primary and alternate leads for each section

– Brief overview of responsibilities

– Detailed description of recovery responsibilities

21


Crisis Management Team – General Staff

• Incident Commander: IT Incident Management or Infrastructure Operations

• Operations: IT Incident Management and Technology Group

• Planning: Disaster Recovery Team

• Logistics: IT Procurement

• Finance and Administration: Finance

22


Crisis Management Team – Command Staff

• Business Continuity

• Communications/Public Relations (PR)

• Legal

• Safety

• Security

23


Plan Example: Plan Administration

• Describes plan maintenance, testing, and distribution

24


Plan Example: Appendix

• This section of the plan contains additional information, links, and resources

25


Challenges / Lessons Learned

• Long review cycles

• Challenging stakeholder introductions

• Good stakeholder cooperation

26


After Action Report: State of the Plan

• Used in several test cases

• Accepted internally and externally

27


Conclusions

• ICS is a flexible framework

• ICS works in the private sector

• ICS is simple to deploy from scratch

• An ICS aligned crisis management plan will – Enable improved communications and management– Improve confidence in overall BCM capability– Integrate with other BCM plans

28


Questions

29

• Please contact me with any follow up questions:

Additional ResourcesRobert S. Emmel

Accenture161 North Clark StreetChicago, IL 60601 ‐3200

Tel: (312) 693 ‐3892Mobile: (630) 913 ‐8319Email: robert.emmel

@accenture.com

Additional ResourcesJason Merante

Accenture161 N. Clark St.Chicago, IL 60601

Phone: 312‐693‐0648Email: [email protected]