1 / 113

指導 教授 : 盧淵源 教授 第七組成員 : 陳源裕 8922404021 潘呂美 9421408007 楊志偉 9421408040 許勢斌 9421408029

危機管理 與 營運持續管理. 指導 教授 : 盧淵源 教授 第七組成員 : 陳源裕 8922404021 潘呂美 9421408007 楊志偉 9421408040 許勢斌 9421408029 吳瑞春 9222404002 鍾少櫻 9122404012. Task Force.  History Review : 陳源裕 (5 min.)  I nfrastructure : 陳源裕、許勢斌 (15~20 min.)  Case Study(25 ~30min.)

vea
Download Presentation

指導 教授 : 盧淵源 教授 第七組成員 : 陳源裕 8922404021 潘呂美 9421408007 楊志偉 9421408040 許勢斌 9421408029

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 危機管理 與 營運持續管理 指導 教授 : 盧淵源 教授 第七組成員 : 陳源裕 8922404021 潘呂美 9421408007 楊志偉 9421408040 許勢斌 9421408029 吳瑞春 9222404002 鍾少櫻 9122404012

  2. Task Force History Review :陳源裕 (5 min.) Infrastructure :陳源裕、許勢斌(15~20 min.) Case Study(25 ~30min.) TFT-LCD Industrial Risk:許勢斌 General Industrial Risk:楊志偉 Service Field Risk & Control:吳瑞春、潘呂美

  3. Content Review & History General Description of Risk General Description of BCP General Description of BCM

  4. Review & History

  5. 管理金三角 • Management Golden Triangle

  6. Risk & BCP & BCM • 人無遠慮,必有近憂 • 窮則思變與居安思危 • 智者千慮,必有一失 • 英國著名戲劇大師莎士比亞說:“世事的起伏本來就是波浪式的。我們現正在潮漲潮落的海上飄浮,倘不能順水行舟,我們的事業就會一敗塗地。 • 美國著名諮詢顧問史蒂文·芬克(Steven Fink)在《危機管理》一書中指出,企業主管“都應當像認識到死亡和納稅難以避免一樣,必須為危機做好計畫:知道自己準備好之後的力量,才能與命運周旋”。 • 《危機管理》一書的作者諾曼·奥古斯丁則說:“幾乎每一次危機都既包含導致失敗的根源,也孕育著成功的種子。發現、培育以便收穫這個潛在的成功機會就是危機管理的精髓。相應的,習慣於錯誤估計形勢並令事態進一步惡化則是不良危機管理的典型特徵。

  7. Risk & BCP & BCM • 在《聖經》中有這樣一個故事:世人都在盡情享樂、歌舞昇平的時候,偌亞卻在孜孜不倦地鑿制他的方舟。當漫天的洪水驟然而降,惟有偌亞登上方舟使得他的家庭與萬靈的自然界逃過此劫、重獲新生。 • …………………………………………. • …………………………………………

  8. Risk & BCP & BCM • 自然災害危機 921、八掌溪、阪神大地震、火災 • 科技意外危機 SARS、核三廠3A事故、挑戰者爆炸、印度Bhopal毒氣事件 • 交通事故危機 華航大園空難、韓航客機事件 • 人為誘發危機 謠言、恐怖主義、解雇、暴動 • 區域衝突與戰爭危機 古巴飛彈危機、911、中美軍機擦撞事件、福克蘭群島戰爭

  9. ICS 之緣起 1970年代,美國南加州地區缺乏火 災之緊急跨機關運作,導至面對救 災無效續及耗費資源。美國林務署被指定率先發展緊急應變系統。 1980年代,緊急應變系統已經發展 完成,並適用於各類災害。目前已變成國際性系統,並轉介至其他國 家。

  10. 美國政府及ICS的文化背景 中央到地方政府 緊急應變決策權─地方政府。 政治團體的專家代表。 ICS的職位資格依專長、經驗授與, 而非依職 務較高或資歷高。 美國有各種不同技術群應付各種 災害。

  11. Why ICS? 須對納稅人/股東/投資人做有效率之反應。 媒體上傳播需可見而適當。 須有組織,並透明化。 須在作業上及政治上聚焦。 需集合最有經驗資格的人員/專家作決 策角色。

  12. Fundamental of CIS 指揮與協調統籌。 法定臨時編組。 各機關負責應變指揮官運作應變 計畫之各種權限,但相關機關保有 其監督權。

  13. Function of CIS 模組化容許因應災害程度的不同增減。 可用於任何災害,例如:地震、洪水、 火災、颱風等。 提供公司/機關或跨機關之單一管理系統。 可整合融入的任何資源,例如:其他廠商、警察、 軍隊、民間團體,亦可用於處理非災害 性事件。

  14. Function of CIS 提供機關或跨機關之單一管理系統。 模組化容許因應災害程度的不同增減 可用於任何災害,例如:地震、洪水、 火災、颱風等。 可整合融入的任何資源,例如:警察、 軍隊、民間團體,亦可用於處理非災害 性事件。

  15. Function of CIS ICS的組成 清晰的目標及順序。 釐清角色與責任。 具體的職位說明。 標準化人員組訓。 指揮線及回報要求明確。 共同術語與資源。 共同通訊。 相容設備。 行動計畫。 作業期。

  16. Main Function of CIS ICS主要功能 指揮:建立目標,並付全責。 計畫:發展行動計畫、資訊蒐集、 文件提供。 後勤:服務及支援。 行政:一般管理(監督、計時、 採辦)。 作業:執行行動計畫。

  17. Organization 組織架構 指揮官 For example 資訊官 安全官 連絡官 安全官 連絡官 行動計畫部 財 務部 後勤部 財務管理

  18. Some misconceptions . . . We have insurance cover Isn’t it a dead investment? We take regular backups We have, trained staff We can operate without computers It will not happen to us It is not our main Business and we accept the risk

  19. Some missed comments . . . We will cross the bridge … Take care of it NOW Later…. Excellent! We will have it some day What our techies are doing? We are not in NY

  20. General Description of Risk

  21. Risk NATURAL UNINTENTIONAL INTENTIONAL

  22. E – Security • Physical • Logical • Network Access Security

  23. Risk Evaluation • Disaster Event Scenarios • Risk Ranking of Functions • Critical • Vital • Sensitive • Non-critical

  24. Varying Levels of Disaster • NON – DISASTER • DISASTER • CATASTROPHES

  25. Risk - Measures of likelihood

  26. Measures of Consequences

  27. Qualitative risk analysis Matrix

  28. Impact Analysis : •Loss of key staff; •Loss of vital records; •Global issues, such as change in political climate; •Difficulty of operational integration across borders; •Disruption of importing and exporting functions; •Critical labor relationships; •New revenue streams; •Supplier disruptions; and •Regulatory controls.

  29. Impact Analysis : •Extraordinary recovery expenses; •Technology recovery requirements; •Special recovery resource requirements; •Critical disaster-specific information systems support; •Internal and external dependencies; •Existing and required work-around procedures; and •Insight into the organization’s current state of preparedness.

  30. •Which business units, operations and processes are essential to the survival of the organization; •How quickly essential business units or processes have to be back in operation before the impacts are catastrophic; •What are the most plausible recovery alternatives to meet the recovery windows; •What resources are needed to resume operations at a survival level for the essential parts of the business; •What elements must be pre-positioned in order to meet the recovery windows;

  31. Impact Analysis : Decision •What will be reused and recovered and to what capacity levels over what period of time; •What changes, if any, need to be implemented in the supply chain, inventory and distribution management programs; •How to address the organization’s internal and external interdependencies; and •What recovery and continuity policies and procedures must be in place to address both a short-term disaster such as a brief systems failure or a long-term major property loss.    

  32. Critical Recovery Time Period • Depends on the nature of business • Applications to be recovered • End User Computing Resources • Processing Priorities

  33. Critical Parameter • Critical Business Functions • Acceptable Recovery Time • Resources Committed • Major Divisions • Support Services • Business Operations • Data Processing Support

  34. Business Continuity • Why is it the responsibility of Senior Management? • What are the components of Business Continuity Plan? • Senior Management • User Management • User & Data Processing Procedures • Personnel who must respond to Disaster Scenarios are most important

  35. Key Decision Making Personnel • Team Leaders • Equipment and S/w Vendors • Recovery Site Representatives • Network Re-routing Services • Offsite Media Custodians • Insurance Agents • Contract Services

  36. Procedures • Emergency Action Procedure • Notification Procedure • Disaster Declaration • Systems Recovery • Network Recovery • User Recovery (Manual Procedures) • Salvage Operations

  37. BCP & Reconstruction Methodologies • Emergency Action Team • Damage Assessment Team • Emergency Management Team • Offsite Storage Teams • Software Team • Application Team • Security Team • Emergency Operations Team

  38. Computer Hardware Alternatives • Hot Sites • Ready to Operate Within Several Hours • Not for long term extended use • Network Component • Warm Sites • Partially Configured with network connections • Without Main Computer • Cold Sites • Site with only basic environment

  39. Off-Site Facilities • Security and Control of Off-Site Facilities • Physical Access Controls • Environmental Monitoring & Control • Media and Documentation Backup • Periodic Backup Procedures • Frequency of Rotation • Various Media and Documentation Created • Inventory (list) must be maintained • Automated Tape Management System

  40. Basic Premise • Senior Management Involvement • Cost Effective • Multiple Levels of Recovery • Disaster Recovery Plan • Drills, Upgrades and Audits

  41. DRP Testing • Goals of Testing • To validate (and identify flaws in) plan procedures and strategies; • To obtain information about recovery strategy implementation time; • To demonstrate output performance of systems, networks and backup in recovery mode and compare with the same in production mode; • To demonstrate recovery plan adequacy to examiners, auditors and management; • To adapt existing plans to encompass new requirements of the business; • To familiarize recovery teams with their roles within the plan.

  42. Risk Management - final 危機管理十大禁忌 1) 缺乏預見性 2) 分不清危機和機遇 3) 資訊渠道不暢 4) 慣性思維 5) 三心二意 6) 決策不果斷 7) 措施不堅決 8) 做表面文章 9) 言而無信 10) 盲目樂觀

  43. Risk Management - final 一、企業危機管理之道 1.什麼是危機管理 2.危機永遠與機遇並存3.防患未然勝過亡羊補牢

  44. Risk Management - final 二、企業危機的系統性 1.產品危機 2.市場危機3.管理危機 4.媒體危機 5.法律或政策危機

  45. Risk Management - final 三、企業危機的發展性 1. 危機孕育期 ——星星之火 2. 危機爆發期 ——大火猛烈3. 危機擴散期 ——火勢蔓延 4. 危機消失期 ——大火熄滅

  46. Risk Management 四、企業危機的矛盾性 在風險中孕育著機會,在機會中也有危險在暗流湧動。一方面,危機在不同程度上會導致產品銷售額下降、產品市場份額減少,甚至企業虧損、倒閉、破產等不良後果;另一方面,危機同樣存在可被企業借勢的有利因素,提升企業和品牌的形象,鞏固並重塑市場信心與信譽,穩固並延伸客戶群,從失利的邊緣贏得勝利。  

  47. General Description of BCP(Business Contingency Plan)

  48. Business continuity planning Prevention Response Resumption Recovery Restoration

  49. BCP • The process of: • development • testing • maintenance of a plan • To assist the organisation: • recover critical IT systems in an effective and efficient manner • to ensure minimal business disruption

  50. BCP • DRP (Disaster Recovery Plan) • Plan to recover out from a Disaster • BCP (Business continuity plan) • Plan for Business Continuity Planning • In case of Disasters/ Non Disasters

More Related