1. Are You & Your Facility Ready?
What’s New in Business Continuity, Personal Resiliency & Preparedness
Mike Thomson
Manager, Client Services & Business Continuity Programs
ImpactReady @ ImpactWeather, Inc.
Anthony Pizzitola, CFM, CBCP, MBCI
Facilities & Disaster Recovery Manager
Goode Company
2. First, what are we solving for ?
•Business Continuity Management is defined as a holistic management
process that identifies potential impacts that threaten an organization and
provides a framework for building resilience with the capability for an
effective response that safeguards the interests of its key stakeholders,
reputation and value creating activities.
•The primary objective of Business Continuity Management is to allow the
Executive to continue to manage business operations under adverse
conditions, by the introduction of appropriate resilience strategies,
recovery objectives, business continuity, operational risk management
considerations and crisis management plans.
Disaster Recovery Institute International
3. Business Continuity Helps Manage Risk in Many Ways
Cash & Credit Business Continuity
Management Planning
Intellectual
• Protects 85% of the business
Financial Property,
Capacity Processes &
Vital Records*
Physical
Security
Property, Facilities
and Infrastructure
Life Safety Emergency
Response
• Nearly 170% return on investment
Adherence to
Business
Risk or
• Non-compliant companies paid $9.4M in
Regulations Interruption
Corporate
Governance
Operations Enterprise Risk
fines, penalties & lost revenue
• Compliant companies paid $3.5M
Management
Work
Planning
2
4. How are the Threats Identified to Prepare and
Prevent a Disaster?
•Don’t just visit the site, inspect the site!
•Collaborate with your colleagues and vendor base to ID the top 10 threats
in each category.
ID regional natural threats, have a backup plan.
ID manmade threats, launch control measures.
ID technological threats, have a backup plan.
•Is lack of compliance with OSHA and ADA a threat? Yes!
•Is lack of Preventive & Predictive Maintenance a threat? Yes, just wait until
Friday afternoon or Saturday evening.
•Prepare a plan based on the above, implement controls , inspect and test!
5. Continuity Planning and Response Move in a Cycle
Assess
Normal
Business Operations
Security
Fire Flood
Resume Regulatory Respond
Terrorism Pandemic
Storm ???
Recover Manage
6. Develop A Disaster Preparation, Response and
Recovery Plan
•How So? Start by Identifying the Threats, their Probability and their
Impacts to the Organization. How can the threats be controlled.
•What are the threats?
Natural
Manmade
Technological
•Lack of preparation and a plan can threaten your career!
•Lack of preparation and a plan is a call for the lawyers!
8. Business Preparedness Involves
Five Important Steps
1. Develop a Program (for what you will do
in an emergency)
2. Have Back-ups (for critical people,
equipments and supplies)
3. Practice Your Plan (at least once each
year)
4. Be Informed (about what might happen)
5. Get Involved (in preparing with your
community)
9. You Need Six Essential Tools in Your
Preparedness Program
1. Severe Weather Alerts
2. Emergency Notification System
3. Incident Management Program
4. ePlan Documentation
5. Situational Awareness Monitoring
6. Personal Preparedness/Resiliency
10. Weather Disasters at Highest Levels Ever Recorded
Billions
Source: NOAA
Total economic damage = $52B, Most $1B+ Disaster Ever
11. #1 – Essential Tool
Severe Weather Services
Forecasting, Monitoring and Alerting
Tropical storm & hurricane analysis
Severe weather analysis
24/7 alerting (including “all clear”)
Domestic and International coverage
Web-based weather briefings for key personnel
24/7 access to meteorologists for additional
consultation and pre-scheduled conference calls
Consulting and Support Programs
Corporate Business Continuity & Emergency Preparedness:
consulting services and training programs
Personal Preparedness: Seminars, Webinars, and Personal
Preparedness tools
12. Capability Resident Meteorologist National Weather Service Web-based Weather Services Dedicated Weather Service
Available 24x7x365 No Yes Limited, w/Advertisements Yes
Domestic & International No No Limited Yes
All Weather Services – Severe, Yes
Yes No No
Tropical, Marine
Customized Alerts & Forecasts Yes No No Yes
Any Time, Live Help Limited No No Yes
Meteorologist Needed On-Site Possible No No Yes
Imbedded “Calls to Action” Yes No No Yes
Integrated Business Continuity Yes
No No No
Services
Certified Crisis Experts On-call Limited No No Yes
Branded, Direct Access Website Possible Yes No Yes
All-Hazards Data Feeds/Alerting No No No Yes
“Single Pane of Glass” No No No Yes
All Clear Notices Limited No No Yes
Video Production Studio No No No Yes
Crisis Webconferences Possible No No Yes
Daily Branded Weather Videos No No No Yes
Site-specific, All-Hazard Trigger Yes
Possible No No
Reports
Best Practice Web & Seminars No No No Yes
Delivery to Any Device Yes No No Yes
13. #2 – Essential Tool
Emergency Notification System
“Manually dialed telephone call trees are no longer acceptable for emergency notification. Effective
incident management requires automation to ensure business continuity.” -Gartner, Inc.
14. #3 – Essential Tool
Incident Management Program
Incident
Detected Incident Management Team
(IMT) Member Aware
Incident Commander (IC)
Site Back to *Division VP
Normal *Manager of Administration
Notified
No
Minor Major
< 8 hrs > 8 hrs
Standard
Initial Incident IMT
Operating
Assessment Assembled
Procedures
Incident
Briefing
Impact
Assessment
Yes < 8 hrs
> 8 hrs
Incident
Assessment
Resume
Normal
Operations
Incident
Yes Objectives No
Need to Critique IMT - Develop IAP
Update Plan Response - SITREP
Plan
No
Maintenance
Report to
and Update Alternate
Executive Recovery
Demobilization Operating
Oversight Yes Procedures
Procedures
Committee
End
Site Back to
*Foreseen Events Normal
15. #4 – Essential Tool
ePlan Documentation
• Repository for all IM, BC, ER and DR plans
• Component of comprehensive Business Continuity effort
• Modules for both planning and incident management
• Linked with emergency notification system
• NIMS Compliant
16. #5 – Essential Tool
Situational Awareness Monitoring
– Crisis management is moving from offices or command rooms to sophisticated mobile and online environments…
– Breaking threats in dozens of risk categories now delivered as targeted alerts, anytime, anywhere…
17. #6 – Essential Tool
Personal Preparedness
Most individuals, and thus their employers, are unprepared
for a disaster
Source: American Red Cross
“Only 7% of Americans have taken the
necessary steps to prepare for disasters”
18. #6 – Essential Tool
Personal Preparedness
Most individuals, and thus their employers, are
unprepared for a disaster
“75% of company plans do not support employee resiliency”
Source: Forrester Research
20. You Need To Be Prepared for Many Reasons
• Protection (people, reputation, resources)
• Legal (regulatory compliance, litigation)
• Financial (more revenue, reduced costs)
• Decision-making (one source, more confidence)
• Good Business (stakeholders, market share)
21. Contingency Planning in
Many Areas is Highly
Regulated
• Required to have an “all
hazards” plan
• Weather is leading hazard
causing business interruption
• Plan must follow a Standard
• All standards include
preparedness of the
workforce that the plan relies
upon before, during and after
a continuity event
• PS-Prep will translate that
requirement to any private
sector company
22. PS-Prep will Impact Every Private Sector Company
Title IX, PL 110-53 (Private Sector Preparedness Act)
• Outgrowth of 9/11 Commission Report
• Independent certification of private sector emergency preparedness (including
disaster/emergency management & business continuity)
• Administer outside government by third parties
• Give special consideration to small businesses (15 USC 632)
• Based on standards (3 already approved)
• FEMA Administrator is responsible
• DHS is encouraging multiple standards
• Initial certifications will be “conformity or non-conformity” based
• Process slowed by change of administrations
• Integrate, recognize & credit existing industry efforts, standards,
best practices and reporting
23. Should Vendors Comply with PS-Prep?
•If business units are prepared, their supply chain should be equally
prepared.
•A resilient supply chain is prepared for natural disasters, business
interruptions and terrorism.
•Preparedness guarantees quality products with on-time deliveries to
business units.
•You can’t do business with an empty wagon.
•The purpose of PS-Prep is to enhance nationwide resilience against
all hazards and to support business preparedness.
24. Some Benefits of Preparedness May Not be Obvious
Minimizing Impact of
Business Disruptions
Insurance Supply Chain Resiliency
Benefits
Rating Agency
Corporate Governance
Acknowledgement
Mitigating Reputational and other
Legal Liability Benefits
Post-Event
Greater Preparedness
Greater Preparedness
25. 90% of Requirements Are
Common in All Standards
1. Policy statement
2. Management commitment
3. Risk identification, assessment &
analysis
4. Protect proprietary & confidential
information
5. Incident management procedures &
controls
6. Data control & backup (documents &
information)
7. Continuity of critical operations
8. Exercises & testing
9. Independent audits
26. Plan, Do, Check, Act First (or Next) Steps to Take to
Mitigate Your Risks
1. Assess your current level of emergency
preparedness against industry best practices
(report & gap analysis)
2. Select a standard to use (e.g. FFEIC, OCC, ASIS,
etc)
3. Supplement and/or improve your existing
preparedness processes, plans & activities to
meet intent of desired standard(s)
4. Contract with accredited certification body for
formal assessment and certification
5. Conduct on-going surveillance and continual
improvement processes
27. Someone Will Ask for Your Business Preparedness Plan
• Regulatory Auditors
• Customers
• Strategic Partners
• Suppliers & Vendors
• Fire & Law Enforcement
28. Preparedness Increases Revenue and Reduces Costs
• Oxford University study
• Everyone loses value after crisis
• Effective crisis response recovers
quicker
• 22% higher market cap 8 months after
crisis
• Cost of downtime = $84,000 -$90,000
per hour
29. Q&A
Have questions??
CONTACT
Mike Thomson Anthony Pizzitola
Manager, Client Services & Business Continuity Programs Facilities & Disaster Recovery Manager
ImpactReady @ ImpactWeather, Inc. Goode Company
877-792-3220 713-667-9001
mthomson@impactweather.com apizzitola@goodecompany.com