1 / 108

Consequence-based Planning: When Scenarios Don’t Matter

Consequence-based Planning: When Scenarios Don’t Matter. Travis County Local Emergency Planning Committee Workshop September 9, 2004. Ruth Hooks. Association of Contingency Planners Capital of Texas Chapter - Treasurer Texas Dept of Information Resources Information Resource Manager.

long
Download Presentation

Consequence-based Planning: When Scenarios Don’t Matter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Consequence-based Planning:When Scenarios Don’t Matter Travis County Local Emergency Planning Committee Workshop September 9, 2004

  2. Ruth Hooks Association of Contingency Planners Capital of Texas Chapter - Treasurer Texas Dept of Information Resources Information Resource Manager Ed Schaefer Association of Contingency Planners Capital of Texas Chapter - President Lower Colorado River Authority Emergency Management Coordinator

  3. What this session is . . . • An approach to Business Continuity Planning • A set of tools to use in Business Continuity Planning • A place to start and a process to continue planning efforts • A work in progress

  4. What this session is not . . . • A complete course in business continuity planning • A guarantee of successful planning • The only way to create a plan

  5. What do we plan for? What we know Weather Fire Power failure Hackers Sabotage Equipment failure Loss of key personnel Ricin Anthrax Poisons Sarin gas “Dirty” bombs Cyber-terrorism Suicide bombers What we don’t know

  6. An Event Occurs – Followed by the Domino Effect What caused the outage doesn’t really matter … Event Occurs Company Bankrupt No Communications Payroll Can’t Be Paid Employees Sent Home Loss of Key Employees Cannot Occupy Building Contract Penalties Ensue Business Functions Cease Customer Deadlines Missed

  7. Recovery Value of Planning Event Occurs $ Deadlines Missed No Communications $ Company Bankrupt Employees Sent Home $ Payroll Can’t Be Paid Cannot Occupy Building $ Loss of Key Employees Business Functions Cease $ Contract Penalties Ensue

  8. Profits Products Building a Business– the Essentials What do we produce? What is our function? What gives our organization a reason to exist? Payroll Marketing Maintenance Management Other Purchasing Production

  9. Consequence-based Planning– Phases • Phase 1– Plan to recover the pieces • Phase 2– Plan to recover the functions • Phase 3– Plan to respond

  10. Consequence-based Planning– Phases • Phase 1– Plan to recover the pieces • Identify the components/elements of your organization • Focus planning on individual components/elements (limited linkage) • Start with what you have • Plan to go from total loss to complete recovery • Phase 2– Plan to recover the functions • Phase 3– Plan to respond

  11. Protection Processes Pipes Profits Products Building a Business– the Essentials How do we do our work? What procedures do we use? What is our information infrastructure? Who does the work in our organization? Provisions People Places Where is the work done? What facilities do we have? What do we need in order to do the work? Raw materials, supplies, etc.? How do we ensure that our organization is safe?

  12. Protection Processes Profits Scenario-based Planning Lightning Plan Provisions Places People Products

  13. Protection Processes Profits Scenario-based Planning Lightning Plan Tornado Plan Provisions Places People Products

  14. Protection Processes Provisions Places People Profits Scenario-based Planning Lightning Plan Tornado Plan Earthquake Plan Products

  15. Protection Processes Profits Scenario-based Planning Lightning Plan Tornado Plan Earthquake Plan Biohazard Plan Provisions Places People Products

  16. Consequence Recovery Provisions Places People Response Products Profits Scenario-based Planning Event

  17. Lightning Plan Tornado Plan Earthquake Plan Biohazard Plan Terrorism Plan Scenario-based Planning • Plan development is multi-disciplinary and requires coordination of all functional groups. • This may be the optimum approach but it can prove to be time-consuming. • Content may be repeated in multiple documents, making it difficult to keep all plans current. Business Continuity Plans

  18. Consequence Recovery Provisions Places People Response Products Profits Consequence-based Planning

  19. Processes Pipes Provisions Places People Protection Consequence-based Planning • Plan development is usually confined to one or two functional groups. • Concurrent planning can be conducted by the functional groups. • Repetitive content is minimized, facilitating plan maintenance. Business Continuity Plan

  20. Planning considerations– People • Includes: • Key personnel involved in executing critical business processes • Supervisory/management personnel with direct responsibility for critical business functions • Customers or consumers of our products

  21. Planning considerations– People • Issues: • Personnel safety is the top planning priority. This includes: • Ensuring physical safety • Providing emergency medical care and crisis counseling • Protecting employees families • Cross-training and succession planning mitigate sudden loss of key employees • People inside and outside of the organization need information • Personnel associated with critical functions are the best source of information in plan development.

  22. Planning considerations– Provisions • Includes: • Raw materials • Business supplies and equipment • Data • Utilities (electricity, natural gas, water) • Fuel for vehicles • Dedicated emergency supplies

  23. Planning considerations– Provisions • Issues: • Reliability of suppliers • Alternative suppliers • Alternative delivery routes and locations • Data backup and restoration • Temporary source of key supplies • Emergency generators for backup electrical power • On-site potable water storage • Gasoline/diesel storage

  24. Planning considerations– Places • Includes: • Buildings and facilities • Some organizations may have multiple locations • Some organizations may rely heavily on telecommuting

  25. Planning considerations– Places • Issues: • The current space allocation is the starting point for calculating space needs • If 100% restoration isn’t possible, consider implementing a phased approach • Non-critical functions are not allocated workspace during initial recovery efforts • Each business unit involved in a critical business function initially is allocated a percentage of its current space • Adjustments to this allocation can be made as planning continues

  26. Planning considerations– Pipes • Includes: • Telecommunications infrastructure • Telephones • Radio communications • Information technology (IT) infrastructure • Local Area Networks (LANs) • Wide Area Networks (WANs) • Internet connectivity

  27. Planning considerations– Pipes • Issues: • Must identify critical communications paths • Single-points-of-failure must be identified • Redundancy should be provided • Personnel must be trained on use of alternate communications paths • Documentation, equipment and supplies must be readily available to implement backup plans • Emergency communications must be planned

  28. Planning considerations– Protection • Includes: • Physical security • Locks • Security personnel • Surveillance cameras • Personnel awareness • Cyber security • Firewalls • Intrusion detection processes • User-initiated workstation security procedures

  29. Planning considerations– Protection • Issues: • Access control • Automatic door locks-- fail open or closed? • Availability of additional security personnel • Off-site monitoring of surveillance equipment • Awareness training for all personnel– security is everyone’s job

  30. Consequence-based Planning– Phases • Phase 1– Plan to recover the pieces • Phase 2– Plan to recover the functions • Identify business functions • Prioritize business functions • Link functions to elements • Develop function-specific plans • Phase 3– Plan to respond

  31. How to Start?Setting Priorities with Functional Risk Analysis • Also known as Business Impact Analysis • Quantify planning priorities • Provide a visual communication tool • Doesn’t require formal planning experience • Add a degree of objectivity to subjective judgments • Valuation allows clear definition of planning tasks and goals  “buy-in”

  32. Function Analysis - Process overview10 Easy Steps • Identify key functions ( and/or sub-functions) • Determine the impact of each function • Estimate probability of failure • Estimate the amount of time before failure has an effect on ability to deliver essential services • Estimate the amount of time to restore the function • Score each function = (( Impact x Probability x Time to effect) / Time to restore) • Rank each function by relative importance • List critical elements, dependencies and plans for each function • Determine the order for creating the functional recovery plans based on the ranks and scores • Complete the plans

  33. 1. Function Analysis - Identify • What are the major business areas? • What are the major functions in each business area? • What are the key processes in each function? • What are the tasks in each function?

  34. 1. Function Analysis - Identify Suggestion #1: Use a group activity to define your business functions • Have group members write the functions they perform on Post-itTM notes • Stick the notes on a wall • Group the notes into logical functions • Determine which are top-level functions (Generally mission functions) • Place the top-level functions in a row along the top of the wall • Continue to organize the sub-functions and tasks under the top-level functions

  35. 1. Function Analysis - Identify Inventory Point of Sale Deliver to Stocking Stocking Accounting Purchasing Enter into Inventory Validate Shipping Info Supply and Shipping Loading Dock Verify Pricing Loading Dock Payroll Training Retail Sales Receiving Human Resources

  36. 1. Function Analysis - Identify Supply and Shipping Accounting Retail Sales Purchasing Human Resources Receiving Training Payroll Stocking Inventory Point of Sale

  37. 1. Function Analysis - Identify Accounting Retail Sales Supply and Shipping Purchasing Human Resources Receiving Training Payroll Loading Dock Stocking Validate Shipping Info Verify Pricing Inventory Enter into Inventory Point of Sale Deliver to Stocking

  38. 1. Function Analysis - Identify Suggestion #2: Use business documents to define your business functions • Organizational Chart • Strategic Plans • Business Plans • Any other organizational materials you have • Organize the information into functions and sub-functions • Gain management consensus through smaller work groups and/or from executive management to modify and incorporation functions

  39. 1. Function Analysis - Identify Step #1: Identify key functions and/or sub-functions Start with several blank copies of the“Function Analysis Resource sheet”.

  40. 1. Function Analysis - Identify Accounting Transfer the functions to the worksheet Purchasing Human Resources Retail Sales Supply and Shipping Market Analysis

  41. 1. Function Analysis - Identify Some functions may have multiple levels of sub-functions. Accounting Purchasing Human Resources Retail Sales Supply and Shipping Market Analysis

  42. 1. Function Analysis - Identify Retail Sales Receiving Each sub-function may have its own set of sub-functions. Stocking Inventory Point of Sale Etc.

  43. 1. Function Analysis - Identify Receiving The goal of analyzing the functions is to identify the points of failure which affect your ability to continue to run your business. Loading Dock Validate Shipping Info Enter into Inventory Verify Pricing Deliver to Stocking Etc.

  44. 1. Function Analysis - Identify Receiving Your functional analysis should contain enough levels to identify those critical points. Loading Dock Validate Shipping Info Enter into Inventory Verify Pricing Deliver to Stocking Etc.

  45. Receiving Loading Dock Validate Shipping Info Enter into Inventory Verify Pricing Deliver to Stocking Etc. 2. Function Analysis - Impact Step #2: Rank the impact of each function.

  46. 2. Function Analysis - Impact • Impact – Ask What happens if these functions aren’t done? • 5 = Mission Critical • Disruption of key functions; $$ impact high / intolerable • 4 = Critical • Disruption of key functions; $$ impact medium / tolerable • 3 = Very Important • Disruption of key functions; $$ impact low / within current budgets • 2 = Important • Key functions impacted but not halted • 1 = Minor or No Impact • Non-essential functions affected

  47. Receiving Loading Dock Validate Shipping Info Enter into Inventory Verify Pricing Deliver to Stocking Etc. 2. Function Analysis - Impact 5 What is the impact if the business cannot receive shipments at the loading dock? 5 = Mission Critical – disruption of key function

  48. Receiving Loading Dock Validate Shipping Info Enter into Inventory Verify Pricing Deliver to Stocking Etc. 2. Function Analysis - Impact 5 Can we live with the risk of accepting the shipping information as accurate? 1 1 = Minor or No Impact

  49. Receiving Loading Dock Validate Shipping Info Enter into Inventory Verify Pricing Deliver to Stocking Etc. 2. Function Analysis - Impact 5 Can we still sell goods if the inventory is not exact ? 1 2 • 2 = Important

More Related