1 / 44

The CCB Matrix

John Basinger ACII FCILA AIRM ABCI. The CCB Matrix. Roy Adams. Alarm South East. Introduction. The Business Continuity Consultants View The Local Authority Perspective. Aims and Objectives. Brief overview of CCB What is Business Continuity Management ? Why do it?

fell
Download Presentation

The CCB Matrix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. John Basinger ACII FCILA AIRM ABCI The CCB Matrix Roy Adams Alarm South East

  2. Introduction • The Business Continuity Consultants View • The Local Authority Perspective

  3. Aims and Objectives • Brief overview of CCB • What is Business Continuity Management ? • Why do it? • Promote discussion on what you need to do • Set the scene for Roy !

  4. What does the CCB say and do • Single framework for civil protection in 21st Century • Identifies roles & responsibilities for local responders • Modernises legislative tools to deal with most serious emergencies • Creates structure for multi-agency planning teams

  5. What does the CCB say and do • Provides a clear set of responsibilities& expectations for local responders • Greater structure & consistency for multi-agency planning • Councils are Category 1

  6. Category 1 duties • Risk assessment • Emergency planning • Warning & informing • Business Continuity Planning ( sole responsibility for LA’s) • Co-operation • Information sharing • Generic advice to public at large

  7. Your duty to Plan • CCB relates to Emergencies • Emergency Planning is one of the Authority’s duties ! • To fulfil that duty the Authority has to be resilient • Therefore full BCP is required for the entire authority….. Discuss!

  8. What is BCM? “A management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interest of key stakeholders, reputation, brand and value creating activities.” Source - BCI 2001

  9. A Management Process • Not a bolt-on goody • A dynamic, proactive and ongoing process • Must be kept up to date to be effective • Embedding BCM makes it part of the business process • Avoids firefighting in an emergency • Assists in preparation for “business as usual”

  10. Key Objectives of an Effective BCM Strategy • Ensure safety of staff • Minimise business interruption events • Maintain service delivery • Limit/prevent impact beyond the Authority • Demonstrate effective and efficient governance to the media and stakeholders • Protect the Authority’s assets • Meet insurance, legal and regulatory requirements

  11. The Process • Understanding your organisation • Business Continuity strategies • Develop and implement Business Continuity response • Building and embedding a continuity culture • Exercising, maintenance and audit • BCM programme management

  12. Understanding Your Organisation - Business Impact Analysis • Needs ownership by senior management to ensure buy-in • BCM needs to be aligned with Mission Critical Activities • What are the key processes and functions? • Who are the key personnel? • How long before service drops below an acceptable level? • Interdependencies internal/external • Single points of failure

  13. Understanding Your Organisation - Risk Assessment and Control • “What ifs” • Hazard register • Likelihood (probability) • Impact (severity) • Risk ranking - accept, manage, reduce, BCP

  14. Business Continuity Strategies • What is your appetite for risk? • Manage in-house • Third Party contracts • Reciprocal arrangements • Checklists • Contact lists etc

  15. Develop and Implement BC Response • Establish management of the process • Ascribe responsibilities • Establish Risk Management Team(s) • Communications • Public Relations

  16. Building and Embedding a BCM Culture Ongoing programme of - • Education • Awareness • Training

  17. Exercising, Maintenance and Audit • Exercising of BCM plans • Rehearsal of staff and BCM teams • Testing of technology and BCM system • BCM maintenance • BCM audit

  18. The BCM Programme • Executive commitment and proactive participation • Organisation (corporate) strategy • BCM policy • BCM framework • Roles, accountability, responsibilities and authority • Finance • Resources • Assistance • Audit • Management information systems • Compliance • Change management

  19. Conclusions • Business Continuity is Business Management • Pre-planning pays off • Plans need to be kept up to date • Plans need to be kept simple • BCM is peace of mind

  20. Theory into practice-the challenge! Central Government Utilities Audit Commission Business ContinuityPlanning Blue Lights Day to Day Functions Emergency Planning Local Businesses

  21. Business as Usual? – have you thought about CCB? • Its big, potentially one of the biggest issues for Local Government • It will affect every organisation involved in Government and Emergency Services • It could save lives or cost lives • It is beyond the skills of anyone individual…

  22. Vision Statement • The CCB is designed to ensure that the Country is able to withstand a serious event with the minimum disruption to Society • The CCB imposes clear duties upon Local Government and the Emergency Services- there is no “opt-out” clause

  23. It will never Happen! • Remember Manchester? £257m, Canary Wharf £117m, 2002 storms £1.25billion. Plus lost lives!!! • ABI impact indicates incident in London hits all the travel to work areas • ABI plans East Coast/Thames estuary flood £8-10billion + lost business

  24. The Challenge • Deal with the “event” • Handle the effects i.e. Evacuations, Damage limitation, Crisis Management • But Now determines the role of the local authority & looks for continuity of service from the Authority and “other providers”

  25. Today’s Issues • Presently EPO’s and Council teams have plans for external events and not Business continuity in a wider perspective • These plans were found wanting in recently i.e. fuel crisis, M11 Snow, and exposed the “gaps” in contracts and partnerships • Even the roles of emergency service and military were confused.

  26. How Did We Get in that situation? • Role of EPO’s and Councils have changed following recent incidents- wider involvement- lack of clarity • Original assumptions are no longer valid the Public expectations are “Service” as usual • Society is more complex with centralised supply chains, outsourcing, diversity of Health Care and essential services

  27. Partners=Problems • No contractual responsibility for out sourced services • No real strategic grasp of the wider issues • Who pays syndrome • Isn’t this your problem? • Outsourcing does not remove the responsibility.

  28. What are the threats? [P45?] • Public Outcry= Politicians embarrassed • Awkward questions- [No Blame Culture?] • No single person/organisation at fault • Press pressure- why no scapegoats?? • Embarrassment=Action=CCB • CCB=You! [No blame culture???]

  29. Our Challenging Society of Risk • Terrorism, WMD’s, “flixborough’s” • But also “rights” extremists, Hackers, Globalised Suppliers, infrastructure i.e. I.T/ WWW, Electronic banking etc • No natural inbuilt “resilience” in society Who will face the litigation? “someone’s at fault! “ • No experience or tolerance of mass disruption since WW2.

  30. The CCB Solution [Passing the Buck?] • No Centralised system-[ “no CG blame?] • Wide definition of emergency!! • By decentralising the onus is upon Local Authorities and Emergency services to get things right • No matter what happens, there will be Litigation, Enquiry’s and Scapegoats.

  31. The “Way out of the CCB Matrix?” Route 1 • This is a BIG and NASTY risk, get it wrong and it could be fatal in real terms • Assess your role and the risks for your area, work as a group. No Opting Out • Learn from others, what has happened before, natural, accidental and deliberate • Clearly define your role/ responsibility

  32. Route 2 Provide Services • Get your own Business continuity plan in place, keep it simple, many incidents are generic. • Plan as if there are 2 incidents- • The external event and your response • The impact of the event upon your own service provision

  33. Route 3 Simple Problems- Big Impact • Money- set up agreements or credit cards • People- who will do what? i.e. the senior risk and insurance staff could be involved in both-EPO’s, H&S, Adjusters? who does what? • Access- to your property, the area, systems, facilities. • Transport, where do you live? Will it work? Would you be allowed access?-SOCO etc

  34. Route 4 Plan Ahead • Assuming you have your business continuity plans in place do you know what is expected of your organisation • Giver or Receiver?- your plans will differ • Big or Small? County Plans should dovetail with Districts, neighbours? • Never ever assume – ask, know your place

  35. Route 5 Other Routes • Duty on other category 1 providers to assess risk, maintain plans, publish and maintain arrangements to warn, advise and inform the public in the event of an emergency • Category 2 duties to co operation with Cat 1--- but how?, needs evaluation and action plans

  36. Oh yes, there’s more • Advice on Business Continuity to others- keep it simple- seminars etc, use Brokers BCI or ABI etc [it’s in their own interest!] • Remember that you cannot design the plan for others, keep it generic or get sued!

  37. Who Pays? • Only small % is insurable • Bellwin -1/2% excess, not if insurable • Taxpayers? • Or is it a case for Central Government to agree to underwrite the costs? • A the outset involve accountants to agree and monitor expenditure, and records of why when etc.

  38. The Carrot and the Stick- The stick • CPA’s- Business Continuity on agenda • Corporate manslaughter- • Press reaction • Litigation- Hindsight!! • Political fall out • Career?

  39. Recommendation • Identify the risks- include on Strategic Risk Register • BC Plans- link to Services, EPO’s and test • Record all outcomes, if funding is needed then ask. If no funding then the responsibility passes up the chain [so does the blame!!!]

  40. Finally the Carrot • There is no carrot • Only the knowledge that if something does go wrong then you and your colleagues could actually make a real contribution to the welfare of others • If not then how will you reply when the questions are being asked????

  41. And now John’s Practical Tips

  42. Practical advice • Ensure buy in from the top • Involve all departments & stakeholders • Ensure BCM is embedded into day to day management • Raise awareness • Plans need to be kept simple & up to date

  43. Practical advice • Exercise your plans • Involve insurers / adjusters • Train your crisis management teams • Crisis logs- to demonstrate rationale of decision making, expenditure etc. • Things happen in a way you can’t always predict.Therefore plan in flexibility.

  44. Final Thoughts • Even if the Bill is amended further the concept and duties will still remain • It will not go away, and BC is part of the CPA • Proaction is better than no action • It will cost money, remember your budgets- bid now for funding…

More Related