Presentation is loading. Please wait.

Presentation is loading. Please wait.

FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Incident Management An Exchange of Practices and Experiences 2008 Annual Meeting – Sonoma California.

Published byCecily West Modified over 9 years ago

Similar presentations

Presentation on theme: "FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Incident Management An Exchange of Practices and Experiences 2008 Annual Meeting – Sonoma California."— Presentation transcript:

1 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Incident Management An Exchange of Practices and Experiences 2008 Annual Meeting – Sonoma California June 18, 2008 8:15 to 10:15 Andrew McCruden, Citigroup Randall Till, MasterCard Worldwide

2 2 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Agenda I. Opening comments II. Methodologies for managing incidents III. Building and managing external relationships IV. Conducting effective exercises of incident mgmt plans V. Communication strategies and case studies/experiences VI. Wrap-up

3 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Methodologies for Managing Incidents Incident Command Systems (ICS)

4 4 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Why Incident Command System (ICS)? Global events (e.g. Pandemic) Promote emergency management plan Management awareness Reputation and shareholder value US Presidential Directive (PD #5) - mandatory for: – A US federal agencies for federal funding – US State governments – All hazardous material incidents – US law enforcement, government, and the military

5 5 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM What is Incident Command System (ICS)? It is modular and scalable – only use teams that you need Provides for consistent and reliable communications using common terminology Ensures coordinated response among teams and locations (horizontal & vertical) – Especially helpful for companies with multiple locations Employs standard and proven practices ICS is a well organized team approach for managing critical incidents Source: Emergency Management & Safety Solutions

6 6 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM ICS Organizational Structure Command (manages) Operations (does) Logistics (care/gets) Planning & Intelligence (plans) Financial (pays/records)

7 7 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM ICS Team Types IAT = Initial Assessment Team Team for Small Regional Offices and sub-team of the CIRT/LIRT LIRT = Local Incident Response Team Regional Headquarters and Select Offices CIRT = Corporate Incident Response Team Corporate Headquarters ONLY

8 8 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM IAT Members

9 9 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM CIRT/LIRT Members

10 10 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM ICS Structure (example) Asia Pacific LIRT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Corporate HQ CIRT Middle East & Africa LIRT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT Country IAT

11 11 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM CIRT – Corporate Headquarters ICS Escalation Flow EVENT First Response process STO P Normal operating procedures ? Yes No IAT only - Regional Offices IAT activated Assess (use Initial Assessment Form) Incident Commander:  IC notifies Regional LIRT Incident Commander LIRT – Regional HQs & Select Offices Yes Security (if any), Incident Commander & Business Continuity discusses IAT Activation? No Activate LIRT? (appropriate components) IAT activated Assess (use Initial Assessment Form) IAT continues monitoring Yes No LIRT activated  Conduct Action Planning Process  IC notifies local Executive Management  IC notifies CIRT Incident Commander Activate CIRT? (appropriate components) CIRT activated Conduct Action Planning Process IC notifies the Policy Committee IAT continues monitoring Yes No Notify GSCC Global Security Control Center (GSCC) Process Security, Incident Commander & Business Continuity discusses IAT Activation and Cross Office Notification? No Cross Office Notification Process IAT activated Assess (use Initial Assessment Form) Cross Office Notification Process Yes Cross Office Notification Process Monitoring Continues

12 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org External Relationships

13 13 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Building and Managing External Relationships – Taking Incident Management “Beyond Your Four Walls” The major events of this decade support the premise that an organization’s incident management planning should be externally as well as internally focused. Pre-Event Coordination Strategies with:  Financial Services Firms and Industry Associations  Key Suppliers  Public Sector – Governmental and Non Governmental Organizations  Regulators Discuss as a group what’s working, where more attention is needed, and what’s being done to close the gaps.

14 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Conducting Effective Exercises of Emergency Management Plans

15 15 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Integration of ICS with existing Business Continuity Program Business Recovery and Technical Recovery activation – Planning & Intelligence on CIRT/LIRT – Problem Resolution Team (PRT) process Business Recovery Plan – Activation Flow Pandemic planning scenario Business Continuity Manuals ICS is an integral part of the Business Continuity Program

16 16 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM ICS Process Event occurs beyond normal operations Initial Assessment Team (IAT) meets to determine impacts, incident level, and necessity of LIRT activation LIRT activated -- Incident Commander (IC) and Group Leaders hold action planning meeting to determine objectives and operational period (OP) Group Leaders share objectives on Action Plan and functional areas begin work LIRT members of the functional areas complete Action Plan Objectives and provide status to Group Leader Incident Commander and Group Leaders meet to share status and if needed determine new objectives and new operational period

17 17 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM IAT Assessment Assess impacts of the incident Determine incident level Based on incident level, take appropriate action Offices with IAT only, continue to address the event Incident Levels: Level 1: Compartmentalized or Minor An emergency that is limited in scope Level 2: Local or Minimum An emergency that is moderate to severe in scope Level 3: Regional or Major A catastrophic disaster that has severely damaged a mission critical facility requiring relocation of staff and business processes and/or severe disruption of services at that facility

18 18 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM CIRT/LIRT Process Decision is made to activate virtually or physically An action planning meeting by the Incident Commander (IC) and the Group Leaders is held as soon as the decision is made to activate the CIRT/LIRT The IC coordinates the Action Plan to share with CIRT/LIRT members CIRT/LIRT members take steps to complete Action Plan Objectives Report status updates to the Group Leader If needed, Action Planning begins again

19 19 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Steps to Complete Incident Commander and Group Leaders conduct an Action Planning Meeting – Determine strategic objectives – Assign objectives to Groups – Set Operational Period (OP) LIRT group members receives objectives and begin taking action – Work across all Groups if necessary – Record findings – Update Group Leader

20 20 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Emergency Management Planning Deliverables DeliverablesCore Offices CIRT/LIRTs LIRT’sIAT’sDue Date C1, C2, C3K1, K2, K3, K4Remaining offices CIRT/LIRT Notification Test (conducted by BC)2Same as Exercise IAT Training (conducted by BC)2 C1 = Mar. & Sep. C2 = Mar. & Sep. C3 = Mar. & Oct. CIRT/LIRT Functional Group Training (conducted by BC)1 C1 = Aug. C2 = Aug. C3 = Apr. CIRT/LIRT Scenario Based Exercise (conducted by BC)1 C1 = Nov. C2 = Nov. C3 = May LIRT Notification Test (conducted by BC)1Same as Exercise IAT Training (conducted by BC)1 K1 = May K2 = Mar. K3 = Jul. K4 = Jul. LIRT Scenario Based Exercise (conducted by BC)1 K1 = Jun. K2 = May K3 = Oct. K4 = Oct. IAT Notification Test (conducted by BC)129-Aug. IAT Training (conducted by BC)1Dates through out year IAT Self Exercise (conducted by your team)129-Aug.

21 21 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM IAT Notification Tests and Self Exercise Notification Test Test SMS message on work mobile phones and devices Execute Emergency Notification Tool sending a voice message to Work Phone and Mobile, text message to Work Email, and SMS to Mobile. – Respond to each message as requested. Self Exercise Conduct an IAT emergency table top exercise led by Incident Commander Use the IAT Self Exercise Guidelines and ICS forms and tools Complete BC survey to validate successful completion

22 22 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Comprehensive ICS Exercise Objectives Practice the use of ICS processes under simulated emergency conditions and identify any processes or policies that need improvement Practice the LIRT’s ability to coordinate their response and decision making under simulated emergency conditions Provide a learning environment to allow LIRT members to increase proficiency in executing their roles and responsibilities

23 23 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Exercise Structure Exercise conducted in a physical command center. Business Continuity staff will facilitate and provide assistance with ICS processes when needed. A simulation (sim) team will act as the “outside world” for this exercise. All issues requiring the outside world must be solved by contacting the simulation team. Such as; gathering information, order equipment, etc. Distribute messages with questions and concerns throughout the exercise from numerous entities (internal employees, media, etc…).

24 24 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM ICS Team Member Commitment and Empowerment ICS team members must be: Trained to clearly understand their roles and responsibilities Committed to fulfilling their responsibility Engaged by participating in meetings and exercises Empowered to perform their roles in accordance with practiced guidelines Effective emergency response is dependent on qualified staff being trained to execute with proper authority

25 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Communications and Case Studies

26 26 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Communications – Strategies Before, During and After Focus Areas for Incident Communications:  Awareness (before)  Response (during and after) What are Some Practical Challenges We Face?  What are the benefits and limitations of various communication tools and media?  How to manage multiple threads of internal and external communications, many of which are spontaneous during an incident? How do you (or should you) look to establish a “sole source of truth?”  How should plans factor in the unavailability of various media during an incident?

27 27 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM Case Studies Communication and Coordination Strategies – Putting It All Together:  9/11  Atlantic Storms of 2005: Katrina, Rita, Wilma  London Underground Bombings What Experiences Can We Apply to the Incident Management Challenges Likely to Occur with Events of Uncertain or Lengthy Duration (e.g., Pandemic)?

28 FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org

Download ppt "FINANCIAL SERVICES TECHNOLOGY CONSORTIUM www.aesrm.org Incident Management An Exchange of Practices and Experiences 2008 Annual Meeting – Sonoma California."

Similar presentations

Review of the Incident Command System

Review of the Incident Command System
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Tips and Resources IASC Cluster/Sector Leadership Training

Tips and Resources IASC Cluster/Sector Leadership Training
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.

Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Public Health Seattle & King County Incident Command System Overview May 2004.

Public Health Seattle & King County Incident Command System Overview May 2004.
DENR Disaster Response Center Purpose Purpose Activation Activation Operation and Responsibilities Operation and Responsibilities Phases of Response Phases.

DENR Disaster Response Center Purpose Purpose Activation Activation Operation and Responsibilities Operation and Responsibilities Phases of Response Phases.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
Visual 3.1 Unified Command Unit 3: Unified Command.

Visual 3.1 Unified Command Unit 3: Unified Command.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.

@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
IS 700.a NIMS An Introduction. The NIMS Mandate HSPD-5 requires all Federal departments and agencies to: Adopt and use NIMS in incident management programs.

IS 700.a NIMS An Introduction. The NIMS Mandate HSPD-5 requires all Federal departments and agencies to: Adopt and use NIMS in incident management programs.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
1 Executive Office of Public Safety. 2 National Incident Management System.

1 Executive Office of Public Safety. 2 National Incident Management System.
Tabletop Exercise Meningitis Outbreak

Tabletop Exercise Meningitis Outbreak
Spring 2008 Campus Emergency Management Program Overview

Spring 2008 Campus Emergency Management Program Overview
Spring 2009 San Diego State University Emergency Management Program

Spring 2009 San Diego State University Emergency Management Program
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Understanding Multiagency Coordination IS-701.A – February 2010 Visual 2.1 Unit 2: Understanding Multiagency Coordination.

Understanding Multiagency Coordination IS-701.A – February 2010 Visual 2.1 Unit 2: Understanding Multiagency Coordination.

Similar presentations

Ads by Google