Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mitigation Strategies

Published byMadlyn Barrett Modified over 6 years ago

Similar presentations

Presentation on theme: "Mitigation Strategies"— Presentation transcript:

1 Mitigation Strategies
This is last modules. Steve Elliot President & CEO Elliot Consulting, LLC

2 Warren Buffett Things can change due to the factors out of direct control. This applies to a company’s suppliers and vendors.

3 Threats & Hazards Threat - A man-made or natural situation or condition that can cause disruption to an organization’s operations or services Hazard - A dangerous phenomenon, substance, human activity or condition that may cause loss of life, injury or other health impacts, property damage, loss of livelihoods and services - Threats can result in hazards. - Hazards are caused by humans.

4 Vulnerabilities & Risk
Vulnerability - Degree to which an organization is exposed to the actions or effects of a risk, event or other occurrence Risk - A possible event that could cause harm or loss, or affect the ability to achieve objectives. Risk is measured by the probability of a threat, the vulnerability of the asset to that threat, and the impact it would have if it occurred. Risk score = Probability (Likelihood) x Impact Vulnerability – The degree of damage or potential damage. Risk – The measurable probability of an event. A Risk Score can be developed to help quantify the potential impact.

5 Hazards & Vulnerabilities - Causes
Natural Earthquakes Tornado/Wind Hurricanes Floods Volcanoes Rain/Snow/Ice Storms Wildfires Political Strikes Riots Civil Disorder Bomb Threat Biological Threat Nuclear Threat Acts of War Human Workplace Violence Sexual Harassment Fraud/Embezzlement Terrorism Sabotage Technological Software Outage Data Loss/Corrupt Hardware Outage HVAC Network Outage Machinery Failure Power Outage Security Privacy Viruses/Ransomware Data Theft Denial of Service Attacks Counterfeiters Accidents Human Error Fire/Explosion Water Damage Building Collapse Environmental Loss Of: Executives Key Staff Subject Matter Expert Emerging Threats Pandemics Drought PR Incidents Product Liability Cloud Computing Cyber Security This matrix outlines things or events that can potentially damage a business. Some can be more impactful than others. Some are manmade and other are natural occurrences.

6 Potential Effects Loss of Challenge and Confirm your Assumptions
the Physical Facilities Loss of the Information and Systems the Critical Business Operations the People Contingency Plan should be built around these Potential Effects. Plans are built on assumptions. Contingency Plans cannot be built for all hazards and vulnerabilities. Plans can be tweaked based on experiences. Challenge and Confirm your Assumptions

7 What Should We Do? - Many companies don’t have a plan.

8 2 Approaches to Address Risks
Continuity Planning Disaster Recovery Proactive Process Enterprise-wide Strategic Plan Business and People Reactive Process IT / Facilities-Focus Break-Fix Plan Things and Recovery Time There are two approaches to addressing risk: * Continuity Planning: Strategic and proactive; * Disaster Recovery: Reactive - Both are needed and should come together in the overall plan.

9 Risk Assessment This table was developed by Elliot Consulting based on experience and data from other similar tables. The probabilities come from history. These are the things that could go wrong. They represent single points of failure. Others can be added based on individual company geography and business. The Business Impact Analysis (BIA) is the key element. Ed Maurer from Suncoast Safety Council recommends regular review, not just annually.

10 Mitigate Risks Four main ways that you can mitigate risks: Avoidance
Transfer Acceptance Reduction Avoidance can include an alternate location. The business operation can be diversified. Outsourcing allows for transference of some of the business operation to 3rd parties.

11 Risk Avoidance Relocate your facility
Divide operations between multiple sites Eliminate a risk process Stop working with hazardous materials Geographic diversity of business operation and personnel accommodates risk avoidance. Off site data centers and cloud services can help mitigate risk. Examine all business operations to identify potential risks.

12 Transfer Risks Buy insurance / review coverages
Outsource the risk to 3rd party suppliers Sell off a division or product Business interruption insurance is available to help cover losses. Moving risky elements of the business out of the operation should be examined. Identify potential outsourcing partners.

13 Acceptance of Risks Decision to do nothing about a potential risk
Accept the risk probabilities and impact Management is willing to roll the dice Cost/Benefit Analysis shows the impact cost is less than the mitigation cost Probability is so low that investing in a long-term mitigation strategy isn’t necessary By deciding to NOT put into place mitigation strategies (i.e., do nothing), the company accepts the consequences associated with this decision. The cost should weigh of the cost of the mitigation strategy against the potential benefit it would receive. Can the company withstand/survive the event?

14 Reduction of Risks Split production between multiple sites
Supplier Diversity (Workload /geography) Physical Mitigation (Hardening Facility) Alternative Access (Work Remotely) Supplier and operational diversity may also include a hot site. An alternate way of the performing the work should be developed. Ongoing testing of the alternatives should be a requirement. The alternative doesn’t always have to perform as well as the primary. Sometimes an alternative worksite does not provide the best solution. Work from home may not be feasible if the power is lost or the home is damaged. Options such as hotels (Marriott) are available as alterative worksites.

15 Local Hazard Mitigation Planning
Gail Moraton suggested that both Hillsborough County and City of Tampa have good plans available for review. The Local Hazard Mitigaiton Planning Fact Sheet will be posted on the chapter website.

16 Document Your Decisions
Hazards & Vulnerabilities Probability Impact Score Level of Risk Revenue Risk Strategy Options? Winter Storms / Snow / Ice 4 3.7 14.7 Very High A, R Tropical Storm / Hurricane 3 4.7 14.0 IT - Hardware Outage(Servers, Printers, etc.) 4.3 13.0 High T Loss of Key Staff 11.0 Ac IT - Critical Application(s) Outage 3.3 10.0 Medium IT - Network Outage (Data) Economic Recession Tornado 2 9.3 T, R Building Fire / Explosion / Bomb Threat Power / Utility Failure & Resulting Damage 2.5 8.3 R The figures listed in the table are subjective. The Hazards and Vulnerabilities can be grouped together, based on the geography and business. Example: River next to the building is a hazard; Flooding of the river is a threat. The Probability, Impact and Score can vary by department or group. Risk Strategy: A = Accept; R = Reduce; T – Transfer. Options: Things the company has chosen to do. Discussions with senior management are paramount. Documenting these discussions and the resulting decisions is even more important. It outlines what was agreed to by all parties. Never stop discussing and planning.

17 Steve Elliot, President & CEO Elliot Consulting, LLC Most software packages don’t provide a way to develop mitigation strategies. Mitigation strategies should be developed for each company site. This also applies to your critical vendors. The World Economic Forum publishes an Annual Global Risk Report.

Download ppt "Mitigation Strategies"

Similar presentations

IT Service Continuity Management

IT Service Continuity Management
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Disaster Planning in Legal Services Disaster Planning in Legal Services June 15, 2007 www.lsntap.org.

Disaster Planning in Legal Services Disaster Planning in Legal Services June 15,
Writing an Environmental Health Emergency Response Plan Advanced Practice Center Roadshow August 11-12, 2009 Albuquerque, New Mexico Brian R. Golob, CHMM,REHS.

Writing an Environmental Health Emergency Response Plan Advanced Practice Center Roadshow August 11-12, 2009 Albuquerque, New Mexico Brian R. Golob, CHMM,REHS.
Practical Preparations Planning for Safety and Emergencies.

Practical Preparations Planning for Safety and Emergencies.
Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.

Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.
Department Emergency Planning

Department Emergency Planning
What do you do when the lights go out? – The value of forward planning for disaster recovery and business continuity. ATEM New Zealand Conference - July.

What do you do when the lights go out? – The value of forward planning for disaster recovery and business continuity. ATEM New Zealand Conference - July.
State of Kuwait 3rd Intl Fire & Safety Conference & Expo 4-6 March 2014 Emergency and Contingency Planning www.kfsd.gov.kw - O.Hernandez1.

State of Kuwait 3rd Intl Fire & Safety Conference & Expo 4-6 March 2014 Emergency and Contingency Planning - O.Hernandez1.
OVERCOMING CHALLENGES IN EMERGENCY MANAGEMENT NAWIC May 2013.

OVERCOMING CHALLENGES IN EMERGENCY MANAGEMENT NAWIC May 2013.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Risks and Uncertainties in International Business

Risks and Uncertainties in International Business
Chapter 8: Disaster Management

Chapter 8: Disaster Management
Continuity Planning & Disaster Recovery ( BRPASW Workshop)

Continuity Planning & Disaster Recovery ( BRPASW Workshop)
ENP Study Group Disaster Planning Session #6 BROUGHT TO YOU BY: THE FLORIDA NENA EDUCATION COMMITTEE.

ENP Study Group Disaster Planning Session #6 BROUGHT TO YOU BY: THE FLORIDA NENA EDUCATION COMMITTEE.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.

Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Chapter 34 risk management Section 34.1 Business Risk Management

Chapter 34 risk management Section 34.1 Business Risk Management
Preparing for Disasters General Liability. Introduction  The one coverage that provides you and your business the most protection is General Liability.

Preparing for Disasters General Liability. Introduction  The one coverage that provides you and your business the most protection is General Liability.
Chapter 12 Project Risk Management

Chapter 12 Project Risk Management
Read to Learn Discuss risk and risk management. Describe different types of risk.

Read to Learn Discuss risk and risk management. Describe different types of risk.

Similar presentations

Ads by Google