establish command & control for bcm program successgo.fusionrm.com/rs/275-gvv-046/images/fusion...
TRANSCRIPT
©2017 Fusion Risk Management, Inc.
Establish Command & Control for BCM Program Success
Wednesday, March 8, 2017
Whether your focus is Business Continuity, Disaster Recovery or Crisis/Incident Management, success as a leader requires that you have command of your program, and demonstrate that you are in control every step of the way.
This webinar will provide new perspectives on the challenges facing today's BCM practitioners, and help you redefine your strategies for achieving program success. Our discussion will include:
• Gathering and managing information to more fully understand risks and impacts.
• Driving engagement, ownership and accountability from your program contributors and executives.
• Organizing and orchestrating to achieve successful risk mitigation, disaster response, and recovery.
Now more than ever, successfully managing an enterprise BCM program means much more than conducting BIAs, developing plans, and running tests.
With the right approach you will find command and control is clearly achievable for BCM success.
2
Introductions
David HalfordDirector
Advisory Services
Fusion Risk [email protected]
www.linkedin.com/in/dahalford
Joe RobinsonSr. Director
Global Risk & Resilience
Micron Technologywww.linkedin.com/in/joerobinson
Andy MerckerVice President, Marketing
& Business Development
Fusion Risk [email protected]
www.linkedin.com/in/amercker
3
What is Command & Control?
• Managing a Comprehensive BCM Program
• Engaging Everyone in your Organization
• Managing Incidents & Orchestrating Exercises
4
• Managing a Comprehensive BCM Program
• Engaging Everyone in your Organization
• Managing Incidents & Orchestrating Exercises
• Are you chasing after plan owners for updates, competing for executive attention, and struggling for awareness?
What is Command & Control?
• Are you more simply conducting BIA’s, developing plans, and running tabletop exercises?
• But does this mean simple tabletops, and being in “scramble mode” during actual incidents?
5
What holds us back?
6
?
?
?
• Disparate Data
• Uncoordinated Work Streams of Activities
• Lack of a Common Organizing Model
• Many Sources, Owned By Different Groups, Not Synchronized, Not Consolidated, Various Stages of Currency / Completeness / Accuracy
• Declare Disaster, Business Recovery, BC & DR Teams, First Responders, Facilities, Risk Agendas…
• Executive Reporting, Consistent Across Programs, Prioritization, Risk Tolerances, Investment Decisions
7
?
?
?
What holds us back?
• Convergence of Major Trends
• Growing Array of Agendas
• Increased Expectations for Positive Outcomes
Dramatically increasing the pressure to be more effective, efficient, and economical.
8
What's changed? Is what we’re doing no longer good enough?
Six Major Trends
What's changed? Is what we’re doing no longer good enough?
1. Ever tightening supply chains and increasing dependencies on critical vendors and outsourced service providers.
2. Increased customer demands to not simply promise but prove you have the ability to deliver.
3. Increased weather events creating greater and more frequent disruptions.
4. Executives’ heightened awareness of responsibilities for operational risk.
5. Greater dependency on IT, and greater IT infrastructure complexity.
6. Ever increasing cyber threats and information security events.
9
• Business Continuity
• Disaster Recovery
• Crisis Management
• Incident Management
• Emergency Management
• EH&S
• Security
Growing Array of Agendas
• Facility Risk
• Vendor Risk
• Cyber Risk
• Operational Risk
• Enterprise Risk
• Audit & Compliance
• Legal
What's changed? Is what we’re doing no longer good enough?
10
Expectations for Positive Outcomes
• Expectations for zero downtime
• Expectations for zero disruptions to the business
• No deficiencies in your program will cause the organization to miss any of its business objectives.
What's changed? Is what we’re doing no longer good enough?
11
Problem Definition How do we define these challenges?
• Information Foundation
• Effective Engagement
• Activation and Execution
12
• Information must be accurate and up to date in order to manage effectively at every point in your program.
• Information must be consolidated and organized under a “single pane of glass”, so that it’s readily available and presentable in context when you need it.
• Information must be sustainable, not simply a snapshot, to truly form the foundation of your program -- for your strategies, plans, procedures and activities needed to deliver resilience and recovery.
Problem Definition How do we define these challenges?
13
Information Foundation
• If you don't have people in your organization who are engaged, accountable and responsible, you don’t have the resources required to run a successful program.
• If you don't have the attention of your executives, how aware are they of risks and impacts to the business, and how do they determine appropriate levels of investment?
• Executive buy in and support is necessary to gain resources and tools to deliver an effective program.
Problem Definition How do we define these challenges?
14
Effective Engagement
• If your plans aren't what people turn to during a disruption, then what are they doing and who is leading them?
• If you lack a common organizing model, then how well can you coordinate people, and prioritize and sequence all of the work streams of activities?
• If information isn’t readily available as it’s changing, then how can you gain situational awareness to address unplanned scenarios or unexpected events?
Problem Definition How do we define these challenges?
15
Activation and Execution
16
Solution Definition
Information
Command & Control
Driving Engagement
Driving OutcomesStrategy & Preparation
• Information forms the Foundation and is required for all material advances
• Effective & efficient Engagement drives outcome
• Establishes confidence in ability to Activate & Execute at time of crisis and/or outage event
17
• Information forms the Foundation and is required for all material advances
• Effective & efficient Engagement drives outcome
• Establishes confidence in ability to Activate & Execute at time of crisis and/or outage event
Solution Definition
Information
Command & Control
Driving Engagement
Driving OutcomesStrategy & Preparation
Information Baseline
• Detailed Knowledge of the Business & Business Impacts“Understand how it works so you understand how it breaks”
• Methodology & System in place to maintain and manage information real-time “Deliver desired outcomes regardless of disruptions”
• Business Impact Data used in allaspect of Decision making
“Decisions based on current data”
• Ability to use Business Continuity data inOperational Management“Support Change Control & improve efficiency of daily operations”
Business Impact Management18
Starting Point - Impact Assessments
19
A Business Continuity Management process that…
…is used to determine and manage the outage impacts and exposures of mission-critical processes, applications or facilities over time
…is used to support & establish priorities for resilience, availability and/or recovery
…can be used to determine the “value” of a mission-critical process
…can also be used to support the business case for investments in IT, Facility and process resilience
Types of Impact Assessments
20
• Business Impact Assessment (BIA)(Process, Function, Department, Functional Area)
• System/Technology Impact Assessment (SIA/TIA)(Application, IT System, IT Service)
• Facility/Site Impact Assessment
• Vendor Risk Assessment
• Supply Chain Risk Assessment
Impact Management Best Practices
21
1. Focus on information that extends beyond a typical BIA.
2. Use a data model that reflects a. How your organization works, b. How it might break,c. How you can prevent breaks, andd. How you can put it back together
again.
3. Assume information is constantly changing
4. Methodology and approach promotes Ownership & Engagement
Engagement - what do we mean ?
22
Engagement is:
• Individual ownership
• Information updated regularly as part of operational process
• Program information is used to support operational decisions & viewed as a value to the enterprise
…is NOT:• Annual testing and plan reviews is only
time the extended program team is involved
• Business Impact Data only updated during traditional 2-3 year update cycle
• Maintaining program data and information baseline is viewed as a governance / regulatory requirement
Effective & efficient Engagement drives outcome & supports
successful Command & Control
Executive Engagement
23
• Starts on the foundation of facts and generates value to the Enterprise
• Program Status Dashboards –promotes program confidence & maintain visibility
• Collect & report information by areas of Relevance (VP, Department, Organizational Unit, etc.) – often generates a healthy competition
• Focus on factors that communicates your level of confidence in ability to execute
• Starts on the foundation of facts and generates value to the Enterprise
• Program Status Dashboards –promotes program confidence & maintain visibility
• Collect & report information by areas of Relevance (VP, Department, Organizational Unit, etc.) – often generates a healthy competition
• Focus on factors that communicates your level of confidence in ability to execute
Executive Engagement
24
Activation & Execution
25
Actual crisis events rarely reflect the tabletop test or a ‘planned’ exercise…
Integrating multiple plans, coordinating multiple teams and staying on track is challenging even for the most experienced practitioners.
Recovery orchestration techniques deliver better simulations and more predictable outcomes during actual crisis events.
• Focus on your Milestones
• Understand Dependencies
• Maintain Awareness (Situation and Progress)
• Distribute Responsibilities
• Communicate/Inform
• Be Adaptive
• Leverage Tools
Effective Recovery Orchestration
26
27
• Information forms the foundation for all material advances
• Effectiveness, Efficiency & Economic value can be delivered with new thinking and new approaches
• Command & Control can become your brand to advance your program
Solution Definition
Information
Command & Control
Driving Engagement
Driving OutcomesStrategy & Preparation
©2016 Micron Technology, Inc. All rights reserved. Information, products, and/or specifications are subject to
change without notice. All information is provided on an “AS IS” basis without warranties of any kind.
Statements regarding products, including regarding their features, availability, functionality, or compatibility,
are provided for informational purposes only and do not modify the warranty, if any, applicable to any
product. Drawings may not be to scale. Micron, the Micron logo, and all other Micron trademarks are the
property of Micron Technology, Inc. All other trademarks are the property of their respective owners.
Micron Technology Global Risk & Resilience
Joe RobinsonSr. Director, Global Risk & Resilience
©2016 Micron Technology, Inc. All rights reserved. Information, products, and/or specifications are subject to
change without notice. All information is provided on an “AS IS” basis without warranties of any kind.
Statements regarding products, including regarding their features, availability, functionality, or compatibility,
are provided for informational purposes only and do not modify the warranty, if any, applicable to any
product. Drawings may not be to scale. Micron, the Micron logo, and all other Micron trademarks are the
property of Micron Technology, Inc. All other trademarks are the property of their respective owners.
29
Micron by the Numbers
38 Years strong in
18 Countries with 13 Manufacturing and R&D sites,
3O,OOO+ Team Members and
Net Sales in Fiscal 2016 of
$12,39O,OOO,OOO
| June 27, 2017
30
Corporate Headquarters and R&D FacilitiesBOISE, ID
| June 27, 2017
31
Global Manufacturing Scale2
Lehi, Utah USA Manassas, VA USA
3
13
2 4
5
6
7
8
9
10
4
Hiroshima, Japan
10
Akita, Japan
5
Muar, Malaysia
9
Xian, China
7
Taiwan (Inotera)
6
Singapore
8
Taiwan
1
Boise, Idaho USA
| June 27, 2017
32
Serving a broad set of customer applications
| June 27, 2017
33
Global Risk & Resilience
• Risk Committee Oversite
• Risk Attitude
• Risk Tolerance
• Risk Management Process• Identify• Assess and Prioritize• Treatment and Control• Monitor Residual Risk• Report Effectiveness
Enterprise Risk Management
• Risk Committee Oversite
• Business Impact Analysis• Corporate Functions• Sites
• Risk Assessment• Disruptive Risks• Included in ERM Process
• Continuity Strategy• Corporate Functions
• Plans
• Training and Exercises
Business Continuity Management Crisis Management
• Risk Committee Oversite
• Crisis Management Teams• Executive• Site
• Cross-functional
• Crisis Management Process• Monitor and Alert• Activation• Event Management• Deactivation• Evaluation and
Improvement
| June 27, 2017
34
Command & Control
• Authority
• Subject Matter Expertise
• Know Your Business
• Lead Your Program
• Control, during an event, is a figment of your imagination!
June 27, 2017
35
Engagement
• Value• What is it?
• How do you measure it?
• Top Down and Bottom Up
June 27, 2017
36
Activation / Execution
• Trust
• Process
• Monitor and Adjust
June 27, 2017
David HalfordDirector
Advisory Services
Fusion Risk [email protected]
www.linkedin.com/in/dahalford
Joe RobinsonSr. Director
Global Risk & Resilience
Micron Technologywww.linkedin.com/in/joerobinson
Andy MerckerVice President, Marketing
& Business Development
Fusion Risk [email protected]
www.linkedin.com/in/amercker
38
Q&A