Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014

Similar documents
The 13th Annual Continuity Insights Management Conference

Business Continuity Management (BCM) Chicagoland Safety Conference October 24, 2013

Going Global. Michael Lazcano

The City of Edmonton. Enterprise Risk Management and Business Continuity Management

Business Continuity Management and Resilience Framework

Introducing ISO 22301

Meet Our Presenter. Equipping You For Success: An ISO Certification Case Study

Citizens Property Insurance Corporation Business Continuity Framework

Business Continuity. Building a Program Fit for Purpose

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

Business Continuity Planning. LGMA Conference October 27, 2011 Presented by Lisa Benini

Business Continuity & Disaster Recovery

Business Continuity 101. Fairchild Resiliency Systems

BUSINESS CONTINUITY MANAGEMENT A MANAGER S TOOLKIT A

Business Continuity Management Plan. Policy

HB A Practitioners Guide to Business Continuity Management

A Guide to Business Continuity

Equipping You For Success

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Don t Panic! How to develop and implement an emergency response plan for your attraction

Auditing the Corporate Business Continuity and Disaster Recover Plan

Business Continuity & IT Disaster Recovery

Presentation on Crisis Management and Business Continuity. ISCA Breakfast Talk 13 September See Hong Pek, Partner, PwC

The Best Offense. Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management

A NEW MOMENTUM FOR BUSINESS CONTINUITY PROFESSIONALS? LAURENT RICCIARDI HEAD OF EFFICIENCY PROCESS & INFORMATION MANAGEMENT

Business Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017

Abraham E. Binder MA, ABCP York University Disaster & Emergency Management Program

BCM Lite a quick and easy guide to BCM for beginners and/or small businesses

City of Saskatoon Business Continuity Internal Audit Report

Business Continuity Framework

Business Resilience: Equipping the FM for Success

John Liuzzi, CBCP, CBRITP National Director, Business Continuity Southern Glazer s Wine and Spirits

Business Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science

Points of Discussion

Business Continuity Management Policy

Business Continuity & Risk Management

David Nolan, CEO Fusion Risk Management, Inc.

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Building a Standard for Business Continuity Planning

WILTSHIRE POLICE FORCE POLICY

Jennie Clinton, Pearce Global Partners May 10 th, 2012

Business Continuity Policy

US Business Continuity Safeguarding Your Business from a Disaster

Business Resilience They Cannot Do This Without You!

Ms. Michael C. Redmond, MBCP,FBCI,CEM, PhDc

Creating a Business Continuity Plan for your Health Center

Unit 3: Elements of a Viable Continuity Capability

Risk Management in the 21 st Century Ameren Business Risk Management

Business Continuity Planning and Disaster Recovery Planning

Standards, Standards and more Standards Are you confused? And really which one should my organiza:on follow?

1/8/2015. Learning Objectives. Why have a plan? Emergency Preparedness, Business Continuity, and Disaster Recovery. Can you anticipate the unexpected?

Fail to Prepare, Prepare to Fail. Business Continuity Management in the Food Industry

Crisis Management Who s In Charge?

Texas Tech University System

Creating an Actionable Disaster Recovery Plan

Subject Area 1 Project Initiation and Management

Subject Area 9 Public Relations and Crisis Coordination

POL:10:EP:003:03:NIBT PAGE 1 of 7

Advancing your BCP Program

Head of Security and Business Continuity

Strategic Business Continuity Management

pwc.co.uk Business continuity management

Emergency Management Program

BCP Methodology Benefits realisation

Enterprise-wide Business Continuity and Disaster Recovery Planning. Presented by Kelley Okolita

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

Building and Maintaining a Business Continuity Program

Risk Management Strategy

A Results-driven Transformation to Business Resilience

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager

BCP Methodology Benefits realisation

Business Continuity Planning for Major Disruptions Checklist 255

Leading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017

NFPA 1600 and Others: What Do These Standards Mean To You? NFPA 1600 Technical Committee. Terry W. Moore City of Houston OEM Principal Member for EMAT

Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

BUSINESS CONTINUITY MANAGEMENT

Business Continuity Management Policy

Introduction to Business

Business Impact Management Moving Beyond the Traditional BIA THINK DIFFERENT. THINK SUCCESS.

BUSINESS CONTINUITY & STRATEGY POLICY

Top 10 pitfalls to avoid when re-inventing your disaster recovery program

CONTINUITY OF OPERATIONS PLAN

18 Business Continuity Management

How to apply the 10 BCP best practices to Treasury

Business Continuity Management Policy. Guidance

Keep Your Company Moving After A Disaster With A Business Continuity Plan (BCP)

Enterprise Risk Management Demystified

DRI International Organizational Certification: Hub of Resilience and Resilient Enterprise THE WEBINAR WILL BEGIN SHORTLY. PLEASE STAND BY.

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

Certificate in Internal Audit 3. Advanced Audit Techniques

SCRLC April Supply Chain Risk Leadership Council

BUSINESS CONTINUITY AS A SERVICE

BY TED BROWN, CBCP CBCV MBCI PRESIDENT & CEO KETCHCONSULTING BCI USA BOARD MEMBER CPM HALL OF FAME

Relax and eat your breakfast. Thanks for coming to listen to me today, before we are done you will wish it was Friday.

Director of Business Assurance. Business Continuity Officer

PMI Southern Ontario Chapter PDD Ralph Dunham May 26, 2012

WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY

Continuity Awareness & Training The Right Way

Preparing for a Disaster or Business Disruption

Transcription:

Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders October 7, 2014

Agenda Background Program Elements What Makes it Enterprise-wide Recommended Strategies 2

Established in 1896, Preferred Mutual Insurance Company is headquartered in New Berlin, New York Provides property and casualty insurance coverage to individual and business customers through a network of independent agents throughout the Northeast Rated "A" for excellent through A.M. Best Please visit us at www.preferredmutual.com Email questions to dave.prosser@preferredmutual.com 3

What do we do? Where Do We Even Begin??? Business Contingency Catastrophe Management Crisis Continuity Planning Disaster Disruption Preparedness Emergency Interruption Program Incident Recovery Readiness Risk Resilience Technology (IT) 4

Business Continuity: Let s See What the Industry Has To Say An ongoing process to ensure that the necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services. (NFPA 1600) The strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level. (DRJ) Business Continuity Management: Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and valuecreating activities. (ISO 22301) The process that organizations use to ensure business continuity is maintained across their organization. (DRJ) 5

More Industry Terminologies Business Continuity Program: Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. (ISO 22301) Business Continuity Management Program: Ongoing management and governance process supported by top management and appropriately resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products and services through training, exercising, maintenance and review. (BCI) 6

Yes, Even More Industry Terminologies Disaster Recovery The technical aspect of business continuity. The collection of resources and activities to re-establish information technology services (including components such as infrastructure, telecommunications, systems, applications and data) at an alternate site following a disruption of IT services. Disaster recovery includes subsequent resumption and restoration of those operations at a more permanent site. (DRJ) Disaster/Emergency Management: An ongoing process to prevent, mitigate, prepare for, respond to, maintain continuity during, and recover from an incident that threatens life, property, operations, or the environment. (NFPA 1600) A program that implements the mission, vision, strategic goals, objectives and management framework of the program and organization. (BCI) 7

And Now a real Monkey Wrench Enterprise Risk Management (ERM): ERM includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall. (BCI and Wikipedia) (Keep in mind, this has only been a sampling of terms used to help us understand what is Enterprise-Wide Business Continuity.) 8

1 st Step Bring Focus/Definition to the Program Business Continuity Management (BCM): Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience 1 with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (ISO 22301) 1 Resilience: (1) the ability to become strong, healthy, or successful again after something bad happens (2) the ability of something to return to its original shape after it has been pulled, stretched, pressed, bent, etc. (Merriam-Webster.com) The adaptive capacity of an organization in a complex and changing environment. (ASIS) DRII Editor s Note: (a) Resilience is the ability of an organization to resist being affected by an event or the ability to return to an acceptable level of performance in an acceptable period of time after being affected by an event. (b) Resilience is the capability of a system to maintain its functions and structure in the face of internal and external change and to degrade gracefully when it must. (ASIS) 9

Use References: Leverage Industry Best-Practices DRI International (DRII) Professional Practices Business Continuity Institute (BCI) Good Practices Guidelines Industry Publications and White Papers (and even Conference Materials) Vendors/Business Partners 10

From This Enterprise-wide is Thought-Shifting To This BC Plan Ownership BC Plan Ownership BCM (You) Your Organization Your Organization BCM (You) Facilitation/Expertise Facilitation/Expertise 11

Requires Dept Heads becoming Plan Owners Incident Response (& Mgmt) Executive Team Liaison CIRT Critical Infrastructure/Support Corp Comm Human Resources BCM Comm Direct Customer-facing Areas IT Operations Site Services Claims Customer Service QA & Agency Interface Personal Lines Field Agency Marketing Commercial Lines SBS Project Development IT Enterprise Applications General Counsel Financial Operations Internal Audit Gov t Affairs Actuarial Finance & Risk Mgmt Other Depts/BU s 12 12

Enterprise-wide is also Approach-Shifting (Process-based vs Scenario-based plans) 1 BU s Identify Process Resource Requirements 2 Then common dept tasks 3 And then broad scenarios Dept BC Plan Tasks Procedures Teams Employees PROCESSES Suppliers Providers / and/or Vendors Vendors Agents Customers and/or Policyholders Applications / Software Equipment Supplies Com. Devices Vital Records Dept/BU Leadership Checklist - Account for Employees - Determine Critical Staffing needs - Report Status - Determine escalation/activation - (etc., etc.) Process Tasks Process Process Process Process Process Overlay with Company Strategic Responses Inclement Weather / Regional Disaster Building Outage Technology Outage Pandemic (Workforce Red) 13 13

Enterprise-wide Bridges Gaps PROCESSES Applications / Software PROCESSES Applications / Software Equipment Focus/Highlight BIA and Business Process Prioritization Equipment Tasks Teams Ensure the correct level of IT DR, given the ultra-low Supplies Tasks Teams tolerance for latency world in which we operate today Supplies Procedures Employees Suppliers Providers / and/or Vendors Vendors Com. Devices Ensure the business has the correct IT DR expectations Vital Records Procedures Address Work Area Recovery/Continuity Employees Suppliers Providers / and/or Vendors Vendors Com. Devices Vital Records Agents Customers and/or Policyholders Keep Management involved and continuously updated Agents Customers and/or Policyholders 14

Requires Enterprise-Wide Incident Coordination CEO Strategic Oversight Incident Commander (IC) Person In-Charge Named at T.O.D. Executive Liaison - SVP s Co-back-ups - VP s and Sr Directors Strategy Team Facilitation by BCM Gen Counsel Site Services Infrastructure Co-Lead IT Operations Infrastructure Co-Lead Personal Lines P & I Co-Lead Customer Service P & I Co-Lead Corp Communications Logistics Co-Lead Human Resources Logistics Co-Lead Finance & Risk Mgt Finance Lead SS Back-up #1 IT Ent Applications IT Back-up #1 Claims QA & Agency Interface Corp Comm HR Financial Operations P&I Back-up #1 P&I Back-up #2 CC Back-up #1 HR Back-up #1 Finance Back-up #1 Back-up #2 IT Disaster Recovery IT Back-up #2 Field Agency Marketing Gov t Affairs Corp Comm HR CC Back-up #2 HR Back-up #2 Actuarial Finance Back-up #2 SBS Project Dev Commercial Lines Legend: = Command Internal Audit = Infrastructure = Logistics = Planning & Intelligence = Finance 15

Our Enterprise-Wide BCM Model (Design and Guidance) Business Continuity Committee (Design and Guidance) (Making Ready) Company/Infrastructure Readiness Employee Preparedness, Policies and Communications Facilities Preparedness, Mitigation, Emergency Response and Security IT Preparedness, Mitigation and IT Disaster Recovery Department Business Continuity Plans Plan Design and Development Training and Exercises Each Department is responsible for its own BC Plan and Readiness (Making Ready) (Should there be a need ) Incident Response (& Mgmt) CIRT (Corporate Incident Response Team) comprised of key stakeholders Centralized management of all incidents including Catastrophes Escalates/Communicates with Executive Leadership, as necessary Response Protocols for each Satellite Office (Should there be a need ) 16 16

Then Communicate BCM in Common Sense Business Continuity is the advanced planning and preparation for things that can happen and then being ready to respond when things do happen What does that really mean? (Hint: You won t find it in a binder, or on a software tool ) It s in the Planning, not the Plans BCM is an embedded organizational culture that promotes continuous planning, preparation and making the business ready to respond We understand people come first, but doing our jobs become priority once safety is addressed Which means, every employee has a role in business continuity. We want you! Every employee must be fully prepared at work and at home, including their families 17 17

Recommended Management Strategies 1. Start a BCM Committee Dept Heads from: Facilities, IT, Corporate Communications, HR and Key Customer-facing BU s Use Risk-based (ERM) / Best Practices approach, and establish that BCM is a Show-Stopper 2. Establish an Incident Response and Management Team (both Members/Protocols) 3. Leverage like-minded efforts that are already established. Use BCM Committee to consolidate and update (possibly agree for BCM to take the lead on integration/improvement) 4. Gain Senior Management approval for a 2- to 4-step design/re-design and deployment strategy Begin 1 st step ASAP! 5. Provide regular updates and recommendations to Senior (C-level) Executive Management 6. Leverage Corp Comm to socialize BCM to entire company as much as possible Be Creative!!! 18 18

Recommended Employee Strategies 1. Highly promote that all employees prepare themselves and their families: Lots of help out there! e.g. Red Cross: Get a Kit. Make a Plan. Be Informed. (http://arcbrcr.org/#site) Download local alert apps for weather and other emergencies (In NY, www.nyalert.gov) 2. Highly encourage supervisors/subordinates exchange critical contact information 3. Everyone has a role, is expected to do something during an incident even if just a phone call Know where to go and what to do, even if it s home. (If you don t know, ask) We understand that family comes first. Give management the courtesy of knowing your situation and strive to make yourself available. (This is our place of both customer commitment and employment) 19 19

When can we communicate that we have achieved Enterprise-Wide Business Continuity? Business Continuity Committee Confluence and Oversight BCM Program Office Facilitation and Expertise Each Department Head is a BCM Plan Owner Accountability & Ultimate Responsibility IT Depts (including DR) are included in this! Signs Attestation that BCP is Viable/Actionable, and that SVP s/employees are Informed/Trained Business Continuity Liaison Plan Owner-designated Single-Point-of-Contact Facilitates information-gathering and plan development (as well as data input and BCM activities) Incident Response & Management Protocols to Ensure a Defined Team is Organized/Ready 20 20

Enterprise-Wide Business Continuity It s in the Planning, not the Plans! Q & A Thank you, Dave Prosser, MBCP dave.prosser@preferredmutual.com 21 21 21

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback