None

PricewaterhouseCoopers LLP

Business Continuity InstituteCrisis Management WorkshopJanuary 24 2008

*connectedthinking

PricewaterhouseCoopers LLPJanuary 2008

Slide 2

A ‘brief’ apology!

• Andy will present a case study of an organizational structure for crisis management and demonstrate how this relates to the requirements of BS25999.

BCI Crisis Management Workshop

No he will not!


Slide 3

Incident versus Crisis


Incident

Incident

Incident

Incident

Incident Incident

Incident

Incident

IncidentIncident

Incident

IncidentIncident

IncidentIncident

Incident

Incident

Incident


Slide 4

CRISIS!

Incident versus Crisis


CRISIS!


Slide 5

BCM Lifecycle from BS25999-1



Slide 6

BS25999-1: 8.2 Incident Response Structure

• 8.2.1 The organization should define an incident response structure that will enable an effective response and recovery from disruptions

• 8.2.2 In any incident situation there should be a simple and quickly-formed structure that will enable the organization to:• confirm the nature and extent of the incident,• take control of the situation,• contain the incident, and• communicate with stakeholders

The same structure should trigger an appropriate business continuity response



Slide 7

Incident Timeline from BS25999-1


Business Continuity

Time Line

Tim

e Z

ero

Incident!

Overall recovery objective: Back to normal as quickly as possible

The Incident Timeline

Within minutes to hours:Staff & visitors accounted forCasualties dealt withDamage containment / limitationDamage assessmentInvocation of BCP

Incident Response

Within hours to days:Contact staff, customers, suppliers, etc.Recovery of critical business processesRebuild lost work-in-progress

Within weeks to months:Damage repair / replacementRelocation to permanent place of workRecovery of costs from insurers

Recovery / resumption - back to normal


Slide 8

BS25999-1: Commentary on 8.2

• In small organizations the responsibility for incident and business continuity management may be vested in a single individual. Larger organizations may use a tiered approach and may establish different teams to focus on incident management, business continuity and business recovery issues. In some cases these teams may be supported by other teams with responsibility for activities such as media communications and people issues



Slide 9

UK Gold Silver Bronze Command Structure

COBR

Police Headquarters

Outer Cordon - JESCC

Inner Cordon - Fire and Rescue

Gold

Silver

Bronze

Strategic

Tactical

Operational



Slide 10

Incident Management structure for the UK firm

UK Board

NBCT Leader

Assurance

I&P

Comms

Tax

UKIT

Media

Advisory

Finance

HC/ESC

NBCT Coordinator

Tax

Central / Region

‘Operations’

Central / Cluster

Assurance

Central / Region

Advisory

Central / Region

Office Lead Partner

Tax Rep

Advisory RepAssurance Rep

Office Manager

‘Platinum’

Gold

Silver

Bronze

Strategic

Tactical

Operational

Incident Controller



Slide 11

Incident Response and Business Continuity

UK Board

National BusinessContinuity Team

National Operations/Business Teams

Multi-site/Regional Business Units

Office Incident Management Team

Single-site Business Units

Platinum

Gold

Silver

Bronze

Strategic

Tactical

Operational



Slide 12

Africa Central - Incident Response Structure

Global

Firm/Territory IMTAfrica Central

Country IMTe.g. Ghana

Office IMTOperations/Business Unit Teams

Platinum

Gold

Silver

Bronze

Strategic

Tactical

Operational



Slide 13

Pordivnig a fmarerowk for cmmocinuatoin

Aoccdrnig to rseeacrh at Cmabirgde Uinervtisy, it deons’t mttaer waht oredr the ltteers in a wrod are wirtten, pordivnig the frist and lsat ltteer are in the rihgt pclae, bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.



Slide 14

Framework in practice

The OIMT Plan states:

“Its purpose is to provide a framework to aid the incident management team in responding directly to actual incidents that may affect our people, client services and business operations, or if the team is activated to deal with a potential future threat or event.”

(Source: OIMT ‘Bronze’ Plan - Introduction)



Slide 15

BS25999-1: 8.3 Contents of plans

• All plans, whether incident management plans, business continuity plans or business recovery plans, should be concise and accessible to those with responsibilities defined in the plans


PricewaterhouseCoopers LLP

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

© 2008 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.

“You can’t prepare for everything – but you can prepare for anything.”

Paul Youngjohns (involved in Lockerbie recovery)

Documents

None