Managing C3 Risks During Disaster Recovery Operations
1. Managing C 3 Risks During
Disaster Recovery Operations
Shane Molinari, MSc, CISSP, PMP, ITSM, SSMBB
Principal, BCM Professionals
2. Scope
✤ Relationships between operational DR unity of command
✤ Sustainable communications and information management
✤ Managing operational stressors
4. Problem & Impact Statement
✤ Lack of detailed governance and processes hamstrings C 3
✤ Diminished communications between operations staff and
stakeholders means rework and significant cost overruns
✤ Inability to recognize precipitous distress events increases risk
of DR related sickness, injuries, and LOD death
6. Solution: What To Do
Value
Delivery
Resource
Strategic
Managemen
Alignment
t
C3 Performanc
Risk
Managemen
Governance e
Managemen
t
t
7. Solution: How To Do It
STANDARDS & BEST PRACTICES
RESOLVE DEVELOP ENSURE
DOCUMENT
WEAK MITIGATION SUSTAINABILITY
CURRENT STATE
AREAS STRATEGIES & COMPLIANCE
TRAINING & AUDIT
11. Contact Info
BCMPros.com
info@BCMProfessionals.com
888 - 587 - 4769
Editor's Notes
\n
Fundamentally speaking, channels of communication internal to the organization should be the same regardless of normal or emergency operations. The same approach should be leveraged when driving communications external to the media and general public. \n\nEqually important, information management and interoperability should be \nreliable in virtually any type of incident regardless of cause, size, location, or complexity\navailable for management to govern and operate during emergency operations, and \nmaintainable in the sense of the respective information’s validity and authenticity\n
The goal of this presentation is to ensure organizational leadership has information that will aid them in recovering more effectively and efficient\n\nThe objective is to provide a knowledge share and demonstrate a quality source of intelligence\n\nEqually, there are assumptions regarding the audience in that they represent their organizations as operations managers, emergency management, and executive leadership\n
Due to lack of formal communication processes or training standardized processes; instead, there are ad hoc approaches that tend to be applied on an individual or case-by-case basis. The overall approach to management is disorganized.\n\nProcesses have developed to the stage where similar procedures are followed by different people undertaking the same task. There is no formal training or communication of standard procedures, and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals and, therefore, errors are likely.\n\nEstablish and maintain an optimal co-ordination, communication and liaison structure between the IT function and various other interests inside and outside the IT function, such as the board, executives, business units, individual users, suppliers, security officers, risk managers, the corporate compliance group, outsourcers and offsite management.\n
Balanced control over the assessment process and risk management that satisfies the business requirement for communications and their potential impact on business processes and goals. \n\nAccomplished first by focusing on development of a risk management framework that is integrated in business and operational risk management frameworks, risk assessment, risk mitigation and the communication of residual risk \n\nThis is achieved by\n• Ensuring that risk management is fully embedded in management processes, internally and externally, and consistently applied\n• Performing risk assessments\n• Recommending and communicating risk remediation action plans and is ultimately measured by\n• Percent of critical IT objectives covered by risk assessment\n• Percent of identified critical IT risks with action plans developed\n• Percent of risk management action plans approved for implementation\n
Balanced control over the assessment process and risk management that satisfies the business requirement for communications and their potential impact on business processes and goals. \n\nAccomplished first by focusing on development of a risk management framework that is integrated in business and operational risk management frameworks, risk assessment, risk mitigation and the communication of residual risk \n\nThis is achieved by\n• Ensuring that risk management is fully embedded in management processes, internally and externally, and consistently applied\n• Performing risk assessments\n• Recommending and communicating risk remediation action plans and is ultimately measured by\n• Percent of critical IT objectives covered by risk assessment\n• Percent of identified critical IT risks with action plans developed\n• Percent of risk management action plans approved for implementation\n
This statement could be tailored to the audience… service disabled vet ownership is appealing to some audiences while other ‘attention grabbers’ could be more effective for other audiences. \n