1 / 37

Spotlight on Emergency Management Protocol

Learn how Enterprise Resiliency supports corporate strategy by mitigating business interruptions and ensuring continuity in the face of disasters. Explore the importance of Emergency Response Timelines, Data and Business Recovery, and the role of Emergency Management Protocols in minimizing disruptions.

walterk
Download Presentation

Spotlight on Emergency Management Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spotlight onEmergency Management Protocol November 12, 2013 Tim Mathews Executive Director Enterprise Resiliency

  2. Survival….Turbulence….Rate of change….Critical…. Unpredictability…..Geopolitical forces…Uncertainty…..Flexibility…Responsiveness…natural and man-madeDisasters

  3. Corporate Strategy “… an effective corporate strategy will systematically improve the probability of success…” Paul Almeida, Ph.D. Georgetown University Enterprise Resiliency supports the corporate strategy by establishing the capabilities and resources required to systematically mitigate and minimize the impact of a significant business interruption. Thus providing “institutional flexibility” so the organization can continue to pursue its mission.

  4. External Drivers of Resiliency • Global economy and events • “Kitchen table” awareness with focus on security • Media coverage and scrutiny of events • Frequency and Impact of interruptions • Natural and man-made events • Rate of technology change • External Board member perspective • Industry and competition • Regulatory climate and visibility

  5. DATA RECOVERY BUSINESS RECOVERY RPO RTO Event ENTERPRISE RESPONSE Because #$%& Happens! Disaster Recovery/Business Continuity Limit down time Limit data loss Emergency ManagementProtocol

  6. Emergency Response Timeline BCP: Business Continuity Plans (by area) TDRP: Technical Disaster Recovery Plans (by location/service) EIG: Emergency Information Guides (by location) Time To Declare (TTD) ERT = TTD + RTO EMP: Emergency Management Protocol (by enterprise) Plans Situation Assessment Mobilization Crisis Latest Offsite Backup Recovery Point Recovery Time Data/Time Lost Data Backlog “Disaster-Mode” Operation Business Recovered* • Actual recovery occurs in prioritized phases dependent on strategies Data Recovered* Business As Usual Occurrence Systems Recovered* Processing Event Incident T I M E Onset Declaration Recovery… …Restoration Return Home

  7. The Resilient Enterprise has a higher probability of survival in today’s business climate

  8. Model Enterprise Resiliency Organization Executive Financial Manager Staff Assistant OEM Manager BCP Manager DRP Manager RM&RP Manager RMS Manager ERP Coordinator RMS Coordinators OEM Coordinator RM&RP Coordinator BCP Planners DR Planners Security Staff 24/7 shifts Electronic RMRP Specialist Facility/location Coordinators ERT, EMT, IMT, CMT Coordinators RMRP Coordinators BCP Owners DRP Owners BCP Coordinators DRP Authors • BCP – Business Continuity Program • DRP – Disaster Recovery Program • RMS – Risk Mitigation Services • OEM – Office of Emergency Management/Corporate Investigations • RMRP – Records Management and Retention Program

  9. Departmental Guiding Principles • Protect and preserve the health, safety and integrity of corporate assets and staff • Identify, measure and mitigate risks to allow the business to increase its scope and scale of operations • Respond to events professionally and calmly and facilitate the continued operations until event is neutralized • Implement and exercise appropriate resilience strategies, tactics and solutions • Provide subject matter expertise to the enterprise • Business Continuity/Disaster Recovery • Risk Identification and Mitigation • Records Management and Retention • Communicate - Vertically and Horizontally • Integrate with external entities for coordinated response

  10. Office of Emergency Management (OEM) • Define, Implement, Manage, and Measure processes, policies and procedures that capture, identify, assess, investigate, mobilize, escalate, manage, communicate and report on enterprise events beyond the normal mode of operations. • Cross functional involvement and implementation • Periodic program reporting of: • Events, Incidents and Crisis • Quantification and assessment of impact • Real-time mitigation management • Emergency communication, notification and first responders • After action reporting and lessons learned • Longer term mitigation strategy recommendation

  11. End to end ownership of risk mitigation, management and response provides for more efficient use of resources

  12. Putting it all together….. Things Happen…… When current response to any unplanned event is chaotic and ad-hoc it leads to: Miscommunication Over-escalation Executive heroics Increased media exposure Ineffective communication and follow-up Limited learning Extremely disruptive to business operations

  13. Emergency Response Objective Provide prompt evaluation and response to any unplanned event. Mitigate or escalate with a minimum of disruption to business operations.

  14. Emergency Management Protocol • Facilitate the evaluation, mitigation and escalation of any unplanned event • Establish a communication and command/control framework • Support the protection of - Life and Safety - Corporate Reputation - Physical and Intellectual Assets • Minimize disruption to normal business operations • Expedite the “Time to Declare” if appropriate • Provide timely status updates • Review Post event analysis for future risk mitigation

  15. Severity Escalation Levels 1. Occurrence– on-site response personnel can mitigate the problem using standard operating procedures 2.Event– on-site or field office personnel cannot mitigate the problem using standard operating procedures 3.Incident– corporate reputation or finances or a major business disruption to operations, activate our Emergency Operations Centers, notify BC/DR Recovery Teams 4.Crisis– executive participation needed for corporate policydecisions, declaration of Disaster, initiating BC/DR Plans • Cross Functional Management Teams at each level • All Managements Teams work together • Assigned Ownership– Determined by event category

  16. Categorizing Events • Rationale • Assign ownership • Identify incidents • Provide metrics • Identify vulnerabilities • Implement mitigation strategies • Measure improvement • Substantiate budget • Validate process • Facilitate post-event analysis

  17. Physical Campus infrastructure Company property Personal property Technology Equipment Network Systems Intellectual Property Medical Virtual Data Identity Property Reputation Organization Integrity “Event” Types

  18. Accidental Intentional Man-Made Internal External Natural Origins

  19. Event Categorization • 7 Major Categories • 50+ Sub-categories • 7 “initial owners” • Cover entire organization • Flexibility of SOP at the SBU level

  20. Emergency Response Teams Event Management Team Ownership determined by category Divisional Representation seats + Crisis Management Team Incident Management Team

  21. Temporary employee dies in parking lot Physical Security and Safety • Sub-Categories • Employee Illness or Injury • Vehicle Accident • ID and/or Access Control • Physical Sabotage • Civil Disobedience • Lost Property • Physical • Intellectual • Local Weather • Crime CORPORATE SECURITY

  22. Sprinkler malfunction causes building evacuation Physical Infrastructure • Sub-Categories • Explosion/Fire • Building Collapse • Utility Failure • HAZMAT • Infrastructure Related Equipment Failure • Industrial Accident FACILITIES

  23. Jordan Hotel Bombing Travel and Staff Transportation TRAVEL • Sub-Categories • Transportation Disruption • Airline Strikes and Other Flight Irregularities • Train Derailment • Travel Restrictions • Employee Travel Event • Accident (Train/Plane/Road) • Bombing • Hostage • Illness • Lost or Stolen ID/Funds/Property • Failure of Travel Communication Policy

  24. 2 day email outage Information Technology IT • Sub-Categories • Sabotage to Technology Infrastructure • Application Failure • Technology Related Equipment Failure • Data Related Crime • System Failure and/or Data Intrusion or Corruption • Breach of Data Security • Network Disruption • Application Processing Disruption

  25. Customer Service Rep threatened Workforce Integrity • Sub-Categories • Workplace Violence • Employee Termination • Absenteeism • Staffing Disruption • Roadwork • Transit Strike • Building Closure • Service Provider Disruption HR

  26. Anthrax scare closes post office Production and Delivery OPERATIONS • Sub-Categories • Operations Related Equipment Failure • Non-Local Weather affecting off-site operations • Corporate Supplier Disruption • Transportation (product delivery related) Disruption • Customer Service

  27. Inflammatory email causes Saudi test cancellation Test Integrity and Administration • Sub-Categories • Test Site Irregularities • Test Administration Irregularities • Test Transportation Irregularities • Test Security TEST INTEGRITY

  28. Emergency Response Process • Evaluate Problem • Resolve (Occurrence) • Escalate (Event, Incident, Crisis) • Communicate to Enterprise Resiliency • Notifications via AlertFind to Teams (and to all staff if necessary) • Event and (if necessary) Incident Teams Manage Response and Recovery • Crisis Team provides support to Incident Team and makes decisions on Legal, Contractual and Financial issues exceeding Incident Team authority level (including Disaster Declaration) • Document incident for Risk Mitigation follow-up

  29. Notification and Communication Capabilities • Emergency Notification and Communication System (AlertFind) • Voice, Text and/or Email Messages • Work, Home and Cell Phones • Employees and ETS Site based Non-Employees • Corporate Communiqué Emails (remote access) • Employee Information Hotline – Site Based Information • ETS Inside • Quickcom Boards (New Jersey Offices)

  30. ERP Escalation Criteria

  31. Escalation CriteriaOccurrence to Event • Cannot resolve using local resources or with standard operating procedures • Occurrence involves a life/safety issue • First Responders or other Emergency Personnel are requested • Remedial action exceeds individual authority level • Potential impact on corporate reputation • A crime is suspected

  32. Escalation CriteriaEvent to Incident • Cannot resolve using local resources or with standard operating procedures • Potential impact to corporate reputation • Event extends beyond the initial site • Remedial action exceeds authority level of the Event Management Team • Need to activate an Emergency Operations Center

  33. Escalation CriteriaIncident to Crisis • Policy decisions involving corporate reputation or viability must be made • Major business disruption has occurred • Remedial action exceeds authority level of Incident Management Team • A “Disaster Declaration” is anticipated and BC/DR plans may be activated

  34. ERP Process Flow

  35. ERP Process Flow continued

  36. ERP Escalation Example

More Related