Business Continuity or Disaster Recovery

What is it Really?

Patrick CowanCHSV, MBCDRP, CFC, CSSI, ATM, CPM

Definitions (Common Frame of Reference) Business Continuity (Proactive Model)

Business Impact Analysis Dependency Model

Disaster Response/Recovery (Reactive Model) Mitigation Wants Needs Gaps In:

Communication Documentation Resources Technology

What you will be exposed to:

Proactive Model

When treated as a Program

Voluntary (Sponsored on-high)Plans (clear & concise)

Federal Local Company Family

Roles Responsibilities Authorities

Proactive Model

Metrics Dependencies

Internal to the Company 3rd Party Vendors

Costs Budgeted Unplanned

Reporting Status Incident After Action Root Cause

Training-Exercises (read Validation of plans) Mitigation

Proactive Model Continued

First and foremost Business Continuity is a “Mind Set” and has to be from the highest levels in the organization.

Secondly developing and implementing a Business Continuity Program is an “ART” rather then a Science and is in a constant state of flux (change) .

Business Continuity is the overall program tasked with: Business Impact Analysis (Risks/Hazards) BIA for short Planning for interruptions based on the BIA Dependent Modeling (often overlooked as a critical element) Training of Emergency Response Teams (ERT) Response to identified impacts Mitigation (limiting or excusatory factors) applied to the hazards and Recovery (identified percentage of whole you want to be at after an incident).

Business Continuity is:

Your Protection from Hazards

A comprehensive Business Continuity program provides for the following: Gathering Information Making Recommendations (process improvements/modifications/

metrics) Providing Training Coordinating agreed upon efforts Developing Documentation related to the program (not

operational functions of the organization) Think of Business Continuity as the umbrella and those things

it is and does as the shaft, with the Executive Leadership and Stock Holders of the organization being or holding the handle. Those holding the handle can either open the umbrella (use it) or suffer the consequence of not opening it!

What Business Continuity Does!

The BC program in the beginning (formative years) often acts as a “Jiminy Cricket (conscience)” to the organization rather then a resource that is invaluable in making decisions that will benefit it in the long run.

“ Business Continuity is Never Having to Say I Told You So!”

Reality Check!

Reactive Methodology

When it Stands Alone

Planning is limited to organizational groups (no-limited dependent Modeling) IT Operations Etc.

Involuntary (no or limited support) No Organizational Control (3CP)

Roles Responsibilities Authorities Second Guessing by Executives “YOU DID WHAT?” High Cost “YOU Spent WHAT?” Everything is done on the fly and emotional

Yell loud enough you get attention Notice it is all “YOU”? Not a good place to be!

Reactive Model

The Cost $$ of being Prepared

Mitigation

The actions used to lessen in force or intensity the impact of hazards in: Man Made Risks

Violence Technology

Power Hardware Data HVAC

Fiscal Health Safety ETC.

Natural Risks Floods Hurricanes Earthquakes ETC.

Mitigation

The Impact of desire

Wants Vs. NeedsThe status of your reality!

A Low Cost Solution Get the Regulators off our back A Document that:

Makes you feel good (you did something) You can share with others

A person to: Fit your “Culture” Give you what you think you want Mirrors your thoughts Does not make waves Take direction (oxymoron in BCDR)

What you Want

A comprehensive solution for: Dependencies Getting the Regulators on your team Getting the Public (taxpayers) involved Getting your family involved Mitigation

Budget Project Management Sponsorship

A Document that: Makes you feel good (It WORKS!) You can share with others Offers process improvements in daily operations

What you Need!

A person to: Lead (give direction-recommendations) Present the facts not fiction “Been there done that (proven and tested)” Make the hard decisions Execute effectively on time lines and budget Stand their ground but follows executive decisions (Art

form) Negotiate based on all available information! Engender trust

What you Need Continued

If you work under the “Want” there is no or limited efforts to move the project forward.

If you work under the “Need” you will get a focused effort pushing the program (but it causes ripples through the organization)

Fill in your own thoughts here!

What does all this mean for the Organization?

Another Name for Ooops!

Gaps

Communication How Who When

WHY JOINT MILITARY OPERATIONS DO NOT WORK One reason the Armed Services have trouble operating jointly is that they have very different

.meanings for the same terms

" ," The Joint Chiefs once told the Navy to secure a building to which they .responded by turning off the lights and locking the doors

" ," The Joint Chiefs then instructed Army personnel to secure the building and they occupied .the building so no one could enter

, , , Upon receiving the exact same order the Marines assaulted the building captured it and set , up defenses with suppressive fire and amphibious assault vehicles established reconnaissance , - - and communications channels and prepared for close hand to hand combat if the situation

.arose

, , , But the Air Force on the other hand acted most swiftly on the command and took out a- .three year lease with an option to buy

Four Gaps in Planning

Documentation

Policies (Controls) Roles Responsibilities Authorities

Procedures Check lists

Four Gaps in Planning Continued

Resources People

Internal to the business unit SME (emergency response team member ERT) Support provided by vendor

External SME (ERT) outside the business unit but inside the company Critical Vendor Support not controlled by the business unit

Things Space Supplies Utilities Money

Four Gaps in Planning Continued

TechnologyHardwareSoftwareVendors

Four Gaps in Planning Continued

What did you learn? Does your organization need:

Business Continuity (a Plan) A Proactive Leader To Fill Gaps in Preparedness (continuity)

What reality do you live in? (Reactive or Proactive?)

In your Business Unit In your Company In your Family (yes this needs to be there to!)

What do you Think?(Food for thought)

Questions?Contact: Emergency Preparedness Partners LLC.Contact: Emergency Preparedness Partners LLC.

Patrick Cowan: pncowan@charter.netPatrick Cowan: pncowan@charter.net715-254-0796715-254-0796303-868-9877303-868-9877