Frontiers of Risk. Don t Be Afraid: Business Continuity Plan Development Only Hurts A Little!

Transcription

1 Don t Be Afraid: Business Only Hurts A Little! Frontiers of Risk Community College Risk Management Consortium July 20-21, 2017 JILL MCEWEN - FOX VALLEY TECHNICAL COLLEGE JOE DESPLAINES DISTRICTS MUTUAL INSURANCE & RISK MANAGEMENT SERVICES

2 Don t Be Afraid: Business Only Hurts A Little! Welcome and Introductions Using Best Practices for Business 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 2

3 Best Practices reliable and dependable practices that, if followed, can result in a comprehensive Business Continuity Plan that addresses risk to the important mission-critical issues of a technical college. Risk the invisible liability on an organization s balance sheet ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 3

4 Use of External Consultants Private Sector Insurance Public Safety 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 4

5 1. A Business Continuity Plan (BCP) will be more proactive and comprehensive than an Emergency Response Plan (ERP) ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 5

6 ERP Best Practices for Business An Emergency Response Plan is reactive. An Emergency Response Plan is crisis specific, focusing on the response and management of the most likely crises for a specific organization. An Emergency Response Plan is part of an overall Business Continuity Strategy ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 6

7 BUSINESS CONTINUITY PLANNING Readiness (BEFORE) Response (DURING) Recovery (AFTER) Threat Assessment/ERP Development Critical Event Response Management Accounting for People Workforce Recovery Plan ERP Training and Testing Facilities and Equipment Damage Assessment Critical Function Recovery Plans ITDR Plan Development Systems Damage Assessment IT Recovery Plan Department Recovery Plan Development Insurance Claims Processing Facility Recovery Plan Insurance Coverage Assessment Image and Reputation Management Process Debriefing 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 7

8 2. Effective Business Continuity Plans are both strategic and tactical ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 8

9 Strategic Senior Management big picture view of the response to, management of and recovery from a business interruption: This is how we will put the fire out and get back to our mission. Tactical operationalize the Strategy: Put the fire out. Restore facility. Recover college operations. Assure stakeholders the campus is safe ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 9

10 3. Effective Business Continuity practice is all about redundancy. People 3 deep Facilities alternate operations locations Information Systems ITDR 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 10

11 4. Subject Matter Experts (SME) are key players in the fulfillment of the organization s mission, and should be involved in developing department recovery plans. The college mission is carried out at the department level. SMEs are closest to the department operations and best suited to plan and conduct crisis response, management and recovery ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 11

12 5. The most effective Business Continuity Plans are the most user-friendly. BCPs are efficient gone is the Big Red Binder. BCPs are distributed on a need to know basis. BCPs evolving toward check list format ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 12

13 6. Someone must own the BCP. The BCP is a dynamic framework that must be kept up-to-date in order to deliver value. Responsibility identified in owner s position description. Annual tasks documented and evaluated in owner s performance review ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 13

14 7. The BCP development process begins with a Threat Assessment. Answers question - What are we planning for? Assists with resource allocation. Assists with planning in multiple areas: - Senior Leadership - Risk Management (Insurance) - Financial Planning - Media Relations 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 14

15 8. There are annual BCP management tasks that must be completed to ensure risk mitigation and continuity of operations. Plan review, revision, and training. Plan practice and rehearsal. Emergency Action Plan exercises: - Run -Hide - Fight 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 15

16 9. Engage with Public Safety in the plan development process. Threat Assessment, and/or Planning Review, and/or Drills and Exercises ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 16

17 10. A process debriefing should follow every exercise and incident response. What did we do well? What do we need to improve? Are there immediate action items that we must address? 2017 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 17

18 Comments/Questions? Thank You! Jill McEwen, Vice President, Facilities and Operations Fox Valley Technical College Joe DesPlaines Business Continuity and Crisis Response Consultant Districts Mutual Insurance and Risk Management Services