Business Continuity/Disaster Recovery/Flu

advertisement
Business Continuity / Disaster Recovery
David Shimberg, CBCP
What is a Disaster?
“A business disaster is that point in
time after the “cause” when you can
not provide your customers and users
with the minimum level of services they
need and expect”
Why doesn’t everyone Plan?
 The Human Element
 The “it’s not going to happen to me”
view or philosophy.
 We have a tendency to view concerns
from a “life span” and personal
experience aspect.
–
–
–
–
It hasn’t happed yet…
Not on Manager’s list of goals
We’ll get to it
Looks to BIG! Where do we start?
You practice this at home….
You may not have thought of them as contingency
plans, but at home you have:








Smoke alarms
Carbon monoxide alarms
Family escape plans with meeting place
Battery radio, flash lights
Homeowners’ or Renters’ Insurance
Anti Virus and firewall software
Fire extinguishers and home sprinkler systems
Info on the web at: American Red Cross or FEMA
web sites for additional emergency information and
advice
Why have a Business Plan ?
According to research data kept at the National Archives
& Records Administration in Washington, DC:
 Nearly 90% of all small businesses don't have a continuity plan
in place
 Only 43% of businesses suffering a disaster ever recover
sufficiently to resume business
 Of those that do reopen, only 29% are still operating two years
later
 93% of businesses that lost their data-center for more than 9
days filed for bankruptcy within one year of the disaster.
 50% of businesses that found themselves without data
management for more than 9 days filed for bankruptcy
immediately.
Continuity Plans Components
 Awareness of Roles and Responsibilities
– Who will do what? Employees and staff are critical. Pandemic is an
extreme example of a disaster where employee resources will be very
limited!
 Defined recovery time objectives
 Risk Management to identify & reduce risks
 Alternate Processes (telecommuting, distance learning)
 Alternate recovery locations
 Off-site storage of critical media and non-media items
 Written plans, reviewed & updated regularly
 Frequent plan exercises
Major Business Continuity Activities
Complete BIA (Business Impact Analysis)
1. Identify processes & prioritize by criticality
2. Determine survival requirements
3. Determine RTOs (Recovery Time Objective)
Develop Response/Recovery Strategy:
1. How will event be handled immediately?
2. How will recovery be handed (achieve survival mode)?
3. What tasks must be accomplished to achieve recovery?
Develop Teams/Call Lists
1. Identify key players (and alternates) and organize teams to
accomplish identified tasks
2. Develop and test notification call lists/trees
BC Activities…cont’d
Identify Critical Equipment, Vendors, Documents
1. Identify critical infrastructure/servers (networks, telecom, etc)
2. Identify equipment needs for (day 1, day 3, etc …)
3. Identify critical vendors (who will supply recovery equipment,
etc.)
4. Identify vital records (what records if lost would cripple or
hinder recovery?)
Document Plans
1. Appropriate information is included, attached, or referenced,
facilitating a successful response, recovery, and restoration of
services
2. Plans are frequently reviewed and updated on a scheduled
basis
BC Activities…cont’d
Exercise Plans
1. Conduct plan walk through, referencing tasks, call
lists, attachments, etc
2. Conduct IT exercise, confirming application recovery
meets survival needs
3. Participate in Integrated Exercise with other business
units testing call trees, application and process
dependencies and work- arounds meet RTOs
4. Update Plan with lessons learned, following exercise
Business Continuity Efforts
Include:
 Directing BIA and planning efforts with
Business Units
 Awareness programs (risk reduction)
 Employee security & safety
 Coordinating BC exercises
 Participating in info security reviews
 Coordinating with local emergency agencies
 Managing plan tracking and evaluation
Business Continuity Plans must be useful
Make sure the plans
that protect each of
us is more than ……..
Successful Business
Continuity Planning
helps ensure that
employees and the
interests of owners and
customers are
protected.
Sponsorship is Key to Success
 Board of Directors or Senior executives
(president, vice presidents, officers) must
identify BCP a priority.
 Executives and senior managers must
actively support the BCP Process.
 Business Recovery Coordinators (BRCs)
within business units / departments must be
actively involved, developing, implementing,
and exercising BC plans, and accept
ownership of their plans.
Communication is Critical
 Employees,
customers, business
partners must know
key information about
your plan if your plan
is to work.
 Plans must be
periodically reviewed
in team meetings and
shared with new team
members.
Secret Plans won’t
work!
Communication…..
 Contact information for all team members must be
current
 Make sure employees have Emergency Wallet Cards
with key phone numbers, etc
 Plans must include:
– Clear chains of authority
– Clear listing of tasks, roles and responsibilities
– DR conference lines or standing communication tools
– Standing meetings (times, numbers)
– Alternate meeing locations
– Centralized communication facility (VM, web site, etc…)
Off Site Storage is Critical !
When a facility is lost or inaccessable, all items inside are
no longer available. What is needed in off site storage
if you had to recover from scratch
 PC backup media must be stored off-site?
 Critical, non-media, documents and materials must be
available in an off-site location, accessble by
appropriate indviduals or teams during a disaster or
exrecise.
 Key personnel must know where off-site storage items
are located and to where items will be shipped (Hotsite, Incident Command Center or remain in off-site
storage?)
Exercises
 Test plan concepts and procedures frequently
 Identify tasks or components that do not work as
expected.
 Identify missing tasks or contacts
 Reinforce individual and team roles and
responsibilties
 Confirm and reinforce dependent interractions
with other teams
 Increase BCP Awareness
Employees Prepare themselves by:




Attending sessions on BC planning
Having a personal emergency plan for your family
Understanding your role in your unit’s BCP plan
Knowing where and who to call in an emergency
(Emergency Wallet Card)
 Keeping emergency contact
information current
 Participating in BC/DR exercises
 Challenging the status quo. If
something doesn’t seem right,
Question it!
Supply Chain Considerations
 Premier, Inc – largest healthcare group
purchasing organization is working with hospitals
and suppliers to identify critical areas in a
disaster and actions to improve response:
Communications
Coordination
Supplies &
Distribution
Transportation
Communications
 Explore alternate and multiple communication
methods; VOIP, satellite, multiple cellular
providers, etc.
 Creation of deeper communication guides;
office, work, home, cell numbers. Creation of
formal call-trees.
 Apply for TSP Authorization
code to ensure priority in
restoring telecommunications
access and GETS program
access to bypass overloaded
phone circuits.
Coordination
 Clear, advanced identification of
individual roles and responsibilities.
 Creation of national internet site to
serve as clearinghouse for information
sharing and communication.
 Include other stakeholders
in design sessions.
Supplies & Distribution
 Creation of “core product supply
lists” based on type of disaster.
 ER auto-substitution rules; (eg.
20cc syringe substituted with 30cc).
 Greater coordination among
suppliers.
 “Emergency ship to’s”
Supplies & Distribution
 Create Mobile fuel storage depots and mobile
supply stations.
 Get pre-authorization from Fed’s governing
authority to ship to effected locales.
 Create contingencies for all routes, including airdrop emergency plan.
 Re-think “lean inventory” model for
critical supplies & perishables.
 Create NYC model of “integrated
command center”.
Pandemic Considerations
 Incubation period: 1 to 3 weeks
 Viral shedding greatest in 1st 2 days
 Viral shedding 0.5 to 2 days before
symptoms
 Children shed more virus and longer
than adults
 Each case of influenza infects two more
cases
 Slow spread, decrease illness and
death, buy time
–
Antiviral treatment and isolation for people
with illness
–
Quarantine for those exposed
–
Social distancing
–
Vaccine when ready
 Depends on which virus
Unprepared
Impact
Prepared
Weeks
Options for Prevention & Control




Immunization
Respiratory hygiene/cough etiquette
Hand hygiene
Contact avoidance
– Social Distancing
 Antivirals
Strategic National Stockpile
HHS Pandemic influenza
preparedness strategy and plan
 International surveillance
 Domestic Surveillance
 Vaccines and Antivirals
 Communication
 State and Local
Preparedness
 11 Supplements with
detailed guidance
Pandemic Influenza Preparedness
Considerations
 Being able to work may be difficult
– Plans for working at home
– Adopt practices and sick-leave policies to encourage
sick employees to stay home
 Schools may be closed
– Child care planning
 Transportation
 Home supplies (good for power outages and
disasters)
– Non perishables, water, flashlights/batteries,
medicine
Infection Control Measures
Healthcare facility, workplace, home, community
 Reduce transmissions
– Masks
– Cough etiquette
– Hand hygiene
 Contact interventions
– Teleconferences vs meetings
– Social distancing (no handshaking, 3 feet
away)
– Liberal non-punitive leave policy to care for
family and self
Respiratory protection:
Masks or N95 Respirators?
 Season flu – CDC recommends masks
 Pandemic – WHO recommends
– masks for routine care
– N95 for aerosol generating procedures (fit
testing required by OSHA)
 Pandemic – HHS recommends
– Masks for close contact
BCP Planning Resource
 Contingency Planning Association of the Carolinas (CPAC)
– www.cpaccarolinas.org
 Disaster Recovery Journal
– www.drj.com/groups/drj6.html
 Disaster Recovery Institute International (DRII)
– www.drii.org/
 DHS - www.ready.gov/
 FEMA - www.fema.gov/
 Institute for Business & Home Safety (IBHS)
– www.ibhs.org/business_protection/
 Premier Safety Institute
– www.premierinc.com/quality-safety/tools-services/safety/index.jsp
BCP Planning Resource
9th Annual Symposium
Thursday, Nov 30 - Fri Dec 1, 2006
Charlotte Marriott Executive Park, Charlotte, NC
Preparing for the Coming Storm
Bridging the Preparedness Gap
$225 members and $275 non-members
Topics and presentations include:
•
•
•
•
•
•
•
•
Pandemic Preparedness
How Los Angeles, CA is bridging the gap between the public and private sectors
Changes in the BC Profession
Practical tips and lessons learned on conducting Business Impact Analysis
Considerations in establishing Incident Command
Making sure your continuity planning process will actually meet your needs
Participate in a panel discussion with experts
Register early to get a place in the 3-hour pandemic mock exercise (limited to 104)
www.cpaccarolinas.org
Download