1 / 25

Contingency & Business Continuity Planning

Contingency & Business Continuity Planning. Shane Creel Ph.D., CCEP LEED Green Associate Director, Risk Management & Sustainability Texas A&M University-Kingsville. Overview. Back to Business: Planning for Disasters The Benefits of Desktop Procedures Disaster Recovery

jalila
Télécharger la présentation

Contingency & Business Continuity Planning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Contingency & Business Continuity Planning Shane Creel Ph.D., CCEP LEED Green Associate Director, Risk Management & Sustainability Texas A&M University-Kingsville

  2. Overview • Back to Business: Planning for Disasters • The Benefits of Desktop Procedures • Disaster Recovery • Chaotic Ethical Decisions

  3. “While no one wants to dwell on the thought of impending disaster, prudent planning can give you piece of mind knowing that you have prepared your family or company as well as possible.” U.S. Department of State

  4. Where do the Threats Come From? • External disruption • Mother Nature –Wildfire, Flood, Hurricane • Utilities – Electrical, telecom, and water • Human Behavior – Terrorists, psychos, hackers • Internal disruption • Facility problems – fire, leaky roofs • Equipment failures – server crash • Disgruntled staff • Staff illness/death

  5. Back to Business: Planning for Disasters http://www.texasprepares.org/survivingdisaster.htm

  6. Business Continuity Questions • Will historical information be required in order to process new information? • Are necessary forms available? • Are cross-trained personnel available? • Is there an alternate work site available? (Remote Access) • Do you know all of the players?

  7. Business Continuity Planning • Historical Information • Meta Data Files • Common fields such as personal identifiers • Linked Data Files • Excel spreadsheets • Data mining from external sources • Hard copy information

  8. Business Continuity Planning • Forms • Do you have backups and who knows how to manually fill them out. Scenario: Your cashier is very proficient using the computerized system. The establishment looses access to the server which operates your ordering and cash handling. Everything else is functional. Will you have to close the business because no one knows how to manually conduct an order/process?

  9. Business Continuity Planning • Cross-trained personnel • This is very important but often difficult to accomplish. • Here is the normal though process: “If I teach someone else what I know, why would the organization continue to need me?” • We have to get past this way of thinking. Some of us here might not wakeup in the morning. Is there someone else that you have trained to do your job? • The more others know the easier your job becomes.

  10. Business Continuity Planning • Alternate work site (Remote Access) • Can your operations be conducted elsewhere? • Can your employees telecommute? • What if your building is no longer standing?

  11. Business Continuity Planning • All the players • Do you have employee recall information? • Do you have an Disaster Recovery Organization available? The Texas A&M System contracts with Cotton USA for Disaster Recovery Assistance. • Where are you on the priories list for you energy provider? • Have you met with all of the players to establish contact if nothing else?

  12. Desktop Procedures • Desktop procedures defined: A set of instructions covering those features of operations which lend themselves to a definite or standardized procedure, for preventing business disruption, without loss of effectiveness with the flexibility necessary in special situations retained. The Cradle to Grave Process.

  13. Desktop Procedures • Why do we need desktop procedures? • Prevent business disruption. • Promote uniformity & consistency across organizations. • Maintain smooth operations. • Employee transition. • Provideprotectionin the event of an audit.

  14. Developing the Procedures • Identify the how do I’s • Write a recipe for each • Identify the what, how, when, where, and who? • These are the items we have committed to memory or that have become second nature. • Desktop procedures are a subset of business continuity.

  15. Disaster Recovery • Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity. • Most large companies invest as much as 25% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data.

  16. Disaster Recovery • “MARC” (Minimum Acceptable Recovery Configuration). • High-level facilities/People/Equipment/Telecom • Recovery Time Objectives (RTO). • The time period after a disaster at which business functions need to be restored. • Recovery Point Objectives (RPO). • The age of files that must be recovered from backup storage for normal operations to resume. • Funding Gap. • Funding differential required to recover. Is there reserve funding available?

  17. Information Security • An organization’s Information Security revolves around the attitude of the employees. • Loose lips sink ships! • How to protecting organizational information. • A viable Records Retention Schedule. • Texas State Records Retention Schedule https://www.tsl.state.tx.us/slrm/recordspubs/rrs4.html • Implement Information Security Programs focusing on technology and operations. • Provide Information Security awareness training. • Provide user authentication.

  18. Chaotic Ethical Decisions • Decisions are at the heart of leader success, and at times there are critical moments when they can be difficult, perplexing, and nerve-racking. However, the boldest decisions are the safest. Dr. HosseinArsham Merrick School of Business University of Baltimore

  19. Chaotic Ethical Decisions • Supported by behavioral decision theory which: • Accepts a world with bounded rationality and views the decision maker as acting only in terms of what he/she perceives about a given situation. • Fits with a chaotic world of uncertain conditions and limited information. • Encourages satisficing (good enough)decision making.

  20. Chaotic Ethical Decisions • The 3Rs of Chaotic Ethical Decision Making: • Rationing of resources • Who gets what first? • Restriction of access • Texas is working to establish First Responder Credentialing. • Responsibility • Environmental • Social • Organizational

  21. Chaotic Ethical Decisions • The Ethical Dilemma: • A situation in which the decision maker must decide whether or not to do something that, although risky yet beneficial (for the greater good) given the situation, may be considered unethical and perhaps illegal. • Things to consider: • Would I make the same decision if my family were involved? • What is the personal impact of the decision? • Will I be able to sleep to night?

  22. Public Relations • Present a unified front to primary and secondary stakeholders. • Primary: employees, customers, investors, and shareholders, as well as governments and communities that provide necessary infrastructure. • Secondary: media, trade associations, and special interest groups. • This demonstrates to the public that the situation is under control and prevents further panic. Additionally, your stakeholders are less likely to loose confidence in the organization.

  23. Additional Sources • Emergency Management Institute Continuity of Operations Awareness Course http://training.fema.gov/EMIWeb/IS/is546.12.asp

  24. Contact Information Randolph.creel@tamuk.edu O: (361)592-2237 C: (361)219-4526

More Related