1 / 80

MARC COOP Workshop

8/11/2012. Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc.. 2. Dan Esser CBCP Columbia, MO daniel@contingencynow.com . 8/11/2012. Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc.. 3. Ex

bary
Download Presentation

MARC COOP Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 1 MARC COOP Workshop September 12, 2008

    2. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 2 Dan Esser CBCP Columbia, MO daniel@contingencynow.com

    3. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 3 Expectations for Session Help those who are started expand their plans Help those who are not started with how to start Use the Template to launch the COOP Planning process Session will not tell everything you need to know, but will put you on the right track

    4. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 4 Format For the most part there will be an overview of points to be covered. After that we will cover each in detail. You may hear some things more than once. If I’m going too fast – Tell me to slow down. If I’m going too slow – Tell me to speed up. If I digress – Tell me to get back on point. If you have a question or comment that is pertinent to what we are discussing – Stop me and ask or comment.

    5. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 5 Points for Discussion Definition of COOP Why COOP is Important How to Start / Expand Current Planning Things to Add to the Template Why “Complete” isn’t Things you want to talk about...

    6. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 6 Jackson Article on Making Plans Actionable Continuity Plans are often not used during Testing or Recovery Why Not? The Information is There The Actions to Recover are Not

    7. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 7 RTO / RPO Definitions We Need Throughout RTO – Recovery Time Objective The Time within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in service RPO – Recovery Point Objective The point in time to which data must be recovered – "acceptable loss" in a distressed situation

    8. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 8 Essential Functions C-Now: Functions that, if interrupted beyond the RTO, would cause serious or irreparable harm to people or institutions in the jurisdiction. Template: Functions that enable city/county agencies to provide vital services, exercise civil authority, maintain the safety and well being of the citizens, sustain the industrial/economic base in an emergency.

    9. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 9 Essential Functions (cont.) Just keeping the “essential” stuff going is not enough Each Jurisdiction has to be planning toward full recovery Not Essential does not mean Not Important

    10. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 10 COOP Review What is COOP? Why COOP? What are the Components? What are Sources of Risk?

    11. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 11 What is COOP? COOP is the ability to continue essential functions or restore within a predetermined time frame (RTO) and with data loss held within the maximum acceptable loss (RPO). Creating a COOP Plan is about making all the decisions that can be made prior to an incident before anything really happens.

    12. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 12 Why COOP? At a Departmental or Building Level Any Department that cannot perform its essential functions Does not help the rest of the jurisdiction May impede the rest of the jurisdiction Applies to Small and Large Incidents YES – IT CAN HAPPEN TO YOU!

    13. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 13 COOP Components Department/Building Safety Response Department/Building Incident Response Continuation/Recovery of Essential Functions Recovery of All Functions Return to Normal Operations – Permanent Space

    14. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 14 Hazards Natural Hazards Earth, Wind, Fire, Water Human Intervention Terrorism Human Error Health Hazards Infrastructure Disruptions

    15. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 15 Dept./Building Safety Response Knowledge and Practice of Evacuation to Safe Area Accounting for Occupants and Visitors Shelter in Place Establishment of an Organizational Structure and Occupant Emergency Plan

    16. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 16 Dept./Building Incident Response Structure Related to Size of Jurisdiction At its Most Basic Take Care of People Gather Information Assess the Situation Determine and Act on Next Steps Information to Management Information to Public/Press by Jurisdiction Leaders

    17. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 17 Building on the Current Template Components outlined in FPC 65 are present Legal Underpinnings are present Annexes are Repository for Recovery Information Open Ended - Jurisdictions can add things they need or re-order what is there

    18. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 18 Getting Started Six Major Pieces for creating an Actionable COOP Preparation / Management Buy In Impact Analysis & Risk Assessment Mitigation Strategies Operations Restoration Information Technology Restoration Regular Exercise / Learning / Updating

    19. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 19 Preparation / Management Buy-in Identify COOP Plan Coordinator Identify other resources available to help with planning and their roles Management Support and Funding

    20. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 20 Impact Analysis & Risk Assessment Identify functions Determine scope Set initial RTO’s and RPO’s Identify essential functions Identify key enabling Technologies and Processes Identify Risks that could disable service Identify Mitigation strategies Identify Recovery Strategies

    21. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 21 Mitigation? What’s That? How to keep an incident from being a disaster Workarounds unique to each organization Examples for: Payroll Direct Deposit Payroll Checks Power Flickers during storms Power Outage Everything is stored in the office Homes and Cars

    22. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 22 COOP for Operations Manage the incident and start the recovery process Plan for total building loss Consider how to provide alternate work space Set final function RTO’s and RPO’s and identify critical services Identify technologies required for critical services Look out for SPOFs

    23. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 23 COOP for Operations (cont.) Create workarounds for absence of technology Identify services that can go forward with limited or no technology Pre-Arrange for ongoing communications A capability to put messages on incoming phone lines located outside the PBX equipment of the jurisdiction Pre arranged capacity to move lines to an alternate place Identify and pre-position key start-up items or supplies (mitigation)

    24. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 24 COOP for Operations (cont.) Set up contact information and processes for employees and officials Set up contact information and processes for key vendors/suppliers Set up processes for quarterly or semi-annual plan updates, annual testing

    25. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 25 COOP for Information Technology Coordinate IT recovery with the overall incident manager or team Identify critical servers and associated infrastructure Base this on user functional needs and which parts of the technology support those Arrange for equipment and a place to restore critical servers May include redundant systems located in a different place for those things that must be up 24/7/365

    26. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 26 COOP for Information Technology (cont.) Pre-position supplies, documentation of restoration steps and copies of software Set up contact information and processes for IT employees and officials Set up processes for quarterly or semi-annual updates, annual testing

    27. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 27 Exercising and Testing It’s a TEST! EEK! -- Failure Anxiety! Sometimes this causes people to plan the test rather than test the plan Establish a “Safe Environment” for the exercise

    28. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 28 OK, but where do “I” start?

    29. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 29 Step 1 - Management Buy In Things you may hear There’s no budget for that. Why spend money on something that may not happen? We have insurance. Why do we need this? Information Technology has all of that handled. Everything is backed up. Get out of my office I don’t want to talk about this. Your Favorites…?

    30. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 30 Management Buy In (cont.) Leadership needs to know the impact of not having essential functionality If there is resistance to the concept, ask for a Pilot study to see if more is needed Low Cost and can be restricted to a few buildings or departments Results will determine more Analysis is needed Pick High Impact Departments (IT, Payroll, Accounts Payable, Tax Collection, Courts)

    31. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 31 Management Buy In (cont.) Note the need to identify: Essential Functions that cannot be interrupted Essential Functions that can be interrupted, but must be back soon and how soon that is Important Functions whose recovery can be delayed and how long Systems, processes and assets already in place Effect of the absence of functions on Departments and buildings of the jurisdiction Residents and businesses in the jurisdiction

    32. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 32 Management Buy In (cont.) The information gathering step provides data for Impact Analysis If doing the entire jurisdiction it may be more than a one person job Appoint a Study Coordinator Identify others of like mind Put a team together If a team is not practical, consider surveys

    33. 8/12/2012 Proprietary and Confidential. Do not disclose without the written authorization of Contingency Now Inc. 33 Step 2 – Scope For the Jurisdiction How many buildings? How many departments? Which departments are housed in multiple buildings? How many employees? What are the dependencies? How many Servers and Where are they? Who operates in normal business hours? Who operates outside normal hours? Are there Organization Charts?

More Related