Professional Documents
Culture Documents
BC For SMEs
Kathleen A. Lucey
kalucey@montaguetm.com
tel: (1)516.676.9234
.
Continuity Trends Since 9/11 in the
US:
.
Part I: Recent Events Raise the Bar
.
Part I: Recent Events Raise the Bar
.
First, a few effects of 9/11 on
downtown Manhattan...
DestroyedBuil
Source: Special Report: WTC Tenant Relocation Summary, TenantWise, Inc., 2003
.
And a few more...
Madrid 3/11/2004
London 7/7/2005, 7/21/2005
Katrina: Louisiana and Gulf Coast, 8/2005
Rita: Louisiana and Texas, 9/2005
Earthquake in Pakistan and India: 10/2005
Wilma: Mexico and Florida, 10/2005
New Delhi: 10/2005
.
Post-9/11 Trends
Politicization of Business Continuity
– Homeland Security Department includes FEMA
– Patriot Act
– Pre-emptive wars: Afghanistan, Iraq
Results-oriented regulation
– Inter-agency White Paper
– NASD regs 3610, 3620
– Sarbanes-Oxley
California Law 1386 (2003), NY State Information Security Breach and Notification
Act (August 2005)
Increased BC awareness across most non-regulated sectors, and especially
SMEs
.
What we have learned...
Effective response is a complex issue, and much larger than
data center Disaster Recovery.
Small and medium-size businesses are largely unprepared,
but worry.
Success = BC + Emergency Management + an ongoing
program
External and intra-industry dependencies have been mostly
ignored.
Resilience is the most effective strategy...and it is an
organizational, not just a technical issue.
.
Trends Today
EFFECTIVE RESULTS?
Not all responses can be planned. Tools and information are necessary but
not sufficient.
.
Trends Today
SMALL AND MEDIUM-SIZE BUSINESSES ARE
VULNERABLE
Tools that are effective AND well-adapted to SME needs are difficult to
find.
Clear need to develop SME baseline standards and techniques.
Pressure from large customers and/or suppliers can be a driver.
.
Trends Today
INTER-DISCIPLINARY AND INTER-SECTOR WORK IS NEEDED
Government sets security levels, but the private sector holds 85% of critical infrastructure.
Piecemeal solutions with different mindsets and languages:
– IT: D/R and Technology InfoSec
– Facilities: Infrastructure, Engineering, and Physical Access Control
– Emergency and Crisis Management Planning
– Organizational Planning, Strategic Planning, Social Sciences
– Internal Audit, External Audit
– First Responders: insider jargon and procedures
.
It is not an option to remain where we have been...and where we are.
.
Trends Today
EXTERNAL AND INTER-INDUSTRY DEPENDENCIES
.
It is not an option to remain where we have been...and where we are.
.
Trends Today
RESILIENCE
“The power or inherent property of returning to the form from which
it is bent, stretched, compressed, or twisted.”
– of objects or substances
“The power or ability to recover quickly from a setback, depression,
illness, overwork, or other adversity.”
– of people
“The ability of a system to keep working when one or more of its
components malfunctions. Also called fault tolerance.”
- of systems
.
Part II: Where Can SMEs Get What They
Want...and What They Need?
.
How do SMEs see Continuity?
.
SME Continuity
Requires the Proper Event
D
N
A
Definition, Notification, Action
.
What is DNA?
Definition of events +
Notification and communication activities
required for immediate response +
Action plans to respond to events.
.
Definition is key
.
Notification
.
INTERRUPTION MANAGEMENT MODEL
Initial Interruption Management
Interruption
Executive
Management Employee EMT
Oversight Team
Support Government
Emergency Logistics
Team
Liaison
Emergency
Media Relations Funding Transportation,
Team Communications
Physical
Command Center HAZMAT
Security
Support Team
Admin. Damage
Business
Services Assessment
Continuity
Coordination
Insurance
Liaison
.
ALL DNA processes must be working to
achieve effective continuity.
.
Where are MOST of the
Continuity Challenges ??
.
BC Jumpstart for SMEs
Steps 1 thorough 4:
3. Gap Analysis: The firm’s current capability vs. the recommended set of
continuity components and avoidance / mitigation measures, by scenario class.
.
Interruption
Scenario Classes
EXTERNAL SCENARIOS
Classes: 1 - minor (a and b) to 5 - catastrophic
External scenario characteristics:
– Day / time (workday hours, non-working hours)
– Geographic scope
– Length of time
– Premises infrastructure services impact
– Firm premises damage
– Injuries to firm personnel
– Effect on workplace
.
External
Scenario Classes
.
Internal
Scenario Classes
.
Benefits for SMEs
1: Avoid the risk. 2: Lower the risk probability. 3: Recover, reduce damages.
Implement FIRST what is needed for all interruption scenarios.
Pay attention to the obvious.
Spread development and costs over time by building to catastrophic, “worst-
case” capability step-by-step.
Make BC capability progress visible, measurable, understandable, and
“present-able.”
.
And so what does all of this mean for us as
business continuity professionals?
.
We Need to GROW!
Accept that current “best practices” are not the only truth.
Study the concepts of allied fields; stay open to new
ideas. Learn!
Connect to related disciplines: emergency management,
InfoSec, facilities, infrastructure, equipment reliability and
physical security...and organizational theory!
LISTEN....LISTEN.....LISTEN....AND HEAR!
.
References (1)
.
References (2)
.
Questions ??
Kathleen Lucey
Montague Technology Management, Inc.
. kalucey@montaguetm.com
(1)516.676.9234