300 likes | 310 Views
Continuity Planning Today: A Guide to Surviving and Thriving in Challenging Economic Times. DRI 2013 Annual Conference June 5, 2013 Presenter: Paul Marksteiner.
E N D
Continuity Planning Today:A Guide to Surviving and Thriving in Challenging Economic Times DRI 2013 Annual Conference June 5, 2013 Presenter: Paul Marksteiner
Cutting to the levels necessitated by the Budget Control Act will … take making difficult decisions about reducing funding or ending programs that are laudable, but that in this fiscal environment cannot be funded at desired levels. U.S. Government Budget for FY 2013 “Gentlemen, we have run out of money. Now we have to think.”Winston Churchill Washington Beyond The Cliff: 2013 May Be The Year of Perpetual Fiscal Crisis. Forbes, Dec 27, 2012 Our Nation’s budget situation is unsustainable… Senator Conrad Senate Budget Committee Feb 2, 2012 US surmounts fiscal cliff for now, but hurdles remain Reuters, Jan 2, 2013 Cuts not likely to go away: President Obama acknowledged Friday that deep federal budget cuts are here with no end in sight…” The Washington Post, Mar 2, 2013
Agenda • A Guide to Surviving and Thriving in Challenging Economic Times: The “Do’s” and “Don’ts” • The Don’ts: Three Common Pitfalls to Avoid • The Do’s: Seven Best Practices to Embrace • Fiscal Efficiency Self Assessment 3
Understanding the “Do’s” and “Don’ts” • Domain: Public Sector continuity planning • Origin: Multiple experts, vetted by certified professionals • Characteristics of the “Don’ts” … • Focus on continuity planning at macro level • Emphasize planning basics • Achieve fiscal efficiency through smart spending • Characteristics of the “Do’s” … • Focus on details of continuity planning • Emphasize Best Practices and innovation • Achieve fiscal efficiency through smart spending, less spending and leveraging other funding sources 4
Don’t confuse the “planning product” with the “planning process” … Plans are worthless. Planning is indispensable. President Dwight D. Eisenhower The Process The Plans Develop Plan How does your organization allocate its planning money? Revise Plan Exercise Plan Evaluate Plan Image of People: FEMA, Brian Glaviano, ID # 46224 5
Don’t spend money on a plan that is not mission-focused … Organizations must train and exercise to meet required standards, not to what they are currently capable of doing. Craig Fugate Administrator, Federal Emergency Management Agency 5th Annual Homeland Defense and Security Education Summit Keynote Address, March 10, 2011 • Your organization’s continuity plan may not be mission-focused if: • Employees deploy before exercises begin • Exercises last no more than 8 hours and are conducted only during the normal work day • The “crawl-walk-run” approach never seems to get beyond the first stage … 6
Don’t spend money on a plan that can’t be executed… There is no sense in spending even $1 on a plan unless you build something that actually works. Kelly Okolita Master Business Continuity Professional (MBCP) in Building an Enterprise-Wide Business Continuity Program 2010 • Your organization’s continuity plan may not be executable if: • Leaders are not actively involved in its development • It looks “pristine”/never-been-used • It’s not properly tailored to local conditions/ circumstances … 7
Best Practices That Can Ease Your Organization’s Budgetary Woes – The “Do’s” • Link organizational responsibilities to enterprise-wide essential functions. • Conduct risk-based planning that takes into consideration the “new normal” in Homeland Security. • Ensure the organization’s Business Process Analysis (BPA)/Business Impact Analysis (BIA) can be used to support all types of continuity planning. • Treat continuity planning as an integrated process with standardized content, and leverage the common features in each type of continuity plan. • Take advantage of the resiliency and survivability of a distributed work force. • Use real world events to validate continuity proficiency and demonstrate value. • Leverage the resources aligned to other contingency programs. 8
#1 – Link your organization’s responsibilities to enterprise-wide essential functions.National Essential Functions (NEFs) Ensuring the continued functioning of our form of government under the Constitution; Providing leadership visible to the Nation and the world and maintaining the trust and confidence of the American people; Defending the Constitution of the United States against all enemies, foreign and domestic, and preventing or interdicting attacks against the United States or its people, property, or interests; Maintaining and fostering effective relationships with foreign nations; Protecting against threats to the homeland and bringing to justice perpetrators of crimes or attacks against the United States or its people, property, or interests; Providing rapid and effective response to and recovery from the domestic consequences of an attack or other incident; Protecting and stabilizing the Nation's economy and ensuring public confidence in its financial systems; and, Providing for critical Federal Government services that address the national health, safety, and welfare needs of the United States. NEFs are the foundation for all continuity programs & capabilities … NEFs shall be the primary focus of Federal Government leadership during and in the aftermath of an emergency… NSPD-51/HSPD-20, May 2007 9
It’s all about being able to explain what your organization does to support the Nation… (#1 cont.) National Essential Function (NEF) #8 Providing critical Federal Government services that address the national health, safety, and welfare needs of the United States. Primary Mission Essential Function (PMEF) in Department/Agency X MEFs • Provide emergency medical services to the broader population, consistent with the National Response Framework. Logistics Mission Essential Functions (MEFs) in Department/Agency X • Procure and provide medical equipment. • Equip and maintain the readiness of primary and alternate continuity sites. MEFs PMEFs Logistics Critical Tasks in Department/Agency X NEFs • Establish and maintain a comprehensive inventory of Department equipment. • Develop and maintain an equipment life-cycle management system. • Organize a robust and geographically disperse network of equipment and supply vendors. • Ensure the logistics readiness of the Department’s alternate operating sites within 12-hours of Continuity Plan activation. All Government Functions 10
… and being able to articulate the relationship in a clear and compelling manner. (#1 cont.) Create additional tools to provide more detailed analysis for unique organizations… Understand and apply the methodology for identifying mission essential functions outlined in Federal Continuity Directive (FCD) 2 … Incorporate the detailed analysis/mapping in resourcing discussions. Use the results of the analysis to develop a NEF-PMEF-MEF-critical task mapping … 11 Image: FEMA, Tomas Kaselionis, ID # 64014
#2 – Conduct risk-based planning that reflects the “new normal” in Homeland Security Evolving Threats We face a threat environment where violent extremism is neither constrained by international borders nor limited to any single ideology… plots to attack America increasingly involve American residents … prepared to carry out terrorist attacks with little or no warning. The increasingly savvy use of the Internet, mainstream and social media, and information technology by these groups adds an additional layer of complexity. Secretary Napolitano Homeland Security Affairs, The 9/11 Essays September 2011 12
Evolving Threat & Impact on Continuity Planning (#2 cont.) Evolving Threat • Diffuse groups, both domestic & international • Varied degree of understanding • No/minimal warning • Escalation unlikely • Asymmetric capabilities • Expanding cyber component Cold War Threat • Nation-state adversary • Well known • Warning expected • High risk of escalation, with gradual increase in tension • Symmetric capabilities • Worldwide impact Post-9/11 Threat • Amorphous groups • Poorly understood by intelligence community • No/minimal warning • Escalation unlikely • Asymmetric capabilities • Limited impact • Historical COOP Planning Characteristics • Singular approach and all-or-nothing plan execution • Pre-identified/fixed alternate facilities • Ample time for plan activation • Orderly relocation of primary staff to alternate facility to perform essential functions • Today’s Continuity Planning Characteristics • Flexible/scalable all-hazard continuity strategies • Geographic dispersion • Multiple continuity sites, including devolution facilities and telework alternatives • Quick start-up capability (i.e., warm/hot sites) • Leveraged IT supporting distributed operations 13
#3 – Ensure the organization’s continuity BPA/BIA is “requirements” based, and can be used to support all types (COOP, devolution, pandemic) of continuity plans. A BPA “maps” related business activities that come together to provide something of value to a stakeholder. A BIA identifies and prioritizes the most critical business activities, based on the severity of the impact, if the action is not performed. Taken together, a BPA/BIA provides the foundation for all future continuity planning. 14
A “requirements” based BPA/BIA saves time and money on duplicative business process mapping and impact analyses (#3 cont.) COOP Plan PandemicAnnex Devolution Plan Reconstitution Plan 15
PANDEMIC #4 – Treat continuity planning as an integrated process with standardized content, and leverage the common features in each planning template. DOP INTEGRATED CONCEPT OF OPERATIONS COOP Planning Pandemic Planning Devolution Planning 16
Integrated CONOPS for Continuity Plan Activation (#4 cont.) With Warning Without Warning Event National Threat Department/Agency-Only Threat National Impact Department/Agency-Only Impact Situational awareness & evaluation Substantial Impact Minimum Impact Pre-position ERG & resources, if needed Determine full or partial continuity strategy Resume normaloperations Credible Threat? Primary staff support PMEF/MEF within 12 hours? Yes No Yes Threat diminished or minimum impact Implement Devolution Plan Implement COOP Plan Social Distancing Required Social Distancing Required Resume normal operations Initiate alert and notification DOP Pandemic Annex COOP Pandemic Annex Begin ERG relocation to COOP site or transfer to devolution site 17
Identify the common features and information in the various types of continuity plans … (#4 cont.) PLAN/FEATURE 18
… and use that knowledge to develop an integrated and standardized planning template. (#4 cont.) • Table of Contents for Integrated Continuity Plan • Introduction (Purpose, Scope , References, Responsibilities, Definitions) • Essential Functions • Integrated Concept of Operations • Activation and Relocation • Primary staff continuity operations (COOP) • Primary staff continuity operations adjusted for social distancing (COOP/Pandemic) • Alternate staff continuity operations (Devolution) • Alternate staff continuity operations adjusted for social distancing(Devolution/Pandemic) • Continuity Operations • Alternate Facilities(COOP, DOP, Pandemic) • Vital Records • Communications • Reconstitution • Human Capital • Logistics and Support 19
#5 – Leverage the inherent resiliency and survivability of a distributed work force that encourages teleworking. Examples of Distributed Organizational Structures in the Federal Executive Branch and Percentage of Federal Jobs by Geographic Region Social Security Administration Regions Federal Emergency Management Agency Regions Federal Jobs by Geographic Region Source: FEDSCOPE 2010 Department of Labor Regions Environmental Protection Agency Regions 20
… and jump on-board the telework express. (#5 cont.) The Telework Enhancement Act of 2010 expanded telework opportunities for most federal workers. It required agencies to establish a policy authorizing eligible employees to telework, and then to determine which employees are eligible to participate. The Act also required departments and agencies to “Integrate telework into their organization’s Continuity Planning.” • According to the 2012 Status of Telework in the Federal Work Force: Report to Congress: • The number of federal teleworkers jumped by more than 55,000 between 2008 and 2011, bringing the total to 168,558 or 25% (up from 10% in 2008) of the eligible federal work force. • Of the 87 agencies surveyed, 75 had included telework as part of their organization’s continuity plan. • “Emergency Preparedness” was reported to be the most important organizational consideration in expanding telework programs. • The Partnership for Public Service proposed a goal of 600,000 federal civil servants teleworking by 2014. 21
Continuity/Telework Factoids (#5 cont.) • Agencies that take the time to implement telework programs, function more smoothly during crises. (Partnership for Public Service, Jul 2010) • When blizzards blanketed Washington in February 2010, some federal agencies saw their telework programs transformed into continuity of operations plans. (Federal Computer Week, Nov 3, 2010) • New telework law and “Status of Telework Report to Congress” reinforce strategic use of telework [to] … improve resiliency and achieve continuity of operations in emergencies. (Director OPM, Feb 2011) • Hurricane Katrina, ‘Snowmageddon’, Swine Flu, and other crises have bolstered the government’s resolve to make telework a continuity of operations (COOP) necessity. (The State of Telework in the U.S. – How Individuals, Business, and Government Benefit, July 2011) • The Office of Personnel Management is preparing to automate the way agencies collect statistics about telework …with the goal of deploying it throughout government by summer 2014. (OPM News, July 2012) 22
#6 – Use Real World Events to Validate Continuity Planning/Proficiency and Demonstrate Value As the snow fall tally approached 55 inches in the Washington, DC area in February 5, 2010 – and schools and government offices closed – OPM commented … This severe weather forecast presents a key opportunity for agencies to test their telework plans in the context of emergency preparedness. OPM News Release Feb 4, 2010 Image: NOAA, U.S. Capitol, Feb 6, 2010, Carrie Smith 23
The looming fiscal crisis may showcase a value-added dimension of your organization’s continuity planning … (#6 cont.) A comprehensive BPA/BIA will likely have already identified agency/ organizational functions that must continue during a government shut-down. Exempt positions include those necessary to the discharge of the President's constitutional duties and those necessary to protect life and property [e.g., military, law enforcement, or the direct provision of health care activities ]. OMB Circular No. A–11, Sec 124 2010/2012 CLOSED Image (Without banner): Architect of the Capitol 24
#7 – Find Synergy in the resources aligned to other contingency programs Eliminate duplication and take advantage of reinforcing initiatives that may remain well funded, including those focused on “cyber security” and “resiliency.” FISCAL YEAR BUDGET OF THE U.S. GOVERNMENT ? 25
Look for synergistic opportunities in the guidance that integrates telework into continuity planning and emergency preparedness… (#7 cont.) • Report Findings: • Highlight need for more fully coordinated Occupant Emergency Plans, Continuity of Operations Plans, and Disaster Preparedness Plans. • Recommend agencies develop guidance that explains how telework will be “incorporated” into emergency plans and continuity plans. • Call for follow-up report on the extent to which agencies have incorporated telework into their emergency and continuity planning and operations. 26
Take advantage of the overlap in the operational tools and practices that support CIP planning, including those that – (#7 cont.) … map assets and processes to Mission Essential Functions … employ an all-hazards risk-based approach 1 5 4 2 3 Risk Management tools are used by public and private sector organizations to assess both continuity-related risk as well as infrastructure-related risk. Critical Pathway Analysis tools are used to conduct Business Process Analyses (BPA) as well as for identifying dependency linkages in CIP planning. 27
Fiscal Effectiveness Self- AssessmentAre you getting the most bang-for-the-buck from your continuity spending? For every “yes’” answer, give yourself 10 points. 10 points 10 points 10 points 10 points 10 Points 10 Points 10 Points 10 Points 10 Points 10 Points • Does your organization value the planning process as well as the plan? • Has your organization actually demonstrated the efficacy of its continuity plan? • Were your organization’s leadership and emergency staff involved in continuity plan development? • Does your organization’s continuity plan link its responsibilities to enterprise-wide MEFs? • Does your organization’s continuity plan take into consideration the “new normal” in Homeland Security? • Has your organization conducted a “requirements” based BPA/BIA that can be used to support all types of continuity planning, including reconstitution? • Does your organization treat continuity planning as an integrated process and leverage the commonality in the various planning templates? • Does your organization’s plan take advantage of a distributed work force capability? • Does your organization use real world events to validate training proficiency and planning effectiveness? • Does your organization’s plan leverage other available planning resources (e.g., telework, CIP)? 100 Points 28
Seize the opportunity… Looming cuts in federal spending will require dramatic changes in how agencies operate…The budget crisis presents agency leaders with difficult choices but also an unprecedented opportunity to fix broken processes, realign organizational structures, modernize technology, and make other improvements that might be resisted in less-urgent circumstances. “Effectiveness and Efficiency: Seven Leadership Practices for Meeting the Mission Challenge in an Era of Declining Budgets” Booz Allen Hamilton White Paper 29