The document provides an overview of disaster management basics and business continuity planning. It discusses that organizations need to consider a wide range of potential disasters and risks, both predictable and unpredictable. Further, it emphasizes that effective planning requires analyzing interdependencies and impacts, having coordinated response plans, and building organizational resilience through strategies like graceful degradation and agile restoration. The final sections discuss crisis management team roles and the three levels of continuity - strategic, operational, and tactical.
Disaster Management Basics for Organizational Survival
1. Disaster Management Basics
It IS All About Survivability
Copyright 2013, Logical Management Systems, Corp., all rights reserved
2. Disaster Management Basics
We tend to
subconsciously
decide what to
do before figuring
out why we want
to do it.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
3. Business: what is it?
Business is driven by strategy carried out in the
form of plans by people who operate in existing
and evolving markets.
Every organization’s “strategic plan” (developed
either formally or informally) identifies their
critical objectives.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
4. What is a disaster?
Merriam Webster:
something (such as a flood, tornado, fire, plane
crash, etc.) that happens suddenly and causes
much suffering or loss to many people
something that has a very bad effect or result
a complete or terrible failure
What is a disaster for your organization?
Copyright 2013, Logical Management Systems, Corp., all rights reserved
5. Is Your Organization’s Planning Brittle?
Do the organization’s plans stand in silos of excellence?
Are activation and implementation of plans independent
and uncoordinated?
Does the organization face critical junctures of survival
every time an event or certain shocks affect it?
Does analysis of “worst case” scenarios underlay the basis
for planning?
Do the plans reflect the strategy, goals and objectives of the
organization?
Copyright 2013, Logical Management Systems, Corp., all rights reserved
6. Is Your Organization’s Planning Brittle?
We live in a complex and interdependent world, filled with
complex systems that are full of interdependencies (touchpoints)
that are hard to detect.
The result is nonlinearity in responses to events, especially
random events/shocks.
The odds of rare events are simply not computable.
Model error swells when it comes to small probabilities.
The rarer the event; the less tractable, and the less we know
about how frequent its occurrence.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
7. Is Your Organization’s Planning Brittle?
Complexity
Touchpoints
Responsiveness
Resource Constraints
It is much easier to
sell: “Look what I
did for you”
than
“Look what I
avoided for you.”
Copyright 2013, Logical Management Systems, Corp., all rights reserved
8. Business Continuity – From What?
What is going to cause discontinuity?
Natural Disaster?
Sabotage?
People?
Fraud?
Operations?
Mismanagement?
Internal Factors?
EHS Issues?
Workplace Violence?
Power Failure?
Cyber-threats?
Nuclear, Chemical, Biological?
Terrorism?
What is the single highest probable
failure factor for your business?
External Factors?
Copyright 2013, Logical Management Systems, Corp., all rights reserved
9. How much Analysis are you doing right now?
Symmetric Threats – Natural, Normal, Abnormal
Natural Disasters
•Hurricanes
•Earthquakes
•Floods
•Tornadoes
•Drought
Physical Disasters
•Industrial Accidents
•Supply Chain
•Value Chain
•Product Failure
•Fires
•Environmental
•Health & Safety
Information Disasters
•Theft of Proprietary Information
•Hacking, Data Tampering
•Cyber Attacks
Personnel Disasters
•Strikes
•Workplace Violence
•Vandalism
•Employee Fraud
Economic Disasters
•Recessions
•Stock Market Downturns
•Rating Agency Downgrade
Criminal Disasters
•Product Tampering
•Terrorism
•Kidnapping & Hostages
Reputation Disasters
•Rumors
•Regulatory Issues
•Litigation
•Product Liability
•Media Investigations
•Internet Reputation
•Social Media
Copyright 2013, Logical Management Systems, Corp., all rights reserved
10. How much Analysis are you doing right now?
Asymmetric Threats – Known is replaced by the invisible foe
Put simply, asymmetric threats are
a version of “not fighting fair,” that
can include surprise, unplannable
and unpredictable events, impacts
to your touchpoints that have not
been anticipated.
Not fighting fair also includes the
prospect of an opponent designing
a strategy that fundamentally
alters the markets that you
compete in.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
11. Business Impact Analysis
what are we analyzing?
We know now what to
measure, we know the current
performance and we have
discovered some problem
areas.
Now we have to understand
why problems are generated,
and what the causes for these
problems are.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
12. Prediction – Projection
If you don’t know what you
don’t know, how can you
prepare for it?
Conventional practices leave us
vulnerable to random,
potentially catastrophic events,
that cannot be predicted based
on simple extrapolations from
the past or projections of the
future.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
13. Emerging Risks – Likelihood, Impact & Velocity
High
Global Workforce
Environmental
Competition
Sovereign Debt
Geo-Political
Infrastructure
Markets
RISK VELOCITY
Likelihood
Economies
Very Rapid
Foreign Sources
Alternatives
Technology
Impact of the risk would
be evident in a month
Rapid
Impact of the risk would
be evident in a quarter
Slow
Social Trends
Impact of the risk would
be evident in a year
Low
Low
Impact
High
•Traditional risk assessments that prioritize risk on probability and impact are outpaced by the speed
at which risks move throughout the organization.
•While 70% of finance executives agree that risk velocity is a core consideration, only 11% have
introduced it into their risk assessments.
Source: Deloitte; Risk Integration Strategy Council Research
Copyright 2013, Logical Management Systems, Corp., all rights reserved
15. Six Key Questions
STRATEGY:
What are we committed to?
CONCEPT OF OPERATIONS:
How will we fulfill these commitments?
STRUCTURE:
Do we have an organization that serves our needs?
RESOURCE MANAGEMENT:
How will we manage our resources?
CORE COMPETENCIES:
What skills do we expect from our organization?
PRAGMATIC LEADERSHIP:
How will we optimize authority, decision-making,
workflow, information sharing?
Copyright 2013, Logical Management Systems, Corp., all rights reserved
16. Decision Making Issues Related to Risk
Neutralize
Share
Diversify
Mitigate
Transfer
Contain
Identify
Alter
Offset Effects
Reduce Exposure
Control
Alleviate Impact
Change Negative – Positive
Insure Against Loss
Monitor
Hedge
Derivatives
Discount
Copyright 2013, Logical Management Systems, Corp., all rights reserved
17. Living in a Non-Predictive World
A stone and its weight in pebbles – size matters.
A collection of small units with semi-independent variations
produces vastly different risk characteristics than a single large unit
Copyright 2013, Logical Management Systems, Corp., all rights reserved
18. Business Continuity Lifecycle
Recovery Management
Crisis Management
Emergency Response
Response
Mitigation
Termination
Normal Business
Operations
Transition
Point 1
Activation
Reactive Response
Chaos
Business Recovery
Systems/Information Recovery
Reentry
Restoration
Resumption
Transition
Point 2
Unplanned
Disruption
Resumption
Transition to New
Normal Operations
Transition
Point 3
Planned
Disruption
New Normal
Business
Operations
Transition
Point 4
Termination
Copyright 2013, Logical Management Systems, Corp., all rights reserved
19. How Well Will Your Organization Transition?
Transition Point 1
Activation
Reactive Response
Chaos/Uncertainty
Transition Point 3
Planned Disruption
?
Transition Point 2
Transition Point 4
Unplanned
Disruption
Termination
Copyright 2013, Logical Management Systems, Corp., all rights reserved
20. Plan – Respond – Recover – Restore – Resume
Plan
High
Resume
Event
Response
Restore
RTO
Recovery
RPO
Level of Service
(Image and Profile
affect degree of
disruption)
Graceful Degradation
Stability Levels
Agile Restoration
MTO
Low
CTL
Time (Time Critical)
(Time Sensitive)
(Time Dependent)
Copyright 2013, Logical Management Systems, Corp., all rights reserved
21. Plan – Respond – Recover – Restore – Resume
Plan
High
Resume
Event
Response
Restore
RTO
Recovery
RPO
Level of Service
(Image and Profile
affect degree of
disruption)
Graceful Degradation
Stability Levels
Agile Restoration
MTO
Low
CTL
Time (Time Critical)
(Time Sensitive)
(Time Dependent)
Copyright 2013, Logical Management Systems, Corp., all rights reserved
22. Plan – Respond – Recover – Restore – Resume
Plan
High
Resume
Event
Response
Restore
RTO
Recovery
RPO
Level of Service
(Image and Profile
affect degree of
disruption)
Graceful Degradation
Stability Levels
Agile Restoration
MTO
Low
CTL
Time (Time Critical)
(Time Sensitive)
(Time Dependent)
Copyright 2013, Logical Management Systems, Corp., all rights reserved
23. Business Continuity Lifecycle
Graceful Degradation + Agile Restoration = Resilience
Full Functionality
Detectors/Indicators of
change
Minimum Stable
Functionality
Maximum Stable
Level of Service
Devolve to most robust less functional configuration
(Personnel, Time, Product, Services)
Copyright 2013, Logical Management Systems, Corp., all rights reserved
25. Building an effective crisis management team
Why Crisis Management Teams Fail:
Crisis Management Team does not know its own reaction
time;
Communications;
Micro-Managing;
Decisions are left at low levels;
Allowing problems to compound.
Copyright 2013, Logical Management Systems, Corp., all rights reserved
26. Building an effective crisis management team
Your biggest challenge:
Getting the team to work together when they
generally do not function every day as a team
Your next biggest challenge:
Getting the team to comprehend their crisis
management roles, responsibilities, functions and
how they differ from their day-to-day roles,
responsibilities and functions
Copyright 2013, Logical Management Systems, Corp., all rights reserved
27. Crisis Management Team (CMT)
Team Competencies (TC)
How good are the team members?
Are they still struggling with basic procedures?
Team Identity (TI)
Does everyone know who does what?
Do they help each other out?
Is anyone micro-managing?
Is anyone “out of it”?
Team Metacognition (TM)
Who’s taking responsibility?
Do they spot and correct problems?
Do they get crunched for time?
Are they “territorial”?
Team Cognition (TC-1)
Is the CMT heading for the same goals?
Does everyone have the same picture?
Are they consistently in a reactive mode?
Do they get paralyzed by uncertainty?
Gary Klein:
“Sources of Power: How People Make Decisions”
Copyright 2013, Logical Management Systems, Corp., all rights reserved
28. Business Continuity – Three Levels
Strategic Level –
Saving the business
Operational Level –
Containing Business Unit Impacts
Key Functions
Leadership (Management)
Planning
Operations
Logistics
Finance
Administration
Infrastructure
Internal/External Relations
Tactical Level –
Operational Actions
Copyright 2013, Logical Management Systems, Corp., all rights reserved
29. Three Spheres of Concern
SPHERE OF INFLUENCE
Your assets and capabilities can affect the
courses of action of others
SPHERE OF RESPONSIBILITY
Your corporate mission, vision, values,
goals, objectives
SPHERE OF INTEREST
Assets and Capabilities of others can effect
your courses of action
Copyright 2013, Logical Management Systems, Corp., all rights reserved
30. “If you keep doing what you’ve
always done – you’ll keep getting
what you’ve always gotten.”
Geary W. Sikich
Principal
Logical Management Systems, Corp.
www.logicalmanagement.com
gsikich@logicalmanagement.com
g.sikich@att.net
+1 (219) 922-7718
Copyright 2013, Logical Management Systems, Corp., all rights reserved
Hinweis der Redaktion
Debt becomes poisonous once it reaches 80% to 100% of GDP for governments, 90% of GDP for companies, and 85% of GDP for households. From then on, extra debt chokes growth. Stephen Cecchetti and his team at the Bank for International Settlements have written the definitive paper rebutting the pied pipers of ever-escalating credit."The debt problems facing advanced economies are even worse than we thought."
Understanding risk velocity is important - how hard you are hit by a risk realized can determine if your organization survives or flounders. Yet few executives have actually used risk velocity in their analysis of risk exposures.We all know “risk” – yet we really do not understand risk.
It’s all about targeted flexibility, the art of being prepared, rather than preparing for specific events. Being able to respond rather than being able to forecast, facilitates the ability to respond to the consequences of an event.We have the unfortunate tendency to view recent experience through a very narrow window of data sets. The data sets often times are based on convenience of access and data availability, rather than on research and a deeper analysis of a broader base of information. What is possible is a long way from what is probable. Determining what is probable takes a lot more effort and analysis.