STRUCTURED EXTERNAL ASSIGNMENT
Chapter 7
Mitigation and Business Continuity Strategy
Introduction
High level strategy of alternate data processing and alternate workspace
Each team may have different strategies or ones that support the higher level
Strategies are directly tied to the Business Impact Analysis and the Risk Assessment
Mitigation applies to strategies to protect the organization from risk
Mitigation is sustained action that reduces or eliminates long-term risk
NFPA requires when hazard cannot be prevented
Mitigation
Emergency management, like PDCA, is not a linear process
Post disaster is opportune time to build mitigation
Mitigation eliminates or reduces impact
Mitigation allows for rapid response and recovery
Mitigation is cost-effective
The characteristics of hazards must be completely understood to effective mitigate their effects and avoid surprises
Mitigation
Mitigation should follow the Hierarchy of Controls (ANSI Z-10)
Elimination
Substitution
Engineering Controls
Administrative Controls
Personal Protective Equipment (PPE)
Mitigation
Mitigation
Other forms of mitigation include:
Service Level Agreements
Redundancies and Divergence
Separation of Hazards
Mitigation must be:
Cost-effective
Can be a “big ticket item”
May need to be spread among numerous budget cycles
Have alternate plans ready
Technically feasible
Not create additional hazards
Funding Strategies
Business Continuity Strategy
Core around which the Business Continuity Management System is built
Most effective when developed by process owners
Strategies must:
Be cost effective
Technically feasible
Consider the output of the Business Impact Analysis and Risk Assessment
Aligned with the RTO, RPO, MAO
Business Continuity Strategy
Adhere to any assumptions in the plan
Minimize any changes to routine
Not establish unfamiliar organizational structures
Not require extensive training post disaster
Vital Records
Primary cause for failure to recover after disaster
Loss of Accounts Receivables
Records Management System
Business Continuity Strategy
Strategies for:
Accounting, Finance, Payroll
Business Continuity Cost Account
Customer Service, Technical Support
Facilities
Human Resources
Accounting for Personnel
Housing and feeding
Pandemic Influenza
Business Continuity Strategy
Strategies for:
Information Technology
Insurance and Risk Management
Legal
Regulatory compliance
Manufacturing
Public Relations
Brand and Reputation
External Communications
Business Continuity Strategy
Strategies for:
Purchasing / Procurement
Supply Chain requirements
Sales and Marketing
External Communications
Telecommunications
Business Continuity Strategy
Strategies can result directly from the Business Impact Analysis questions
Alternate location
Forward mail and deliveries
Publish locations
Relocate to undamaged portions of building
Hotels and convention centers
Bring home laptop systems
Communicate
12
Review
Mitigation is action taken to eliminate or reduce the impact of hazards
A mitigation plan is required by the standards
Identify and understand the effects of hazards
Hierarchy of Controls
Continuity Strategies based on BIA and Risk Assessment
Primary and team strategies
Must be cost-effective and align with RTO