300 likes | 598 Views
Business Continuity / Disaster Recovery . Destructive 'ILOVEYOU' computer virus strikes worldwide May 4, 2000. Melissa Virus. Burst water pipe floods adjacent offices and stores. Government Considers New Smallpox Vaccine. Sasser Worm. David Shimberg, CBCP. What is a Disaster?.
E N D
Business Continuity / Disaster Recovery Destructive 'ILOVEYOU' computer virus strikes worldwide May 4, 2000 Melissa Virus Burst water pipe floods adjacent offices and stores Government Considers New Smallpox Vaccine Sasser Worm David Shimberg, CBCP
What is a Disaster? “A business disaster is that point in time after the “cause” when you can not provide your customers and users with the minimum level of services they need and expect”
Why doesn’t everyone Plan? • The Human Element • The “it’s not going to happen to me” view or philosophy. • We have a tendency to view concerns from a “life span” and personal experience aspect. • It hasn’t happed yet… • Not on Manager’s list of goals • We’ll get to it • Looks to BIG! Where do we start?
You practice this at home…. You may not have thought of them as contingency plans, but at home you have: • Smoke alarms • Carbon monoxide alarms • Family escape plans with meeting place • Battery radio, flash lights • Homeowners’ or Renters’ Insurance • Anti Virus and firewall software • Fire extinguishers and home sprinkler systems • Info on the web at: American Red Cross or FEMA web sites for additional emergency information and advice
Why have a Business Plan ? According to research data kept at the National Archives & Records Administration in Washington, DC: • Nearly 90% of all small businesses don't have a continuity plan in place • Only 43% of businesses suffering a disaster ever recover sufficiently to resume business • Of those that do reopen, only 29% are still operating two years later • 93% of businesses that lost their data-center for more than 9 days filed for bankruptcy within one year of the disaster. • 50% of businesses that found themselves without data management for more than 9 days filed for bankruptcy immediately.
Continuity Plans Components • Awareness of Roles and Responsibilities • Who will do what? Employees and staff are critical. Pandemic is an extreme example of a disaster where employee resources will be very limited! • Defined recovery time objectives • Risk Management to identify & reduce risks • Alternate Processes (telecommuting, distance learning) • Alternate recovery locations • Off-site storage of critical media and non-media items • Written plans, reviewed & updated regularly • Frequent plan exercises
Major Business Continuity Activities Complete BIA (Business Impact Analysis) 1. Identify processes & prioritize by criticality 2. Determine survival requirements 3. Determine RTOs (Recovery Time Objective) Develop Response/Recovery Strategy: 1. How will event be handled immediately? 2. How will recovery be handed (achieve survival mode)? 3. What tasks must be accomplished to achieve recovery? Develop Teams/Call Lists 1. Identify key players (and alternates) and organize teams to accomplish identified tasks 2. Develop and test notification call lists/trees
BC Activities…cont’d Identify Critical Equipment, Vendors, Documents 1. Identify critical infrastructure/servers (networks, telecom, etc) 2. Identify equipment needs for (day 1, day 3, etc …) 3. Identify critical vendors (who will supply recovery equipment, etc.) 4. Identify vital records (what records if lost would cripple or hinder recovery?) Document Plans 1. Appropriate information is included, attached, or referenced, facilitating a successful response, recovery, and restoration of services 2. Plans are frequently reviewed and updated on a scheduled basis
BC Activities…cont’d Exercise Plans 1. Conduct plan walk through, referencing tasks, call lists, attachments, etc 2. Conduct IT exercise, confirming application recovery meets survival needs 3. Participate in Integrated Exercise with other business units testing call trees, application and process dependencies and work- arounds meet RTOs 4. Update Plan with lessons learned, following exercise
Business Continuity Efforts Include: • Directing BIA and planning efforts with Business Units • Awareness programs (risk reduction) • Employee security & safety • Coordinating BC exercises • Participating in info security reviews • Coordinating with local emergency agencies • Managing plan tracking and evaluation
Business Continuity Plans must be useful Successful Business Continuity Planning helps ensure that employees and the interests of owners and customers are protected. Make sure the plans that protect each of us is more than ……..
Sponsorship is Key to Success • Board of Directors or Senior executives (president, vice presidents, officers) must identify BCP a priority. • Executives and senior managers must actively support the BCP Process. • Business Recovery Coordinators (BRCs) within business units / departments must be actively involved, developing, implementing, and exercising BC plans, and accept ownership of their plans.
Communication is Critical • Employees, customers, business partners must know key information about your plan if your plan is to work. • Plans must be periodically reviewed in team meetings and shared with new team members. Secret Plans won’t work!
Communication….. • Contact information for all team members must be current • Make sure employees have Emergency Wallet Cards with key phone numbers, etc • Plans must include: • Clear chains of authority • Clear listing of tasks, roles and responsibilities • DR conference lines or standing communication tools • Standing meetings (times, numbers) • Alternate meeing locations • Centralized communication facility (VM, web site, etc…)
Off Site Storage is Critical ! When a facility is lost or inaccessable, all items inside are no longer available. What is needed in off site storage if you had to recover from scratch • PC backup media must be stored off-site? • Critical, non-media, documents and materials must be available in an off-site location, accessble by appropriate indviduals or teams during a disaster or exrecise. • Key personnel must know where off-site storage items are located and to where items will be shipped (Hot-site, Incident Command Center or remain in off-site storage?)
Exercises • Test plan concepts and procedures frequently • Identify tasks or components that do not work as expected. • Identify missing tasks or contacts • Reinforce individual and team roles and responsibilties • Confirm and reinforce dependent interractions with other teams • Increase BCP Awareness
Employees Prepare themselves by: • Attending sessions on BC planning • Having a personal emergency plan for your family • Understanding your role in your unit’s BCP plan • Knowing where and who to call in an emergency (Emergency Wallet Card) • Keeping emergency contact information current • Participating in BC/DR exercises • Challenging the status quo. If something doesn’t seem right, Question it!
Coordination Supplies & Distribution Transportation Communications Supply Chain Considerations • Premier, Inc – largest healthcare group purchasing organization is working with hospitals and suppliers to identify critical areas in a disaster and actions to improve response:
Communications • Explore alternate and multiple communication methods; VOIP, satellite, multiple cellular providers, etc. • Creation of deeper communication guides; office, work, home, cell numbers. Creation of formal call-trees. • Apply for TSP Authorization code to ensure priority in restoring telecommunications access and GETS program access to bypass overloaded phone circuits.
Coordination • Clear, advanced identification of individual roles and responsibilities. • Creation of national internet site to serve as clearinghouse for information sharing and communication. • Include other stakeholders in design sessions.
Supplies & Distribution • Creation of “core product supply lists” based on type of disaster. • ER auto-substitution rules; (eg. 20cc syringe substituted with 30cc). • Greater coordination among suppliers. • “Emergency ship to’s”
Supplies & Distribution • Create Mobile fuel storage depots and mobile supply stations. • Get pre-authorization from Fed’s governing authority to ship to effected locales. • Create contingencies for all routes, including air-drop emergency plan. • Re-think “lean inventory” model for critical supplies & perishables. • Create NYC model of “integrated command center”.
Unprepared Impact Prepared Weeks Pandemic Considerations • Incubation period: 1 to 3 weeks • Viral shedding greatest in 1st 2 days • Viral shedding 0.5 to 2 days before symptoms • Children shed more virus and longer than adults • Each case of influenza infects two more cases • Slow spread, decrease illness and death, buy time • Antiviral treatment and isolation for people with illness • Quarantine for those exposed • Social distancing • Vaccine when ready • Depends on which virus
Options for Prevention & Control • Immunization • Respiratory hygiene/cough etiquette • Hand hygiene • Contact avoidance • Social Distancing • Antivirals Strategic National Stockpile
HHS Pandemic influenza preparedness strategy and plan • International surveillance • Domestic Surveillance • Vaccines and Antivirals • Communication • State and Local Preparedness • 11 Supplements with detailed guidance
Pandemic Influenza Preparedness Considerations • Being able to work may be difficult • Plans for working at home • Adopt practices and sick-leave policies to encourage sick employees to stay home • Schools may be closed • Child care planning • Transportation • Home supplies (good for power outages and disasters) • Non perishables, water, flashlights/batteries, medicine
Infection Control MeasuresHealthcare facility, workplace, home, community • Reduce transmissions • Masks • Cough etiquette • Hand hygiene • Contact interventions • Teleconferences vs meetings • Social distancing (no handshaking, 3 feet away) • Liberal non-punitive leave policy to care for family and self
Respiratory protection:Masks or N95 Respirators? • Season flu – CDC recommends masks • Pandemic – WHO recommends • masks for routine care • N95 for aerosol generating procedures (fit testing required by OSHA) • Pandemic – HHS recommends • Masks for close contact
BCP Planning Resource • Contingency Planning Association of the Carolinas (CPAC) • www.cpaccarolinas.org • Disaster Recovery Journal • www.drj.com/groups/drj6.html • Disaster Recovery Institute International (DRII) • www.drii.org/ • DHS - www.ready.gov/ • FEMA - www.fema.gov/ • Institute for Business & Home Safety (IBHS) • www.ibhs.org/business_protection/ • Premier Safety Institute • www.premierinc.com/quality-safety/tools-services/safety/index.jsp
BCP Planning Resource 9th Annual Symposium Thursday, Nov 30 - Fri Dec 1, 2006 Charlotte Marriott Executive Park, Charlotte, NC Preparing for the Coming Storm Bridging the Preparedness Gap $225 members and $275 non-members • Topics and presentations include: • Pandemic Preparedness • How Los Angeles, CA is bridging the gap between the public and private sectors • Changes in the BC Profession • Practical tips and lessons learned on conducting Business Impact Analysis • Considerations in establishing Incident Command • Making sure your continuity planning process will actually meet your needs • Participate in a panel discussion with experts • Register early to get a place in the 3-hour pandemic mock exercise (limited to 104) • www.cpaccarolinas.org