Lloyd Smith OKAlliance Presentation - Oklahoma State University ...

PREPARING YOUR BUSINESS, FAMILY &
COMMUNITIES FOR DISASTERS
Lloyd R. Smith, Jr., MBCP
Business & Government Continuity Services
www.BusinessContinuity.Info 405.627.8456
1

Improving Total Continuity &
Disaster Recovery Capabilities
• Compelling Case for Business ,Govt. & Community Continuity
– Critical Assets, Functions, Services & Supplies Vulnerable
– Increasing Disasters
• Improving Capabilities
– Lessons Learned
– Disaster Prevention
– Issues, Challenges & Considerations
• Need For Employee & Family Disaster Plans
• Best Practice Business Continuity Planning Steps
• Conclusions
2

Vulnerabilities to
Increasing Disasters With Greater Impacts
Deficient Capabilities
3

Possible or Likely Disasters
• Tornadoes/Hurricanes
• Winter Storms
• Earthquakes
• Devastating Wildfires
• Power Failures
• Sabotage & Terrorism
• Workplace Violence
• Facility Fires
• Communication Outages
• Utility, Infrastructure Failures
• Floods & Drought
• Outsourcer, Supplier or
Service Provider Disasters
• EMP
4

MAJOR EARTHQUAKES A CONTINUING THREAT
5

Likely New Madrid Quake
Central US Impacts
• Communications Outages
• Disrupt Supply Chain & JIT
• Rail Shipments
• Interstate Highways
• World’s Grain Supply
• Heating Oil and Gas
• Few or Single Bridges
6

Major Power Outages
• 50 Million People
• 8 States & 2 Canadian
Providences
• 22 Nuclear Power Plants
• 1000 Power Plants
• 10 Major Airports
• 350,000 People in Subways
Brazil, Haiti, Chile & others
India
• 620 Million People
• 370 Million
• 100 Million Indonesia
• Several Oklahoma Outages
Vulnerable to
Sabotage & Terrorism
7

STORM & POWER LESSONS LEARNED
• Personnel Availability
• Phones Down
• Laptops Ineffective
• Generator Failures
• Limited Gas/Diesel
• Functional Backup Required
8

Power Solutions For Smaller Organizations
Recommend 10% outlets
on backup power
Contingency Plans
for Refueling
9

COROPORATE HEADQUARTERS POWER FAILURE
Transformer Explosion
• Data Center Backup Power
• Work Areas Without Power
• 1200 Employees Sent Home
Provide Functional & Facility
Backup As Well As Technical
10 % Outlets on Backup Power
10

DEFINITIONS
• Crisis Management
• Emergency Response
• Disaster Recovery
• Business Recovery/Resumption
• Business Continuity
• Continuity of Operations (COOP)
• Contingency Planning
11

Critical Communications And
Continuity of Operations
12

Critical Communications and
Continuity of Operations
Cause
Local Impact
Corporate & Government Impact
Cost & Loss - Billions
13

Cable & Utility Cuts
15

Multiple Ways to Communicate
During Crisis/Disaster
• Cell service OKC Bombing
• Turkey Point Nuclear Power Plant
• Cable cut, 40% LD capability into NYC
• 5-6 ways to communicate
17

DISASTER
PREVENTION
18

Disaster Prevention
19

Burned popcorn cost Operations Center 830,000 in downtime
20

WHY DON’T WE ADEQUATELY
PLAN FOR DISASTERS
• Lack of Senior Commitment & Direction
– IT Recovery or Business Continuity
• "Tyranny of the Urgent"
• Lack of Resources (Perceived/Actual)
– “Financially Challenged”
• Someone Else is Responsible
• Underestimate Risk & Impact of Disasters
• Risks Vs Odds
22

Someone Else is Responsible
No Longer Sufficient
• Each location, major operation should have
viable plan
• Help may not be available
• Your organization may be last hope
• Leaders & Executives appreciate initiative
& competent local management
• Worry and Responsibility
23

HERE
OR
24

Disaster Recovery Of
$138,000,000 Fire
25

OKLAHOMA TORNADOES
27

Terrorist Attack
On America
One Hour Brought War & Horrendous Impacts to U.S.
28

WOULD WE
• Adversely Impact Customers,
Stakeholders, Citizens & Community
• Lose Revenue & Incur Penalties
• Violate Legal Requirements & Laws
• Degrade Reputation & Good Name
• Incur Director & Executive Liability
• Suffer Insurance Implications
• Lose Market Share & Jobs
29

Vulnerabilities From
Providers
• Forms & Supplies
• Parts & Equipment
• Services
• Outsourcing
Photo by Lloyd Smith
Paper supplier wind & water damage put major metro paper supply at risk
30

DO OUTSOURCERS, SERVICE PROVIDERS
AND SUPPLIERS HAVE RECOVERY PLANS
Heating & A/C for 20+ Downtown OKC Blds Supplied by Vendor
Require Effective and Tested Recovery Plans in future Contracts
31

TOTAL BUSINESS RECOVERY
PLAN REQUIRED
• Shareholder, Customer and
Community Confidence
• Increasing Contingencies & Disasters
• Operational Survivability and Jobs
• Quality Benefits
32

QUALITY BENEFITS OF DISASTER
PREVENTION & RECOVERY PROGRAMS
• Discover & eliminate problems & errors
• Improved quality of services & products
• Reduce critical reliance on key individuals
• Improved staff training, knowledge &
confidence
33

WHAT IS YOUR “SURVIVAL” TIME
Without Continuity Basics
1. Personnel
• Availability & Access
2. Vital Records/Data
• Offsite & Retrievable
• IT/Comm
• Process/Functions/Systems
3. Facilities/Infrastructure
• Safe & Viable
• Utilities
34

Will Employees Come to Work
Can Personnel Get to Work
35

Reasons Employees Can’t Come to Work
• Single parent: schools & day cares closed
• Responsible for senior loved one
• Trees, power lines & debris & can’t leave
neighborhood
• Power is off and can’t open garage door
• Live in gated community & can’t get out
• No gas and stations are closed
• Injured or casualty
• Access to disaster area
36

St. Petersberg Times, AP
Family Plan Basics could have saved
lives in New Orleans
38

Family & Employee Emergency Planning
• Many business recovery plans inadequately
address people issues
• After disaster, experience shows only
minimal staffing available
• Organizations should provide home
emergency training for employees.
• Staff with personal affairs taken care of can
help organization recover
39

Family Emergency Planning Principles
• Water, Food & Meds
• Out of State Contact.
• Safety & Accountability (I’m safe & OK)
• Reunite with Loved Ones (3 Meeting Places)
• ID & Pictures
• Multiple ways to Communicate (cell )
• Cashless to Cash
• Always Have (what if ) Contingency Plans
• Practice. Even go without power & gadgets
• Ready to Evacuate (Go kits)
40

DEVELOP PERSONAL &
ORGANIZATION “GO” STRATEGIES
Go Bags & Evac Packs
• What to take
• Immediately
• 5 minutes
• 1-4 hours
• One day
• Incorporate Pet Care
41

ARE VITAL RECORDS/DATA
SAFE & CURRENT
Decrease RPO & RTO with Improved Options
42

This employee was taking organizations data home
There are better recovery options!
43

GUARD, VERIFY DATA SECURITY
SHIPMENT & FAIL SAFE TRANSFER
Lost, Missing or Compromised Data
44

Ensure Each Facility Emergency Response &
Recovery Plans
45

46
Key personnel need to know how to shut off utiliities when facility manager unavailable

Backup for Electronic Security
Guards Were Locked in Control Rooms
47

Avoid Roof Leaks & Collapse
Caused 5000 ATM Failures
48

Require Facility/Infrastructure
Emergency Response Plans
• Each Building/Facility
• Owner Responsibility
• All Tenants Participate (NYC bldg)
• Occupants & Visitors
• Form Tenant Committee/User Group
• Emergency Response & Security
• Facility/Infrastructure Recovery Plan
49

Facility Emergency Response
Basics Require Improvements
• Evacuation with Assembly Areas
• Workplace Violence Procedures
• Bomb Threats
• Shelter in Place
• Utility Shut Off
• Protect or Isolate Ventilation
• Protect Undamaged Property
• Physically Secure Property/Door Guards
50

BASIC REQUIREMENTS FOR QUICK
CONTINUTY PLAN
• Sponsor, Policy Statement, Steering Committee & BC PM
• Condensed Risk Assessment
• Current Data/Vital Records Secure & Offsite
• Improved Emergency Response Plan
• Select Planning, Response & Recovery Teams
• Condensed BIA
• Develop Recovery Strategies
• Develop Basic Critical Function Recovery Procedures
• Test/Exercise
51

CONTINUITY PLANNING REQUIRES
TOTAL ORGANIZATIONAL
COMMITMENT
• Time
• Funds
• Personnel
• Resources
52

What if it Happens To You or
Your Organization
Don’t Gamble With Business, Operations
or Personal Survivability
53

Emergency Response, Continuity &
Recovery Plans
Each division, business and unit, or
organization must plan to be prepared to
survive and recover.
To insure that personnel, functions,
systems, and facilities necessary to
provide essential services will not become
the victim, but will retain or regain
capabilities necessary to provide essential
services and support.
54

Critical functions, processes,
production & systems are the heart of
the mission
A Corporate or Agency Heart Attack
55

Conclusions
• Critical assets & functions
• Significant, increasing disasters & terrorist attacks
• Disaster prevention important & has a high payoff
• Total Continuity Planning is required
• It is a Key Responsibility of Executives, Management,
Auditors & Staff
• Think outside the box
• Be prepared for mega disasters & terrorist attacks
• Resilient Communities to recover & prevent riots
56

THANK YOU!
Lloyd R. Smith, Jr., MBCP
Business & Government Continuity
Services Inc.
BGCS
P.O.Box 1706
Oklahoma City, OK 73101
405.286.1649, 405.627.8456 cell
Lloyd@BusinessContinuity.Info
BusinessContinuity.Info
Promoting and Enhancing Corporate and Government
Disaster Prevention and Business Recovery
57