Incident Command and Control A Private Sector Approach - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Incident Command and Control A Private Sector Approach

Description:

is a member firm of RSM International an affiliation of ... Deactivate Incident. Operations Center. Minor. Incident Response. Event Tree. Level 1 Incident ... – PowerPoint PPT presentation

Number of Views:123
Avg rating:3.0/5.0
Slides: 37
Provided by: rsm51
Category:

less

Transcript and Presenter's Notes

Title: Incident Command and Control A Private Sector Approach


1
Incident Command and ControlA Private Sector
Approach
RSM McGladrey, Inc. is a member firm of RSM
International an affiliation of separate and
independent legal entities.
2
Randall W. TerpstraCISSP, CPP, CISM, CEM, MBCP,
LPI
  • Manager, Technical Risk Management Services
  • RSM McGladrey
  • 445 Minnesota Street
  • Suite 1700
  • St Paul, MN 55101h
  • 24x7 - 866-338-1195
  • randall.terpstra_at_rsmi.com

3
Does this sound familiar??
  • We have a BCP/DR plan but I dont know where it
    is.
  • Yeah, we tested the plan, bout 4 years ago
  • Our (President, CEO, insert appropriate title) is
    the one in charge if anything goes wrong
  • Of course we have a disaster recovery plan. I
    just cant get the people in the office to read
    it
  • Of course we have a Business Continuity Plan, but
    the IT department doesnt like it
  • Our BCP/DR plan has been developed to respond to
    ANY incident that our company may face.

4
History
  • When was the last time your company has had a
    services affecting incident?
  • Did you activate your BCP/DR Plan?
  • Did it work?

5
Reality
  • Companies face incidents every day
  • Not all incidents are disasters
  • All disasters are incidents
  • Incidents are categorized from level 1 (minor) to
    Level 3 (major)
  • RARELY does an incident above level 1 only affect
    your company
  • Company BCP/DR plans are myopic. They seem to
    only be focused at the company
  • In a regional incident, assets, functions and
    services may not be available.

6
Factoid
  • In the recent hurricane swarm in Florida,
    businesses discovered that their BCP/DR plans
    called on local services (diesel, technical
    support etc.) that also was contracted to the
    municipal government.
  • In the aftermath of the storms, business were
    shocked when they couldnt get the services that
    were key to the execution of their recovery
    plans.
  • In some cases, key service providers simply
    didnt exist any longer.

7
What is an Incident?
  • Any action or actions whose results (aftermath)
    affect the day-to-day functional operations of a
    business or organization
  • Five Basic types of potential Incidents
  • Natural Disasters
  • Accidents
  • Civil or Political Incidents
  • Terrorism or Criminal actions
  • Significant Events (NFL football game, Convention
    etc.)

8
How do Major Incidents Develop?
  • Event Based
  • Precipitating event
  • Catastrophic trigger
  • Preplanned Event
  • Evolves over Time
  • Clinical Discovery
  • Cascading Event

9
Business Continuity Planning and the Real World
  • Most BCP/DR plans are written around an end of
    the world scenario.
  • Businesses rely on BCP/DRs as their insurance
    policy

10
Homeland Security
  • Business considers Homeland Security to be a
    governmental function
  • Fire
  • Police
  • EMS
  • National Guard
  • Considered a support tool for the private sector
  • Little to no private investment in Homeland
    Security Activities

11
Homeland Security for the Private Sector
  • Business has a vested interest in Homeland
    Security
  • 85 of the nations critical infrastructure is
    private sector business
  • Homeland Security for the Private Sector
    includes
  • Physical (operational) Security
  • Information (data) Security
  • Continuity of Operations Planning
  • Emergency Incidence Response
  • Business Continuity Planning
  • Disaster Recovery Planning

12
Homeland Security for the Private Sector
  • The business community remains myopic
  • The private sector tends to consider themselves
    the center of the universe
  • Few if any, disaster plans are developed with an
    eye to municipal impact or synergy
  • Disaster plans are considered a one-time

13
Post 9/11 Homeland Security Risk Management
Calculus
  • Risk Management costs coverage
  • Customer Perceived Value of security
  • Public perception and expectation for Business to
    be good citizens and be part of the Homeland
    Security solution
  • Cost of implementing security measures
  • Prevention vs Response
  • Changing Global relationships

14
Homeland Security Preparations for the Private
SectorHow fast will you be out of business, if
you are not BACK in business??
  • Focus on continuity of business operations
  • Assume a seat at the Emergency table
  • Evacuation Planning
  • Identify and credential key and critical
    employees
  • Identify and pool industry resources Mutual Aid

15
Characteristics of Major Incidents
  • Exceeds local (on-scene) resources
  • Involves large numbers of personnel
  • Inherently high cost
  • Complex, require written plans
  • Affect multiple
  • Companies
  • Goals
  • Days
  • Functions
  • Could involve local, State and Federal resources

16
Seven Critical Elements for Corporate Incidence
Response
  • Pre-incident intelligence fusion and information
    exchange
  • Adequate staffing for incident response
  • Knowledge
  • Detection of incident actions
  • Unified Incident management
  • Specialized equipment and training for incident
    response
  • Inter and intra organizational response

17
Under the concept of Unified Incident Management
there will ALWAYS BE
  • One Incident Operations Center
  • A Single Coordinated Incident Action Plan
  • One Incident Manager

18
Unified Incident Management manages
  • Space (3 Dimensions)
  • Time (4th Dimension)
  • Functions
  • Personnel
  • Resources
  • Objectives
  • Incident Action Plans
  • Incident Recovery Strategy

19
INCIDENT MANAGEMENT
ACHIEVE GOAL
EXECUTE TACTICAL STEPS
SELECT APPROPRIATE RESPONSE STRATEGY
ESTABLISH INCIDENT OBJECTIVES
UNDERSTAND POLICY PROCEDURES
20
Whos in Charge??
  • Corporate Management feels compelled to be in
    charge
  • Incidents are generally contained. The business
    continues to functions through the incident
  • Just because the CEO is a great businessman,
    doesnt necessarily mean that he/she is the best
    leader in a high stress emergency incident
    situation.
  • Incident response should be tasked to a team
    (group) that is best trained and prepared to
    respond to and recover from a services affecting
    incident.

21
Incident Response Staffing Model
Chief Executive Officer
Policy Group
Vice Presidents Senior Management Deans
Department Heads
Incident Manager
Public Information Officer Government Liaison
Officer Communication Officer Message Center
Incident Response Staff
Resources
Disaster Analysis
Operations and Response
22
SPAN OF CONTROL
INEFFECTIVE AND POSSIBLY DANGEROUS
EFFECTIVE SPAN OF CONTROL
23
OPTIMUM SPAN OF CONTROL IS ONE TO FIVE
24
10 Minute Break
  • Next segment
  • Development and implementation of an Incident
    Operations Center

25
Incident Operations Center
  • An Incident Operations Center is a facility
    where the Incident Manager, Incident Management
    Staff and general support staff reside and
    provide coordination and EXECUTIVE DECISION
    MAKING for managing response and recovery
    activities for the duration of the incident
    response and recovery efforts.

26
Key Incident Operations Center Concepts
  • Act in the best interests of the management and
    stakeholders
  • Make key incident response decisions
  • Focus on strategic incident response issues
  • Centralize incident management and control
  • Act to consolidate all available information for
    distribution to senior management and
    stakeholders
  • Allow for easier verification of available
    information
  • Simplify allocation and deployment of available
    resources

27
Key Incident Operations Center Decisions
  • Declare a disaster and enable focused response
  • Communicate with the public (customers and
    suppliers)
  • Designate appropriate policy and decision making
    team
  • Make fundamental policy decisions
  • Evacuation
  • Rescue or Recovery
  • Quarantine
  • Initiate appropriate Incident Action Plans (IAPs)

28
Incident Action Plan
  • Should be written rather than oral
  • Prepared and implemented prior to any incident
    response
  • Should cover all objectives and support
    activities
  • Should include realistic measurable goals
    prepared around a defined time frame.
  • This time frame should be no longer than 24
    hours long

29
What do we do when an incident occurs??
  • Incident response should be well scripted and
    rehearsed
  • Plans should be developed before an incident, not
    while it is occurring
  • Incident planning should be based on a
    comprehensive risk assessment.
  • Your Business Impact Analysis should be the
    catalyst for ongoing IAP development

30
Business Continuity and Disaster Recovery Planning
  • People dont plan to fail
  • People fail to plan
  • The people that do plan..
  • dont plan for the plan to fail!

31
Incident
Incident Response Procedures
Incident Response Event Tree Level 1 Incident
Incident Notification Procedures
Problem Resolved
No
Yes
Initial Assessment of Incident
Assessment
Minor
Standard Operating Procedures
END
No
Need to update
Yes
Update Standard Operating Procedures
Yes
Update IAPs and Response Plan
Critique Incident
Deactivate Incident Operations Center
32
Incident
Incident Response Event Tree Level 1 or 2
Incident
Incident Response Procedures
Incident Notification Procedures
Problem Resolved
No
Yes
Initial Assessment of Incident
Assessment
Activate Incident Operations Center
Minor
Major
Standard Operating Procedures
Detailed Assessment of Incident
Assessment
Minor
END
No
Need to update
Yes
Update Standard Operating Procedures
Yes
Update IAPs and Response Plan
Critique Incident
Deactivate Incident Operations Center
33
Incident
Incident Response Procedures
Incident Response Event Tree Level 2 or 3
Incident
Incident Notification Procedures
Initial Assessment of Incident
Assessment
Activate Incident Operations Center
Major
Detailed Assessment of Incident
Assessment
END
Major
No
Execute BCP/DR Plan
Need to update
Yes
Update Standard Operating Procedures
Yes
Update IAPs and Response Plan
Execute organizational restoration
Standard Operating Procedures
IAP Based Procedures
Critique Incident
Problem Resolved
Deactivate Incident Operations Center
No
Yes
34
Incident
Incident Response Event Tree
Incident Response Procedures
Incident Notification Procedures
Problem Resolved
No
Yes
Initial Assessment of Incident
Assessment
Activate Incident Operations Center
Minor
Major
Standard Operating Procedures
Detailed Assessment of Incident
Assessment
Minor
END
Major
No
Activate BCP/DR Plan
Need to update
Yes
Update Standard Operating Procedures
Yes
Update IAPs and Response plans
Execute organizational restoration
Standard Operating Procedures
IAP Based Procedures
Critique Incident
Problem Resolved
Deactivate Incident Operations Center
No
Yes
35
Conclusion
  • Business needs to expand its BCP/DR planning
    functions to include the initial response to a
    services affecting incident
  • Continuity of Operations is more than the plan
  • Homeland Security for the private sector is a
    hybrid of
  • Physical (operational) security
  • Information (technical) security
  • Continuity of Operations Planning.
  • Businesses must now include Homeland Security
    as an aspect of their overall business planning
  • Business needs to be a good corporate citizen

36
Questions?
RSM McGladrey, Inc. is a member firm of RSM
International an affiliation of separate and
independent legal entities.
Write a Comment
User Comments (0)
About PowerShow.com