《CBCP业务连续性管理专家培训材料Area6.ppt》由会员分享,可在线阅读,更多相关《CBCP业务连续性管理专家培训材料Area6.ppt(78页珍藏版)》请在三一办公上搜索。
1、1,Business Continuity ManagementCourse for Advanced Professionals Introduction,2,Subject Area 6:Developing&Implementing Business Continuity Plans,3,Lesson Overview,Plan Activation Procedures Opening the Emergency Operations Center Command centers public responders Securing the area Assessing the dam
2、age Salvage and restorationPlan development methodologyPlanning organizationPlan documentationPlan implementation,4,Professional Practices for Business Continuity Professionals,Project Initiation and ManagementRisk Evaluation and ControlBusiness Impact AnalysisDeveloping Business Continuity Strategi
3、esEmergency Response and OperationsDeveloping and Implementing Business Continuity PlansAwareness and Training ProgramsMaintaining&Exercising Business Continuity PlansCrisis CommunicationsCoordination with External Agencies,5,Objectives,Design,develop,and implement Business Continuity and Crisis Man
4、agement plans that provides continuity within the recovery time objective and recovery point objective.,6,The Professionals Role(1/2),1.Identify the Components of the Planning Process Planning methodology Plan organization Direction of efforts Staffing requirements 2.Control the Planning Process and
5、 Produce the Plan 3.Implement the Plan,7,The Professionals Role(2/2),Test the Plan Maintain the Plan,8,Plan Activation,When an emergency occurs that necessitates a response that is beyond the scope of standard operating procedures,the plan is activated by the individual(s)designated in the plan.,9,P
6、lan Activation,Problem Occurs,Operations Interrupted,Is DisasterObvious?,ContinueProblemResolution,Escalation Process,ProblemResolved?,ActivateDamageAssessmentTeam,Issue Alert,DoesProblem SatisfyDisasterDeclarationCriteria?,Yes,No,No,Yes,No,Yes,Declare,Notify Teams,RecoverySupportVendors,Activate Th
7、ePlan,Recover,Problem Resolved,Return to NormalOperations,10,Plan Activation,Event-Response Recover Normal,Public-Private-EmergencyResponse/Management,BusinessContinuityOrganization,Steering Committee=CMTTeams ActivatedCommunications TeamRisk ManagementAudit-Finance,Life-Safety,Property Protection/P
8、hysical Security,Technology,Respond/Stabilize/Manage/Recover Normalize,Recover-Restore-Resume,11,Plan Activation,CMT/Management Notify appropriate personnel Team utilization/activationThe Crisis Management Team decides whether or not to activate the entire Business Continuity Organization.Activate t
9、he Plan and/or Declare a disaster Personnel on standby Non-activated members on 24-hour alert Standby location(s)designated at time of announcement Required to be available for immediate telephone contact,12,Communication Plan Activation,Set up communication center Away from spot of crisis Open line
10、s of communication Absorb all information available Monitor media for latest developmentsUpdate the press release scripts Develop schedule for communicating with the media Take care of regular business,13,Communication Tools,Cell phonesBlackberries2-way radiosLandline phonesInternetEmergency notific
11、ation systemsHam radio operators,14,Plan Activation,CC atImpactedLocation,CC atAlternate RecoveryLocation,Away from Incident!,EOC,Leadership-Strategic,Crisis Management Team,Communicate!,Communicate!,Control&Allocate Resources,Interim Business AreaRecovery TeamsRecovering Lost Functions,TacticalSpec
12、ific Response TeamsDamage AssessmentSalvageCounting Heads,Communicate!,15,Plan ActivationCommand&ControlA Fire Occurs at Facility 2The Fire Department Responds&Assumes CommandThe private sector organizationestablishes a Command Center atFacility 2 to interface with the publicsector and manage the pr
13、ivate sectorresponseThe Fire Department establishes an Incident Command Post so supervise the eventThe private sector organization liaisons with the ICS Command Structure representing thePublic Sector Agencies,16,Plan ActivationCommand&Control,A Command Center isEstablished at Facility 1And recovery
14、 teams Work to recover lost functions,While the emergencyResponse is underwayCosmos Industries opens an Emergency OperationsCenter at the CorporateHeadquarters,Corporate HQSuburb AThe EOC provides whateverAssistance is Needed atFacilities 1&2,17,Command Center,CC activation&communicationDefine the d
15、uties of personnelEstablish procedures for each positionPrepare checklists for all proceduresDefine procedures and responsibilitiesDetermine lines of successionDetermine equipment and supply needs,18,Command&Control,Which gate or entrance will responding units use?Where and to whom will they report?
16、How will they be identified?How will facility personnel communicate with outside responders?Who will be in charge of response activities?,19,Command&Control,After the Fire Chief releases the scene to Cosmos Industries,the fire department leaves,20,Stabilize/Manage/Recover,Property Protection/Physica
17、l Security,Secure AreaAssess DamageSalvage&Restoration,Event-Response Recover Normal,Public-Private-EmergencyResponse/Management,Life-Safety,Technology,Respond/Stabilize/Manage/Recover Normalize,Recover-Restore-Resume,Business ContinuityOrganization,21,Secure Area,Isolate incident scene Secure scene
18、 Control access Close doors and windows Establish temporary barriers after people have safely evacuated Drop containment materials in the path of leaking materials Close file cabinets or desk drawers,22,Secure Area,Protect undamaged property Close up building openings Remove smoke,water,and debris P
19、rotect equipment against moisture Restore sprinkler systems Physically secure property Restore Power,23,Assess Damage,Take an inventory of damaged goods Restore equipment and property Assess value of damaged propertyMaintain contact with customers and suppliers Conduct an investigation,24,Assess Dam
20、age,Coordinate actions with appropriate government agenciesNotify risk management department Contact insurance carrier Initiate insurance claim process Define claims requirements Arrange for an insurance adjustor,25,Salvage and Restoration,Define external agencies for liaison Statutory agencies Emer
21、gency services(fire,police)Insurers Loss adjusters Others?Prepare for specific information required by statutory agencies,emergency services,insurers,loss adjusters,etc.,26,Salvage and Restoration,Define Strategy for initial on-site activity Understand need for Action plan for site safety,security,a
22、nd stabilization Identifying immediate loss mitigation and salvage requirements Understand and interpret business requirements to allow effective and efficient physical asset recovery Identify methods asset protection Equipment Premises Documentation,27,Salvage&Restoration,Effective diagnosis of inc
23、identAssemble required resources at affected site(s)Prepare action plan for site safety,security,and stabilizationEstablish liaison with external agenciesEstablish procedures with service providers,28,Salvage and Restoration,Conduct salvage operations Segregate damaged from undamaged property Keep d
24、amaged goods on hand until an insurance adjuster has visited,29,Stabilize/Manage/Recover,BusinessContinuityOrganization,Media RelationsProtect EmployeesNotify Proper AuthoritiesKeep Detailed RecordsBegin Recovery Process,Event-Response Recover Normal,Public-Private-EmergencyResponse/Management,Life-
25、Safety,Technology,Respond/Stabilize/Manage/Recover Normalize,Recover-Restore-Resume,Property Protection/Physical Security,30,Protecting the Organization,InsuranceEmployee supportPlummeting stockProduct recall Tylenol tampering Ford/Firestone TiresEthical violations-audit,31,Protecting the Organizati
26、on,Keep detailed records Audio record all decisions Videotape and photograph the damagePreserve vital recordsMedia relations Account for all damage-related costs Establish special job order numbers and charge codes for purchases and repair work,32,Protecting the Organization,Notify appropriate organ
27、izations OSHA?State?County?Suppliers of products and servicesVendor relations-post-emergency services Records preservation Equipment repair Earthmoving Engineering,33,Professional Practices forBusiness Continuity Planners,Project Initiation and ManagementRisk Evaluation and ControlBusiness Impact An
28、alysisDeveloping Business Continuity StrategiesEmergency Response and OperationsDeveloping and Implementing Business Continuity PlansAwareness and Training ProgramsExercising&Maintaining Business Continuity PlansPublic Relations and Crisis CommunicationCoordination with Public Authorities,34,The Pla
29、nning Process,Objective Document procedures required to continue,recover and restore the functional capability of the organizationSome key tasks Develop teams&tasks Develop specific steps to minimize the risks of outage and restore to normal operations Document the planSome key deliverables Emergenc
30、y response plans and procedures Crisis communication procedures Coordination with external agencies The draft plan,PlanDevelopment,ProjectPlanning,RiskAssessment&Analysis,BusinessImpact Analysis,StrategyDevelopment,35,Develop Business Continuity Plans,36,BCM Plan Elements,People,Processes,Places,BCM
31、Plan,Sales,Manufacturing,distribution,Accounting,Payroll,HR,etc.,Staff,visitors,Delivery people,Outside servicePersonnel,othertenants,The site andbuilding which accommodatesPart or all of the organization,and where some or allof the processes are conducted.,37,BCM Plan Stakeholders,DisasterRecoveryU
32、ser Group,Emergency ManagementAgencies,Senior Management,Corporate InformationSystemsManagement,DisasterRecoveryVendors,CorporateHumanResources,UserCommunity,InsuranceBrokers,Auditors,GovernmentAgencies,Media,Utilities/BuildingManagement,BusinessContinuityProgram,38,Types of PlansBusiness Continuity
33、Management,Crisis Management PlanBusiness Unit PlansCOOP,Disaster Recovery PlanEmergency Response PlanBusiness Continuity Plan,39,Business Continuity Plan Objectives,Reduce consequences of a disaster to management approved service levelsDefine the high impact areas of the organization Involve all bu
34、siness units and/or functions Assess all aspects of the organization,40,Business Continuity Plan Products,Information Who executes recovery actions What is needed to recover,resume,continue,or restore business functions Where to go to resume corporate,business and operational functions When business
35、 functions and operations must resume How-detailed procedures for recovery,resumption,continuity,and restoration,41,Documenting the Plan,Who is going to do it?How are you going to do it?Conveying organizational program informationDefining specific plan detailStructure of plan document,42,Outsourcing
36、 BC PlanCan someone else perform the service better,more efficiently,or more economically than you?,Risks vs.rewardsKnowledge transferSpecific expertiseBroader BCP experienceFocus on strategies and plans,Ownership&CommitmentAvailability and responseKnowledge of organizationDriven by contractual obje
37、ctives,43,Avoid Common Mistakes,Emergency response procedures labeled DR/BC planOutside assistance will address our recoveryInsurance will take care of it,44,Avoid Common Mistakes,4.Information not organized effectively5.Format or software is too complex6.Alternates are not identified7.Information i
38、s not up to date,45,Avoid Common Mistakes,8.Single site scenarios9.Data synchronization10.Copies not accessible11.Facility access list12.Out-of-date recovery strategy/capacity13.Under-estimated recovery time14.Plans are too generic or too detailed,46,Avoid Common Mistakes,15.Data retrieval delays16.
39、People unable to cope17.Effects of trauma and stress18.Evacuation flaws19.No alternate EOC20.Communication choke points21.Inadequate insurance coverage,47,Successful Plans,Clear and conciseCoordinated with suppliers&vendorsSenior management support/organization commitmentOn-going/part of strategic e
40、ffort,Appropriate budgetRetention,backups,&off-site storage programFully documented&exercised regularlyRisks are managed Vulnerabilities are prioritizedFlexible and adaptable,48,Plan Development Requirements,Develop action plans/checklistsReview and evaluate toolsAcquire matrices and flowchartsDevel
41、op forms to acquire informationDetermine requirements for information database and other supporting information,49,Plan Development Requirements,Leverage the information gathered in forms to do more than develop plan documentShare with organization resource providers to establish service requirement
42、 quantities and scheduleIdentify gaps in needs vs.resources,50,Plan Development Requirements,Allocate tasks and responsibilities Identify tasks to be undertaken Identify necessary teams to perform required tasks Assign responsibilities to tem Identify and list Key contacts Suppliers Resources,51,Pla
43、n Development Requirements,Locate and catalogue organization information Identify and confirm processing and documentation critical to key business processes Identify and determine which information/processes should be replicated Identify storage requirements Identify key suppliers Select of recomme
44、nd methods of bakcup and retention of vital records,52,Scenario Development,“Worst case”Conditions Severe magnitude Occurs at worst possible time Loss of all files,information,and equipment Requires full plan implementationMay change as organization changes Revise if major changes to facilities,equi
45、pment,organizational structure,or business functions affecting basis of business recovery planning,53,Plan Design,Approaches For locations For business processes For business unit/department/functions For service lines By phases,54,Implementing the Plan,Complete required tasks Continuity actions and
46、 proceduresAllocate tasks and responsibilitiesDevelop education programDevelop plan review,update,and reporting procedures,55,Distribution and Control Procedures,Establish appropriate distribution and control procedures for:Business continuity plans Results of plan exercises and tests Plan changes a
47、nd updates,56,Plan Security,Open document or classified documentDocument control Who gets copies of the plan?Full access or need-to-know basis Just their componentsChapter/section distribution Organizational sensitivity and security concerns,57,Review and Sign off,Plan review should consider:Is the
48、plan consistent with the findings of the BIA?Are roles&responsibilities defined?Are resources in place,or actions defined to get them in place?Can the plan be implemented?Will the owner sign off?,58,Plan Documentation,The plan document needs to be structured so that it is a viable,useable documentIn
49、 order for the plan document to be useful in a disaster it must include vital information and be organized in a way that makes it easy to use,59,Major Plan Components,OverviewIncident managementTeams&tasksCritical locationsCritical processesCritical contactsBCP Outline,TechnologyVital records/off-si
50、te storageEquipment&suppliesPlan maintenance Appendices,60,BCM Program Overview,Methodology and planning approachGoals&objectivesOrganizational policy statementScope,objectives&assumptionsDisaster definition/criteriaRoles and responsibilities by functionDisaster scenario definitionsDefinition of ter
