1 / 24

Disaster Preparedness, Disaster Recovery, and Business Continuity in Public Safety

Disaster Preparedness, Disaster Recovery, and Business Continuity in Public Safety. “Be Prepared: That's the motto of the Boy Scouts.” "Be prepared for what?" someone once asked Baden-Powell, the founder of Scouting, "Why, for any old thing." said Baden-Powell.”

desma
Télécharger la présentation

Disaster Preparedness, Disaster Recovery, and Business Continuity in Public Safety

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster Preparedness, Disaster Recovery, and Business Continuity in Public Safety “Be Prepared: That's the motto of the Boy Scouts.” "Be prepared for what?" someone once asked Baden-Powell, the founder of Scouting, "Why, for any old thing." said Baden-Powell.” (Boy Scout Handbook, 11th edition, page 54)

  2. Overlapping and Inter-Related Responsibilities Disaster Preparedness and Recovery and Business Continuity Physical Security Quality Assurance Methodologies Public Safety Cyber Security

  3. Public Safety Scenarios • Public safety entities have a more difficult challenge • Your IT DR/BC plan is intertwined with risk scenarios • You may be affected by the risks of a given scenario and your IT plan must address those risks appropriately to maintain operations • You also have a role in response to the scenario so the events will affect your operational requirements

  4. Scenarios Overview • Threat driven geographic circles of impact • Kinds of threats and events • Responsibility • What will you do, what is shared, what do others have to do for themselves • Tolerance for risk and uncertainty • Lesson learned: if you have a well known and documented local risk: • Have a real plan or get ready for a career change…

  5. Start With A Readiness Dashboard • All aspects of the plan, testing, and implementation should be scored simply (Red, Yellow, and Green) • Key indicators of planning and readiness need a dashboard to enable assessment and action • Score or status • Trend • Key issue

  6. Engage the Policy Makers • Executive, legislative, and judicial • Those who hold the seat and those who actually make the decisions… • Go below the top level to ensure clarity, alignment, and redundancy • EOC designees • Emergency authorizers and authority—decide how you will bust though red tape and bottle necks when it is needed

  7. First Steps • Leadership: clarity, alignment, and commitment • Authority or consensus? • Stakeholders roles and responsibilities • Be clear about risk tolerance • Applications and IT assets inventory • If needed, dust off and update your Y2K work • Good data on plan status, readiness, test results, response, and compliance

  8. First Steps • Make a friend in accounting—actuarially accurate threat scenarios are more likely to be funded as risk and cost can be properly balanced • Review existing plan or make a plan • Borrow or buy a template • Review peer plans and conduct site visits • Communicate until it hurts

  9. Know How Non-Governmental Organizations Fit In • Media • Broadcast and satellite • Emergency Broadcast System Members • Print • New media • The Web • Government site mangers • Commercial site managers • Citizens and bloggers • Self-organizing communities (e.g. Craig’s List)

  10. Know How Non-Governmental Organizations Fit In • Charities • Businesses and business associations • Community organizations • Vital private services (hospitals, nursing homes, etc. )

  11. Nail Down Your Critical Functions • Law and order essentials (people, mobility, tools, survival basics, etc.) • Communications • Personnel management (policies, scheduling, notification trees and systems, counseling, etc.) • Data and the connections to data and people • Transactional systems

  12. Nail Down Your Critical Functions • Rescue and response • Pipeline to the health care system • Building/location/hazmat information for fire and first responders • Justice processing and incarceration • Dispatch

  13. Nail Down Your Critical Functions • Records • Mobility • Devices and local storage if communications are intermittent or fail (e.g. mobile maps and databases) • Know what you can actually cover (and what you are just waiving your hands at and hoping it either works or is never needed)

  14. IT Requirements • What systems need to function • How fast • Maximum and optimum time frame for each system or function to be restored • How well • Sometimes minimal functionality is sufficient

  15. IT Requirements • Where will it be used and by whom and will the communications infrastructure support it? • Employees • Users or beneficiaries • By what priority will systems be restored • The priority will be modified by what contingencies • E.g. a long term total evacuation changes the operational needs for criminal justice systems and personnel

  16. Continuity and Disaster Recovery Location Options • Consider new kinds of mutual aid and sister city/county/state arrangements • Work with friends, colleagues, associations, and vendors • To match you with a comparable entities that are located outside the various geographic threat circles • Who can mirror your IT operations (hardware, software, operating systems, and culture)

  17. People • Force in depth—who is the backup to the backup to the backup? • Consider the actual health and physical abilities and disabilities of a person when assigning tasks for a disaster scenario • The disaster is not the time to find out the electrician in the hazmat suit has a heart condition • What family and personal duties may interfere with performing official duties (e.g. save your own kids or save a stranger)?

  18. Systems • Daily operational • Interdependent systems • Emergency only • Identity security and access management for physical and logical security • Follow FIPS 201 for federal/state/local interoperability

  19. Integration • Identify integration issues between: • Internal systems and public safety entities • Other governmental systems • Related actors • Non-governmental systems and processes • Example: 911 and 311or its equivalent • Normally separate but related • Emergencies blur the line • Co-location, cross training, and system integration

  20. Implementation and Triage • Someone better be in charge • Dispute resolution processes • Who will be your Sensibility and Sanity Checker (off site, not affected by the disaster, and actually getting enough sleep to make sound decisions)? • Baton Rouge example with Mayor Holden

  21. Think Third World • Hand crank your computers • Bike generators • Solar and wind power • Portable water purifiers • Emergency shelter • Runners and mountain bikes • Hand tools

  22. Think New World • Internet Protocol (IP) everything • Bridge between radio, wireless data/WI-FI and use each as IP conduits as needed • Gigs of portable flash memory • Satellite data and telephony

  23. Think New World • Instant Message • Text and mobile email • Cell On Wheels/Boat/Balloon • Negotiate/legislate priority and bumping rights in telecommunications provisioning

  24. Conclusion: Essential Public Safety Systems and Organizations Must Be Disaster Resistant, Flexible, Diversified, and Redundant(Or We Are All In Big Trouble) Contact Information Richard J. H. Varn Center for Digital Government rjmvarn@msn.com

More Related