1. Course #: SS278 Title: Using 3 "P's" to prevent 3 "D's" Scheduled For: Monday, Round Seven, 4:30-5:30 pm Presented By: Dave Flora, Principal MAILCOM Conference
2.
3.
4.
5.
6. 9/11. Katrina. Virginia Tech. The worst disaster you will see is the one that happens to y ou or your business
7. Extreme Heat Fires Floods Global Warming Hazardous Materials Hurricanes Compliance Multi-Hazard Nuclear Earnings Pandemic Power Outages Thunderstorms Unions Winter Storms Workplace Violence Dam Safety Economy Terrorism Tsunamis Tornadoes Extreme Heat Floods Global Warming Hazardous Materials Hurricanes Nuclear Pandemic Terrorism Fires Power Outages Landslides Thunderstorms Tsunamis Unions Volcanoes Winter Storms Earthquakes Flu Global Warming INS Media Tornadoes Floods IRS Power Outages Thunderstorms Terrorism Succession Planning Nuclear
8.
9. t “ Preparedness is not a luxury; it is a cost of doing business.” Source: The 9/11 Commission Report
10.
11. Business Continuity represents assurance that an enterprise has the ability to continually meet their commitments, i.e., “run the business” ……. no matter what .
12.
13.
14. NORMAL OPERATIONS AWARENESS & CONTINGENCY PLANNING CORPORATE GOVERNANCE & PREACTION PLAN CERTAINTY IMPACT
15.
16.
17. “ There cannot be a crisis next week. My schedule is already full.” Henry Kissinger
In fact, over 70,000 disasters occur annually in the U.S. alone. They can’t be scheduled, but they can be predicted and planned for. The consequences can be managed and Mitigated.
DO NOT CLICK UNTIL READY TO ADVANCE TO NEXT SLIDE. Not all threats are equal. Not all apply. Not all have the same impact. Everything should be considered, evaluated, and understood. Look at all your locations. Look at your employees. Look at your vendors. Look at your customers.
Firestorm Solutions, LLC. welcome you to today’s seminar “Luck is Not a Strategic Plan.” We all face a world today that has a complex pattern of growing risks and threats. Insurance addresses some of the impacts, but does not prevent impacts or mitigate all losses. Business Continuity is a strategic governance issue. Unfortunately, many minimize exposures that have not been personally experienced. Failure to adequately Predict. Plan. Perform. will create a corporate environment destined for disaster.
Day 1
More than an IT issue. Data and access are critical. There can be no recovery without people.
Y- & X-AXES APPEAR AUTOMATICALLY. CLICK TO BRING UP ‘NORMAL OPERATIONS’, THEN ‘WARNING,’ THEN ‘DANGER’. Low impacts are managed by normal operations regardless of certainty. The potential of high impacts even though low certainty should be identified. There must be a decision process in place to address all high impact vulnerabilities. “ Never bet the company.” Some events can place the survival of the organization at risk. Good governance and fiduciary responsibilities mandate formal direct attention and require a strategic business continuity plan.
CLICK FOR EACH POINT. Everything is foreseeable. Anyone can be found accountable. If directors and officers neglect to prevent or mitigate foreseeable disasters or prepare for those that are not preventable, the business-judgment rule will not shield them. They are exposed to liability if they fail to act in good faith and exercise due care. Some of you may already be thinking about the disaster recovery plan your company has or considering purchasing a pre-packaged plan. It may be nicely packaged in a fat binder on the bookshelf – you’ve probably never really read it, but you figure your people have. Certainly the IT staff has, and the security team. And, you would hope, human resources. A plan alone does not guarantee that you have everything in place. As we all have observed, what happens in minutes can take have tremendous long term personal and business impacts. Crisis and consequence management are part and parcel of responsible corporate governance. In fact, it is a liability issue, and one that may not seem either foreseeable, much less fair. You may not be aware that the Port Authority of New York, the landlord of the World Trade Center, was found to be twice as liable as the terrorists who did the bombing in 1993. It was held that the Port Authority should have foreseen the possibility.
CLICK TO BRING UP EACH ELEMENT OF THE IMAGE. If directors and officers neglect to prevent or mitigate foreseeable disasters, or prepare for those that are not preventable, the business-judgment rule will not shield them. They are exposed to liability if they fail to act in good faith and exercise due care. Corporate boards and senior management are responsible for duty of care to shareholders and employees to identify and prepare for foreseeable, likely risk threats. Today everything is foreseeable . Failure to plan is negligence, regardless of ignorance or denial. This failure is a breach of a legal duty by not employing the standard of care that a reasonably prudent individual would use in comparable circumstances, thereby directly causing the foreseeable damage. National standards and recognized global threats have put businesses on notice that ongoing planning, implementation, and funding are required of management. A jury found the Port Authority of New York and New Jersey guilty of negligence in the 1993 bombing of the World Trade Center. The jury was swayed by a 1985 report in which the Port Authority’s own security officials warned that the facility’s 400-space garage was a likely terrorist target. Juror Ray Gonzales said the report was “very prominent” in the panel’s deliberations, adding that the Port Authority “dropped the ball.” Another cause of concern from this case to future defendants in other disasters or crises, the jury allocated 68 percent (or two-thirds) of the blame for the attack on the Port Authority, holding that the Authority was twice as liable for the attack as the actual attackers. In 2003, a federal judge in New York ruled that a plane flying into the World Trade Center was “within the class of foreseeable hazards,” thus allowing 9/11-related negligence litigation. These landmark cases create precedents for employees, customers, business partners, shareholders, municipalities, and other “stakeholders” to successfully sue organizations for negligent security and business continuity planning. This shows that failure to plan is negligence and grounds for liability for companies, CEOs, CFOs, other “C-suite” executives and directors. In summary from a legal perspective, due diligence and sound governance demand that organizations develop, maintain, and test comprehensive business continuity plans since: Organizations are susceptible to a variety of disasters and crises, both natural and man made; Disasters and crises are predictable; Organizations with business continuity plans are better prepared to survive a disaster if one occurs.
Change title to “readiness” or “disaster due diligence” to be more inclusive Today’s seminar is designed to assist you and your organization in analyzing your current status of disaster preparedness and vulnerability. The agenda for today’s seminar is designed to provide you information, complete a case study, and to answer questions. You and your organization have many policies, procedures, and systems in place to manage disasters and crises. Congratulations. Please focus today on identifying action items and areas requiring additional information. If you or your employees can not immediately identify the necessary steps to address the vulnerabilities discussed, then your company’s survival depends on creating a new corporate culture of preparedness. Firestorm has found that there are strategic advantage initiatives for your organization relative to your competition or similar organizations in managing a disaster or crisis.
CLICK ONCE TO BRING UP IMAGE, AND THEN STOP. DO NOT CLICK UNTIL READY TO ADVANCE TO NEXT SLIDE. The disaster environment is complex. Everyone and anyone can be impacted. Your company does not have to be directly hit to be impacted. The ending of an event does not stop the impacts. Consequence management can take years. What comes to mind with the mention of “Columbine” - not the state flower of Colorado. Ten years to settle claims. Lives changed forever.
This is a continual process . . .
Firestorm has published a book entitled “ Disaster Ready People for a Disaster Ready America .” This book is a guide for individuals to address their disaster preparedness needs at home. If individuals are prepared at home, they are more likely to be available to assist in the organization’s business recovery. If you are interested in receiving a copy of the book, please let me know. The Firestorm web site can be accessed at: http:// www.firestorm.com /
What now? You invent the future.
Interested in measuring your program? Or discussing your program needs Day 1
![Presidential Proclamation- NATIONAL PREPAREDNESS MONTH, 2010 ,[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)