Upload
lamphuc
View
220
Download
0
Embed Size (px)
Citation preview
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Agenda
• Introduction
• Incident Command System (ICS) Overview
• Practical Example of ICS in the Private Sector
2
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Introduction
• Problem: Lack of simple, effective crisis management framework in the private sector– Lack of formal protocols– Perceived lack of business need– Business functions operating in silos
• Solution: The Incident Command System (ICS) – Flexible, scalable framework – Works in the private sector– Easy to deploy
3
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
ICS Definition
• ICS is a flexible framework designed to achieve effective communication and management during response to and recovery from a disaster
4
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
FEMA ICS Structure*
5
Command Staff
Gen
eral Staff
Incident Commander
Operations Planning Logistics Finance/Admin.
*Source: http://training.fema.gov/EMIWeb/IS/ICSResource/assets/ICSOrganization.pdf
• ICS is a simple framework that can be used in the public and private sector
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
ICS History
• 1970s: Created in response to California fires
• 1980s: Localized expansion and adoption
• 1990s: Continued national expansion
• 2000s: Formal adoption
6
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
ICS Applications
• ICS is a component of the National Incident Management System (NIMS), a FEMA standard
• ICS compliance is a requirement for DHS funding
• ICS is a core component of local CERT training
• ICS web based training and certification is applicable to public and private sector
7
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
• Asked by a global retailer to build a crisis management plan for the IT department
• Pitched the idea of building the plan around ICS framework
Case Study Background
8
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Development Drivers
• IT leadership mandate
• Typical drivers were not a factor
9
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Timing & Team
• 10 week project
• Core project team of 2 full time people
• Extended team of > 36 contributors/reviewers
• Coordinated across multiple providers / locations
10
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Guiding Principles
• Use ICS as the core framework
• Map employees into ICS sections
• Manage all levels of IT events
• Integrate into corporate business continuity
• Keep the plan simple and action oriented
• Designate at least two (2) contacts for each role
11
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Crisis Management Plan Scope
12
• The crisis management plan was built to bridge the gap between emergency management and the invocation of recovery plans
Corporate BC Plan
• Documents procedures for getting critical IT systems up and running in an alternate mode
• Includes the transition back to normal operations after the incident is over
Emergency Evacuation Plan
Crisis Management Plan
IT Systems DR Plan
• Addresses the initial stages of any event
• Usually includes specific actions associated with specific events: tornado, blizzard, fire, workplace violence
• Transitions into crisis management plan and/or BC plans and DR plans
• Includes the executive management team
• Oversees and coordinates required response to the incident
• Articulates procedures for communication to executive management
• Provides oversight to monitor recovery efforts
• Transitions into BC plans and DR plans
• Addresses business process recovery (including people)
• Documents procedures for getting critical business units and processes up and running in an alternate mode
• Includes the transition back to normal operations after the incident is over
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
IT Crisis Management Mapped to ICS
13
• The client IT organization was mapped into the ICS structure
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Contents Overview
14
Introduction
Declaration Process
Roles / Responsibilities
Plan Administration
Appendix
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Example: Introduction
• This section of the plan is written to be a “tear‐away”executive summary
• Contains key information, such as:– Plan owner, alternate, and
contact information– Summary process diagram– Communication flow
diagram (call tree)– Team member mappings to
ICS
15
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Classification System Details
• Introduced three (3) levels of event:– Minor: expected duration < 24 hours; minimal to moderate damage; resolution by IT
incident management
– Moderate: expected duration < 72 hours; moderate damage; resolution by invoking select DR plans
– Severe: expected duration > 72 hours; severe damage; resolution by invoking many DR plans
• Used a four (4) step process, along with timing guidelines, to manage crisis
– Notification (within 30 minutes)
– Assessment (within 45 minutes)
– Classification (within 60 minutes)
– Declaration (within 90 minutes)
16
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Pre‐Declaration Call Tree
17
• The flow of the call tree varies by event classification
Sources Vary
Automated Notification
IT Incident Manager
C: XXX-XXX-XXXXO: XXX-XXX-XXXX
IT Incident Manager
IT Incident Management Process
Support / Service Managers
Varies
IT Incident
Automated Notification
IT Incident Manager
C: XXX-XXX-XXXXO: XXX-XXX-XXXX
Infrastructure
C: XXX-XXX-XXXXO: XXX-XXX-XXXX
IT Executive Team
(See section 7.3 for contact list)
Infrastructure
C: XXX-XXX-XXXXO: XXX-XXX-XXXX
Business Continuity
C: XXX-XXX-XXXXO: XXX-XXX-XXXX
Vendor Incident
Phone Call or Email
Facility or Other Incident
Phone Call or Email
Vendors
(See section 13.3 for contact list)
Crisis Management Team
(See section 2.4 & 2.5 for contact list)
Minor Crisis Moderate/Severe Crisis
Notification
Assessment
Classification
Declaration
Step
IT Incident Manager
IT Incident Management Process
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
ICS Team Structure
• The ICS structure was used as the basis for the team
18
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Example: Declaration Process
• This section of the plan provides details on the disaster declaration process and associated communications– Details on each step of the process
– Detailed process flow diagrams
19
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
IT Crisis Management Process Summary
20
Incident Command
Planning
Operations
Logistics
Finance
1 - Notification Next Steps 4 - Declaration2 - Assessment 3 - Classification Within 30 minutes Within 45 minutes Within 60 minutes Within 90 minutes As Necessary
Gen
eral
Sta
ff C
omm
and
Staf
f
Event
Other
Classification LevelIncident Command
IT Incident Management
Safety/Security
Incident CommandIncident Command
IT Incident Management
Planning
Operations
Logistics
Finance
Enterprise BC
Internal Communications
External Comms
StepTiming
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Example: Roles & Responsibilities
• This section of the plan describes detailedroles for each ICS section aligned team member– Primary and alternate leads for each section
– Brief overview of responsibilities
– Detailed description of recovery responsibilities
21
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Crisis Management Team – General Staff
• Incident Commander: IT Incident Management or Infrastructure Operations
• Operations: IT Incident Management and Technology Group
• Planning: Disaster Recovery Team
• Logistics: IT Procurement
• Finance and Administration: Finance
22
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Crisis Management Team – Command Staff
• Business Continuity
• Communications/Public Relations (PR)
• Legal
• Safety
• Security
23
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Example: Plan Administration
• Describes plan maintenance, testing, and distribution
24
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Plan Example: Appendix
• This section of the plan contains additional information, links, and resources
25
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Challenges / Lessons Learned
• Long review cycles
• Challenging stakeholder introductions
• Good stakeholder cooperation
26
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
After Action Report: State of the Plan
• Used in several test cases
• Accepted internally and externally
27
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Conclusions
• ICS is a flexible framework
• ICS works in the private sector
• ICS is simple to deploy from scratch
• An ICS aligned crisis management plan will – Enable improved communications and management– Improve confidence in overall BCM capability– Integrate with other BCM plans
28
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
Questions
29
• Please contact me with any follow up questions:
Additional ResourcesRobert S. Emmel
Accenture161 North Clark StreetChicago, IL 60601 ‐3200
Tel: (312) 693 ‐3892Mobile: (630) 913 ‐8319Email: robert.emmel
@accenture.com
Additional ResourcesJason Merante
Accenture161 N. Clark St.Chicago, IL 60601
Phone: 312‐693‐0648Email: [email protected]