Two separate tracks: Crisis Management Business Continuity

Business Continuity & Crisis Management Track Members (in person attendance) Crisis Management –Randy DiGirolamo – FedEx –Bob Smola – John Deere –Steve Kay – GE –Bob Weronik – GE Business Continuity –Karen Juhl – Boeing –Craig Babcock – P&G –Mike Steckel - Genentech

Simple terms Prevent –Mitigate –Protect Prepare Respond –Detect Recover

Crisis Management core practices Scope & authority Crisis management team organization Incident detection, assessment, & monitoring Activating crisis management process –Thresholds for reporting Command & control Resource allocation Communication –Internal –External Escalation –Local team to corporate team Deactivating crisis management process –Definition of satisfying need –Standard process and identified personnel responsible for deeming closure. Continuous improvement –After action reviews –Training & exercise

Business Continuity best practices Business continuity policy –Scope: plans go to recovery and make a note regarding resumption –Organization Business Impact Analysis (Criticality assessment) Risk assessment (covered under another track) Business Continuity strategy –Risk mitigation –Risk transfer –Risk acceptance Competence, training, & awareness

Business Continuity best practices (cont.) Business Continuity plans –Emergency Life, property, & asset protection –Information Technology Hardware Software Data management –Business Suppliers Internal dependencies Buildings Logistics Etc. Plan test/exercise & maintain –Periodic frequency as dictated by company management & risk –Recommend annually for emergency plans Results reporting: Assess & validate