secrets of building a business continuity program

Sponsored By

Emergency Notification

Incident Management

Secrets of Building a Business Continuity Program

2

Sponsored by

Mission-critical Communication

Emergency Notification

Incident Management

Web-based and mobile

3

4

These slides are from a webinar. To view the video of the webinar, which includes audio, visit: www.missionmode.com/webinars

5

Michael Lazcano Director, Global Business Continuity Gap, Inc.

6

Global Business Continuity Programs

Important Considerations

for Sustained Success

7

1. Important Considerations

2. The “shape” of your Business Continuity Department

3. Establishing Boundaries

4. Leadership Starts with Practice

5. Summary

Agenda

8

Part 1 – Important Considerations

What’s the Business Continuity’s Department source of power?

Where will the Business Continuity Department derive the most utilitarian value to the organization?

Ideally – establish a short chain of command to executive sponsor.

9

Part 1 – Important Considerations

What’s the scope of BCP’s responsibilities? Clearly articulated expectations and direction is key to the Department’s success:

Mission Statement Objectives Long Range Plan

10

Part 1 – Important Considerations

To what extent and how will you identify, use and report on risk and hazards? To what extent will you standardize tools and resources?

11

Part 1 – Important Considerations

Leadership within the Business Continuity Department must understand the organization and its culture. It must also align Business Continuity with the organization’s goals and objectives.

12

Part 1 – Important Considerations

A solid Business Continuity Department within an organization demands clear leadership. Demonstrating Business Continuity’s value to the organization is critical.

13

Part 1 – Important Considerations

Effective business leadership Effective leadership during crisis

14

Part 1 – Important Considerations

Pervasive leadership is critical in all aspects of the Business Continuity Department’s functions. Team leadership, development and engagement must remain visible.

15

Part 1 – Important Considerations

Effective Business Continuity leadership breaks down silos

A resilient organization is only possible to the extent that information is shared

Leadership must foster external relationships

Disaster Recovery

Business Resumption

Business Continuity

Organizational Resiliency

1

2

3

16

Part 1 – Important Considerations

Disaster Recovery

Business Resumption

Business Continuity

A Culture of Organizational

Resiliency

1

2

3

Leverage against the company’s culture and infrastructure

You can only be present to the level that you are prepared

Create a culture of global preparedness

17

The “shape” of your Business Continuity Program significantly influences its ability to remain resilient during crisis. Centralized

De- Centralized

“Hybrid”

High vulnerability Low vulnerability

High agility

Low agility

Regional Adaptability

Part 2 – Your Department’s “Shape”

18

Part 2 – Your Department’s “Shape”

The use of an Incident Command Structure significantly enhances the response capability

Multiple Incident Command Structures support a “hybrid” organization

An Incident Command Structure lends itself to “breaking down silos” across the organization

19

Part 2 – Your Department’s “Shape”

Use a universal and scalable approach to an Incident Command Structure

Use simple “teams” across all Incident Command Structures

Create a “scalable and adaptive” response capability

Document an Incident Command Structure’s direction, expectations and standards

20

Part 2 – Your Department’s “Shape”

ICS – Support Team Called by the Core Team if necessary.

ICS – ER – HR Team Called by the Core Team if necessary.

ICS – Business Operation Team Called by the Core Team if necessary.

Incident Commander

Operations Support Facilities Information HR / ER Finance

Senior Management

Policy Making

Corporate Security Corporate Communications

ICS – Core Team Responsible for “first assessment” of a situation. If necessary, they call in additional groups.

The Core Team is comprised of Incident Management, Senior Management (Policy Making), Corporate Security, Corporate Communication and Section Chiefs.

21

Part 2 – Your Department’s “Shape”

Identify standards and expectations

Mandate drills and exercises

Establish accountability through reporting

Celebrate the small wins

Support remediation

22

Part 3 – Establishing Boundaries

Must consider the organization’s:

Culture

Safety and security of employees and others

Impact to employees

Impact to critical infrastructure

Impact to work facilities

23

Part 3 – Establishing Boundaries

Identifying when to respond requires a structured approach that’s consistent with the organization’s culture or its desired end state.

24

Part 3 – Establishing Boundaries

Low Impact High Impact

Low Response

High Response

1

2

3

Structured response considers:

Observed situation’s potential or actual risk

Response from the BC Department

Response from the Incident Command Structure

Response from Business Units

Response from employees

25

Part 3 – Establishing Boundaries

Perpetual vigilance

Utilize relationships created through the Incident Command Structure

Utilize “leveraged” ubiquity

Identify sources of “automatic” notifications

Leverage the “frugal innovation:”

Google Earth Overlays Geo-coded locations

26

Part 3 – Establishing Boundaries

Create, deploy and retain control of centralized resources:

Emergency notification tool The use of “apps” BCP planning tool or repository A comprehensive BCP hotline BCP conference call

Ensure demonstrated proficiency in the use of these resources.

27

Part 4 – Leadership Starts with Practice

Engage leadership in every aspect of Business Continuity

Prepare and deploy a resource guide for members of the Executive Management Team

Use Executive Management (executive sponsors) during times of extreme crisis

Demonstrate tangible and intangible value across the organization

28

Part 4 – Leadership Starts with Practice

Drills and exercises demonstrate proficiency specific to the expectations established by the Business Continuity Department

Drills and exercises don’t have to be difficult

Use drills and exercises to educate, assess, remediate and improve response capability

Use the results of drills and exercises to understand levels of residual risk; focus on problem areas

29

Part 4 – Leadership Starts with Practice

Collaborate with Information Technology in support of DR exercises; include business partner participation

Structure end-to-end and “silo” DR exercises

Validate assumptions created by Business Impact Analysis

30

Design every drill and exercise to force critical thinking

Force difficult decisions

It’s better to err during a disaster than to fail during a real event

Part 4 – Leadership Starts with Practice

31

Part 5 - Summary

A short chain of command to your executive sponsor is better than a long one

Leverage against the most visible and ubiquitous part of the organization

The “shape” of your BCP organization significantly influences its ability to remain resilient during crisis

32

Part 5 - Summary

Effective leadership is key

Understanding the scope and possible impact of a situation is easier when supported by visualization tools

An ICS is based on proven management tools that contribute consistent and predictable span of control and response

33

Part 5 - Summary

Leverage against the company’s culture and infrastructure to move it towards organizational resiliency:

Leadership that embraces critical thinking

Preparedness

A well-protected workplace

A well-informed workforce

A part of the larger community

34

Sponsored by

Mission-critical Communication

Emergency Notification

Incident Management

info@missionmode.com

www.missionmode.com

Secrets of Building a Business Continuity Program

Secrets of Building a Business Continuity Program