1 / 16

SURVIVING DISASTERS PRACTICAL LESSONS & SIMPLE SOLUTIONS

SURVIVING DISASTERS PRACTICAL LESSONS & SIMPLE SOLUTIONS. Derek Mason Business Continuity Consultant DerekMason.SBCS@live.com. SURVIVING DISASTERS. Major Incidents Business Continuity Plans Lessons learned & simple solutions. SURVIVING DEVASTATION MAJOR INCIDENTS.

erv
Download Presentation

SURVIVING DISASTERS PRACTICAL LESSONS & SIMPLE SOLUTIONS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SURVIVING DISASTERSPRACTICAL LESSONS & SIMPLE SOLUTIONS Derek Mason Business Continuity Consultant DerekMason.SBCS@live.com

  2. SURVIVING DISASTERS • Major Incidents • Business Continuity Plans • Lessons learned & simple solutions.

  3. SURVIVING DEVASTATION MAJOR INCIDENTS 1992 - St. Mary Axe bomb 1993 - Bishopsgate bomb 1996 - Manchester bomb 1996 - Docklands bomb 2003 - Turkey bomb 2005 - …..? 2007 - PC contingency store ‘meltdown’ 2008 - GHQ flood.

  4. BUSINESS CONTINUITY PLANS Three Sections: • Business Impact Analysis (BIA) • BCP Section1 - Checklists & Data for use at Time of Incident • BCP Section 2 - Background Info and Admin

  5. BCP - Business Impact Analysis Section MTPD TABLE (Maximum Tolerable Periodof Disruption) • List of all processes covered within the BCP + Time period for the MTPD for each process + Type of impact and impact level IMPACT TABLE (for Plan Writer reference) • 4 potential types of impact - Financial, Reputational, Regulatory, Customer Service • Each with 5 impact levels (Insignificant, Minor, Moderate, Major, Massive) RECOVERY & TESTING TABLE (for Plan Writer reference).

  6. BCP Section 1- Checklists & Data CHECKLISTS • Loss of Buildings (out of hours, in hours, upon arrival at recovery site) • Loss of People • Loss of Systems • Loss of critical suppliers and/or internal dependencies.

  7. BCP Section 1 - Checklists & Data CONTACTS • Staff Cascade • Individuals allocated contingency space or with remote access (laptop or other methods) • Other contacts (internal, customers + suppliers) • Useful websites.

  8. BCP Section 1 - Checklists & Data • WORK PRIORITIES • CONTINGENCY REQUIREMENTS & CONTINGENCY SITE –include contingency agreement(s) and map to site(s). • TELEPHONE CONTINGENCY PLANS • SALVAGE • INCIDENT LOG • PANDEMIC FLU.

  9. BCP Section 2 - Background Info & Admin DEPARTMENT/BUSINESS OVERVIEW KEY SYSTEMS, SUPPLIERS & INTERNAL DEPENDENCIES • Do they have contingency? • Our actions should they suffer a prolonged outage BCP ADMINISTRATION • Circulation list • Approval and diarised updates TEST RECORDS AND HISTORY BCP LIFE CYCLE FUTURE DIARY DATES BCP CONTROL REVIEW CHECKLIST.

  10. Has the BCP been fully reviewed annually, with more regular updating of the contacts list? • Are the BCP Checklists realistic and have they been tailored for any specific departmental requirements? • Have all staff and internal/external key contacts been identified? • Is a full staff cascade system in place? • Have all staff been issued with a Major Incident Card/Personal Contingency Card (or similar)? • Have staff been allocated contingency spaces or will they be contacted at the time of disaster? • Have all possible contingency arrangements been explored? • Has a ruthless approach been taken to ensure minimum requirements? Are these for critical processing systems only? For key processing areas - have timescales for IT contingency provision been agreed via IT support? • Are there any critical 3rd party suppliers? Do they have contingency? Does the BCP cater for the loss of critical 3rd party suppliers? • Has the BCP been tested (at least) annually? • Are test types relevant to the Department? As a minimum, all departments must undertake a scenario walkthrough exercise. • Are issues highlighted in testing resolved or reflected in the plan? • Are sufficient copies held at home/offsite? • Are there any known major changes expected in the next 12 months which might affect the planned recovery actions?

  11. LESSONS LEARNED & SIMPLE SOLUTIONS • Communication • Communication • Communication • Tidy/Clear desk policy • Practice internal evacuation to safer areas • Evacuate to Disperse • Bomb blast protection film • Paper BCM records/checklist • Once evacuated you will not be allowed back in • Police cordons can stop access for several days • Grab Bag/Emergency Box held in reception and taken out ‘automatically’ on all fire drills…………

  12. LESSONS LEARNED & SIMPLE SOLUTIONS • Pocket sized ‘major incident’ card • Staff Emergency Telephone number • Pre-agreed meeting place(s) half a mile away • Put key work and home numbers, and cascade lists (starting ‘CAS’), into mobile phones. Care: mobile networks may fail • Floor plan showing location of critical cupboards/equipment which can be salvaged • Liaison in advance with local authority/police re. access arrangements & their emergency plans.

  13. LESSONS LEARNED & SIMPLE SOLUTIONS • Arrangement with BT to divert to external pre-recorded announcement • Computer backups held off site & tested • Reciprocal contingency arrangements with large customers/suppliers • Maintain an Incident Log • Photo/video evidence (for Loss Adjuster) • Flexible plans – every disaster is different! • Internal BCP Compliance sign-off • Scenario ‘walkthrough’ testing & discuss BCP at team meetings.

  14. LESSONS LEARNED & SIMPLE SOLUTIONS • Undertake tests at the contingency location • Monitor for signs of stress - Trauma counselling • Care when contacting staff/families • Share information with the Police Casualty Bureau • Take action to avoid incidents (e.g. fire hazards, water and heat alarms, etc.) or presenting a soft target (install CCTV, access controls, concrete planters, etc.).

  15. SURVIVING DISASTERSLESSONS LEARNED & SIMPLE SOLUTIONS “Lessons are not learned until they are put into practice. Up to that point they are only learning opportunities” Any questions? DerekMason.SBCS@live.com For simple, straightforward, low maintenance Business Continuity processes.

More Related