Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

FWD50 2019 - Disasters, emergencies, technology, and citizen resilience

47 Aufrufe

Veröffentlicht am

Rita Whittle - Executive Director, Government of Canada Security Policy, Office of the Chief Information OfficerTreasury Board of Canada Secretariat, Government of Canada

Disasters and emergencies are a fact of life. Climate change raises oceans and displaces millions; wildfires burn huge tracts of land; global travel can spread pandemics overnight. And while modern technology can help mitigate emergencies, our reliance on that technology can also make society more vulnerable.

In this workshop, we’ll dive into the challenges governments face, and the changing landscape of solutions that increase citizen resiliency. Bringing together noted experts in robust technology, disaster management, emergency relief, and the delivery of complex systems, we’ll tackle a vital—but often overlooked—aspect of service delivery: Dealing with disasters.

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

FWD50 2019 - Disasters, emergencies, technology, and citizen resilience

  1. 1. Emergencies, Technologies, and Citizen Resilience GC’s Policy Approach to Business Continuity Planning 1 Rita Whittle Executive Director, Government of Canada Security Policy Treasury Board Secretariat Government of Canada Presentation to: FWD 50
  2. 2. 2 Objective To provide the Government of Canada’s policy approach to Business Continuity Management (BCM).
  3. 3. 3 The objectives of the policy are as follows: Policy on Government Security (PGS) • Effectively manage government security controls in support of the trusted delivery of Government of Canada programs and services and in support of the protection of information, individuals and assets. • Provide assurance to Canadians, partners, oversight bodies and other stakeholders regarding security management in the Government of Canada. The expected results of the policy are as follows: • Governance of government security controls within departments, with partners and across government will be effective, by fulfilling specified functions and successfully producing the intended result • Access to advice, guidance and services, including secure internal enterprise services, will be enabled • Deputy Heads and central agencies will have and share information needed for informed decision-making on government security priorities and resources. • Risk-based and standardized security practices and controls will be implemented, monitored and maintained • Management of security events will be coordinated to enable adaptation to a dynamic threat environment Security Screening Information Technology Security Physical Security Business Continuity Management InformaVon Management Security Security in Contracts Security Event Management Security Awareness and Training 8 Security Controls
  4. 4. Business Continuity Management Components Business Continuity Management Practices Business Impact Analysis Business Continuity plans, measures and arrangements Awareness and training Testing Monitoring and corrective actions Define, document and maintain departmental business continuity management practices Define departmental business continuity management requirements for all departmental services and activities supporting continued availability of services and associated assets that are critical to the health, safety, security or economic well- being of Canadians or to the effective functioning of government, based on an analysis of the potential impacts of disruption. Establish business continuity plans, measures and arrangements based on the results of the business impact analysis. Provide awareness and training to all individuals, including specialized training for individuals directly involved in the implementaVon of business conVnuity plans, in accordance with departmental pracVces. Conduct regular testing of business continuity plans to ensure an acceptable state of preparedness, in accordance with departmental practices. Review and maintain business impact analysis and business continuity plans, measures and arrangements, while considering changes in services, activities, resources or threat environment, based on the results of tests and the activation of plans, to ensure business continuity management practices continue to meet the needs of the department. Mandatory Procedures for Business Continuity Management Control
  5. 5. 5 Critical Services - Definition Critical Service or Activity Definition (Source: Policy on Government Security 2019) A service or acVvity whose disrupVon would result in a high or very high degree of injury to the: - Health of Canadians - Safety of Canadians - Security of Canadians - Economic well-being of Canadians, or; - EffecHve funcHoning of the Government of Canada *INTERDEPENDENCY: The reliance or interaction, directly or indirectly, of one activity, or process, or component thereof, upon another. This may include factors (resources) such as people, information, technology and assets. These interdependencies must work in collaboration during an emergency to continue and recover the critical service(s).
  6. 6. 6 Partners in Business Continuity Planning TBS Policy centre responsible for establishing and overseeing a whole-of-government approach to Security* Public Safety Canada Lead Security Agency (LSA) responsible for providing leadership, technical advice and guidance for maers related to business conVnuity management. PCO LSA responsible for providing guidance and advice on implementing security readiness levels for emergencies and increased threat situations *Office of the Chief Human Resources Officer is also a partner
  7. 7. 7 Communications Protocols Federal Emergency Response Plan (FERP)
  8. 8. 8 Annex A - Policy on Government Security Physical Security You lock your front door when you go out and protect your “important” documents in a fireproof container Security Screening You know the individuals you allow into your home Security Event Management You engage key parties when “incidents” happen (e.g. Home alarm triggered and first responders arrive) IM Security / Classification You protect valuable information like your Passport, but not necessarily a grocery bill Security in Contracts You check references and cerVficaVons of contractors that work on your home Security Awareness and Training You make sure your family is prepared (e.g., knows where to find your key documents, how to use the fire extinguisher, 911, and not to let strangers in) NEIGHBOURHOOD WATCH Com m unity Awareness Business Continuity Management You have backup plans and insurance policies for unexpected events such as flooding, fire, etc. ANALOGY: AT HOME WITH THE PGS (EIGHT SECURITY CONTROLS) IT Security You secure WIFI and use Antivirus software (IOT) TravelGuidance Risk Awareness Security Briefings
  9. 9. Annex B – Federal Emergency Response Plan (FERP) Federal Emergency Response Plan •During events that require a GC coordinated response, the Federal Emergency Response Plan (FERP) is invoked and led by the Government Operations Centre (GOC) at PS Canada (Deputy Minister). •The FERP currently identifies the areas which are typically key in a federal emergency response, as defined by the 13 emergency support functions (ESFs) and is supported by an extensive interdepartmental governance to coordinate EM activities, as required.
  10. 10. Annex C – GC Security Policy, Readiness and EM Governance