1 / 42

Joe Ozorio VP & Program Director Chris Evanshen Board Member October 22, 2013

Joe Ozorio VP & Program Director Chris Evanshen Board Member October 22, 2013. What is DRIE?. Disaster Recovery Information Exchange Not for profit association of professionals founded in 1985 Affiliated, but independent chapters located across Canada and globally

izzy
Télécharger la présentation

Joe Ozorio VP & Program Director Chris Evanshen Board Member October 22, 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joe Ozorio VP & Program Director Chris Evanshen Board Member October 22, 2013

  2. What is DRIE? • Disaster Recovery Information Exchange • Not for profit association of professionals founded in 1985 • Affiliated, but independent chapters located across Canada and globally • Dedicated to the exchange of information on all aspects of planning from an emergency, crisis or other business interruption to a return to normal operations

  3. What is DRIE? • Members from all industry sectors including: financial, government (municipal, provincial) retail, insurance, energy, real estate, automotive, communications, consulting, recovery & restoration services

  4. DRIE’s Objectives • To provide a forum for the exchange of information among Business Continuity practitioners; • To be an authoritative source of information relating to Business Continuity; • To promote Business Continuity awareness within the business and government communities; • To advance the professional standards of the Business Continuity discipline; and • To engage with representatives from commercial, not for profit and government organizations in providing information to support the most effective and efficient Business Continuity schemes for the protection of life, health and safety of individuals, and the protection of the property of organizations and the environment in Canada.

  5. Member Benefits • Events to share, learn, and network: • Quarterly education symposiums and networking sessions • Social network events • Promote: • Deeper understanding of business continuity and related issues • Awareness of business continuity nationally • Nurture: • Student Scholarships • Mentoring

  6. Funding • Membership Fees (vary by chapter) • Corporate Sponsorships

  7. Recent Program Events • Lessons learned from real events: • Goderich tornado • Shaw Court fire in Calgary • Hurricane Sandy • Calgary and Toronto floods • Integration of BCM and ERM • Infectious Respiratory Diseases: past, present and future • Crisis Communications • Contingency Planning and The Cloud • How I’ll Steal Your Data

  8. Recent Program Events • Discussion panels: • Dealing with power outages • Information security

  9. Business Continuity Awareness Week(BCAW) • Organized internationally since 2005 • In March 2013, DRIE partnered with the following organizations to promote BCAW in Canada; • Business Continuity Institute (BCI) • Disaster Recover Institute Canada (DRIC) • World Conference on Disaster Management (WCDM) • Centennial College – Emergency Management and Public Safety Institute (EMPSI) • Canadian Risk and Hazards Network (CRHNet)

  10. BCAW • Theme for 2013: • "Resilience through Business Continuity" • Business Continuity improves an organization's ability to mitigate risks - known and unknown. • BCAW is an ideal stimulus for educating organizations on the importance of business continuity planning, by sharing experiences, knowledge and best practices. • By working together organizations can be better prepared to handle adversity when it arises.

  11. BCAW • Group site established where members can participate in discussion forums and webinars • Some of the webinars held this year included: • CRHNet Overview • Using Social Media for Crisis Management • Positive Resilience • 2014 – March 17th – 21st – Don’t Miss Out! • Visit: bcaw.groupsite.com

  12. Greater Toronto Incident Management Exchange - GTIME • Cross-industry discipline project led by DRIE Toronto • Partner with BOMA and City of Toronto • Goal is to examine best practices in disaster management for municipalities & businesses in a collaborative way • Approach – organize large scale associated table top exercises • Project includes review of similar exercises in similar jurisdictions, existing Toronto exercises and the degree of integration

  13. GTIME • GTIME's mission is to help ensure that any impacted government and business organization recovers from a wide-scale business disruption or disastrous event. • Participants will partner to coordinate emergency management and business continuity response and resumption, with an emphasis on business continuity. • GTIME I was held on October 29, 2009 • GTIME II was held on October 13th, 2011 • GTIME III will be held in 2014

  14. GTIME • GTIME I was held on October 29, 2009 • GTIME II was held on October 13th, 2011 • Summary reports for each of GTIME I &II can be found on the GTIME Website (driegtime.org) • Reports include findings and recommendations • GTIME III will be held in 2014 • DRIE will be looking for sponsors and volunteers for the 2014 exercise in the coming months

  15. Interested? • Next Toronto Quarterly session is December 3, 2013 12:00 – 4:30 pm, RBC Auditorium, 315 Front Street • Cost for non-members: $35.00 • Visit us at www.drie.org

  16. Emergency Management Crisis Management & Communications Business Continuity Plans and IT Recovery Business Continuity Management OverviewAn effective BCM Program can help ensure overall resilience BCM is a holistic program that: • Is a seamless integration of emergency management/response, crisis management, IT recovery, business continuity, claims management, and security management • Identifies potential threats to an organization and the impacts to the business that those threats, if realized, might cause • Provides a framework for building organizational resilience with the capability for an effective response • Leads to an overall organizational resilience capability that can be defined as the positive ability of a company to adapt itself to the consequences of a catastrophic failure. Insurance Infrastructure

  17. Response to Disasters Response continuum • Various mechanisms are used to respond to risks that materialize • Transitioning from one response mechanism to another follows a fundamental response continuum Emergency Response Crisis Management Activity Business Continuity and/or IT Recovery Business as usual Time Hours Weeks Minutes

  18. A BCM/Resiliency Program: • Is building resiliency that aligns with the mission, vision, and objectives • Has a Business Continuity Management program that aligns with the company risk program • Responds to an emergency in a coordinated manner aligning with the other BCM components • Has a Crisis Management Team and corresponding Crisis Management and Crisis Communications plans in place (including trained spokespersons) • Has a Business Continuity and IT Recovery plans in place to address key disruptions to your business – the longer term contingencies • Must regularly exercise & maintain the plans

  19. Business Continuity Management 101 • Governance • Ownership • Reporting • Integration • Emergency Response • Fire Safety • Identification of Threat Scenarios\ • Checklists • Liaison with First Responders • Plan Exercising and Maintenance

  20. Business Continuity Management 101 • Crisis Management and Communications • Crisis Management Team (Overall Command) • Severity Levels and Escalation Protocols • Invocation Procedures • Communication Protocols • Meeting Cycle • Command Centre • Plan Exercising and Maintenance

  21. Business Continuity Management 101 • Business Continuity Planning • Business Continuity Team • Business Impact Analysis • Internal and External Dependencies • Recovery Strategy Development • Plan Development • Plan Exercising and Maintenance

  22. Business Continuity Management 101 • IT Disaster Recovery • Alignment with Business • Technology Recovery to meet Business Requirements • Plan Exercising and Maintenance

  23. BCM As Part of Risk Controls Business Continuity is part of the mitigation when you retain the Risk!

  24. ERM and BCM Operating as Silos • Traditionally some organisations have maintained separate Business Continuity Management and Enterprise Risk Management arrangements Threats Impacts Risk Process BCM Process Functions Likelihood Filter Filter Threats Impact Plans Controls Protects against threats to Strategic Objectives Recovery of Business from Interruptions

  25. Integration Business Strategy Interviews and workshops Risk Map Risk Register Threats, Impact, Likelihood Key risks / threats Identification of Risks Risk Strategy & Controls (Preventative) Business Continuity Plans (Mitigation) Dependencies Vulnerabilities Impact Key processes Impact of interruptions upon key processes

  26. QUESTIONS?

  27. Develop meaningful IT Recovery Plan Maintain Recovery plan congruent with Production Environment Test – Choreograph – Rehearse Training and Awareness Cultivate Business Processes that Reduce Manage and Control risk Develop Crisis Communications Strategy Define Crisis Management Team Planning Objectives;Disaster RecoveryvsBusiness Continuity

  28. Mobilize IT Recovery Team(s) Recover Critical IT Infrastructure & Data RTO – RPO Facilitate Technical Op’s during event Repatriate Production after event Activate Crisis Management Team Manage; Corporate Personnel, Environment and Assets Client Impact and Perception Service Delivery Public Perception Regulatory Obligations Resumption Options …more… At the time of an event;Disaster RecoveryvsBusiness Continuity

  29. BCP Program Development Discovery Phase: Organizational Strategy Mission Critical Business functions Business Inputs, Outputs and Deliverables BCM Strategies: Organizational Level Process Level Resource Level BCM Response: Continuity Plan(s) Resource Recovery Solutions (DR) Crisis Management Plan SAFEGUARD LIFE – ENVIRONMENT- ASSETTS

  30. BCP Project Milestones Discovery Phase:Accountable Sponsor (“C” Level management) Assigned Tactical Management BCM Project Champion (Service Lines) BCM Strategies:Risk Analysis & Mitigation Business Impact Analysis (BIA) Recovery Strategies (hot site? Cold site? Internal / external) Crisis Management Strategies BCM Response: Continuity Management Plan Development Resource Solutions (teams, h/w) Business Process Integration

  31. Crisis Management Team (“C” level management) Command Clients Supply Chain Regulators … other … Disaster Recovery (technology) Facilities & Logistics (Mobilization) Crisis Communications & PR (Reputation) Control Coordination DR Technical Team Critical Staff Critical Mid-management Service Delivery External facing… Business Continuity Disaster Recovery is Subordinate to Business Continuity Most Disaster events are the result of a ‘Poorly Managed Crisis’

  32. Response & Crisis Management Incident! Planning & Testing Crisis Management Plan Enrichment Normal Operations Critical Operations Normal Operations Business Recovery Disaster Recovery STOP Business Continuity Plan

  33. Immediate response after a destructive event. Evacuation of facility and notification to emergency services Notification sequence for team leaders and backups Establishing a temporary Business Recovery Command Center Preliminary and detailed damage assessment Recall of vital records from off site storage Dealing with the news media to mitigate misinformation Re-locating to interim facilities to restore critical IT services Recovery of PC’s, LAN’s and Mid-range systems Establishing voice and data communication Addressing human resource and accounts payable/receivable issues Replacement of equipment, furniture and supplies Notification to clients, customers, suppliers and stock holders Restarting critical business processes and systems Reconstruction of the damaged or destroyed facility BCM plans should contain;Documented, rehearsed and up-to-date procedures for the following, PREVENTION – PREPARDNESS – RESPONSE– RECOVERY

  34. Team leader and backup names and phone numbers (call tree) Critical IT Infrastructure recovery Instructions for recovering your LAN Diagram/instructions for voice and data network Emergency agencies and phone numbers Names and numbers of critical services providers for your service line Procedures for your specific business unit recovery Human Resources plans (templates notifying/tracking and scheduling personnel) Fixed asset listing (offsite storage location) Names and numbers of vendors services that may be required Financial and legal information for managers (Labour, Health and Safety regulations) Business Unit contact’s within your company Telco carriers and critical equipment supplier contact information REPATRIATION PROCEDURES – how to return to production after the “All-Clear”. Plans should be audited for the following; Shift Focus from the IT level to the Strategic Maintenance of Critical BCM Processes.

  35. The power of 3 • What does the perfect information picture look like? • What 3 key pieces of information are we missing? • What are our 3 key strengths, 3 key weaknesses? • What are the 3 key strengths, 3 key weaknesses of our plan? • What 3 things must we do immediately? • What 3 things must we NOT do? • What does Optimum Acceptable Failure look like?

  36. Business Resilience The ability of an Organization or Business Unit to adapt to Threats, Demands, Disruptions, Dynamic Changes

  37. Business Resilience The ability of an Organization or Business Unit to adapt to Threats, Demands, Disruptions, Dynamic Changes And Opportunities

  38. Business Resilience Business Resilience adds an Offensive Posture That is focused on improving competitive position as part of the Business Continuity Management Program

  39. Offensive Posture Defensive Posture • Recovery Capabilities • Hardening of Facilities and infrastructure • Redundancy • High Accessibility/Availability infrastructure • Diversification of infrastructure • Removal of Single Points of Failure • Cross Training of Critical Talent

  40. Deferring investment in business continuity planning (BCP) may make the cost more palatable BCP is viewed as a delay if considered at all during the project planning stage Rarely is a multi-component outage or a full system or site outage addressed during the project stage Resiliency planning is often done after a system has been designed or implemented Yesterday’s Thinking

  41. The problem with BCP and DR is that the value proposition has almost always been framed in terms of “Risk Reduction” The true Value Proposition must be seen in improved efficiencies and competitive advantages. Driving Risk out of the infrastructure and imbedding effective policies for resiliency and efficiency should be at the core of the Business Continuity Program. the new value proposition

  42. QUESTIONS?

More Related