RBTC:

Business Continuity 101

July 18, 2013

• What is Business Continuity?• Scenario Part 1• Why is BC important?• What types of plans are

needed?• How do you create them?• Scenario Part 2• Questions

Copyright CMS© 2011 CMS, Inc.

Business Continuity Defined

The ability of an organization to

ensure continuity of service, to

support its customers and to

maintain its viability before,

during and after an event.

Copyright CMS© 2011 CMS, Inc.

• Ensure continuity of time-critical business processes

• Safeguard corporate assets• Minimize effects of an

interruption• Train personnel to handle

emergency conditions

Purpose of Business Continuity

Copyright CMS© 2011 CMS, Inc.

Confidential 5

Respond vs. React

Copyright CMS© 2011 CMS, Inc.

• Hurricane Derick is powering through the coastal Carolinas.

• Significant impact is expected – Severe flooding– Power disruptions– Internet disruptions

• Storm will hit 2 a.m. on Saturday.

Scenario 1: How prepared are you?

Copyright CMS© 2011 CMS, Inc.

Pick a representative organization at your table.It is Thursday morning:• Based on what you know, would you recommend

activating your Emergency Management Team. Who would be on it?

• What are you top 2 priorities?• Do you have resources in place?

Scenario 1: What do you do now?

USE YOUR TIP CARD

Copyright CMS© 2011 CMS, Inc.

Exemplar Disruption Timeline

Emergency Response

ResumeBusiness(AlternateSite)

Vital Records

Transaction Backlog

ResumeBusiness(Home Site)

Systems & Applications Recovery Path

Business Unit Recovery Path

Telecommunications Recovery Path

Unplanned Interruption

OperatingSystemRestoration

Voice Network Restoration

BusinessUnitRelocation

Backlog/Data Synch

ApplicationRestoration

ManualOperations

DataNetworkRestoration

StandaloneSystemRestoration

Backlog/Data Synch

Why isBusiness

Continuity Important?

Copyright CMS© 2011 CMS, Inc.

Reason #1: Disasters really do occur

Copyright CMS© 2011 CMS, Inc.

• 43% of businesses that experience a disaster never reopen. 29% of such businesses close within two years, and businesses whose information systems fail due to a disaster lose, on average, 40% of daily revenues. (Contingency Planning & Management)

Reason #2 It’s good business

• Of those businesses that lost their records in a fire, 44% NEVER reopened their doors again, and 30% of those that DID reopen failed to survive beyond three years after the fire. (ARMA)

© 2011 CMS, Inc.

Costs of Downtime

Other Expenses

• Temporary employees• Equip rentals• Overtime

• Shipping• Travel• Legal obligations

Revenue • Direct Loss• Compensatory payments• Lost future revenue

• Billing losses• Investment losses

Financial Performance

• Revenue recognition• Cash flow• Lost discounts (A/P)

• Payment guarantees• Credit rating• Stock price

Productivity Number of employees affected x hours out x burdened hourly rate

Damaged Reputation

• Customers• Suppliers

• Financial markets• Business Partners

© 2011 CMS, Inc.

What Types of Plans are

Needed?

Copyright CMS© 2011 CMS, Inc.

-- Other (Legal, Secretary, CFO)

Disaster Recovery Plan

Life Safety Plan

-IT RecoveryTeam- HR Crisis Team

-Crisis Communications Team-Emergency Response

Team

Crisis Management Plan

Business Process

Recovery Plans

Four Types of Plans Used at Time of Disaster

Tells all staff what to do when specific emergency events happen

Identifies senior management

team’s roles and actions required

to mitigate the impact of crisis

Helps to ensure that essential business

processes continue following a disaster,

determines the “who, where, and when” of

recovery

Focuses on the recovery of IT systems based on business requirements

copy

© 2011 CMS, Inc.

What is the Process for

Creating Business Recovery Plans?

Copyright CMS© 2011 CMS, Inc.

Business Recovery Planning Overview

Understanding the organization

Exercising, maintenance

and review

Determining Recovery strategies

Developing and implementing a response plan

Create BCM Framework and Governance

Copyright CMS© 2011 CMS, Inc.

• Where do I go? What do I do today? What do I do in 3 days? What do tell my employees? Who is in charge?– Disaster Declaration Procedures– Emergency Evacuation Procedures– Detailed Task Lists over time (what to do on day 1, day 2, day 3 etc)– Notification Procedures – Contact information for all internal and external dependencies– Recovery locations (primary and secondary)– Team leaders and alternates– Manual workarounds and work procedures

• This may be the only document the Business Process Manager has at time of disaster

Elements of a BRP

Copyright CMS© 2011 CMS, Inc.

Your recovery strategy should not be a secret….

Copyright CMS© 2011 CMS, Inc.

• Storm stalls:– Severe flooding

(impact similar to the Flood of 1985)

– Rain expected for another two days

– High winds expected to die down by end of Sunday.

Scenario Update: Hurricane Derick +24 hrs

Copyright CMS© 2011 CMS, Inc.

• General infrastructure failure – public services off line.

• Most CRC buildings are uninhabitable. • Power substation in Blacksburg fails – Appalachian Power estimates 10 days until restoration.

• Gas shortage.

Scenario Update: Hurricane Derick +24 hrs

Copyright CMS© 2011 CMS, Inc.

Assume your building is unavailable, the power is off and your generators will not have enough gas to get through to Monday. Your EMT is already activated.• Based on what you know and what plans, procedures

and equipment you have in place right now:– Discuss the likely impact of the hurricane on your

business.– Discuss your top 2 priorities for recovery

• What was the most important thing you learned here today?

What to do?

Copyright CMS© 2011 CMS, Inc.

• Business Continuity Management is not rocket science

• Business Continuity Management is a process that mitigates and/or reduces risks

• This is not a project, but rather an on-going process that touches every part of the organization

• BCM requires the cooperation of all the lines of business

Key Take-Aways

Copyright CMS© 2011 CMS, Inc.

• Based on your experience in these exercises:– What worked about your plans?– What could have worked better?– What are some action items you’ll take back to

your team?

QUESTIONS?

What worked? What did not work?

Copyright CMS© 2011 CMS, Inc.

• Business Continuity Institute – thebci.org• DRII – drii.org• FEMA’s preparedness site – ready.gov

Helpful Information

Plans are of little importance, but planning is essential.

- Winston Churchill