Don Daigler Director of Business Resiliency and Corporate Real Estate 1 September 2, 2015 Cross-Functional Integration & Operational Best Practices for Resilience Planning
Don Daigler Director of Business Resiliency and Corporate Real Estate
1 September 2, 2015
Cross-Functional Integration & Operational Best Practices for Resilience Planning
Overview of SCE
2
• 14 million people • 180 incorporated cities • 15 counties • 125 years of reliable electric service • One of the nation’s largest IOU’s • 50,000 square miles of service area • 5,000 large businesses • 280,000 small businesses • Leader in alternative/renewable
energy • Focus on employee/public safety
Pacificorp
LADWP IID
Glendale Burbank Pasadena
San Francisco
San Diego
Los Angeles
SDG&E
PG&E
SMUD
Edison
The ability of an organization’s business operations to rapidly adapt and respond to internal or external dynamic changes – opportunities, demands, disruptions or threats – and continue
operations with limited impact to the business.
3
1987
1994
2011
2012
2013
2014
2015
2016 Proposed focus on climate change and drought impacts Background/Timeline
• Director w/emergency management experience • Expanded internal coordination
Business Resiliency Department Established
San Gabriel Wind Storm
• Preparedness & response analysis • Davies Report • Implementation of the IICS • Corporate Storm Performance
Improvement Program
Northridge Earthquake
• Moderate system damage in substations • First use of drop, cover, and hold
• Corporate headquarters building damaged • Emergency Response Coordinators and
Life Safety Coordinators • Storage of emergency survival supplies
Whittier Narrows Earthquake
Cyber & Physical Security Focus
• Engaging National Guard, DHS, FBI, and local law enforcement
• Critical Lifelines Group with Dr. Lucy • Support CA Capstone exercise design • Working with National Academy of
Sciences on supply chain resilience • Enhanced mutual assistance through EEI
Capability Building • Building department and response capabilities • Benchmarking and draft resiliency strategy • External stakeholder outreach
Earthquake Exercise
• Partner Caltech & USGS for early warning infrastructure • Facility seismology study • Developed All Hazards Plan (earthquake planning factors) • Great Shakeout & Train 1st Responders in Safety • Partner with DHS on Cajon Pass Resiliency Assessment • Improvements to spare transformer program • Communications (SCE Alert, SCE.com, mobile apps • SCE reps at county Emergency Operation Centers
Business Resiliency
Continuity of Operations
Business Continuity
Crisis Communications
Disaster Recovery
Cyber Security
Incident Response
Occupant Emergency
Critical Infrastructure Protection
Programs Supporting Resiliency
Employee & Family Preparedness
5
Governance Model The Business Resiliency governance model utilizes a tiered framework to maximize cross component coordination, while ensuring consistency and open communication across Organizational Units.
Matrixed Stakeholders
Business Resiliency Oversight Council (BROC)
Utility Operating Committee (UOC)
Subject Matter Experts (SMEs)
Governance Stakeholders
6
Aligning Business Functions
7
Business Continuity
Plan
Disaster Recovery
Plan Critical
Applications Critical
Infrastructure
Critical Business Process
Business Impact Analysis
National Preparedness Cycle
8
Train and equip personnel responsible for executing plans
Exercise company capability to manage emergencies
Stakeholder engagement Development of plans
Evaluate capability Develop corrective actions Improve capability
Preparedness
Planning Hierarchy
8888
Strategic Plans High level concepts and strategies, primarily
targeting company executives Business Resiliency Strategy Crisis Communications
Strategic Plan
Operational Plans Broad corporate actions available for
execution following an emergency; primary audience Incident Commander
Corporate All-Hazards Plan Cyber & Physical Security
annex Corporate Storm plan/annex
Tactical Plans Details the specific actions taken by
technical teams to execute corporate actions outline in operational plans
Cyber Security Incident Response Plan
Business Continuity Plans IT Disaster Recovery Plans
Procedures Provides step-by-step
guidelines for executing a specific function
Internal OU procedures/Job Aids
Risk and Business Impact Analysis
9
Incident Command Structure (Incident Management Teams)
Incident Support
Team
Electrical Service IMT
Generation IMT IT IMT
Security Facilities
IMT
Corp Comm
Government Affairs
Customer Service
Power Supply &
Ops Srvcs Human
Resources
Information Technology
Finance
Regulatory Affairs
Legal
Transmission &
Distribution
Governance
10
Crisis Management
Council SME
Team Qualification/ReQualification Requirements
All Roles
• Shadow qualified personnel
• 2 exercises and/or activations
• 2 User Groups
• Audit Class
• Qual card sign off by BR Authority
Basic ICS
Position Task Book
Position Specific
IntermediateAdvanced
ICS
All Roles
Incident Commander
Public Info Officer
Liaison Officer
Operations Chief
Planning Chief
Logistics Chief
Finance Chief
Safety Officer
• ICS-300 (All Roles)
• ICS-400 (Incident Support Team Only)
• FEMA Independent StudyWBT
All Roles
• ICS-100
• ICS-200
• ICS-700
• ICS -320 Annual Refresher
11
• 2014 All Hazards Exercise Series • 2015 Cyber/Physical Security Exercise Series • 2016 Environmental Exercise Series
SCE Cyber Physical Security Annexes
Crawl
Red Team Weight 10%
Walk
ROC Drill Weight 20%
Run
FSE Weight 50%
HSEE
P Ex
tern
ally
Eva
luat
ed
Cyber/Physical Security Exercises
SCE Exercise Program
12
Annual and Quarterly Drills
Corrective Actions
Evaluate and Improve • Conduct Hotwash (drills,
exercises, & incidents) • Lessons Learned and After
Actions Captured • Corrective Actions Tracked
13
• Purpose – Articulates resiliency standards and serves as the baseline for
measuring resiliency capabilities • Based on IBM’s Resiliency Tiers
– IBM Resiliency Tiers: Platinum, Gold, Silver, and Bronze • Resiliency Tiers used for Metrics and Scorecard
Gold
Silver
Bronze
Platinum
0
100
125
25
50
75
SafetyCompliance
Criticality =Impact x Risk
Resiliency
Self -AssessedPerformance-Based Indicato1. Plans & Proc2. Training3. Exercise
Business Resiliency Tiers & Scorecard
14
Questions & Answers
September 2, 2015 15