Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
The CCB Matrix PowerPoint Presentation
Download Presentation
The CCB Matrix

The CCB Matrix

128 Vues Download Presentation
Télécharger la présentation

The CCB Matrix

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. John Basinger ACII FCILA AIRM ABCI The CCB Matrix Roy Adams Alarm South East

  2. Introduction • The Business Continuity Consultants View • The Local Authority Perspective

  3. Aims and Objectives • Brief overview of CCB • What is Business Continuity Management ? • Why do it? • Promote discussion on what you need to do • Set the scene for Roy !

  4. What does the CCB say and do • Single framework for civil protection in 21st Century • Identifies roles & responsibilities for local responders • Modernises legislative tools to deal with most serious emergencies • Creates structure for multi-agency planning teams

  5. What does the CCB say and do • Provides a clear set of responsibilities& expectations for local responders • Greater structure & consistency for multi-agency planning • Councils are Category 1

  6. Category 1 duties • Risk assessment • Emergency planning • Warning & informing • Business Continuity Planning ( sole responsibility for LA’s) • Co-operation • Information sharing • Generic advice to public at large

  7. Your duty to Plan • CCB relates to Emergencies • Emergency Planning is one of the Authority’s duties ! • To fulfil that duty the Authority has to be resilient • Therefore full BCP is required for the entire authority….. Discuss!

  8. What is BCM? “A management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interest of key stakeholders, reputation, brand and value creating activities.” Source - BCI 2001

  9. A Management Process • Not a bolt-on goody • A dynamic, proactive and ongoing process • Must be kept up to date to be effective • Embedding BCM makes it part of the business process • Avoids firefighting in an emergency • Assists in preparation for “business as usual”

  10. Key Objectives of an Effective BCM Strategy • Ensure safety of staff • Minimise business interruption events • Maintain service delivery • Limit/prevent impact beyond the Authority • Demonstrate effective and efficient governance to the media and stakeholders • Protect the Authority’s assets • Meet insurance, legal and regulatory requirements

  11. The Process • Understanding your organisation • Business Continuity strategies • Develop and implement Business Continuity response • Building and embedding a continuity culture • Exercising, maintenance and audit • BCM programme management

  12. Understanding Your Organisation - Business Impact Analysis • Needs ownership by senior management to ensure buy-in • BCM needs to be aligned with Mission Critical Activities • What are the key processes and functions? • Who are the key personnel? • How long before service drops below an acceptable level? • Interdependencies internal/external • Single points of failure

  13. Understanding Your Organisation - Risk Assessment and Control • “What ifs” • Hazard register • Likelihood (probability) • Impact (severity) • Risk ranking - accept, manage, reduce, BCP

  14. Business Continuity Strategies • What is your appetite for risk? • Manage in-house • Third Party contracts • Reciprocal arrangements • Checklists • Contact lists etc

  15. Develop and Implement BC Response • Establish management of the process • Ascribe responsibilities • Establish Risk Management Team(s) • Communications • Public Relations

  16. Building and Embedding a BCM Culture Ongoing programme of - • Education • Awareness • Training

  17. Exercising, Maintenance and Audit • Exercising of BCM plans • Rehearsal of staff and BCM teams • Testing of technology and BCM system • BCM maintenance • BCM audit

  18. The BCM Programme • Executive commitment and proactive participation • Organisation (corporate) strategy • BCM policy • BCM framework • Roles, accountability, responsibilities and authority • Finance • Resources • Assistance • Audit • Management information systems • Compliance • Change management

  19. Conclusions • Business Continuity is Business Management • Pre-planning pays off • Plans need to be kept up to date • Plans need to be kept simple • BCM is peace of mind

  20. Theory into practice-the challenge! Central Government Utilities Audit Commission Business ContinuityPlanning Blue Lights Day to Day Functions Emergency Planning Local Businesses

  21. Business as Usual? – have you thought about CCB? • Its big, potentially one of the biggest issues for Local Government • It will affect every organisation involved in Government and Emergency Services • It could save lives or cost lives • It is beyond the skills of anyone individual…

  22. Vision Statement • The CCB is designed to ensure that the Country is able to withstand a serious event with the minimum disruption to Society • The CCB imposes clear duties upon Local Government and the Emergency Services- there is no “opt-out” clause

  23. It will never Happen! • Remember Manchester? £257m, Canary Wharf £117m, 2002 storms £1.25billion. Plus lost lives!!! • ABI impact indicates incident in London hits all the travel to work areas • ABI plans East Coast/Thames estuary flood £8-10billion + lost business

  24. The Challenge • Deal with the “event” • Handle the effects i.e. Evacuations, Damage limitation, Crisis Management • But Now determines the role of the local authority & looks for continuity of service from the Authority and “other providers”

  25. Today’s Issues • Presently EPO’s and Council teams have plans for external events and not Business continuity in a wider perspective • These plans were found wanting in recently i.e. fuel crisis, M11 Snow, and exposed the “gaps” in contracts and partnerships • Even the roles of emergency service and military were confused.

  26. How Did We Get in that situation? • Role of EPO’s and Councils have changed following recent incidents- wider involvement- lack of clarity • Original assumptions are no longer valid the Public expectations are “Service” as usual • Society is more complex with centralised supply chains, outsourcing, diversity of Health Care and essential services

  27. Partners=Problems • No contractual responsibility for out sourced services • No real strategic grasp of the wider issues • Who pays syndrome • Isn’t this your problem? • Outsourcing does not remove the responsibility.

  28. What are the threats? [P45?] • Public Outcry= Politicians embarrassed • Awkward questions- [No Blame Culture?] • No single person/organisation at fault • Press pressure- why no scapegoats?? • Embarrassment=Action=CCB • CCB=You! [No blame culture???]

  29. Our Challenging Society of Risk • Terrorism, WMD’s, “flixborough’s” • But also “rights” extremists, Hackers, Globalised Suppliers, infrastructure i.e. I.T/ WWW, Electronic banking etc • No natural inbuilt “resilience” in society Who will face the litigation? “someone’s at fault! “ • No experience or tolerance of mass disruption since WW2.

  30. The CCB Solution [Passing the Buck?] • No Centralised system-[ “no CG blame?] • Wide definition of emergency!! • By decentralising the onus is upon Local Authorities and Emergency services to get things right • No matter what happens, there will be Litigation, Enquiry’s and Scapegoats.

  31. The “Way out of the CCB Matrix?” Route 1 • This is a BIG and NASTY risk, get it wrong and it could be fatal in real terms • Assess your role and the risks for your area, work as a group. No Opting Out • Learn from others, what has happened before, natural, accidental and deliberate • Clearly define your role/ responsibility

  32. Route 2 Provide Services • Get your own Business continuity plan in place, keep it simple, many incidents are generic. • Plan as if there are 2 incidents- • The external event and your response • The impact of the event upon your own service provision

  33. Route 3 Simple Problems- Big Impact • Money- set up agreements or credit cards • People- who will do what? i.e. the senior risk and insurance staff could be involved in both-EPO’s, H&S, Adjusters? who does what? • Access- to your property, the area, systems, facilities. • Transport, where do you live? Will it work? Would you be allowed access?-SOCO etc

  34. Route 4 Plan Ahead • Assuming you have your business continuity plans in place do you know what is expected of your organisation • Giver or Receiver?- your plans will differ • Big or Small? County Plans should dovetail with Districts, neighbours? • Never ever assume – ask, know your place

  35. Route 5 Other Routes • Duty on other category 1 providers to assess risk, maintain plans, publish and maintain arrangements to warn, advise and inform the public in the event of an emergency • Category 2 duties to co operation with Cat 1--- but how?, needs evaluation and action plans

  36. Oh yes, there’s more • Advice on Business Continuity to others- keep it simple- seminars etc, use Brokers BCI or ABI etc [it’s in their own interest!] • Remember that you cannot design the plan for others, keep it generic or get sued!

  37. Who Pays? • Only small % is insurable • Bellwin -1/2% excess, not if insurable • Taxpayers? • Or is it a case for Central Government to agree to underwrite the costs? • A the outset involve accountants to agree and monitor expenditure, and records of why when etc.

  38. The Carrot and the Stick- The stick • CPA’s- Business Continuity on agenda • Corporate manslaughter- • Press reaction • Litigation- Hindsight!! • Political fall out • Career?

  39. Recommendation • Identify the risks- include on Strategic Risk Register • BC Plans- link to Services, EPO’s and test • Record all outcomes, if funding is needed then ask. If no funding then the responsibility passes up the chain [so does the blame!!!]

  40. Finally the Carrot • There is no carrot • Only the knowledge that if something does go wrong then you and your colleagues could actually make a real contribution to the welfare of others • If not then how will you reply when the questions are being asked????

  41. And now John’s Practical Tips

  42. Practical advice • Ensure buy in from the top • Involve all departments & stakeholders • Ensure BCM is embedded into day to day management • Raise awareness • Plans need to be kept simple & up to date

  43. Practical advice • Exercise your plans • Involve insurers / adjusters • Train your crisis management teams • Crisis logs- to demonstrate rationale of decision making, expenditure etc. • Things happen in a way you can’t always predict.Therefore plan in flexibility.

  44. Final Thoughts • Even if the Bill is amended further the concept and duties will still remain • It will not go away, and BC is part of the CPA • Proaction is better than no action • It will cost money, remember your budgets- bid now for funding…