Transcript Business Continuity Planning Concepts

COOP Introduction
Chris Alvord, CBCP
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
1
Introduction
COOP Systems Overview
 Started 2002 “to deliver most focused and





highest-quality offerings for continuity
planning.”
Software, training, and consulting services - predominantly software over last year.
Staff experienced and certified.
Virginia headquarters office in Herndon.
Clients in government, military, intelligence,
finance, high tech, technology services,
manufacturing, law, e-Commerce, insurance.
Woman-owned small business status.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
2
Introduction
Five Sample Clients
Virginia
state government contract for
software, training, consulting.
Transamerica
part of AEGON, one of top 50
financial companies in world.
DIA & CIA
only continuity planning system
on SIPRNET classified network.
Fiserv
176 financial services
companies, based in
Philadelphia.
VeriSign
supporting .com and .net, 14
billion transactions daily.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
3
“There is no need to sally forth, for it
remains true that those things which make
us human are, curiously enough, always
close at hand. Resolve then that on this
very ground, with small flags waving and
tiny blasts from tiny trumpets, we shall
meet enemy, and not only may he be
ours, he may be us.”
From introduction to Pogo Papers
Walt Kelly (1953)
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
4
Introduction
Current State
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
5
Introduction
Course Outline
Project Initiation
2. Information Gathering
3. Risk Analysis
4. Business Impact Analysis
5. Strategy Options Analysis
6. Plan Design and Implementation
7. Exercising Plan
8. Maintenance & Exercise Programs
9. Awareness & Training Programs
10. Emergency Response/Crisis Management
1.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
6
Introduction
Five Important Concepts
 Five “R’s” of Continuity
– Response
– Recover
– Resume
– Restore
– Relocate
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
7
Introduction
Definitions
 Response - - to emergency conditions
Procedures designed to:
– Address life safety issues
– Gain control of situation,
– Provide initial response & decision-making
effort, &
– Coordinate companywide resources at
executive level
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
8
Introduction
Definitions
 Recover
Return to acceptable condition or level of
operation following disruptive event.
Planning - Documented instructions and
guidelines for continuation of MISSION critical
processes following disruptive event or during
period of resumption / recovery.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
9
Introduction
Definitions
 Resume
Defined as “restart, take up or begin
anew”
Resumption of normal operations following
interruption or event.
This stage could be many months.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
10
Introduction
Definitions
 Restore
Defined as “return to original or usable
and functioning condition.”
Reconstruction activities preparatory to
return to new or restored facilities.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
11
Introduction
Definitions
 Relocate
Defined as “move or establish in a new location.”
Moving operations for final, production
facilities.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
12
Introduction
Definitions
 Disruptive Event
Event that prevents organization from
accomplishing its MISSION critical
processes in normal manner.
a.k.a. Disaster - The reason we
need COOP plans.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
13
Introduction
Continuity Planning
Goal:
Define, develop, and implement plans that
will allow your ORGANIZATION to:
1. Prevent disruption from occurring or,
2. If disruption does occur, continue to
operate following disruption and
3. Recover in rapid and efficient manner.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
14
Introduction
Relationships
Crisis Management Team
Immediate
Response
Teams
Institutional
Recovery
Teams
Functional
Recovery
Teams
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
15
Introduction
Continuity Planning Uses Many Teams
Department Functions
Institutional Functions
Function 1
Function 2
Org
Unit 1
Accounting
Function n
Purchasing
Function 1
Function 2
Org
Unit 2
Function n
COOP/
BCP
Program
Payroll
Central IT
Function 1
Function 2
Org
Unit n
Etc.
Function n
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
16
Continuity
Planning Concepts
COOP Table of Contents
Per FPC 65
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
17
Introduction
Purpose
 Guidance to Federal Executive Branch
departments and agencies
 For use in developing viable and executable
contingency plans for continuity of
operations (COOP).
 COOP planning facilitates performance of
department/agency essential functions
during any emergency or situation that may
disrupt normal operations.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
18
Introduction
Applicability & Scope
 Applicable to all Federal Executive Branch
departments, agencies, and independent
organizations, hereinafter referred to as
“agencies.”
 COOP elements outlined herein are for use
at all levels of Federal Executive Branch
organizations.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
19
Introduction
Policy
 U.S. to have in place comprehensive and effective
program to ensure continuity of essential Federal
functions under all circumstances.
 All Federal agencies shall have in place viable COOP
capability ensuring performance of their essential
functions during any emergency or situation that
may disrupt normal operations.
 COOP forms foundation of Continuity of Government
programs designed to ensure survival of enduring
constitutional government.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
20
Introduction
Background

Simply “good business practice”

Changing threat environment and recent
emergencies, coupled with potential for terrorist
use of weapons of mass destruction.

FEMA provides oversight and coordination,
transferred to Department of Homeland Security

FEMA provides leadership for Federal Executive
Branch COOP program.

Inherent in responsibility is to formulate guidance,
facilitate interagency coordination, oversee and
assess COOP capabilities of agencies.

Each Federal Executive Branch agency responsible
for appointing senior POC
Continued
21
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
Introduction
Objectives

Cover wide range of hazard emergencies.

Ensuring performance of essential functions.

Reducing loss of life, damage and losses.

Protecting essential assets.

Executing successful succession to office

Reducing or mitigating disruptions to operations

Ensuring agencies have alternate facilities

Achieving timely and orderly recovery

Achieving timely and orderly reconstitution

Maintaining test, training, and exercise program.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
22
Introduction
Planning Considerations

With and without warning.

Operational within 12 hours after activation.

Sustain operations for up to 30 days.

Include regularly scheduled testing, training, and
exercise program.

Must provide for regular risk analysis.

Locate alternate operating facilities.

Take advantage of existing infrastructures.

Innovate, e.g., telecommute, etc.

Consider distance of alternate facilities

Multi-year strategy & program management plan.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
23
Introduction
Elements of COOP Capability
Plans and Procedures










Develop/document procedures to provide for all
essential functions.
Essential functions, dependencies, and resources.
Orders of succession to key agency positions and
maintain current rosters.
Locate alternate operating facilities.
Outline decision process for response.
Procedures for the notification and relocation.
Operational capability within 12 hours of activation.
Continue essential functions for up to 30 days.
Provide for personnel not deployed.
Reconstitution of agency capabilities to normal.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
24
Introduction
Elements of COOP Capability
Identifying Essential Functions
 Establishes planning parameters
 Essential functions - - vital services, civil authority,
public safety, sustain industrial/economic base
 Carefully review all organizational missions.
 Improper identification of essential functions can
have negative impact on entire COOP plan
 Must also include external partners.
 Consideration must be given to department and
agency interdependences.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
25
Introduction
Elements of COOP Capability
Delegations of Authority
 To ensure rapid response:
– Pre-delegate authorities for making policy all
decisions
– Ensure all personnel know who has authority to
make key decisions in COOP situation.
– Pre-determined delegations of authority will take
effect when normal channels of direction and
control are disrupted and will terminate when
these channels are restored.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
26
Introduction
Elements of COOP Capability
Orders of Succession
 Agencies responsible for establishing,
promulgating, and maintaining orders of
succession to key positions
 Orders of sufficient depth to ensure
agency’s ability to perform essential
functions while remaining viable part of
Federal Government at all times.
 Geographical dispersion encouraged,
consistent with principle of providing
succession in emergencies of all types.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
27
Introduction
Elements of COOP Capability
Interoperable Communications
 Essential functions at alternate operating facilities
dependent upon identification, availability, and
redundancy of critical communications systems
 Need is to support connectivity between key
government leadership, internal elements, other
agencies, critical customers, and public
 Methods are secure and non-secure phone, fax, and
messaging capabilities, etc. during crisis, disasters,
or wartime conditions
 Required communications capabilities must be
operational within 12 hours of notification.
 Communications capabilities at alternate operating
facilities to be tested quarterly
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
28
Introduction
Elements of COOP Capability
Vital Records and Databases
 All sources of data, not just electronic.
 Agency personnel must have access to and be able to
use these records and systems.
 Procedures for protecting/updating them.
 Categories of these types of records may include
emergency operating records, and legal and financial
records.
 Identification/protection of vital records, systems,
and data management software and equipment
 This includes classified or other sensitive data.
 Pre-position and update on regular basis duplicate
records or back-up electronic files.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
29
Introduction
Elements of COOP Capability
Human Capital
 Managerial roles and responsibilities
 Employees’ roles and responsibilities
 Federal personnel decisions and related
protocol systems
 Staffing issues
 Pay issues
 Leave issues
 Benefits issues
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
30
Introduction
Elements of COOP Capability
Tests, Training & Exercises

Validate COOP plans, policies, and procedures.

Ensure familiarity with procedures and systems.

Ensure COOP personnel sufficiently trained.

Ensure currency of knowledge and integration of skills

Deploy personnel/equipment to alternate facilities.

Ensure backup data and records sufficient.

Test/validate equipment.

Ensure agency personnel understand procedures to
transition to normal activities (reconstitution).

Conduct refresher orientation for COOP personnel.

Document completed training and future requirements.

Develop Multi-Year TT&E plan.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
31
Introduction
Elements of COOP Capability
Devolution of Control and Direction
 Addresses catastrophic and other disasters
and events rendering agency’s leadership
and staff incapable of supporting execution
of essential functions from either its
primary or alternate locations.
 Devolution option shall be developed to
address how agency will identify and
conduct its essential functions in the
aftermath of a catastrophic emergency.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
32
Introduction
Elements of COOP Capability
Reconstitution
 Extensive coordination necessary to procure
a new operating site once agency suffers
facility loss or in event that collateral
damage from a disaster renders the
structure unsafe for reoccupation.
 Reconstitution embodies the ability of an
agency to recover from catastrophic event
and consolidate necessary resources that
allow it to return to being fully functional
entity of the Federal Government.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
33
Introduction
COOP Implementation

Deliberate and pre-planned movement of selected
staff to alternate facility.

Relocation may be needed to accommodate a variety
of emergency scenarios.

Distinction must be made evacuation only and
implementation of COOP plans

Agencies should develop an executive decision
process.

Preclude inappropriate activation

Recommended phasing for COOP activation and
relocation, alternate facility operations, and
reconstitution follows:
Continued
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
34
Introduction
COOP Implementation
Activation and Relocation (0-12 hours)
 Activate plans, procedures, schedules to
transfer essential functions, personnel,
records, etc. to alternate operating facilities.
 Notify FEMA Operations Center (FOC) and
other appropriate agencies of decision to
relocate and time of execution or activation
of call-down procedures.
 FOC relays notification information to
Homeland Security Operations Center
(HSOC).
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt,
Inc.
Continued
35
Introduction
COOP Implementation
Alternate Facility Operations
 Provide additional guidance to COOP
personnel and all other employees.
 Notify FOC and all other appropriate
agencies immediately of agency’s
alternate location, operational and
communications status, and anticipated
duration of relocation.
 Commence full execution of essential
functions at alternate operating facilities.
FOC will relay this information to HSOC.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt,
Inc.
Continued
36
Introduction
COOP Implementation
Reconstitution
 Defined as termination and return to normal
operations.
 Inform all organizational personnel that the threat of
or actual emergency no longer exists, providing
instructions for resumption of normal operations.
 Supervise orderly return to the normal operating
facility, or movement to other temporary or
permanent facilities.
 Report status of relocation to FOC and other agency
points-of-contact, as applicable.
 FOC will relay this information to the HSOC.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
37
Introduction
Agency Head Responsibilities

Appointing COOP program point-of-contact.

Developing multi-year plan.

Developing, approving, and maintaining COOP plans.

Conducting tests, training, exercises of COOP plans.

Participating in interagency COOP exercises.

Notifying FEMA, etc. upon COOP implementation.

Providing updates on COOP status to FEMA.

Coordinating intra-agency COOP efforts/initiatives.
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
Continued
38
Introduction
FEMA Responsibility
 DHS’s Executive Agent for Federal Executive Branch
COOP
 Coordinate activities of Federal Executive Branch
agencies
 Issuing COOP guidance, in cooperation with GSA
 Chair COOP Working Group (CWG), principal
interagency forum for discussion of COOP matters
such as policy guidance, plans, and procedures, and
for dissemination of information to agencies for
developing/improving their individual COOP plans
 Conduct periodic assessments of Executive Branch
COOP capabilities and report results to NSC
Continued
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
39
Introduction
GSA and OPM
 General Services Administration (GSA)
responsible for:
– Developing and conducting a COOP training
course that is available to all agencies; and,
– Maintaining a database of all alternate operating
facilities.
 Office of Personnel Management (OPM) is
responsible for maintaining and revising all
guidance in FPC pertaining to Human Capital
© 2003-2004 COOP Systems, Inc. and 2001-2004 PreEmpt, Inc.
40