1 / 26

Enterprise Business Continuity Management

Enterprise Business Continuity Management Utilizing “Collaboration” in The state of Washington Business Continuity Program Small Agency Presentation August 21, 2006 Judy Sweet, CBCP Washington State Enterprise Business Continuity Program Manager Business Continuity Program Purpose

emily
Download Presentation

Enterprise Business Continuity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EnterpriseBusiness Continuity Management Utilizing “Collaboration” in The state of Washington Business Continuity Program Small Agency Presentation August 21, 2006 Judy Sweet, CBCP Washington State Enterprise Business Continuity Program Manager

  2. Business Continuity Program Purpose The State of Washington must maintain confidence of its constituents, and ensure continued operation of vital government services when an incident has caused, or has the potential to cause, significant consequences. The Business Continuity Program will provide the framework to develop an enterprise approach and coordinate agency efforts to minimize business interruptions, and create a state of readiness, so that agencies can respond to and recover from events, resuming vital services as quickly as possible.

  3. Business Continuity Milestones • Enterprise Executive Symposium 6/2005 • Enterprise BC Software Tool Installed 7/2005 • Business Continuity Initiative Project Kickoff 8/2005 • Statewide BC Work-sessions Begin 9/2005 • Regular BC Work-sessions Concluded 6/2006 • Statewide BC Program & Sustaining BC Model • Statewide BIA • Statewide COOP Development • Enterprise Solution Development

  4. Business Continuity Planning Objectives • Minimize service interruptions, to acceptable levels • Understand your agency services • Collaborate with other agencies • Incorporate Best Practices • Utilize common planning framework • Identify high impact areas • Based on risk intelligence • Execute an Enterprise strategy to prioritize and mitigate risk. • Account for dependencies across agencies • Capitalize on economies of scale ~80% Business and 20% Technology

  5. Business Continuity Management (BCM)Answers . . . • What is an incident / disruption / disaster? • What are the impacts over time? • How much loss can be tolerated? • Risk Threshold, Tolerance • What can be mitigated? • Work-around, Enterprise solutions • How to reestablish business services? • Activate response plans • What is required? • Resources, time, people/skill sets, procedures, dollars • How much is enough? • Balance options “Proactive verses Reactive”

  6. Bottom Line: BCM Program Umbrella • Sustain & Protect • People • Property • Information • Operations • Gov. Services BCM provides a balance between acceptable potential losses and acceptable onetime and annual costs.

  7. Business Continuity • Investments in business continuity should be prioritized based on analysis of risks and impacts over time. • Create Value in Operability. • Be Positioned to be successful.

  8. BIA Snapshot of Business Drivers

  9. SampleBusiness Impact AnalysisDeliverable • A “typical” graph showing impact vs. recovery time, which visually assists with risk mitigation prioritization. WSP Computer Dispatch Prison Control System Dam Inspection Services Drinking Water Safety HAZMAT State Payroll Military’s Dispatched Resources Firearms Licensing Impact State Warrants 3 days 12 hrs or < 5 days 24 hrs 2 days Time

  10. Notional:Business Continuity Event Life Cycle Normal Operations Capability Time

  11. Return to Normal Operations Recovery Time Restoration Contingency Planning Minimal Acceptable Level of Capability Risk Mitigation Notional:Business Continuity Event Life Cycle Service Disruption Occurs Normal Operations Problem Mgmt & Response Recovery Capability Time Proactive BC Activities Reactive BC Activities Modified U.S. DoD graphic

  12. NIMS Impact NIMS Impact NIMS Impact NIMS Impact NIMS Impact NIMS Impact NIMS Impact NIMS Impact Business Continuity Planning (Will incorporate NIMS requirements)

  13. Types of Plans? Continuity of Operations (COOP) Plan Incident Management Plan Business Continuity Plan Vital Service Response Plans Let’s put this into perspective! Vital Service Response Plan COOP Plan Incident Mgmt Plan Business Continuity Plan

  14. Business Continuity Plan Types & Relationships Continuity of Operations (COOP) Plan The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency. • Alternative Facilities • Vital Records and Databases • Human Capital • Tests, Training, & Exercises • ID of Essential Functions • Delegations of Authority • Orders of Succession • Interoperable Communications From More General • Address Full Spectrum of Threats & Hazards to Incident Management Plan (Sometimes referred to as “Problem or Crisis Management” Plan) • Involves Investigation, Diagnoses • Assembly of Incident Command System (ICS) • ICS Draws on Response Plan(s)) for Resolution • An Agency-wide Perspective • Repeatable Process & Practices • Incident Alerting, Reporting, Tracking & Status Business Continuity Plan • An Agency-wide Perspective • Global Risk Mitigations, Contingencies and Responses for Business Operations Vital Service Response Plan for ‘B’ Specific Vital Service Response Plan for . . . ‘n’ Vital Service Response Plan for ‘A’ • Specific Action Plan • Specific Action Plan • Specific Action Plan

  15. Business Continuity Plan Types & Relationships Continuity of Operations (COOP) Plan The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency. • Alternative Facilities • Vital Records and Databases • Human Capital • Tests, Training, & Exercises • ID of Essential Functions • Delegations of Authority • Orders of Succession • Interoperable Communications From More General • Address Full Spectrum of Threats & Hazards to Incident Management Plan (Sometimes referred to as “Problem or Crisis Management” Plan) • Involves Investigation, Diagnoses • Assembly of Incident Command System (ICS) • ICS Draws on Response Plan(s) for Resolution • An Agency-wide Perspective • Repeatable Process & Practices • Incident Alerting, Reporting, Tracking & Status Business Continuity Plan • An Agency-wide Perspective • Global Risk Mitigations, Contingencies and Responses for Business Operations Vital Service Response Plan for ‘B’ Specific Vital Service Response Plan for . . . ‘n’ Vital Service Response Plan for ‘A’ • Specific Action Plan • Specific Action Plan • Specific Action Plan

  16. Business Continuity Plan Types & Relationships Continuity of Operations (COOP) Plan The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency. • Alternative Facilities • Vital Records and Databases • Human Capital • Tests, Training, & Exercises • ID of Essential Functions • Delegations of Authority • Orders of Succession • Interoperable Communications From More General • Address Full Spectrum of Threats & Hazards to Incident Management Plan (Sometimes referred to as “Problem or Crisis Management” Plan) • Involves Investigation, Diagnoses • Assembly of Incident Command System (ICS) • ICS Draws on Response Plan(s) for Resolution • An Agency-wide Perspective • Repeatable Process & Practices • Incident Alerting, Reporting, Tracking & Status Business Continuity Plan • An Agency-wide Perspective • Global Risk Mitigations, Contingencies and Responses for Business Operations Vital Service Response Plan for ‘B’ Specific Vital Service Response Plan for . . . ‘n’ Vital Service Response Plan for ‘A’ • Specific Action Plan • Specific Action Plan • Specific Action Plan

  17. Business Continuity Plan Types & Relationships Continuity of Operations (COOP) Plan The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency. • Alternative Facilities • Vital Records and Databases • Human Capital • Tests, Training, & Exercises • ID of Essential Functions • Delegations of Authority • Orders of Succession • Interoperable Communications From More General • Address Full Spectrum of Threats & Hazards to Incident Management Plan (Sometimes referred to as “Problem or Crisis Management” Plan) • Involves Investigation, Diagnoses • Assembly of Incident Command System (ICS) • ICS Draws on Response Plan(s) for Resolution • An Agency-wide Perspective • Repeatable Process & Practices • Incident Alerting, Reporting, Tracking & Status Business Continuity Plan • An Agency-wide Perspective • Global Risk Mitigations, Contingencies and Responses for Business Operations Vital Service Response Plan for ‘B’ Specific Vital Service Response Plan for . . . ‘n’ Vital Service Response Plan for ‘A’ • Specific Action Plan • Specific Action Plan • Specific Action Plan

  18. Business Continuity Plan Types & Relationships Continuity of Operations (COOP) Plan The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency. • Alternative Facilities • Vital Records and Databases • Human Capital • Tests, Training, & Exercises • ID of Essential Functions • Delegations of Authority • Orders of Succession • Interoperable Communications From More General • Address Full Spectrum of Threats & Hazards to Incident Management Plan (Sometimes referred to as “Problem or Crisis Management” Plan) • Involves Investigation, Diagnoses • Assembly of Incident Command System (ICS) • ICS Draws on Response Plan(s) for Resolution • An Agency-wide Perspective • Repeatable Process & Practices • Incident Alerting, Reporting, Tracking & Status Business Continuity Plan • An Agency-wide Perspective • Global Risk Mitigations, Contingencies and Responses for Business Operations Vital Service Response Plan for ‘B’ Specific Vital Service Response Plan for . . . ‘n’ Vital Service Response Plan for ‘A’ • Specific Action Plan • Specific Action Plan • Specific Action Plan

  19. Vital Service A • Risk Mitigations • Contingencies • Responses • Recoveries Vital Service B • Risk Mitigations • Contingencies • Responses • Recoveries Vital Service D • Risk Mitigations • Contingencies • Responses • Recoveries Vital Service E • Risk Mitigations • Contingencies • Responses • Recoveries Collaborative Roles in Enterprise Business Continuity Planning Enterprise BC Program Office – State of WA Subject Matter Expertise • Standards & Practices • Tools and Templates • Planning Assistance • Reporting • Meeting Compliances Governance • Policies • Practices • Planning Priorities • Decision Packages Enterprise Risk & Vulnerabilities Status Enterprise Level Planning 1 Enterprise BC Program Office Planning for Worst-Case Scenarios @ Enterprise (Shared Command) Level • Risk Mitigations, Contingencies, Responses, Recoveries Agency ‘B’ @Agency ‘A’ Level • BC Developed Capabilities • Planning For Worst-Case Scenarios @ Agency Perspective • CONOPS / COOP = NIMS Rqmts • Risk Mitigations, Contingencies, Responses, Recoveries • BC Developed Capabilities • Planning For Worst-Case Scenarios @ Agency Perspective • CONOPS / COOP = NIMS Rqmts • Risk Mitigations, Contingencies, Responses, Recoveries Agency Level Planning BC Instilled across Agency in all Business Practices BC Exercises & Updates (=NIMS Rqmts) On-going Training BC Instilled across Agency in all Business Practices BC Exercises & Updates (=NIMS Rqmts) On-going Training 150+ Agencies, Boards and Commissions eBRP BC Tool Vital Service C • Risk Mitigations • Contingencies • Responses • Recoveries Vital Service F • Risk Mitigations • Contingencies • Responses • Recoveries Estimated 200-500 Vital Services Vital Service Level Planning 1 Enterprise BC Software Administrator eBRP BC Tool & Repository eBRP BC Tool & Repository Component Plans <----------------------------------------------------------------------------------------------------------------------------------------------------------->

  20. Inherent Benefits of an Enterprise Business Continuity Program • Maintain Commonality • Develop a Repeatable Process • Achieve Agency and State Business Objectives • Share Best Practices • Rank Priorities • Mitigate Risk • Identify Dependencies • Develop Incident Response/Recovery Plans • Form Partnerships • Identify Enterprise Solutions • Implement Cost/Benefit Contingencies

  21. Evolution of Business Continuity ManagementIn Washington State Academy Initiative Effort Begin Agency BC Planning Refine Framework Templates / Tools ID Agency Risks & Thresholds ID Service Needs ID & Resolve Issues BCMProgram Foster a Repeatable Approach ID Agency’s & Enterprise Risk Thresholds Collaborate & Prioritizing Needs Implement Enterprise Solutions Incorporate Incident Management Time

  22. What’s Next? • Continue development of the BC Framework (templates, tools, best practices) Within the BC Program • Apply the BIA across all agencies to: • Identify where the State could best invest & reduce risk • Ties to “Continuity of Operations” COOP (HLS & NIMS Rqmt) • Transition to a new Business Continuity Culture • Setup a Business Continuity Management (BCM) Program • Establish governance along with Roles and Responsibilities • Address Continuity of Operations (COOP) with agencies • Join with EMD efforts providing info on NIMS & Emergency Response • Promote Agency/Enterprise collaboration to best achieve objectives

  23. Participating Agencies • Department of Personnel • Department of Corrections • Department of Health • Department of Licensing • Department of Information Services • Department of Transportation • Retirement Systems • Social and Health Services • Department of Ecology • Health Care Quality Authority • Liquor Control Board • Labor and Industries • Military Department • Office of Financial Management • State Treasurer • Public Disclosure Commission • Washington State Patrol • Clark County • King County • City of Seattle

  24. Questions?

  25. Contact Information Judy Sweet, CBCP Enterprise Business Continuity Management (BCM) Program Manager Department of Information Services e-mail: judys@dis.wa.gov | (360) 902-3560

More Related