shane creel ph.d., ccep leed green associate director, risk management & sustainability texas...
TRANSCRIPT
Shane Creel Ph.D., CCEP
LEED Green Associate
Director, Risk Management & Sustainability
Texas A&M University-Kingsville
Contingency & Business Continuity Planning
1. Back to Business: Planning for Disasters2. The Benefits of Desktop Procedures3. Disaster Recovery4. Chaotic Ethical Decisions
Overview
“While no one wants to dwell on the thought of impending disaster, prudent planning can give you piece of mind knowing that you have prepared your family or company as well as possible.”
U.S. Department of State
External disruption Mother Nature –Wildfire, Flood, Hurricane Utilities – Electrical, telecom, and water Human Behavior – Terrorists, psychos, hackers
Internal disruption Facility problems – fire, leaky roofs Equipment failures – server crash Disgruntled staff Staff illness/death
Where do the Threats Come From?
http://www.texasprepares.org/survivingdisaster.htm
Back to Business: Planning for Disasters
Will historical information be required in order to process new information?
Are necessary forms available?Are cross-trained personnel available?Is there an alternate work site available?
(Remote Access)Do you know all of the players?
Business Continuity Questions
Historical Informationa) Meta Data Files
Common fields such as personal identifiers
b) Linked Data Files Excel spreadsheets Data mining from external sources
c) Hard copy information
Business Continuity Planning
Formsa) Do you have backups and who knows how to
manually fill them out.
Scenario: Your cashier is very proficient using the computerized system. The establishment looses access to the server which operates your ordering and cash handling. Everything else is functional. Will you have to close the business because no one knows how to manually conduct an order/process?
Business Continuity Planning
Cross-trained personnela) This is very important but often difficult to
accomplish.b) Here is the normal though process: “If I teach
someone else what I know, why would the organization continue to need me?”
c) We have to get past this way of thinking. Some of us here might not wakeup in the morning. Is there someone else that you have trained to do your job?
d) The more others know the easier your job becomes.
Business Continuity Planning
Alternate work site (Remote Access)a) Can your operations be conducted elsewhere?b) Can your employees telecommute?c) What if your building is no longer standing?
Business Continuity Planning
All the playersa) Do you have employee recall information?b) Do you have an Disaster Recovery
Organization available? The Texas A&M System contracts with Cotton USA for Disaster Recovery Assistance.
c) Where are you on the priories list for you energy provider?
d) Have you met with all of the players to establish contact if nothing else?
Business Continuity Planning
Desktop procedures defined:
A set of instructions covering those features of operations which lend themselves to a definite or standardized procedure, for preventing business disruption, without loss of effectiveness with the flexibility necessary in special situations retained.
The Cradle to Grave Process.
Desktop Procedures
Why do we need desktop procedures?
1. Prevent business disruption.2. Promote uniformity & consistency across
organizations.3. Maintain smooth operations.4. Employee transition.5. Provide protection in the event of an audit.
Desktop Procedures
Identify the how do I’s Write a recipe for each
Identify the what, how, when, where, and who?
These are the items we have committed to memory or that have become second nature.
Desktop procedures are a subset of business continuity.
Developing the Procedures
Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity.
Most large companies invest as much as 25% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data.
Disaster Recovery
“MARC” (Minimum Acceptable Recovery Configuration). High-level facilities/People/Equipment/Telecom
Recovery Time Objectives (RTO). The time period after a disaster at which business
functions need to be restored.Recovery Point Objectives (RPO).
The age of files that must be recovered from backup storage for normal operations to resume.
Funding Gap. Funding differential required to recover. Is there
reserve funding available?
Disaster Recovery
An organization’s Information Security revolves around the attitude of the employees. Loose lips sink ships!
How to protecting organizational information. A viable Records Retention Schedule.
Texas State Records Retention Schedule https://www.tsl.state.tx.us/slrm/recordspubs/rrs4.html
Implement Information Security Programs focusing on technology and operations.
Provide Information Security awareness training. Provide user authentication.
Information Security
Decisions are at the heart of leader success, and at times there are critical moments when they can be difficult, perplexing, and nerve-racking. However, the boldest decisions are the safest.
Dr. Hossein ArshamMerrick School of
BusinessUniversity of Baltimore
Chaotic Ethical Decisions
Supported by behavioral decision theory which: Accepts a world with bounded rationality and
views the decision maker as acting only in terms of what he/she perceives about a given situation.
Fits with a chaotic world of uncertain conditions and limited information.
Encourages satisficing (good enough)decision making.
Chaotic Ethical Decisions
The 3Rs of Chaotic Ethical Decision Making:1. Rationing of resources
Who gets what first?
2. Restriction of access Texas is working to establish First Responder
Credentialing.
3. Responsibility Environmental Social Organizational
Chaotic Ethical Decisions
The Ethical Dilemma: A situation in which the decision maker must
decide whether or not to do something that, although risky yet beneficial (for the greater good) given the situation, may be considered unethical and perhaps illegal.
Things to consider:1. Would I make the same decision if my family were
involved?2. What is the personal impact of the decision?3. Will I be able to sleep to night?
Chaotic Ethical Decisions
Present a unified front to primary and secondary stakeholders. Primary: employees, customers, investors, and
shareholders, as well as governments and communities that provide necessary infrastructure.
Secondary: media, trade associations, and special interest groups.
This demonstrates to the public that the situation is under control and prevents further panic. Additionally, your stakeholders are less likely to loose confidence in the organization.
Public Relations
Emergency Management InstituteContinuity of Operations Awareness Course
http://training.fema.gov/EMIWeb/IS/is546.12.asp
Additional Sources