enterprise business continuity management
Post on 16-May-2015
685 Views
Preview:
TRANSCRIPT
EnterpriseBusiness Continuity ManagementUtilizing “Collaboration” inThe state of WashingtonBusiness Continuity ProgramSmall Agency Presentation August 21, 2006
Judy Sweet, CBCPWashington State Enterprise Business Continuity Program Manager
Business Continuity Program PurposeThe State of Washington must maintain confidence of its constituents, and ensure continued operation of vital government services when an incident has caused, or has the potential to cause, significant consequences.
The Business Continuity Program will provide the framework to develop an enterprise approach and coordinate agency efforts to minimize business interruptions, and create a state of readiness, so that agencies can respond to and recover from events, resuming vital services as quickly as possible.
Business Continuity Milestones
Enterprise Executive Symposium 6/2005 Enterprise BC Software Tool Installed 7/2005 Business Continuity Initiative Project Kickoff 8/2005 Statewide BC Work-sessions Begin 9/2005 Regular BC Work-sessions Concluded 6/2006 Statewide BC Program & Sustaining BC Model
Statewide BIA Statewide COOP Development Enterprise Solution Development
Minimize service interruptions, to acceptable levels Understand your agency services Collaborate with other agencies Incorporate Best Practices Utilize common planning framework
Identify high impact areas Based on risk intelligence
Execute an Enterprise strategy to prioritize and mitigate risk. Account for dependencies across agencies Capitalize on economies of scale
Business Continuity Planning Objectives
~80% Business and 20% Technology
Business Continuity Management (BCM)Answers . . .
What is an incident / disruption / disaster?
What are the impacts over time?
How much loss can be tolerated? Risk Threshold, Tolerance
What can be mitigated? Work-around, Enterprise solutions
How to reestablish business services? Activate response plans
What is required? Resources, time, people/skill sets, procedures, dollars
How much is enough? Balance options “Proactive verses Reactive”
Bottom Line: BCM Program Umbrella
Sustain & Protect People Property Information Operations Gov. Services
BCM provides a balance between acceptable potential losses and
acceptable onetime and annual costs.
Business Continuity
Investments in business continuity should be prioritized based on analysis of risks and impacts over time.
Create Value in Operability. Be Positioned to be successful.
BIA Snapshot of Business Drivers
Sample Business Impact Analysis Deliverable
A “typical” graph showing impact vs. recovery time, which visually assists with risk mitigation prioritization.
Time
5 days 3 days 2 days 24 hrs 12 hrs or <
Imp
ac t L
ow
Med
ium
Hig
hV
ery
Hig
h V
ery
Lo
w
WSPCompute
r Dispatch
State Warrants
Prison Control System
Drinking Water Safety
HAZMAT
State Payroll
Dam Inspection Services
Military’s Dispatche
d Resources
Firearms Licensing
Notional: Business Continuity Event Life Cycle
Normal Operations
TimeTime
Cap
abil
ity
Cap
abil
ity
Risk Mitigati
on
Contingency Planning
Notional: Business Continuity Event Life Cycle
Service Disruption
Occurs
Normal Operations
TimeTime
Cap
abil
ity
Cap
abil
ity
Minimal Acceptable
Level of Capability
Modified U.S. DoD graphic
Proactive BC Activities Reactive BC Activities
Problem Mgmt & ResponseRecovery
Restoration
Return to Normal Operations
Recovery Time
Business Continuity Planning(Will incorporate NIMS requirements)
Call Lists- Recovery Teams- Customers- Vendors- Management- Media
Roles & Responsibilities
Inventories- IT Enterprise Services- Platforms, Apps, S/W, H/W- Vital Records- Critical Resources- Desktop
Priorities
Actions (Check-lists:ContainmentAssessmentEscalationNotification
Administration, Maintenance, and
Exercising
Organization
Alternate Facilities and Resources
Time ObjectivesBusiness Process (RTO)Production data (RPO)
EscalationProcedures- If . . . Then . . .
Response & Recovery Plan
Types of Plans?
Continuity of Operations (COOP) PlanIncident Management PlanBusiness Continuity Plan
Vital Service Response Plans
Let’s put this into perspective!
COOP
Plan Incident Mgmt Plan
Business Continuity Plan
Vital
Service
Response
Plan
Business Continuity Plan Types & Business Continuity Plan Types & RelationshipsRelationships
Vital Service Response Plan for ‘A’
Vital Service Response Plan for ‘B’
Vital Service Response Plan for . . . ‘n’
Business Continuity Plan
Incident Management Plan(Sometimes referred to as “Problem or Crisis Management” Plan)
Specific Action Plan
An Agency-wide Perspective Global Risk Mitigations, Contingencies and Responses for Business Operations
An Agency-wide Perspective Repeatable Process & Practices Incident Alerting, Reporting, Tracking & Status
ID of Essential Functions Delegations of Authority Orders of Succession Interoperable Communications
The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency.
Alternative Facilities Vital Records and Databases Human Capital Tests, Training, & Exercises
Continuity of Operations (COOP) Plan
Address Full Spectrum of Threats & Hazards
Involves Investigation, Diagnoses Assembly of Incident Command System (ICS) ICS Draws on Response Plan(s)) for Resolution
Specific Action Plan Specific Action Plan
to
From More
General
Specific
Business Continuity Plan Types & Business Continuity Plan Types & RelationshipsRelationships
Vital Service Response Plan for ‘A’
Vital Service Response Plan for ‘B’
Vital Service Response Plan for . . . ‘n’
Business Continuity Plan
Incident Management Plan(Sometimes referred to as “Problem or Crisis Management” Plan)
Specific Action Plan
An Agency-wide Perspective Global Risk Mitigations, Contingencies and Responses for Business Operations
An Agency-wide Perspective Repeatable Process & Practices Incident Alerting, Reporting, Tracking & Status
ID of Essential Functions Delegations of Authority Orders of Succession Interoperable Communications
The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency.
Alternative Facilities Vital Records and Databases Human Capital Tests, Training, & Exercises
Continuity of Operations (COOP) Plan
Address Full Spectrum of Threats & Hazards
Involves Investigation, Diagnoses Assembly of Incident Command System (ICS) ICS Draws on Response Plan(s) for Resolution
Specific Action Plan Specific Action Plan
to
From More
General
Specific
Business Continuity Plan Types & Business Continuity Plan Types & RelationshipsRelationships
Vital Service Response Plan for ‘A’
Vital Service Response Plan for ‘B’
Vital Service Response Plan for . . . ‘n’
Business Continuity Plan
Incident Management Plan(Sometimes referred to as “Problem or Crisis Management” Plan)
Specific Action Plan
An Agency-wide Perspective Global Risk Mitigations, Contingencies and Responses for Business Operations
An Agency-wide Perspective Repeatable Process & Practices Incident Alerting, Reporting, Tracking & Status
ID of Essential Functions Delegations of Authority Orders of Succession Interoperable Communications
The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency.
Alternative Facilities Vital Records and Databases Human Capital Tests, Training, & Exercises
Continuity of Operations (COOP) Plan
Address Full Spectrum of Threats & Hazards
Involves Investigation, Diagnoses Assembly of Incident Command System (ICS) ICS Draws on Response Plan(s) for Resolution
Specific Action Plan Specific Action Plan
to
From More
General
Specific
Business Continuity Plan Types & Business Continuity Plan Types & RelationshipsRelationships
Vital Service Response Plan for ‘A’
Vital Service Response Plan for ‘B’
Vital Service Response Plan for . . . ‘n’
Business Continuity Plan
Incident Management Plan(Sometimes referred to as “Problem or Crisis Management” Plan)
Specific Action Plan
An Agency-wide Perspective Global Risk Mitigations, Contingencies and Responses for Business Operations
An Agency-wide Perspective Repeatable Process & Practices Incident Alerting, Reporting, Tracking & Status
ID of Essential Functions Delegations of Authority Orders of Succession Interoperable Communications
The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency.
Alternative Facilities Vital Records and Databases Human Capital Tests, Training, & Exercises
Continuity of Operations (COOP) Plan
Address Full Spectrum of Threats & Hazards
Involves Investigation, Diagnoses Assembly of Incident Command System (ICS) ICS Draws on Response Plan(s) for Resolution
Specific Action Plan Specific Action Plan
to
From More
General
Specific
Business Continuity Plan Types & Business Continuity Plan Types & RelationshipsRelationships
Vital Service Response Plan for ‘A’
Vital Service Response Plan for ‘B’
Vital Service Response Plan for . . . ‘n’
Business Continuity Plan
Incident Management Plan(Sometimes referred to as “Problem or Crisis Management” Plan)
Specific Action Plan
An Agency-wide Perspective Global Risk Mitigations, Contingencies and Responses for Business Operations
An Agency-wide Perspective Repeatable Process & Practices Incident Alerting, Reporting, Tracking & Status
ID of Essential Functions Delegations of Authority Orders of Succession Interoperable Communications
The Continuity of Operations (COOP) Plan is the roadmap for the highest level of planning within an agency.
Alternative Facilities Vital Records and Databases Human Capital Tests, Training, & Exercises
Continuity of Operations (COOP) Plan
Address Full Spectrum of Threats & Hazards
Involves Investigation, Diagnoses Assembly of Incident Command System (ICS) ICS Draws on Response Plan(s) for Resolution
Specific Action Plan Specific Action Plan
to
From More
General
Specific
Business Continuity Plans & Relationships [V4.18.06] — High-level OverviewIn
cid
en
t M
an
ag
em
en
t T
ea
mIn
cid
en
t C
om
ma
nd
Sys
tem
(IC
S)
Ag
en
cy U
sers
or
Cu
sto
me
rs
If
OR
Then
If If
Follow Agency’s Business Continuity
Plan
Appropriate Incident Command System
(ICS) Activated
Receive Notification of Incident
Receive information of experienced
problem(s)
Logistics
Major Threat / Health
Hazard?
Perform Damage
Assessment
Follow Agency’s Business Continuity
PlanActivate COG Plan
Major Incident or Disruption Occurs
Problem(s) being experienced
Operations
Physical Security?
Appropriate Incident Command System
(ICS) Activated
Service Disrupted?
Phone Call or E-Mail
Incident Management Plan
(Always Live & Active)
Appropriate Incident Command System
(ICS) Activated
Agency’s COOP Plan(Reference & Apply Appropriate Measures from COOP)
Then Then
Notify EMD & Go to Shared ICS Command
Vital Svc. Disrupted?
Deploy Vital Service Response Plan
Criteria to Notify EMD?
Notify Appropriate Incident Command
System (ICS)And Then
Best if facilitated through your agency’s Help DeskLikely changes that may affect agencies: > New or revised roles and responsibilities> Swift and redundant means of contacting ICS contacts
Solution(s) Working?
Recovery & Return to Normal
Consider EscalatingNo
Assistance & Resources From Other Agencies
Jspecht:home
Note: could be initially received by one’s security or call center – then escalated according to operating procedures.
Collaborative Roles in Enterprise Business Continuity Planning
Vital Service ARisk MitigationsContingencies Responses Recoveries
Vital Service BRisk MitigationsContingencies Responses Recoveries
Vital Service CRisk MitigationsContingencies Responses Recoveries
Vital Service DRisk MitigationsContingencies Responses Recoveries
Vital Service ERisk MitigationsContingencies Responses Recoveries
Vital Service FRisk MitigationsContingencies Responses Recoveries
Enterprise BC Program Office – State of WAEnterprise Risk & Vulnerabilities StatusGovernance
PoliciesPracticesPlanning PrioritiesDecision Packages
Subject Matter Expertise Standards & PracticesTools and TemplatesPlanning AssistanceReportingMeeting Compliances
@Agency ‘A’ Level1. BC Developed Capabilities2. Planning For Worst-Case
Scenarios @ Agency Perspective3. CONOPS / COOP = NIMS RqmtsRisk Mitigations, Contingencies,
Responses, Recoveries
Agency ‘B’
Estimated 200-500
Vital Services
150+ Agencies,
Boards and Commissions
1 Enterprise BC
Program Office
<----------------------------------------------------------------------------------------------------------------------------------------------------------->
Enterprise Level
Planning
Agency Level
Planning
Vital ServiceLevel
Planning
eBRP BC Tool & Repository eBRP BC Tool & Repository
eBR
P B
C T
ool
4. BC Instilled across Agency in all Business Practices
5. BC Exercises & Updates (=NIMS Rqmts)
6. On-going Training
1. BC Developed Capabilities2. Planning For Worst-Case
Scenarios @ Agency Perspective3. CONOPS / COOP = NIMS RqmtsRisk Mitigations, Contingencies,
Responses, Recoveries
4. BC Instilled across Agency in all Business Practices
5. BC Exercises & Updates (=NIMS Rqmts)
6. On-going Training
Component Plans
Planning for Worst-Case Scenarios @ Enterprise (Shared Command) LevelRisk Mitigations, Contingencies,
Responses, Recoveries
1 Enterprise BC Software
Administrator
Inherent Benefits of an Enterprise Business Continuity Program
Maintain Commonality Develop a Repeatable Process Achieve Agency and State Business Objectives Share Best Practices Rank Priorities Mitigate Risk Identify Dependencies Develop Incident Response/Recovery Plans Form Partnerships Identify Enterprise Solutions Implement Cost/Benefit Contingencies
Evolution of Business Continuity Management In Washington State
Time
EffortAcademy Initiative
BCM Pro
gram
• Foster a Repeatable Approach• ID Agency’s & Enterprise Risk Thresholds• Collaborate & Prioritizing Needs• Implement Enterprise Solutions• Incorporate Incident Management
• Begin Agency BC Planning• Refine Framework Templates / Tools• ID Agency Risks & Thresholds• ID Service Needs• ID & Resolve Issues
What’s Next?
Continue development of the BC Framework (templates, tools, best practices) Within the BC Program
Apply the BIA across all agencies to: Identify where the State could best invest & reduce risk Ties to “Continuity of Operations” COOP (HLS & NIMS Rqmt)
Transition to a new Business Continuity Culture Setup a Business Continuity Management (BCM) Program Establish governance along with Roles and Responsibilities Address Continuity of Operations (COOP) with agencies Join with EMD efforts providing info on NIMS & Emergency Response Promote Agency/Enterprise collaboration to best achieve objectives
Participating Agencies
Department of Personnel Department of Corrections Department of Health Department of Licensing Department of Information Services Department of Transportation Retirement Systems Social and Health Services Department of Ecology Health Care Quality Authority
Liquor Control Board Labor and Industries Military Department Office of Financial Management State Treasurer Public Disclosure Commission Washington State Patrol Clark County King County City of Seattle
Questions?
Contact Information
Judy Sweet, CBCPEnterprise Business Continuity Management (BCM) Program ManagerDepartment of Information Servicese-mail: judys@dis.wa.gov | (360) 902-3560
top related