2008 SAEMS Gatekeeper Seminar
Paul KramkowskiProgram Manager
MS Enterprise Preparedness and Business Continuity
Business Continuity Planning
Copyright © 2007 Raytheon Company. All rights reserved.Customer Success Is Our Mission is a trademark of Raytheon Company.
Page 2
TopicsWhy Business Continuity?– Examples
What BCP isWhat BCP isn’tBusiness case for BCPThe Plan– Formats– Process– Contents
Standards / Laws
Page 4
Crisis Management ExampleSeptember 29, 1982 – 12 year old Mary Kellerman of Elk Grove Village, IL dies.Adam Janus of Arlington Heights, IL dies.Soon thereafter, Janus’s wife and brother die. Having gathered to mourn Adam’s death, they both take aspirin.
“We believe our first responsibility is to doctors, nurses, and patients, to mothers and fathers and all others
who use our products and services.”
Robert Johnson – 1943
Crisis Management Gold StandardCrisis Management Gold Standard
Page 5
“Crisis”– He lost a laptop with sensitive company/customer information– Major fuel pipeline breaks– The death of an employee or customer– A blackout– Pandemic influenza– Wildfire– Product contamination/tampering– Leadership improprieties– Legal/regulatory action
IssueIssue ThreatThreat CrisisCrisis
Page 6
Basic AssumptionsEvery crisis is differentThe plan is not a recipeGoal = reducing risk vulnerability
What’s At RiskRevenue LossData LossBusiness Reputation LossMarket Share Loss
Page 7
Business Continuity Planning… it is:
a process to minimize the impact of a major disruption to normal operationsa process to enable restoration of critical assetsa process to restore normalcy to business as soon as possible after a crisis.
… it is not just:recovery of information technology resources
Page 8
Business Continuity Planning… and it is the phase of crisis management that follows the immediate actions taken to protect life and property and contain the event
… it begins when the situation has been stabilized.
ResilienceResilience
Page 9
Plan FormatBusiness Continuity Plan (BCP)Business Resumption Plan (BRP)Continuity of Operations Plan (COOP)Continuity of Government (COG)Disaster Recovery Plan (DRP)
ContentsPeopleProcessSystems
Page 10
Plan Process (Cycle)Identify TeamAnalysis– Risk Assessment– Business Impact AnalysisWrite the PlanImplement the PlanTestImprove
AnalysisAnalysis
DesignDesign
ImplementImplement
TestingTesting
MaintenanceMaintenance
Page 11
Plan ElementsBusiness Recovery TeamCustomersCritical Elements– Processes– Personnel– Suppliers– Equipment– Infrastructure
Vital RecordsRecovery Strategies (Priorities)
Page 12
Standards & LawsNFPA 1600 - national standard for both the public and private sectors
Title IX of “Implementing The 9/11 Commission Recommendations Act of 2007” (Public Law 110-53).– Signed into law by the President on
August 3, 2007.– Private Sector certification of BCP– NFPA 1600 - recommendation of
commission for standard– Voluntary, Non-Punitive