1 / 49

Business Continuity /Disaster Recovery Panel

Business Continuity /Disaster Recovery Panel. STA Annual Conference 2006. A High Level Summary of the Lessons Learned from Hurricane Wilma by Franklin Templeton Investments. Wayne Behrens Director Business Continuity Planning. Prepared for the Securities Transfer Assocation

evadne
Télécharger la présentation

Business Continuity /Disaster Recovery Panel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Continuity /Disaster Recovery Panel STA Annual Conference 2006

  2. A High Level Summary of the Lessons Learned from Hurricane Wilma by Franklin Templeton Investments Wayne Behrens Director Business Continuity Planning Prepared for the Securities Transfer Assocation Amelia Island Meeting on Oct 20, 2006

  3. Wilma Agenda • Franklin Templeton Investments • Who was Wilma • Impact of Wilma • What Went Right • Crisis Management Lessons • Business Continuity Lessons • Technology Lessons • Facility Lessons

  4. Franklin Templeton Investments • Parent: Franklin Resources Inc. • Approx 500 Billion in Assets Under Management • Major Brands • Franklin • Templeton • Mutual Series • Fiduciary Trust • Darby Overseas • Bisset (Canada) • Employees: Approx 8,000 in 29 countries. In the Florida Area: • St. Petersburg (1,200+) • Ft. Lauderdale (466) • Nassau (49) • Miami (16)

  5. Who the Heck was Wilma? • Hurricane Wilma is the lesser known cousin of Katrina. However, Wilma was the most intense hurricane ever recorded in the Atlantic basin. It devastated parts of the Yucatán Peninsula as well as southern Florida. • There were 62 deaths attributed to Wilma and damage is estimated at $12.2 billion in the U.S., making Wilma the sixth costliest storm in U.S history. • When Wilma reached Ft. Lauderdale, she was a category 2 hurricane with sustained winds of 110 mph to 130 MPH.

  6. Impact of Wilma on Franklin • Wilma reached Ft. Lauderdale early Monday morning, October 24th. By Monday afternoon, we had received preliminary damage assessments indicating that hundreds of windows primarily on the north west section of the building were blown out. • We were unable to occupy the building from October 24 through November 18. • No loss of life and no injuries to employees. Some damage to a few employee’s homes. Many employee’s homes were without power for days or weeks. • 500 employees were impacted, with over 230 being relocated to other sites: Toronto, St. Petersburg, Miami, New York, Short Hills, San Mateo, and Rancho Cordova.   

  7. What Went Right • In general, our Crisis Management, Business Continuity and Technology Disaster Recovery plans worked well. • Wilma caused virtually no disruption to our customers. • The Ft. Lauderdale Emergency Management Team took charge of the situation in Ft. Lauderdale. • All business units were able to follow their business continuity plans and recover their operations. • Technology operations were restored to include two critical applications.

  8. Crisis Management Lessons • When the local Emergency Management Teams (EMT’s) are in the midst of the incident and working literally in the dark, they do not always have the ability to fully coordinate the recovery of business operations away from the site. • Each of the major roles in our crisis management teams need to have a specific checklist. • We need to put in place a pre-plan to track and deal immediately with the relocation of employees to other sites. • You cannot over communicate. Despite the fact that we tried very hard to be proactive on communicating to our employees, we still heard a number of complaints in this area.

  9. Business Continuity Lessons • Over 40 laptops were left in the FTL office when the hurricane hit. There had been so many hurricane threats during the year that many employees did not feel that Wilma would really hit or cause this much damage if it did. • The standard for Business Continuity Plans needs to be expanded to address a month long outage: • Shifting work to alternate sites for the first 3-5 days without moving employees • Plan for an incident to last over a month to include a month end • A number of issues arose in regards to employees: • Pay during the outage • Childcare and school closures • Bonus for extraordinary efforts • Relocation of children & elders

  10. Technology Lessons Learned • We were surprised by the number of business units that still relied upon hard copies of faxed documents to stand alone fax machine. We have worked on a better process and documentation of FAX rerouting requirements. • Better written procedures for forwarding 800 numbers. • There is a desire from the business for a better disaster recovery solution for email and Blackberry servers. • Environmental monitoring of server rooms needs to be tied into a central control point to insure it is remotely accessible.

  11. Facilities Lessons Learned • We should have drilled more rigorously on damage assessments. For the first couple of days, the damage assessments were verbal and led us to believe the damage was much more extensive than it was. It turned out only 15% to 20% of the work areas were damaged. • Conversely, our repair and re-occupancy time estimates were wildly optimistic. • Based on initial reports, we planned for a week long disruption. We were out for almost a month. • Need to have working knowledge prior to the incident of what local agencies will require to re-occupy a building. • Keep in mind the fire marshal and the building inspectors are not always in sync.

  12. Wilma Closing In the end it was the knowledge, flexibility and perseverance of our people who really carried the day and made the recovery a success. Questions?

  13. Franklin’s Approach to Planning for a Pandemic

  14. Pandemic Agenda • Goal of this presentation • Likelihood of a Pandemic • Basic Business Continuity Strategy • Why plan • How will a pandemic differ • Basic elements of our plan • Crisis Management • Business Continuity Planning • Technology • General Services • Human Relations • Corporate Communications • What our plan does not cover

  15. Pandemic Background 1. Goal: To provide an overview of Franklin’s current approach and thinking in regards to planning for a possible Pandemic. 2. Likelihood of a pandemic occurring: The question is more like earthquakes in California. It is not a question of if, but rather when and how bad. Some data points such as the 1918, 1957 & 1968 pandemics and SAR’s. But, no good data on frequency or severity. 3. Strategy: Our basic disaster planning strategy is to shift our operations to other sites for 3 to 5 days, after which we will then need to start to shift people to alternate sites. However, this will not work in a pandemic situation.

  16. Pandemic Background (Continued) 4. Why plan if civilization is going to collapse: We used a “reasonable worst case scenario”. A scenario which we think is likely to occur. This is not a worst case scenario which anticipates the general breakdown of society and services. • 5. How will a pandemic differ from our “normal incidents: • - Many sites are likely to be impacted • at approximately the same time • - Will not be able to shift people • between sites • Site might be impacted, but not • incapacitated • - Sites affected for months not hours • Affects people directly not facilities or IT. • Employees may choose not to come to work. • No clear beginning or end.

  17. Pandemic Plan Outline • Our pandemic plan is broken down into: • 1. Crisis Management: • - Framework to address a pandemic • - Tabletop exercises • 2. Business Continuity Planning: • - Guidance to business units on how to review their business continuity strategies and workflows against a • pandemic type scenario • 3. Technology • Steps to reduce the impact of a • pandemic on our data centers • - Increased remote work capabilities • - Reviewing other strategies

  18. Pandemic Plan Outline (Continued) • 4. General Services • Best practices for employee hygiene program and procedures for facility • managers to follow in the event of a pandemic • 5. Human Relations • Global HR policy framework to provide recommendations to local HR • groups to address issues that are likely to arise in a pandemic • 6. Corporate Communications • Integrated communication plan • 7. Plan Does not currently include: • PPE such as Masks gloves, Etc. • Antiviral Drugs such as Tamiflu • Vaccines

  19. Pandemic Closing Questions?

  20. All Disasters are Local:Regionalizing Business Continuity Securities Transfer Association 2006 Annual Conference Brian Tishuk ChicagoFIRST Executive Director October 20, 2006

  21. Transportation Defense Industrial Base Water Agriculture Food Postal & Shipping Government Services Energy Critical Infrastructures Public Health Emergency Services Chemical Industry Telecommunications Financial Services

  22. The Financial Sector

  23. Federal Financial Partnership Financial and Banking Information Infrastructure Committee (FBIIC) (formed January 2002) Financial Services Sector Coordinating Council (FSSCC) (formed June 2002)

  24. FBIIC FSSCC PUBLIC SECTOR PRIVATE SECTOR President’s Working Group on Financial Markets Treasury - Lead Agency (PDD 63) US Treasury Assistant Secretary for Financial Institutions FBIIC CHAIR Assistant Secretary for Financial Institutions SECTOR LIAISON Rhonda MacLean SECTOR COORDINATOR Financial and Banking Information Infrastructure Committee (FBIIC) US Treasury Department Commodity Futures Trading Commission Conference of State Bank Supervisors Federal Deposit Insurance Corporation Federal Housing Finance Board Federal Reserve Board of Governors Homeland Security Council National Association of Insurance Commissioners National Credit Union Administration New York Federal Reserve Bank Office of the Comptroller of the Currency Office of Federal Housing Enterprise Oversight Office of Thrift Supervision Securities and Exchange Commission Financial Services Sector Coordinating Council for CIP/HLS Financial Services Trade Associations & Institutes New York Stock Exchange The Clearinghouse FS/ISAC Securities Industry Automation Corporation The Options Clearing Corporation ChicagoFIRST NASDAQ AMEX ASIS

  25. The Role for Regional Public/Private Partnerships

  26. The Missing Piece To increase the resilience of financial services in the event of a regional disaster in collaboration with the city, state, and federal agencies.

  27. All Disasters are Local • How will that jurisdiction prevent, prepare for, and respond to incidents? • Do your business continuity plans incorporate government response plans? • How can coordination be fostered among jurisdictions? • Regional partnerships can strengthen the business continuity plans of participating firms

  28. Regional Partnerships:Formed and Forming • Miami (FloridaFIRST) • San Francisco (BARC FIRST; Bay Area Response Coalition) • Los Angeles (SoCal FIRC; Financial Institutions Recovery Coalition) • Minneapolis (MN-ISAC; MN Security Board) • Tampa Bay Region of FloridaFIRST • HoustonFIRST • PhiladelphiaFIRST • ColumbusFIRST • Alabama Recovery Coalition for the Financial Sector • Chicago (ChicagoFIRST) • Washington, DC • Detroit • Alaska • Seattle • Jacksonville • Las Vegas • New Orleans (still thinking about it)

  29. RPC FIRST • Fostering Collaboration among Partnerships • ChicagoFIRST leading the formation of a Council • Council would share best practices • Council would help one another with administrative questions • Council can plug into FSSCC • RPC = Regional Partnership Council • FIRST = Financial Industry Resilience, Security, and Teamwork • Formed in early 2006

  30. The ChicagoFIRST Approach (formed May 2003)

  31. ChicagoFIRST’s Primary Objectives • Obtain a seat at Chicago's 911 Center in the event of a crisis that affects Chicago's financial community • LaSalle Bank/ABN AMRO • Create permits/passes for essential personnel to safely access business facilities in the event of a general evacuation of the city (credentialing) • Northern Trust Bank • Develop and communicate standard evacuation procedures for industry personnel to exit city limits in the event of a disaster • JP Morgan Chase

  32. ABN AMRO / LaSalle Bank Allstate Insurance Company Aon Archipelago Ariel Capital Management Bank of America Chicago Board Options Exchange Chicago Board of Trade Chicago Federal Home Loan Bank Chicago Mercantile Exchange Chicago Stock Exchange Fidelity National Financial Global Electronic Trading Company Harris Bank JP Morgan Chase Man Financial Mesirow Financial Mizuho Securities USA Northern Trust The Options Clearing Corporation PrivateBank and Trust UBS Washington Mutual William Blair & Company Members

  33. Strategic Partners (pg. 1 of 2) • Chicago Office of Emergency Management and Communications • Chicago Police Department • Commodity Futures Trading Commission • FBI / InfraGard • Federal Deposit Insurance Corporation • Federal Emergency Management Agency • Federal Reserve Bank of Chicago • Financial and Banking Information Infrastructure Committee • Financial Services Information Sharing and Analysis Center • Financial Services Roundtable / BITS • Financial Services Sector Coordinating Council • Futures Industry Association

  34. Strategic Partners (pg. 2 of 2) • Great Lakes Partnership • Illinois Department of Financial and Professional Regulation • Illinois Emergency Management Agency • Illinois State Police • Illinois Terrorism Task Force • National Futures Association • Office of the Comptroller of the Currency • Securities and Exchange Commission • Securities Industry Association • United States Attorney’s Office for the Northern District of Illinois • United States Department of Homeland Security • United States Department of the Treasury • United States Secret Service

  35. Achieving Our Goals

  36. Formal 911 Center Seat • Obtained seat at 911 Center in fall 2003 • Primarily for government agencies • May use seat when Center is activated • Enhancements to seat at emergency operations center • Set of individuals to staff the seat (with Chicago Fed help) • Handbook with protocols for using the seat, activating our crisis communicator, and contact information • Private component of web site created and configured to provide a message board for posting and recording critical information • Information about the membership, including critical locations and essential employees, on the computer at the seat

  37. Informal Information Sharing • Seat at 911 Center will be used rarely • But the relationships with the city and state are invaluable • Spring 2004 information about leaning transmission tower • August 1, 2004 threats against financial institutions • LaSalle Bank fire, December 2004

  38. Credentialing and Evacuations • Credentialing • Discovered city and state each seeking credentialing systems, but not coordinating • City adopted credentialing pilot in which ChicagoFIRST participates • Evacuations • Illinois Department of Transportation tabletops in 2004, 2005, and 2006 • September 7, 2006 evacuation drill in the Loop

  39. Additional Achievements

  40. Working Groups • Security Working Group • Coordinating training needs and opportunities • Coordinating physical security and options • Piloted NC4 Situation Awareness Service • Power Working Group • Understanding electricity in multi-tenant buildings • Sharing ComEd information among members

  41. Working Groups • Telecommunications Working Group • Educating membership • GETS • TSP • SBC call forwarding • Surviving a central office failure • TeleContinuity • LEMKO • Sprint IP network

  42. Working Groups • Pandemic Planning Working Group • Free exchange of HR, legal, & BCP information, without NDAs • Coordinating with state and local health departments • Coordinating with sector-wide efforts • Evaluating hiring a public health advisor for ChicagoFIRST • Tabletop scheduled for November 2, 2006

  43. Working Groups • Public Relations Working Group • Single point of contact for the media • Firms leverage membership with press • ChicagoFIRST increases media understanding • Crisis Communications Working Group • Quarterly tests of the 911 Center procedures • Quarterly tests of Dialogic (notification data) • Quarterly tests of TeleContinuity and GETS

  44. 2004 Milestones • Testified before House Financial Services Committee on ChicagoFIRST as a partnership • 9/11 Commission legislation identifies ChicagoFIRST as a model • GAO Report on Financial Market Preparedness praises ChicagoFIRST • Treasury handbook identifies ChicagoFIRST as model • Tabletop on city’s response to Chicago financial community

  45. 2005 Milestones • Tabletop focused on futures and options markets • Public television features ChicagoFIRST • Fund Illinois Terrorism Task Force (ITTF) video for the citizens of Illinois • Co-chair Private Sector Committee of the ITTF

  46. 2006 Activities • Mutual aid among the members • Credentialing critical supplies like cash • Evacuation drill • City of Chicago camera program • Provided testimony on pandemic preparedness to the House Financial Services Committee

  47. ChicagoFIRST Model Works • The model is the partnership approach, not the goals or organization of ChicagoFIRST • FloridaFIRST covers the entire state, with several regions • BARC FIRST and SoCal FIRC split California • MN-ISAC has Target, Best Buy, 3M as members • Leverage partnership to encourage public sector information sharing and improvements • Seats in EOCs • Credentialing • Access protocols for critical supplies

  48. The Value Proposition • LaSalle Bank fire • Mizuho futures • Cooperation vs. competition on employee safety and business continuity (mutual aid established after the fire) • Government appreciates single point of contact • NC4 and TeleContinuity

  49. Brian Tishuk Executive Director ChicagoFIRST 312-322-4441 brian.tishuk@chicagofirst.org www.chicagofirst.org Contact Information

More Related