The Role of Business in Community Resilience by George B. Huff Jr. , Esquire August 1, 2017 Resilient Virginia 2017 Conference Copyright © 2017 The Continuity Project, LLC, and its strategic partners around the world are proud to provide community resilience, business continuity, disaster recovery services and business continuity software for organizations of all types and sizes.
2 Introducing Today’s Presenter George B. Huff Jr. , Esquire, CBCP, MBCI, ISO 22301 Lead Auditor Founder and Director of Consulting, The Continuity Project, LLC Special Advisor, Standing Committee on Disaster Response and Preparedness, American Bar Association NQA Associate Consultant Member, Board of Directors ANSI-ASQ National Accreditation Board The presenter participates in the development of ISO standards on security and resilience that are adopted around the world, including the forthcoming ISO/DTS 22331 – Guidelines for business continuity strategy. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
3 A Word About The Continuity Project, LLC With national and global experience, The Continuity Project focuses exclusively on business continuity management, disaster response and preparedness, and organizational and community resilience programs. • • • Customized solutions by industry, including the practice of law. Addresses the needs of the business environment. Delivers services world-wide. Dedicated to enabling long-term performance and repeatability. • Process focused, not plan-centric. • Actionable and pragmatic. Active in the development of ISO business continuity-related standards. From 2015 to 2016, the Continuity Project’s Director served as the National Institute of Standards and Technology’s (NIST’s) Disaster Resilience Fellow for Business Continuity for the Community Resilience Program. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
4 Today’s Agenda The Importance of Private Sector Business to Community Resilience Programs. How Businesses are Making Communities More Resilient. Information Exchange for Community Resilience: Principles, Framework, and Processes. How to Align the Planning Activities of Business Continuity and Community Resilience. Engagement of the Legal Community – A Call to Action in 2017. The agenda describes the content and sequence of the panelist’s presentation on the critical role of businesses and industries in the creation and implementation of successful community resilience programs. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
5 Importance of Private Sector Businesses to Community Resilience Programs Many experts believe that private sector businesses at the heart of the community’s economic base are also at the heart of the community’s resilience. The business community often has the skills, finance, influence, and ability to mobilize resources, and strategies and solutions for community resilience. To manage risks, the most basic approach to engage the private sector is to encourage businesses to improve their own resilience and the resilience of their supply chains. To provide voice and perspective, another pathway to engagement is for businesses to become stakeholders in the community’s resilience initiatives. This type of engagement is key to resilience, as it helps identify areas of common cause between public and private stakeholders, and it builds trust and longer term commitments between stakeholders. Engage the business community actively in resilience planning, understand the goals of the community and business during blue sky days, and during response and recovery after a disruptive event, and align those goals to improve resilience. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
6 How Businesses are Making Communities More Resilient The emerging business continuity strategy of private sector organizations is simply one of corporate social responsibility. National Disaster Recovery Framework Recovery Continuum [FEMA 2016] The role of business in disaster-recovery response, and financing makes communities more disaster resilient across the continuum of the preparedness, response, and recovery phases of disasters. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
7 Information Exchange for Community Resilience A draft international standard provides guidelines for information exchange, through using principles, a framework, and a process. It seeks to create mechanisms for information exchange by which participating organizations can learn from other´s experiences, mistakes and successes. It can be used to guide the maintenance of the information exchange arrangement in order to increase commitment and engagement. It provides measures that enhance the participating organization’s capability to cope with disruption risk. This international standard can be used by private and public actors in need of guidance for how to set up the conditions for information exchange. ISO/CD 22396 Guidelines for information exchange between organizations, recognizes that risk overlaps and crosses boundaries. Information exchange on liabilities, risks and vulnerabilities can enhance the effectiveness and efficiency of organizations. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
8 Principles The effective exchange of information by organizations: creates and protects value, is founded on mutual benefit, requires a give and gain perspective, is based on trust and the willingness to exchange sensitive information, is a basis for informed decision-making, is systematic, timely and structured, is an integrated part of everyday work, and is based on continual improvement. The principles present the core of the standard. The information exchanged will result in increase preventative measures and capacity building leading to a general increase in security. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
9 Process The process suggests that organizations should: • Establish/operate information exchange arrangements as a mechanism that allows an organization can learn from others’ inputs, successes, mistakes, and experiences, • Embed the information exchange arrangements in the organization’s general processes of operations, • Customize and optimize for each organization’s conditions, and • Ensure that the information exchanged is subject to a process that ensures security of the information, based on trust or anonymity. Establish the Needs Prepare Each Organization Define Forum Structure Operate and Maintain Forum Monitor and Review The process describes information exchange procedures for establishing and maintaining the arrangement. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
10 Framework Continual Improvement Monitor Review Assess Mandate and Commitment Understand the Context Design the Framework Implement the Framework The success of information exchange arrangements depend on the effectiveness of the framework for providing the foundations and guidelines that will embed it within the participating organizations. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
11 How to Align Planning Activities of Business Continuity and Community Resilience A jurisdiction’s public sector planners should collaborative with key stakeholders from local businesses and industry to: • Engage the private sector to encourage businesses to achieve business continuity and supply chain value, • Identify common cause and risk mitigation among private and public stakeholders, and build trust and longer term commitments, • Implement combined strategies to achieve greater resilience in the community. The figures on the next slides show the planning activities align. Business continuity (BC) planning activities meet the needs of organizations and the outcomes of the BCM programs. NIST’s Community Resilience Guide’s 6 -Step process improves the resilience of buildings and infrastructure systems that support the needs of community members. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
12 Planning Activities of Business Continuity and Community Resilience (1 of 6) Business Continuity Planning Activities Community Resilience Planning Activities Leadership, Commitment and Policy (Plan). Project Kickoff and Assessment: Objectives, Scope, Roles and Responsibilities, Steering Committee, and Planning Expectations. Top management demonstrates commitment. Form a Collaborative Planning Team (Step 1) Local Government, Business and Service Professionals, and Community and Volunteer Organizations. Leadership and community engagement essential to success of community resilience planning and implementation. To start-up a BCM program, BC planning involves leadership, top management commitment, and policy-making, while Step 1 of community resilience planning involves forming a collaborative team. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
13 Planning Activities of Business Continuity and Community Resilience (2 of 6) Business Continuity Planning Activities Context of the Organization (Plan). BC Program Development: Understand the Organization, Needs and Expectations of Interested Parties, Legal and Regulatory Requirements, and Scope of BCM Program. Community Resilience Planning Activities Understand the Situation (Step 2). Social Dimensions: how social institutions met community’s needs prior to hazard events and during recovery. Buildings and Infrastructure Systems: how built environment supports functions of social institutions. Link Social Dimensions to Built Environment. Define Building Clusters. Planning activities for BC focus on understanding the context of the organization and, for community resilience, on the community’s situation. BC planning involves BC program development, while Step 2 of community resilience planning involves performing analyses to link the social dimensions and built environment. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
14 Planning Activities of Business Continuity and Community Resilience (3 of 6) Business Continuity Planning Activities Community Resilience Planning Activities Planning and Support (Plan). BC Requirements Definition: Risks and BC Objectives. Business Impact Analysis and Risk Assessment. Resources, Competence, Communication, and Awareness. Determine Goals and Objectives (Step 3) Long-Term Community Goals, Desired Performance Goals, Community Hazards and Levels, Anticipated Performance, and Summarize Results. BC planning next defines BC requirements by analysis and assessment, while Step 3 defines long-term community goals, hazards and levels, and the desired anticipated performance goals of the built environment and supporting infrastructure systems. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
15 Planning Activities of Business Continuity and Community Resilience (4 of 6) Business Continuity Planning Activities Community Resilience Planning Activities Operation (Do) BC Strategy Development: Recommended, Selected, and Prioritized Strategies. BC Plan Development (Step 4) Evaluate Gaps Identify Solutions (Administrative & Construction) Develop Strategy Implementation BC and Community Resilience planning activities next involve prioritizing strategies and then plan development and implementation. A community’s decisions to address performance gaps should involve identifying administrative and construction solutions to improve resilience. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
16 Planning Activities of Business Continuity and Community Resilience (5 of 6) Business Continuity Planning Activities Community Resilience Planning Activities Operation (Do) Training/Awareness and Exercising BC Plan Preparation, Review, and Approval (Step 5) Document Plan & Strategy, Obtain Feedback & Approval, and Finalize and Approve Plan To ensure consistency with BC objectives, the organization tests and exercises their BC procedures, while Step 5 of community resilience planning involves plan review via outreach strategy for public collaboration. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
17 Planning Activities of Business Continuity and Community Resilience (6 of 6) Business Continuity Planning Activities Community Resilience Planning Activities Performance Evaluation and Improvement (Check & Act) Measurement, Analysis, Evaluation, Audit and Management Review. Nonconformity and Corrective Action. Plan Implementation and Improvement (Step 6) Execute Approved Solutions, Evaluate and Update, and Modify Strategy as Needed. BC and Community Resilience planning activities involve plan and program evaluation and improvement, as well as taking corrective actions to update and modify strategies. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
18 Engagement of the Legal Community In February 2017, American Bar Association’s House of Delegates unanimously voted to adopt Resolution 108 and its Report in support of Community Resilience initiatives. * Community Resilience is the ABA’s Official Policy – A Call to Action. Implementation: Make Your Community More Resilient. Get Started: Establish an Information Exchange Between Organizations. * ABA Resolution 108 on Community Resilience. See https: //www. americanbar. org/content/dam/aba/images/disaster/Resolution% 20108%20 FINAL. pdf ABA Resolution 108 is the collaborative effort of the Standing Committee on Disaster Response and Preparedness, Section of State and Local Government Law, and Standing Committee on Law and National Security. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
19 The Continuity Project’s Approach The Continuity Project focuses exclusively on delivery of community resilience, business continuity management, and disaster preparedness and recovery consulting services, and software solutions. Our consultative approach is consistent with leading industry standards, guidelines and good practices, including ISO 22301 and Disaster Recovery Institute’s and Business Continuity Institute’s professional practices. We participate in the development of ISO security and resilience-related standards, including the forthcoming ISO/CD 22396 Community resilience – Guidelines for information exchange between organizations. We take a collaborative approach and work with all levels of management to design solutions that make business sense and address both business and financial project objectives. The Continuity Project excels at helping organizations and jurisdictions rapidly add clarity and focus to their business continuity and community resilience programs using straightforward, pragmatic approaches. Copyright © 2017 The Continuity Project, LLC. All rights reserved.
Let’s Connect! https: //www. linkedin. com/in/georgebhuffjr Send Your Questions c/o: George. Huff@thecontinuityproject. com Resilient Virginia 2017 Conference Copyright © 2017 The Continuity Project, LLC, and its strategic partners around the world are proud to provide business continuity, disaster recovery services and business continuity software for organizations of all types and sizes.
Скачать презентацию The Role of Business in Community Resilience by
95fc618410ed9b5b4e1dc3019890d22e.ppt