Workshop Session 1
Leveraging Business Continuity Standards: A Practical Guide to Making Standards Work for You
Regina Phelps, EMSS
Kelly David Williams, EMSS
Much has been written and said about business continuity standards, but it's mostly been from the perspective of those whose companies have a goal of achieving full technical compliance with a given standard, often because of a legal/regulatory/industry mandate or, perhaps less commonly, voluntarily. But what about your company? Do the business continuity standards offer any value to those companies not under a mandate and those which are not interested in voluntary compliance?
This workshop will examine ways to use business continuity standards as a general program development tool, as opposed to a "standards compliance" tool. We will explore two of the most commonly used standards (ISO 22031 and NFPA 1600) to ensure full understanding of what they are (and aren't):
- What standards don't tell you about your program that you really need to know.
- How standards can be leveraged within an environment where they are not mandated.
- How to use standards to promote business continuity with your executives.
- How to use standards effectively as an “informal" benchmark for overall program development.
This fast-paced workshop is not intended to provide an in-depth analysis of specific provisions of either ISO 22301 or NFPA 1600, nor is it designed to prepare you to conduct an audit (or to be audited). Our goal is to “take a step back" and consider industry standards from the perspective of business continuity practitioners working in a non-regulated environment.
Since 1982, Regina Phelps has provided consultation, training, and speaking services to clients on four continents. She is founder of Emergency Management & Safety Solutions.
Kelly David Williams, MBA JD, works as a senior consultant with Emergency Management and Safety Solutions.
Workshop Session 2
Command and Control: A Framework for Crisis Management
Sean Murphy, Lootok
Many organizations fail by planning for an event before it happens and consequently, try to fit the crisis into the plan.
In the complex and chaotic environment that is characteristic of a crisis, however, we can only rely on plans as a starting point. The real planning must happen at time of event.
This session will introduce a decision-making model called command and control, and demonstrate how one of the world's largest global companies has applied this framework in training its leaders.
Learn how to build tacit knowledge among leadership, develop solutions around the specific context of a crisis, and get executive buy-in for your crisis management program.
Sean Murphy is the CEO of Lootok, a specialized business continuity management (BCM) consulting firm headquartered in New York City.
Raychel O'Shea-Patino previously managed the business continuity program for one of the world's largest global companies.
Workshop Session 3
Hands-on-Workshop to Build and Exercise Cyber Contingency Examples
Susan Rogers, Cyberwise
In this workshop participants will review the components of the NIST U.S. Cyber Security framework to protect critical infrastructure and discuss where business continuity skills are needed to guide business leaders as they enhance their contingency plans to respond to a cyber event.
- break into teams
- be given a fictitious business continuity plan
- debate the ramifications of a cyber event
- identify contingency activities the business unit and company can consider when faced with the complexity of cyber disruption.
The teams will then join together for a limited cyber exercise and debate the effectiveness of the contingencies activities.
Susan Rogers, principal consultant and CEO of Cyberwise CP, is a seasoned technology and risk management expert with more than 30 years of diverse experiencein the banking and finance industries.
She and her team work with companies and organizations of all sizes to help clients create no-nonsense contingency and control solutions to ensure that their crisis plans and risk management controls are strengthened for a cyber-events as well as current day regulatory expectations.
Rogers has participated in the 2013 NIST Cybersecurity Critical Infrastructure framework workshops with the intention to include business contingency recovery capabilities into the framework discussions. Her company is positioned to help businesses enhance their contingency plans and map framework controls and activities to their existing risk management structure.
Rogers is currently a disaster recovery specialist at Yale University. During her tenure at companies including Bank of America, GMAC Commercial Mortgage, Fidelity Bond and Mortgage and Electronic Data Systems (EDS), she specialized in technology risk, business continuity, disaster recovery, information-security governance, operations-risk management, capital markets operations and vendor management.
Workshop Session 4
Ready, Set, Exercise! How to Conduct a Successful BCP/DRP Exercise
Steve Goldman, Steve Goldman Assc.
Successful crisis management and disaster recovery takes more than a plan: it requires realistic testing and validation.
How do you do that properly? Are your exercises smoke and mirrors or do they provide as-close-to-real situations as possible?
How does your program compare? How can you improve? During this hands-on workshop, you will learn how to set up and conduct a successful BCP/DRP exercise.
Students will master the aspects of effective exercise preparation and execution, including:
- Types of drills and exercises
- Elements of a successful exercise
- Scope, objectives, and extent of play
- Scheduling and coordination
- The scenario development team
- Scenario ideas and events you can use
- Resources and props
- How to conduct, evaluate, and critique
- Imagination, creativity, and leadership
- Dr. Goldman's highly acclaimed Exercise Planning Checklist.
You will learn how to avoid common pitfalls during the development process and how to anticipate and resolve potential problems.
Exercise conduct, evaluation, and critiquing strategies will be discussed.
With his lively style and real-life examples, Goldman will lead the class through interactive discussions of successful exercise development.
Dr. Steve Goldman is a leading crisis management and BCP consultant and former global BCP manager for a Fortune 500 company.
Over his long career Goldman has developed, conducted, and evaluated drills and exercises ranging from one-hour tabletops to massive three-day exercises involving hundreds of responders from dozens of companies and government agencies.
Workshop Session 5
Incident Management Planning and Social Media
Ken Schroeder, Southeast Corp.
Deidrich Towne, Hewlett Packard
David Ziev, Bus. Cont. Prof.
Back by popular demand, PPBI has updated this highly interactive workshop. Learn how social media can have a dramatic impact on incident management. Discover the Incident Command System (ICS) and the PPBI Incident Management Plan Maturity Model which was developed from recognized standards and industry best practices.
One of those best practices is the handling of communications including social media outlets. If you have not embraced these phenomena, or need some help in building your response plans that include social media, PPBI will share the good, the bad and the ugly of managing this new media. Attendees will go away with an appreciation for recognition of the problem, a considered response, and what effect social media can have on the effectiveness of your plans.
Exposure to the practical experience of the facilitators in addition to recognized industry standards in measuring the maturity of your plans benefits both the public and private sectors. You will use the ICS checklist to assess your capability to assemble, coordinate, collect and channel the resources required for critical incident management. The tools are free, the simulation authentic and the class is practical, immediately useful and fun!
Ken Schroeder, CBCP is vice president for business continuity at Southeast Corporate.
Deidrich E. Towne, Jr. MBCP is senior technical consultant for Hewlett Packard.
David Ziev, MBCP, MBCI is the principal of Business Continuity Professionals.
Workshop Session 6
Resilience in the Face of Disruptions
Arash Azadegan, Rutgers Business
Anne Quarshie, Rutgers Business
This interactive session uses participant responses to a hypothetical case of supply chain disruption to assess how organizational resilience and supply chain resilience can affect recovery efforts during supply chain disruptions. Participants will read a case comparing two companies and provide an assessment of their recovery performance. Rutgers Business School Supply Chain Management researchers will tally the results and results will be placed on presentation screen for an open discussion of the results.
The comparison case will involve a scenario where attendees pose as a chief procurement officer for a major retailer who is dealing with a natural disaster affecting a nearby state. The disaster has caused significant disruption to the supply chain of two manufacturers which make similar products (company A and company B). Attendees will determine the company's course of action for your own firm as a result of supply shortage from these two manufacturers.
There are certain distinct differences between company A and company B, which participants will be provided with at the session. Based on these they will be asked to provide an assessment of the effect of the disruption and recovery efforts of the two companies. Participants will be provided with a short set of questions on how Company B compares to Company A in terms of (a) recovery speed (b) need for resources (c) overall effects of the disruption on its performance.
Discussions of the results and how supply chain and organizational resiliency affect participants' perception of recovery will be discussed.
Dr. Arash Azadegan is assistant professor of supply chain management at Rutgers Business School.
Anne Quarshie works as a visiting researcher at Rutgers Business School in New Jersey, where she is a research associate with the supply chain disruption research laboratory at the Supply Chain Management and Marketing Sciences Department.