I really think of Chapter one being divided into two main parts. The first section kind of focusing in on risk management and the second section focusing in on continuity of the enterprise, which, of course, deals with business continuity planning, disaster recovery planning.
So we're getting ready to move into this next section.
So you hear these terms? She's quite a bit business Continuity plan Disaster Recovery Plan If you're in the government military, you hear about Coop continuity of operations planning. You hear a lot of these terms, so we want to make sure that we have a good understanding of what they are and how they're related.
Essentially, the business continuity plan is an overarching document that includes lots of sub plants.
This is all about the long term survival of the organization in the event of a major disruption. Now the disaster recovery plan is more I t focus. So business continuity plans about the organization as a whole. Disaster recovery plan does tend to be mostly I t focused
and deals much more on the immediacy
than the coupe Continuity of Operations plan. After the disaster recovery plan has recovered all the necessary service is gotten things back up and running the coop talks about how we're gonna maintain and continue our functions. After all this has happened until we get back to a state of normalcy.
So those were really three big plans.
Business continuity plan is a whole, including the disaster recovery plan and the coop, and we'll talk about the coop in just a few minutes.
All right, what is the relationship between the business continuity plan and risk management? They're both here in the same chapter. Why is that? The best way to think about this is that the business continuity plan is a safety net under risk management, where risk management doesn't catch everything, whatever falls through the cracks
gets caught up in the safety net of business continuity.
So, for instance, if you look at the chart and if you go back to our discussions on risk, you know that we can't resolve all risks, we will never bring our risk amount down to zero. There will always be residual risk. There will always be risks that we just accept there will be risks we didn't plan for. Well,
what happens if you know we had a great earthquake
here in the year 2013. I believe here in the D C area, which was quite amusing because it pretty much was shake, shake, shake and that was over.
So I you know, being from the East Coast, earthquakes really aren't on my radar.
So now suddenly, I'm aware of the fact that we can have an earthquake in the Washington D. C area. So what do I do about it? You know? Do I sell everything I have and give up my business? Do I move my building business into a steel reinforced building?
You know, I probably just accept the risk
the number of earthquakes we've had in the low severity of those earthquakes. Let's may say it's just I just can't justify
a more active strategy. So that's an accepted risk. Well, what happens if we do have that earthquake? And what if it's significant? What if it's much greater than anticipated? That's okay, because business continuity planning means that I have backup Power Supply means that my dad is stored in an off site location.
It means that I have money and reserved
anything that risk management doesn't hand
residual risks unidentified risks, risks that are greater than expected, accepted risks. All of those should be caught by business. Continuity
are now business continuity. Planning. What does it include? Includes everything. Where do threats come from? We've got to think about. And generally speaking, we can sort of arrange threats and three main categories. Manmade threat. So these would be vandalism, theft, terrorism,
then hackers. Those would fall under man mate, Natural tornado, fire, flood, earthquake
and then technical. You have major power outages, loss of team one lines or done that links. Ah, some sort of device failure and depending on the scope of that, whether or not they'd actually be considered to be a disaster,
all right, business continuity planning is gonna also have to cover different types. Like I just mentioned different pipes of outages and disruptions. Now there are non disasters that really you're just more inconveniences. Hard drive fails. We lose power for a couple of hours. Something has stopped running
those air generally handled by risk management. Generally, they don't lose lead to a large scale
business out. It's usually that's just something that has to be corrected. Now, when we move up to an emergency. An emergency is significant because there's an urging, an immediate threat, toe loss of life or property. So there's that urgency to an emergency,
a disaster, and this is an interesting disaster. But what a disaster revolves around is that the building is unusable for a day or longer.
So you know, we've had quite a bit of snow here in the D C area last week. A couple weeks ago, we had 30 inches of snow in D. C. I have two small Children. I was snowed in my home for five days with two small Children.
Just think about that from
anyway, So that was a disaster. Indeed, in the disaster means our facility is unusable for a day or longer, making we can't get the facility. Maybe the facility's under temporary repair, Whatever that may be. Keep in mind that
a disaster doesn't necessarily mean what we instantly have come to mind.
You know, when you use the term disaster, I think fire and brimstone and you know, just major major loss that's generally more in line with catastrophe. Catastrophe means the facility is destroyed,
but a disaster could be something as basic as that snowstorm. It doesn't mean that we pack up all operations and move to an off site facility in Nevada.
What it means is we initiate the disaster recovery plan at least maybe Phase one, and Phase 1 may just simply be contacting our employees and notifying. You don't need to come to work today,
and we could just go through disaster recovery. Phase one of notification.
Um, some people may be working from home through the PM's that's working at an off site facility, so you can see that just because we're using the disaster recovery plan doesn't mean that there's necessarily chaos out there
now, a question that I think is worth seeing who can declare an emergency.
anybody can pull the fire alarm or anybody can say smoke. I smell smoke.
Who could declare disaster, senior management or the business continuity planning coordinator?
Now the business continuity has a number that business gotten. Every plane has a number of sub plans, and we'll be covering those in just a moment