Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making Incident Management Work for Your Organization

Published byRandell Atkinson Modified over 5 years ago

Similar presentations

Presentation on theme: "Making Incident Management Work for Your Organization"— Presentation transcript:

1 Making Incident Management Work for Your Organization
14th Annual Making Incident Management Work for Your Organization Kathleen Lucey, FBCI – President, Montague Risk Management April 19, 2016 The Road to Resilience

2 Interruption Response Management Site Repair or Relocate
INCIDENT MANAGEMENT MODEL - 1 Interruption Response Management Executive Team Damage Assessment Emergency Logistics We start with Disaster Recovery (IT only), damage assessment, and Site Repair or Relocate Disaster Recovery Team

3 INCIDENT MANAGEMENT MODEL - 2
Interruption Response Management Executive Team Damage Assessment Transportation, Communications Media Relations Team Emergency funding? Emergency Logistics Command Center Support Team Site Repair or Relocate Site Relocation and Re-creation Site Repair and Restoration Disaster Recovery Teams

4 INCIDENT MANAGEMENT MODEL - 3
Interruption Response Management Interruption Management Team Executive Oversight Team Damage Assessment Transportation, Communications Media Relations Team Emergency funding Physical Security Emergency Logistics Command Center Support Team Here we add Site Repair or Relocate Site Relocation and Re-creation Site Repair and Restoration Business Continuity Teams Information Technology Recovery Teams

5 INCIDENT MANAGEMENT MODEL - 4
Interruption Response Management Interruption Management Team Executive Oversight Team Damage Assessment Transportation, Communications Media Relations Team Emergency Funding Physical Security Emergency Logistics Command Center Support Team Employee Support Local Government Liaison Insurance Liaison Purchasing, Real Estate Business Recovery Coordination IT Recovery Coordination Site Repair or Relocate Site Relocation and Re-creation Site Repair and Restoration Business Continuity Teams Information Technology Recovery Teams

6 INCIDENT MANAGEMENT MODEL - 5
Interruption Response Management Interruption Management Team Executive Oversight Team Damage Assessment Transportation, Communications Communications and Social Media Team Emergency Funding Physical Security Emergency Logistics Employee Support Command Center Support Team Local Government Liaison Business Continuity Coordination Admin. Services Special Services Insurance Liaison Recovery Management Purchasing, Real Estate Business Recovery Coordination IT Recovery Coordination Site Repair or Relocate Site Relocation and Re-creation Site Repair and Restoration Business Continuity Teams Information Technology Recovery Teams

7 INCIDENT MANAGEMENT MODEL - 6
Interruption Response Management Supplier Availability Interruption Management Team Executive Oversight Team Damage Assessment Transportation, Communications Communications and Social Media Team Emergency Funding Physical Security Emergency Logistics Employee Support Command Center Support Team Local Government Liaison Business Continuity Coordination Admin. Services Special Services Insurance Liaison Recovery Management Purchasing, Real Estate Business Recovery Coordination IT Recovery Coordination Site Repair or Relocate Site Relocation and Re-creation Site Repair and Restoration Business Continuity Teams Information Technology Recovery Teams

8 Incident Management Timeline
Warning Alarms Interruption! Backlog Begins All Mitigation Fails Begin Recovery MAD: Product Fully Functional RPO Permanent Restoration Failover Capacity Restored Auto-Failover Auto-Mitigation Commences Manual Mitigation Commences BAU Time-Objective Last Backup(s) Alarms Validation Begins Fallback Validation RTO Supporting Resources Incident Prelude Problem Detected Problem Diagnosed Additional Recovery Tasks MTPoD Risk to Brand Crisis/Incident Management Timeline for Site-driven Physical Event: SIMT, ECMC (Emergency Crisis Management Center) SIMT implements C/IM processes: Evacuation and IDRs Staff to safety Injured to treatment ECMC receives Site Damage Assessment ECMC involves necessary support groups: Insurance, Real Estate, Finance, HR, Legal, IT, etc. Remote and flyaway teams begin work. ECMC records progress, briefs CMT. SIMT alerts team members + ECMC. ECMC alerts Support Groups SIMT + participating teams debrief. ECMC files Incident Information for corrective actions. SIMT declares event to MCMC

9 Physical Event: Proposed Incident Management Structure
Puts on Alert status: Site Incident Management Team (members) Site Business Continuity Teams (leaders) Site Incident Management Team Leader (or Alternate) Declare Event EVENT Wait Evacuate premises if necessary Employees execute IDRs* Brief Emergency Crisis Management Center (ECMC) Activate Site Incident Management Team and Site Business Continuity Management Team (s) Team members assemble in designated location Brief Emergency Crisis Management Center (ECMC) Verify Availability of Site Incident Management Team Members and Site Business Continuity Team Members *IDR = Individual Default Response: defined individual response for each employee based on whether at work location or not at work location.

10 Non-Physical Event: Incident Management Structure
Cyber attack Customer-facing service failure on social media Adverse reputation event Other non-physical Incident detector notifies Business Management*, who notifies the ECMC. - ECMC Coordinator opens a non-physical incident investigation, assigns an investigation team (leader and members), and contacts additional investigation/support resources as needed. If this is a cyber situation, ECMC assigns the event to the appropriate Cyber Security Group, and notifies others as appropriate, such as Corporate Legal, Communications, Social Media. ECMC also assigns an Incident Coordinator to provide conference and other facilities as necessary for the team(s) involved. For Cyber: - Assigned Team Leader on the Cyber Security Team takes immediate action to limit incident exposure and damages; collects situation information and assesses incident. - Assigned Team staff documents incident resolution strategy; documents recommended long-term solution to avoid recurrence, and briefs appropriate management team(s); sends a written copy of the incident debrief to ECMC. *Call may come directly to ECMC.

11 Proposed Incident Management Team Structure:
Physical and Non-Physical Events Corporate Level GIG (Global Intelligence Group) Corporate Crisis Management Team (CMT) Incident Support Team (IST) Risk HR Insurance Executive Management ECMC: Emergency / Crisis Management Center Technology Legal Comms Corporate Cyber Security Real Estate Compliance Finance Division Level Division Crisis Management Team Division Incident Mgmt Team (IMT) Division Operational Management Division Cyber Security Risk Comms Product Compliance Technology Legal Sales Finance Content / Operations HR Client Svcs Site Level Site Business BCM/DR Team(s) + Other teams as appropriate (SIMT) Site Incident Management Team

12 SELF-EXAMINATION Where are you on the road to effective crisis/incident management? Do you have an equivalent to the ECMC if you have many locations? Are your physical and non-physical (e.g.,cyber, social media, legal exposure) incident handling procedures effective and integrated? How do you know that an incident has occurred? How quickly can you respond to both a physical and a non- physical event? Have you installed tools to support your C/IM response work?

13 QUESTIONS?

14 THANK YOU FOR YOUR ATTENTION AND FEEDBACK.
Let’s Talk About It…. THANK YOU FOR YOUR ATTENTION AND FEEDBACK. CONTACT ME AT: mobile:

Download ppt "Making Incident Management Work for Your Organization"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Why Plan Ahead? Limit Susceptibility Limit Risk Contain Material Loss Contain Human Impact Limit Down-Time Ensure Longevity FEMA Fact: 80% of businesses.

Why Plan Ahead? Limit Susceptibility Limit Risk Contain Material Loss Contain Human Impact Limit Down-Time Ensure Longevity FEMA Fact: 80% of businesses.
A Complete and Absolute Shambles Prevention, Planning & Response and Library Disaster Planning RTO No. 3045 CRICOS No 1505M Vicky Qin Special Collections.

A Complete and Absolute Shambles Prevention, Planning & Response and Library Disaster Planning RTO No CRICOS No 1505M Vicky Qin Special Collections.
Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.

Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Hospital Emergency Management

Hospital Emergency Management
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
Planning for Business Continuity First National Course on Public Health Emergency Management 12 – 23 March 2011. Muscat, Oman.

Planning for Business Continuity First National Course on Public Health Emergency Management 12 – 23 March Muscat, Oman.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.

@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Incident Reporting Procedure

Incident Reporting Procedure
RBTC: Business Continuity 101 July 18, 2013. What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,

1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,

Similar presentations

Ads by Google