secrets of building a business continuity program
TRANSCRIPT
Sponsored By
Emergency Notification
Incident Management
Secrets of Building a Business Continuity Program
2
Sponsored by
Mission-critical Communication
Emergency Notification
Incident Management
Web-based and mobile
4
These slides are from a webinar. To view the video of the webinar, which includes audio, visit: www.missionmode.com/webinars
5
Michael Lazcano Director, Global Business Continuity Gap, Inc.
6
Global Business Continuity Programs
Important Considerations
for Sustained Success
7
1. Important Considerations
2. The “shape” of your Business Continuity Department
3. Establishing Boundaries
4. Leadership Starts with Practice
5. Summary
Agenda
8
Part 1 – Important Considerations
What’s the Business Continuity’s Department source of power?
Where will the Business Continuity Department derive the most utilitarian value to the organization?
Ideally – establish a short chain of command to executive sponsor.
9
Part 1 – Important Considerations
What’s the scope of BCP’s responsibilities? Clearly articulated expectations and direction is key to the Department’s success:
Mission Statement Objectives Long Range Plan
10
Part 1 – Important Considerations
To what extent and how will you identify, use and report on risk and hazards? To what extent will you standardize tools and resources?
11
Part 1 – Important Considerations
Leadership within the Business Continuity Department must understand the organization and its culture. It must also align Business Continuity with the organization’s goals and objectives.
12
Part 1 – Important Considerations
A solid Business Continuity Department within an organization demands clear leadership. Demonstrating Business Continuity’s value to the organization is critical.
13
Part 1 – Important Considerations
Effective business leadership Effective leadership during crisis
14
Part 1 – Important Considerations
Pervasive leadership is critical in all aspects of the Business Continuity Department’s functions. Team leadership, development and engagement must remain visible.
15
Part 1 – Important Considerations
Effective Business Continuity leadership breaks down silos
A resilient organization is only possible to the extent that information is shared
Leadership must foster external relationships
Disaster Recovery
Business Resumption
Business Continuity
Organizational Resiliency
1
2
3
16
Part 1 – Important Considerations
Disaster Recovery
Business Resumption
Business Continuity
A Culture of Organizational
Resiliency
1
2
3
Leverage against the company’s culture and infrastructure
You can only be present to the level that you are prepared
Create a culture of global preparedness
17
The “shape” of your Business Continuity Program significantly influences its ability to remain resilient during crisis. Centralized
De- Centralized
“Hybrid”
High vulnerability Low vulnerability
High agility
Low agility
Regional Adaptability
Part 2 – Your Department’s “Shape”
18
Part 2 – Your Department’s “Shape”
The use of an Incident Command Structure significantly enhances the response capability
Multiple Incident Command Structures support a “hybrid” organization
An Incident Command Structure lends itself to “breaking down silos” across the organization
19
Part 2 – Your Department’s “Shape”
Use a universal and scalable approach to an Incident Command Structure
Use simple “teams” across all Incident Command Structures
Create a “scalable and adaptive” response capability
Document an Incident Command Structure’s direction, expectations and standards
20
Part 2 – Your Department’s “Shape”
ICS – Support Team Called by the Core Team if necessary.
ICS – ER – HR Team Called by the Core Team if necessary.
ICS – Business Operation Team Called by the Core Team if necessary.
Incident Commander
Operations Support Facilities Information HR / ER Finance
Senior Management
Policy Making
Corporate Security Corporate Communications
ICS – Core Team Responsible for “first assessment” of a situation. If necessary, they call in additional groups.
The Core Team is comprised of Incident Management, Senior Management (Policy Making), Corporate Security, Corporate Communication and Section Chiefs.
21
Part 2 – Your Department’s “Shape”
Identify standards and expectations
Mandate drills and exercises
Establish accountability through reporting
Celebrate the small wins
Support remediation
22
Part 3 – Establishing Boundaries
Must consider the organization’s:
Culture
Safety and security of employees and others
Impact to employees
Impact to critical infrastructure
Impact to work facilities
23
Part 3 – Establishing Boundaries
Identifying when to respond requires a structured approach that’s consistent with the organization’s culture or its desired end state.
24
Part 3 – Establishing Boundaries
Low Impact High Impact
Low Response
High Response
1
2
3
Structured response considers:
Observed situation’s potential or actual risk
Response from the BC Department
Response from the Incident Command Structure
Response from Business Units
Response from employees
25
Part 3 – Establishing Boundaries
Perpetual vigilance
Utilize relationships created through the Incident Command Structure
Utilize “leveraged” ubiquity
Identify sources of “automatic” notifications
Leverage the “frugal innovation:”
Google Earth Overlays Geo-coded locations
26
Part 3 – Establishing Boundaries
Create, deploy and retain control of centralized resources:
Emergency notification tool The use of “apps” BCP planning tool or repository A comprehensive BCP hotline BCP conference call
Ensure demonstrated proficiency in the use of these resources.
27
Part 4 – Leadership Starts with Practice
Engage leadership in every aspect of Business Continuity
Prepare and deploy a resource guide for members of the Executive Management Team
Use Executive Management (executive sponsors) during times of extreme crisis
Demonstrate tangible and intangible value across the organization
28
Part 4 – Leadership Starts with Practice
Drills and exercises demonstrate proficiency specific to the expectations established by the Business Continuity Department
Drills and exercises don’t have to be difficult
Use drills and exercises to educate, assess, remediate and improve response capability
Use the results of drills and exercises to understand levels of residual risk; focus on problem areas
29
Part 4 – Leadership Starts with Practice
Collaborate with Information Technology in support of DR exercises; include business partner participation
Structure end-to-end and “silo” DR exercises
Validate assumptions created by Business Impact Analysis
30
Design every drill and exercise to force critical thinking
Force difficult decisions
It’s better to err during a disaster than to fail during a real event
Part 4 – Leadership Starts with Practice
31
Part 5 - Summary
A short chain of command to your executive sponsor is better than a long one
Leverage against the most visible and ubiquitous part of the organization
The “shape” of your BCP organization significantly influences its ability to remain resilient during crisis
32
Part 5 - Summary
Effective leadership is key
Understanding the scope and possible impact of a situation is easier when supported by visualization tools
An ICS is based on proven management tools that contribute consistent and predictable span of control and response
33
Part 5 - Summary
Leverage against the company’s culture and infrastructure to move it towards organizational resiliency:
Leadership that embraces critical thinking
Preparedness
A well-protected workplace
A well-informed workforce
A part of the larger community
34
Sponsored by
Mission-critical Communication
Emergency Notification
Incident Management
www.missionmode.com
Secrets of Building a Business Continuity Program
Secrets of Building a Business Continuity Program