surviving disasters practical lessons & simple solutions
DESCRIPTION
SURVIVING DISASTERS PRACTICAL LESSONS & SIMPLE SOLUTIONS. Derek Mason Business Continuity Consultant [email protected]. SURVIVING DISASTERS. Major Incidents Business Continuity Plans Lessons learned & simple solutions. SURVIVING DEVASTATION MAJOR INCIDENTS. - PowerPoint PPT PresentationTRANSCRIPT
simple business continuity solutionssimple business continuity solutions
SURVIVING DISASTERS PRACTICAL LESSONS & SIMPLE
SOLUTIONS
Derek MasonBusiness Continuity Consultant
simple business continuity solutionssimple business continuity solutions
SURVIVING DISASTERS
• Major Incidents
• Business Continuity Plans
• Lessons learned & simple solutions.
simple business continuity solutionssimple business continuity solutions
SURVIVING DEVASTATION MAJOR INCIDENTS
1992 - St. Mary Axe bomb1993 - Bishopsgate bomb1996 - Manchester bomb1996 - Docklands bomb2003 - Turkey bomb2005 - …..?2007 - PC contingency store ‘meltdown’2008 - GHQ flood.
simple business continuity solutionssimple business continuity solutions
BUSINESS CONTINUITY PLANS
Three Sections:
• Business Impact Analysis (BIA)
• BCP Section1 - Checklists & Data for use at Time of Incident
• BCP Section 2 - Background Info and Admin
simple business continuity solutionssimple business continuity solutions
BCP - Business Impact Analysis Section
MTPD TABLE (Maximum Tolerable Period of Disruption)• List of all processes covered within the BCP + Time period for the MTPD for each process + Type of impact and impact level
IMPACT TABLE (for Plan Writer reference) • 4 potential types of impact - Financial, Reputational,
Regulatory, Customer Service • Each with 5 impact levels (Insignificant, Minor, Moderate,
Major, Massive)
RECOVERY & TESTING TABLE (for Plan Writer reference).
simple business continuity solutionssimple business continuity solutions
BCP Section 1- Checklists & Data
CHECKLISTS
• Loss of Buildings (out of hours, in hours, upon arrival at recovery site)
• Loss of People• Loss of Systems• Loss of critical suppliers and/or internal
dependencies.
simple business continuity solutionssimple business continuity solutions
BCP Section 1 - Checklists & Data
CONTACTS
• Staff Cascade • Individuals allocated contingency space or
with remote access (laptop or other methods)
• Other contacts (internal, customers + suppliers)
• Useful websites.
simple business continuity solutionssimple business continuity solutions
BCP Section 1 - Checklists & Data
• WORK PRIORITIES• CONTINGENCY REQUIREMENTS &
CONTINGENCY SITE – include contingency agreement(s) and map to site(s).
• TELEPHONE CONTINGENCY PLANS • SALVAGE• INCIDENT LOG• PANDEMIC FLU.
simple business continuity solutionssimple business continuity solutions
BCP Section 2 - Background Info & Admin
DEPARTMENT/BUSINESS OVERVIEWKEY SYSTEMS, SUPPLIERS & INTERNAL
DEPENDENCIES• Do they have contingency?• Our actions should they suffer a prolonged
outageBCP ADMINISTRATION• Circulation list• Approval and diarised updates TEST RECORDS AND HISTORYBCP LIFE CYCLE FUTURE DIARY DATESBCP CONTROL REVIEW CHECKLIST.
simple business continuity solutionssimple business continuity solutions
1. Has the BCP been fully reviewed annually, with more regular updating of the contacts list?
2. Are the BCP Checklists realistic and have they been tailored for any specific departmental requirements?
3. Have all staff and internal/external key contacts been identified?4. Is a full staff cascade system in place?5. Have all staff been issued with a Major Incident Card/Personal Contingency
Card (or similar)?6. Have staff been allocated contingency spaces or will they be contacted at the
time of disaster?7. Have all possible contingency arrangements been explored?8. Has a ruthless approach been taken to ensure minimum requirements? Are
these for critical processing systems only? For key processing areas - have timescales for IT contingency provision been agreed via IT support?
9. Are there any critical 3rd party suppliers? Do they have contingency? Does the BCP cater for the loss of critical 3rd party suppliers?
10. Has the BCP been tested (at least) annually?11. Are test types relevant to the Department? As a minimum, all departments must
undertake a scenario walkthrough exercise.12. Are issues highlighted in testing resolved or reflected in the plan?13. Are sufficient copies held at home/offsite?14. Are there any known major changes expected in the next 12 months which might
affect the planned recovery actions?
simple business continuity solutionssimple business continuity solutions
LESSONS LEARNED & SIMPLE SOLUTIONS
• Communication• Communication• Communication• Tidy/Clear desk policy• Practice internal evacuation to safer areas• Evacuate to Disperse• Bomb blast protection film• Paper BCM records/checklist• Once evacuated you will not be allowed back in• Police cordons can stop access for several days• Grab Bag/Emergency Box held in reception and
taken out ‘automatically’ on all fire drills…………
simple business continuity solutionssimple business continuity solutions
GRAB BAG CONTENT Quantity Date/Initials
Local emergency numbers – Emergency Services, Utilities, hospitals, etc.
Evacuation procedures
Crisis Management manual
Key contact numbers
BCPs
Location of utility service feeds, stopcocks, mains switches.
High level structure charts, shift rotas.
A4 Pads, pencils, pens, highlighters, clip boards,
Torches
Building floor plans
First Aid Box
Silver foil blankets
Radio
Hotel numbers
Hard hats, fluorescent jackets, safety gloves
Cash
simple business continuity solutionssimple business continuity solutions
LESSONS LEARNED & SIMPLE SOLUTIONS
• Pocket sized ‘major incident’ card• Staff Emergency Telephone number• Pre-agreed meeting place(s) half a mile away• Put key work and home numbers, and cascade
lists (starting ‘CAS’), into mobile phones. Care: mobile networks may fail
• Floor plan showing location of critical cupboards/equipment which can be salvaged
• Liaison in advance with local authority/police re. access arrangements & their emergency plans.
simple business continuity solutionssimple business continuity solutions
LESSONS LEARNED & SIMPLE SOLUTIONS
• Arrangement with BT to divert to external pre-recorded announcement
• Computer backups held off site & tested• Reciprocal contingency arrangements with large
customers/suppliers• Maintain an Incident Log• Photo/video evidence (for Loss Adjuster)• Flexible plans – every disaster is different!• Internal BCP Compliance sign-off• Scenario ‘walkthrough’ testing & discuss BCP at
team meetings.
simple business continuity solutionssimple business continuity solutions
LESSONS LEARNED & SIMPLE SOLUTIONS
• Undertake tests at the contingency location• Monitor for signs of stress - Trauma counselling• Care when contacting staff/families• Share information with the Police Casualty
Bureau• Take action to avoid incidents (e.g. fire hazards,
water and heat alarms, etc.) or presenting a soft target (install CCTV, access controls, concrete planters, etc.).
simple business continuity solutionssimple business continuity solutions
SURVIVING DISASTERS LESSONS LEARNED & SIMPLE
SOLUTIONS
“Lessons are not learned until they are put into practice. Up to that point they are only learning opportunities”
Any questions?
[email protected] For simple, straightforward, low maintenance
Business Continuity processes.