Presentation is loading. Please wait.

Presentation is loading. Please wait.

TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer."— Presentation transcript:

1 TEL382 Wallace Chapter 2

2 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer 2: Facility-Wide Risk Layer 3: Data Systems Risk Layer 4: Departmental Risks Layer 5: Your Desk’s Risk Severity of a Risk Who Can You Call for Risk Assessment Information? Making the Assessment

3 11/3/09 3 Introduction Heart of BCP is thorough analysis of events from which you may need to recover Risk: potential of a disaster occurring Disaster: any event that disrupts a critical business function Business Interruption: something that disrupts the normal flow of business operations

4 11/3/09 4 Building a Risk Analysis Risk Analysis: process of identifying probable threats to a business Risk Assessment (Business Impact Analysis): compares risk analysis to controls in place today Recommended Approach –Assemble BCP Team and Perform Layers 1, 2, and 3 Together Statement of “Essential” Business Functions –Manufacturing, Sales, Payroll, etc. –Examples: Factory, Call Center, Public Utility

5 11/3/09 5 Scope of Risk Determined by Potential Damage, Cost of Downtime, Cost of Lost Opportunity Cost of Downtime Includes: –Tangible: Lost Productivity, Lost Revenue, Legal Costs, Late Fees/Penalties, etc. –Intangible: Damaged Reputation, Lost Opportunities, Employee Turnover, etc.

6 11/3/09 6 The Five Layers of Risk Layer 1: External Risks Layer 2: Facility-Wide Risk Layer 3: Data Systems Risk Layer 4: Departmental Risks Layer 5: Your Desk’s Risk

7 11/3/09 7 Layer 1: External Risks Over a Wide-Area, Affecting Facility and Surrounding Area Four Risk Categories: –Natural Disasters: Tornadoes, Earthquakes, Thunderstorms, Snow, Extreme Temps, Hurricanes, Floods, Fires, Landslides, etc. –Man-Made: Toxic Spills, Road/Bridge Outages, Railroads, Pipelines, Aviation, Harbors, Chemical Users, Dams, etc. –Civil: Riots, Labor Disputes, etc. –Suppliers: What are their risks?

8 11/3/09 8 Layer 2: Facility-Wide Risk Impacting Local Facility Five Basic Office Utilities: –Electricity –Telephones –Water –Climate Control –Data Network

9 11/3/09 9 Layer 3: Data Systems Risk Shared Resource Affecting Many Departments Identify Critical Processes Locate Single Points of Failure Beware “Grandfathered” Systems Running on Old HW/SW Data Systems Data Communications Network Telecommunications System Shared Computers and LANs

10 11/3/09 10 Layer 4: Departmental Risks Disasters Occurring Within a Department on a Daily Basis –Employee Absence, Lost Files, etc. Unusual Occurrences –Small Fire, Water, Hardware Failure, etc. Identify Key Operating Equipment Establish Inventory of Vital Records

11 11/3/09 11 Layer 5: Your Desk’s Risk Examine Every Process, Tool, Piece of Information, Required Output Most Items Already Covered In Another Layer

12 11/3/09 12 Severity of a Risk Time of Day Day of the Week Location of Risk

13 11/3/09 13 Who Can You Call for Risk Assessment Information? NOAA USGS FEMA Local Government Agencies Local Fire & Police Departments

14 11/3/09 14 Making the Assessment Use Risk Analysis Format Similar to What Done for IS Security Risk Analysis Sort to Identify Highest Value Disaster Risks

15 TEL382 Wallace Chapter 3

16 11/3/09 16 Outline Introduction Access To People Access to the Facility Service Contracts Vendor List Walk-Around Asset Inventory Software Asset List Critical Business Functions Restoration Priorities Toxic Material Storage Emergency Equipment List Trained First Responders

17 11/3/09 17 Introduction Access To People Access to the Facility Service Contracts Vendor List Walk-Around Asset Inventory Software Asset List Critical Business Functions Restoration Priorities Toxic Material Storage Emergency Equipment List Trained First Responders Until Primary Disaster Plan Comes Together Do 11 Steps Below to Provide Some Initial Protection Put This Material Together in Books and Distribute

18 11/3/09 18 Access To People Organizational Charts With Responsibilities and Contact Information

19 11/3/09 19 Access to the Facility Keys to All Doors, Cabinets, Closets, etc. –Lists, Logs –Electronic Locks Passwords for Admin Accounts on Critical Systems –Protected in Sealed Envelope

20 11/3/09 20 Service Contracts Serial Numbers of Equipment Contact Information For Service Providers Contract Number and Expiration Date Service Contract Types –24/7 –8 to 5 –Time and Materials –Exchange Place Info Cards With Equipment

21 11/3/09 21 Vendor List List of Regular Vendors Contact Info Description of What We Usually Obtain From Them This Includes Public Utilities and Public Safety

22 11/3/09 22 Walk-Around Asset Inventory Critical Assets That May Be Needed In Contingency Operations –Manufacturer’s Name, Model Number, Serial Number, Warranty Expiration Date, Location, Service Stickers, Maintenance, Calibration Information, Connected To, Feeds Into, etc. Note if any Spares Available Also Note Location of Manuals, Procedures, Supplies, etc.

23 11/3/09 23 Software Asset List List of Software on Critical Devices –Normal Applications, Operating Systems and Settings, Custom Applications, Nonstandard Drivers, Version Numbers, Original Media Location, Backup Information

24 11/3/09 24 Critical Business Functions Identify Critical Functions and Why Try to Keep List to 10 or Less

25 11/3/09 25 Restoration Priorities Prioritized List of Functions/Capabilities/Equipment to be Restored if There are Limited Resources

26 11/3/09 26 Toxic Material Storage Identity, Quantity and Location of ANY Toxic Materials on Premises Guidelines for What to Do If Encountered

27 11/3/09 27 Emergency Equipment List Locations For Shutoffs, Special Cleanup Equipment and Materials Instructions for Operation, Use

28 11/3/09 28 Trained First Responders Create Contact List –Firefighters, EMTs, Critical Skills, Other Training Check Legalities with HR Department

29 TEL382 Wallace Chapter 4

30 11/3/09 30 Outline Introduction What is a Disaster Recovery Emergency Operations Center? Emergency Operations Center Primary Functions Preparing an Emergency Operations Center Staff Responsibilities When a Disaster Strikes

31 11/3/09 31 Introduction Emergency Operations Center’s Goal is to Return To Service from Whatever the Business Emergency Was Allows Company Management to Reestablish Organizational Leadership, Allocate Resources, and Focus on Emergency Containment and Recovery. Must be Preestablished, Presupplied, and Its Location Well-Known Before It is Needed Before a Disaster – 3: –Normal Emergency Center for Small or Short Disasters –Longer Duration for More Widespread Disasters –Backup Facility When Primary is Not Usable

32 11/3/09 32 What is a Disaster Recovery Emergency Operations Center? Physical Place Where All Communications for the Recovery Effort are Focused – Should be Located As Close to Problem Site as is Safe Outward Communications: –Company Executives, General Public, Suppliers, Customers Administrative Support: –Purchasing, Public Relations, Safety, Site Security 3 Essential Functions: –Command & Control –Operational Control –Recovery Planning

33 11/3/09 33 Emergency Operations Center Primary Functions 2 Parallel Teams: –Containment – Stop Spread of Damage –Recovery – Restore Basic Level of Business Service 3 Essential Functions –Command –Control –Communications

34 11/3/09 34 Preparing an Emergency Operations Center Electricity Emergency Lighting Sanitary Facilities Medical Kits Office Furniture and Supplies PCs, Printers, Data Network Telephones Copies of BCP Maps, Floor Plans

35 11/3/09 35 Staff Responsibilities Disaster Containment Manager –Declare That Disaster Exists –Coordinate with Emergency Services –Make Initial Damage Assessment –Select Emergency Operations Center –Activate Disaster Recovery Teams –Coordinates Supplies and Resources Facility Engineering Manager –Owns Floor Plans –Arranges for Skilled Labor for Repairs –Reestablishes Safety Alarms, Emergency Lights and Utilities Others: –Purchasing, PR, HR, Security, Safety, Sales, Facilities, etc.

36 11/3/09 36 When a Disaster Strikes 3 Initial Actions: –Protect Life –Contain Damage –Communicate

37 TEL382 Wallace Chapter 5

38 11/3/09 38 Outline Introduction Lay The Groundwork Departmental Plans Recovery Planning Considerations

39 11/3/09 39 Introduction Writing Steps: –Lay The Groundwork –Departmental Plans –Recovery Planning Considerations

40 11/3/09 40 Lay The Groundwork Use Consistent Format What Processes Need a Plan –Every Critical Business Function Who Will Execute How Obvious Is Problem How Much Warning How Long to Continue Until Help Arrives How Soon Must Processes be Restored Are There Any Manual Workarounds

41 11/3/09 41 Departmental Plans 3 Major Components: –Immediate Actions –Detailed Containment Actions –Recovery Actions Inputs: –Asset List –Critical Process Impact Matrix –Risk Assessment –Process Restoration Priority List

42 11/3/09 42 Recovery Planning Considerations Planning Continuity of Leadership Insurance Recovery Operations

Download ppt "TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Practical Preparations Planning for Safety and Emergencies.

Practical Preparations Planning for Safety and Emergencies.
Why Plan Ahead? Limit Susceptibility Limit Risk Contain Material Loss Contain Human Impact Limit Down-Time Ensure Longevity FEMA Fact: 80% of businesses.

Why Plan Ahead? Limit Susceptibility Limit Risk Contain Material Loss Contain Human Impact Limit Down-Time Ensure Longevity FEMA Fact: 80% of businesses.
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,

Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
DENR Disaster Response Center Purpose Purpose Activation Activation Operation and Responsibilities Operation and Responsibilities Phases of Response Phases.

DENR Disaster Response Center Purpose Purpose Activation Activation Operation and Responsibilities Operation and Responsibilities Phases of Response Phases.
OVERCOMING CHALLENGES IN EMERGENCY MANAGEMENT NAWIC May 2013.

OVERCOMING CHALLENGES IN EMERGENCY MANAGEMENT NAWIC May 2013.
Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,

Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,
Join the conference call by dialing the conference number in your Invitation or Reminder Emails. Please put your phone on mute. Please stand by! The webinar.

Join the conference call by dialing the conference number in your Invitation or Reminder s. Please put your phone on mute. Please stand by! The webinar.
Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.

Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
MIDWEST WATER ANALYSTS ASSOCIATION JANUARY 30, 2015 EMERGENCY ACTION PLANS 1.

MIDWEST WATER ANALYSTS ASSOCIATION JANUARY 30, 2015 EMERGENCY ACTION PLANS 1.
Session 131 Hazard Mapping and Modeling Supporting Emergency Response Operations using GIS and Modeling.

Session 131 Hazard Mapping and Modeling Supporting Emergency Response Operations using GIS and Modeling.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Network security policy: best practices

Network security policy: best practices
Chapter 8: Disaster Management

Chapter 8: Disaster Management
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Similar presentations

Ads by Google