tel382 wallace chapter 2. 11/3/09 2 outline introduction building a risk analysis scope of risk the...
Post on 22-Dec-2015
217 views
TRANSCRIPT
![Page 1: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/1.jpg)
TEL382
Wallace Chapter 2
![Page 2: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/2.jpg)
11/3/09 2
Outline• Introduction• Building a Risk Analysis• Scope of Risk• The Five Layers of Risk• Layer 1: External Risks• Layer 2: Facility-Wide Risk• Layer 3: Data Systems Risk• Layer 4: Departmental Risks• Layer 5: Your Desk’s Risk• Severity of a Risk• Who Can You Call for Risk Assessment
Information?• Making the Assessment
![Page 3: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/3.jpg)
11/3/09 3
Introduction• Heart of BCP is thorough analysis of events
from which you may need to recover
• Risk: potential of a disaster occurring
• Disaster: any event that disrupts a critical business function
• Business Interruption: something that disrupts the normal flow of business operations
![Page 4: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/4.jpg)
11/3/09 4
Building a Risk Analysis• Risk Analysis: process of identifying probable
threats to a business• Risk Assessment (Business Impact Analysis):
compares risk analysis to controls in place today
• Recommended Approach– Assemble BCP Team and Perform Layers 1, 2,
and 3 Together
• Statement of “Essential” Business Functions– Manufacturing, Sales, Payroll, etc.– Examples: Factory, Call Center, Public Utility
![Page 5: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/5.jpg)
11/3/09 5
Scope of Risk• Determined by Potential Damage, Cost of
Downtime, Cost of Lost Opportunity
• Cost of Downtime Includes:– Tangible: Lost Productivity, Lost Revenue, Legal
Costs, Late Fees/Penalties, etc.– Intangible: Damaged Reputation, Lost
Opportunities, Employee Turnover, etc.
![Page 6: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/6.jpg)
11/3/09 6
The Five Layers of Risk• Layer 1: External Risks
• Layer 2: Facility-Wide Risk
• Layer 3: Data Systems Risk
• Layer 4: Departmental Risks
• Layer 5: Your Desk’s Risk
![Page 7: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/7.jpg)
11/3/09 7
Layer 1: External Risks• Over a Wide-Area, Affecting Facility and
Surrounding Area
• Four Risk Categories:– Natural Disasters: Tornadoes, Earthquakes,
Thunderstorms, Snow, Extreme Temps, Hurricanes, Floods, Fires, Landslides, etc.
– Man-Made: Toxic Spills, Road/Bridge Outages, Railroads, Pipelines, Aviation, Harbors, Chemical Users, Dams, etc.
– Civil: Riots, Labor Disputes, etc.– Suppliers: What are their risks?
![Page 8: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/8.jpg)
11/3/09 8
Layer 2: Facility-Wide Risk• Impacting Local Facility
• Five Basic Office Utilities:– Electricity– Telephones– Water– Climate Control– Data Network
![Page 9: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/9.jpg)
11/3/09 9
Layer 3: Data Systems Risk• Shared Resource Affecting Many
Departments• Identify Critical Processes• Locate Single Points of Failure• Beware “Grandfathered” Systems Running on
Old HW/SW• Data Systems• Data Communications Network• Telecommunications System• Shared Computers and LANs
![Page 10: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/10.jpg)
11/3/09 10
Layer 4: Departmental Risks• Disasters Occurring Within a Department on
a Daily Basis– Employee Absence, Lost Files, etc.
• Unusual Occurrences– Small Fire, Water, Hardware Failure, etc.
• Identify Key Operating Equipment
• Establish Inventory of Vital Records
![Page 11: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/11.jpg)
11/3/09 11
Layer 5: Your Desk’s Risk• Examine Every Process, Tool, Piece of
Information, Required Output
• Most Items Already Covered In Another Layer
![Page 12: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/12.jpg)
11/3/09 12
Severity of a Risk• Time of Day
• Day of the Week
• Location of Risk
![Page 13: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/13.jpg)
11/3/09 13
Who Can You Call for Risk Assessment Information?
• NOAA
• USGS
• FEMA
• Local Government Agencies
• Local Fire & Police Departments
![Page 14: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/14.jpg)
11/3/09 14
Making the Assessment• Use Risk Analysis Format Similar to What
Done for IS Security Risk Analysis
• Sort to Identify Highest Value Disaster Risks
![Page 15: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/15.jpg)
TEL382
Wallace Chapter 3
![Page 16: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/16.jpg)
11/3/09 16
Outline• Introduction• Access To People• Access to the Facility• Service Contracts• Vendor List• Walk-Around Asset Inventory• Software Asset List• Critical Business Functions• Restoration Priorities• Toxic Material Storage• Emergency Equipment List• Trained First Responders
![Page 17: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/17.jpg)
11/3/09 17
Introduction
• Access To People• Access to the Facility• Service Contracts• Vendor List• Walk-Around Asset
Inventory• Software Asset List
• Critical Business Functions
• Restoration Priorities• Toxic Material Storage• Emergency Equipment
List• Trained First
Responders
• Until Primary Disaster Plan Comes Together Do 11 Steps Below to Provide Some Initial Protection
• Put This Material Together in Books and Distribute
![Page 18: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/18.jpg)
11/3/09 18
Access To People• Organizational Charts With Responsibilities
and Contact Information
![Page 19: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/19.jpg)
11/3/09 19
Access to the Facility• Keys to All Doors, Cabinets, Closets, etc.
– Lists, Logs– Electronic Locks
• Passwords for Admin Accounts on Critical Systems– Protected in Sealed Envelope
![Page 20: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/20.jpg)
11/3/09 20
Service Contracts• Serial Numbers of Equipment
• Contact Information For Service Providers
• Contract Number and Expiration Date
• Service Contract Types– 24/7– 8 to 5– Time and Materials– Exchange
• Place Info Cards With Equipment
![Page 21: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/21.jpg)
11/3/09 21
Vendor List• List of Regular Vendors
• Contact Info
• Description of What We Usually Obtain From Them
• This Includes Public Utilities and Public Safety
![Page 22: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/22.jpg)
11/3/09 22
Walk-Around Asset Inventory• Critical Assets That May Be Needed In
Contingency Operations– Manufacturer’s Name, Model Number, Serial
Number, Warranty Expiration Date, Location, Service Stickers, Maintenance, Calibration Information, Connected To, Feeds Into, etc.
• Note if any Spares Available
• Also Note Location of Manuals, Procedures, Supplies, etc.
![Page 23: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/23.jpg)
11/3/09 23
Software Asset List• List of Software on Critical Devices
– Normal Applications, Operating Systems and Settings, Custom Applications, Nonstandard Drivers, Version Numbers, Original Media Location, Backup Information
![Page 24: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/24.jpg)
11/3/09 24
Critical Business Functions• Identify Critical Functions and Why
• Try to Keep List to 10 or Less
![Page 25: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/25.jpg)
11/3/09 25
Restoration Priorities• Prioritized List of
Functions/Capabilities/Equipment to be Restored if There are Limited Resources
![Page 26: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/26.jpg)
11/3/09 26
Toxic Material Storage• Identity, Quantity and Location of ANY Toxic
Materials on Premises
• Guidelines for What to Do If Encountered
![Page 27: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/27.jpg)
11/3/09 27
Emergency Equipment List• Locations For Shutoffs, Special Cleanup
Equipment and Materials
• Instructions for Operation, Use
![Page 28: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/28.jpg)
11/3/09 28
Trained First Responders• Create Contact List
– Firefighters, EMTs, Critical Skills, Other Training
• Check Legalities with HR Department
![Page 29: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/29.jpg)
TEL382
Wallace Chapter 4
![Page 30: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/30.jpg)
11/3/09 30
Outline• Introduction
• What is a Disaster Recovery Emergency Operations Center?
• Emergency Operations Center Primary Functions
• Preparing an Emergency Operations Center
• Staff Responsibilities
• When a Disaster Strikes
![Page 31: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/31.jpg)
11/3/09 31
Introduction• Emergency Operations Center’s Goal is to Return
To Service from Whatever the Business Emergency Was
• Allows Company Management to Reestablish Organizational Leadership, Allocate Resources, and Focus on Emergency Containment and Recovery.
• Must be Preestablished, Presupplied, and Its Location Well-Known Before It is Needed
• Before a Disaster – 3:– Normal Emergency Center for Small or Short Disasters– Longer Duration for More Widespread Disasters– Backup Facility When Primary is Not Usable
![Page 32: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/32.jpg)
11/3/09 32
What is a Disaster Recovery
Emergency Operations Center? • Physical Place Where All Communications for the
Recovery Effort are Focused – Should be Located As Close to Problem Site as is Safe
• Outward Communications:– Company Executives, General Public, Suppliers,
Customers
• Administrative Support:– Purchasing, Public Relations, Safety, Site Security
• 3 Essential Functions:– Command & Control– Operational Control– Recovery Planning
![Page 33: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/33.jpg)
11/3/09 33
Emergency Operations Center Primary Functions
• 2 Parallel Teams:– Containment – Stop Spread of Damage– Recovery – Restore Basic Level of Business
Service
• 3 Essential Functions– Command– Control– Communications
![Page 34: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/34.jpg)
11/3/09 34
Preparing an Emergency Operations Center
• Electricity
• Emergency Lighting
• Sanitary Facilities
• Medical Kits
• Office Furniture and Supplies
• PCs, Printers, Data Network
• Telephones
• Copies of BCP
• Maps, Floor Plans
![Page 35: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/35.jpg)
11/3/09 35
Staff Responsibilities• Disaster Containment Manager
– Declare That Disaster Exists– Coordinate with Emergency Services– Make Initial Damage Assessment– Select Emergency Operations Center– Activate Disaster Recovery Teams– Coordinates Supplies and Resources
• Facility Engineering Manager– Owns Floor Plans– Arranges for Skilled Labor for Repairs– Reestablishes Safety Alarms, Emergency Lights and Utilities
• Others:– Purchasing, PR, HR, Security, Safety, Sales, Facilities, etc.
![Page 36: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/36.jpg)
11/3/09 36
When a Disaster Strikes• 3 Initial Actions:
– Protect Life– Contain Damage– Communicate
![Page 37: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/37.jpg)
TEL382
Wallace
Chapter 5
![Page 38: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/38.jpg)
11/3/09 38
Outline• Introduction
• Lay The Groundwork
• Departmental Plans
• Recovery Planning Considerations
![Page 39: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/39.jpg)
11/3/09 39
Introduction• Writing Steps:
– Lay The Groundwork– Departmental Plans– Recovery Planning Considerations
![Page 40: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/40.jpg)
11/3/09 40
Lay The Groundwork• Use Consistent Format
• What Processes Need a Plan– Every Critical Business Function
• Who Will Execute
• How Obvious Is Problem
• How Much Warning
• How Long to Continue Until Help Arrives
• How Soon Must Processes be Restored
• Are There Any Manual Workarounds
![Page 41: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/41.jpg)
11/3/09 41
Departmental Plans• 3 Major Components:
– Immediate Actions– Detailed Containment Actions– Recovery Actions
• Inputs:– Asset List– Critical Process Impact Matrix– Risk Assessment– Process Restoration Priority List
![Page 42: TEL382 Wallace Chapter 2. 11/3/09 2 Outline Introduction Building a Risk Analysis Scope of Risk The Five Layers of Risk Layer 1: External Risks Layer](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d795503460f94a5d45e/html5/thumbnails/42.jpg)
11/3/09 42
Recovery Planning Considerations
• Planning
• Continuity of Leadership
• Insurance
• Recovery Operations