1. Comprehensive Emergency Management Presented by Steve Davis Principal, DavisLogic & All Hands ConsultingDavisLogicAll Hands Consulting

2. “Stuff” Happens How do we manage the next emergency?

3. Are We Ready For Anything? Eighty-one per cent of CEOs say that their company's plans were inadequate to handle the myriad of issues arising from the World Trade Center tragedy

4. Worst Case Scenario “Plan for the worst possible event and then deescalate your strategies and procedures based on the impact of the threat.” - Mark Weimerskirch, Emergency Management Coordinator General Motors Global Headquarters June 1, 2000

5. What is a Comprehensive Emergency Management Program (CEMP)? Emergency Management is the process of mitigating threats and preparing for, responding to, and recovering from an emergency. CEMP planning is only one component. Mitigation, training, conducting drills, testing, and coordination are all equally important activities.

6. Emergency Planning Concepts Incident Command System (ICS/SEMS) All Hazards Addressed All-inclusive – Everyone Participates Emergency Response Coordination Effective Crisis Communication Training for Responders and Employees Disaster Recovery Communication and Information Sharing

7. What Does Comprehensive Emergency Management Include?

8. Comprehensive Emergency Management Contingency PlanningDisaster Recovery SecurityBusiness Continuity/Recovery Crisis Management Centers

9. CEMP Plan Components CEMP Mitigation Disaster Recovery Business Continuity Business Resumption Contingency Planning Objective Prevent or Reduce Impact Critical Computer Apps Critical Business Processes Process Restoration Process Workaround Focus Prevention Data Recovery Process Recovery Return to Normal Make Do Example Event Flood Proofing Mainframe or server failure Laboratory Flood Building Fire Loss of Application Solution Check Valve Hot Site Recovery Dry Out & Restart New Equip. New Bldg. Use Manual Process

10. Planning Process Assess - identify and triage all threats (BIA) Evaluate - assess likelihood and impact of each threat Mitigate - identify actions that may eliminate risks in advance Prepare – plan for contingent operations Respond – take actions necessary to minimize the impact of risks that materialize Recover – return to normal as soon as possible

11. Building a CEMP Plan

12. Business Impact Assessment  Identify critical systems, processes and functions;  Establish an estimate of the maximum tolerable downtime (MTD) for each business process;  Assess the impact of incidents that result in a denial of access to systems, services or processes; and,  Determine the priorities and processes for recovery of critical business processes.

13. BIA Review Factors  All Hazards Analysis  Likelihood of Occurrence  Impact of Outage on Operations  System Interdependence  Revenue Risk  Personnel and Liability Risks

14. Risk Analysis Matrix Probability of Likelihood Severity of Consequence High Medium Low MediumHigh Area of Major Concern

16. Review External Dependencies Infrastructure Dependence (power, telecom, etc.) System Up Time (computing, data,networks, etc.)

17. Develop Scenarios How bad will the “big one” be? Loss of Lifelines? Supply Chain Disruptions? Civil unrest? Develop various scenarios and pick which ones to plan for.

18. Developing Strategies 1. Understand alternatives and their advantages, disadvantages, and cost ranges, including mitigation and mutual aid as recovery strategies. 2. Identify viable recovery strategies with business functional areas. 3. Consolidate strategies. 4. Identify off-site storage requirements and alternative facilities. 5. Develop business unit consensus. 6. Present strategies to management to obtain commitment.

19. Contingency Planning Process Phases  Assessment - organizing the team, defining the scope, prioritizing the risks, developing failure scenarios  Planning - building contingency plans, identifying trigger events, testing plans, and training staff  Plan Execution - based on a trigger event, implementing the plan (either preemptively or reactively)  Recovery - disengaging from contingent operations mode and restarting primary processes of normal operations by moving from contingency operations to a permanent solution as soon as possible.

20. It’s Not Enough Just to Plan Use focus groups and brainstorming Seek “what can go wrong” Find alternate plans & manual work arounds Find innovative solutions to risks Plans must be exercised Hold table top exercises for disasters Conduct “fire drills” of plans Train staff for action during emergencies

21. Emergency Management Work with local and regional disaster agencies and business associations Assess special problems with disasters Loss of lifelines Emergency response Review and revise existing disaster plans Look for new areas for disaster plans Include Disaster Recovery Planning

22. Using the Incident Command Structure

23. Background The Incident Command System in use today is an outgrowth of California’s FIRESCOPE program developed in the 1970s to improve management of large wildfires. It was designed to provide a commonly accepted management structure that would result in better decisions and more effective use of available resources. It was specifically designed for incidents that involve many local, state, and federal agencies and multiple political jurisdictions.

24. ICS Features Standard Organization Incident Facilities Incident Action Plan Span Of Control Unity of Command Common Responsibilities

25. Common ICS Terminology Organizational Functions: Operations, Intelligence, Logistics, and Finance. Functions pre-designated and named for the ICS. Resources: Refers to the combination of personnel and equipment used in response and recovery. Facilities: Common identifiers used for those facilities in and around the incident area which will be used during the course of the incident. These facilities include the command center, staging areas, etc.

26. Modular Organization ICS's organizational structure is modular. As the need arises, functional areas may be developed. Several branches may be established. Structure based upon the needs of the incident. One individual can simultaneously manage all major functional areas in some cases. If more areas require independent management, someone must be responsible for that area.

27. Typical EOC Organization Emergency Response and Recovery Teams

28. Cisco’s EOC Based on the Incident Command System

29. Incident Commander In Charge At The Incident Assigned By Responsible Jurisdiction Or Agency May Have One Or More Deputy Incident Commanders May Assign Personnel For Command Staff & General Staff

30. EOC Manager Manages the EOC - not the incident Makes sure everything is working Maintains a safe environment Optimizes efficiency Facilitates and coordinates Solves problems

31. EOC Staff Members  Check-in with the EOC Manager.  Review the situation report (sit reps) and incident logs.  Make sure that your name is listed on the current EOC organization chart.  Review the staff Operating Guide (SOG) and set up your work station.  Start an incident log which details your actions (chronologically.)

32. Ready to Roll?

33. Keys to Success Vulnerabilities Clearly Identified Comprehensive Plan in Place Plan Understood, Communicated and Updated Tested quarterly Adequately funded

34. Management Strategies Lead a top-notch team Update risk/threat assessments Assess all hazards and risks Complete and test contingency plans Design a robust Command Center Drill the Command Center Implement a system for command, control, communication, and intelligence

35. The Challenge of Coordination

36. Event Information Tracking 1. Stakeholder notices possible disruption 2. Alert message sent to the Command Center 3. Alert message evaluated by response managers 4. Incident Log opened to track each event 5. SOPs implemented using checklists 6. Tasks assigned according to plan 7. Resource allocation tracked in log 8. Task performance tracked in log 9. Status briefings and updates to stakeholders

37. External Your Organization Command Center Organization Emergency Response Teams Post to Operations Log Task Assigned Executive Briefing Incident Response Mgm’t Plan Response Tasking Task Tracking Stake- holders Public Public Relations Executive Group Contingency Plan Activated SOP Checklist Activated Procedures Implemented Teams Deployed Personnel Resources Assigned Resources Performance Tracked Incident Established Emergency Input Command Center Information Flow EmployeeCustomerContractorCall CenterERT State/Fed Govt. Local Govt. Supplier Other Businesses Vendor

38. The Ideal Information System  Easy to use and robust information and decision management system  Central command and control  Early alert communications function  Event tracking and logging  SOP and automated check lists  Resource management  Documentation of response actions for due diligence

39. Elements of a Good Plan Prevention, Response, Recovery, Remediation, Restoration Top Priorities addressed first

40. Elements of a Good Plan Action Plan responsibilities clearly defined Communication alternatives are considered Redundancies are in place

41. Elements of a Good Plan Product sources are identified Personnel sources are identified

42. For More Information Contact: Steve Davis, Principal DavisLogic & All Hands Steve@DavisLogic.com DavisLogic.com AllHandsConsulting.com