Federal COOP
21
ERIK D. PAKIESER , MNCEM, CBCP FEDERAL BUSINESS CONTINUITY “GUIDELINES” MAY 9, 2012, 2:1 5 -3:15
-
Upload
erik-d-pakieser-cbcp-mncem -
Category
Documents
-
view
119 -
download
0
Transcript of Federal COOP
E R I K D
. PA K I E
S E R , MN C E M , C
B C P
F E D E R A L BU S I N
E S S CO N T I N
U I TY
“ G U I DE L I N
E S ”
M A Y 9, 2
0 1 2 , 2: 1 5 - 3 : 1
5
WELCOME TO SECURE360 2012 Did you remember to scan your badge for
CPE Credits? Ask your Room Volunteer for assistance.
Please complete the Session Survey front and back (this is Room 4), and leave on your seat.
Note: “Session” is Tuesday or Wednesday
Are you tweeting? #Sec360
ABOUT ME• Certified Minnesota Emergency Manager• Certified Business Continuity Professional• Full-Time Director of Public Safety for North Hennepin Community
College• Part-Time Security Consultant and Trainer
The opinions and views expressed in this presentation are my own and do not reflect those of North Hennepin Community College, the Minnesota State Colleges and University System, or the State of Minnesota.
I am not a representative of FEMA or the Federal Government. All of the information presented here is based on my research of open-source FEMA training materials.
THEY’RE FROM THE GOVERNMENT, AND HERE TO HELP…• FEMA released new Continuity Of Operations Planning
(COOP) “Guidelines” in 2011.
• FEMA has a full-time Division and staff devoted to COOP
• FEMA has stated their COOP “Guidelines” will be required for companies doing business with the government
• Historically, “Guidelines” have become “Requirements” over time.
• NIMS example
I THOUGHT WE ALREADY DID THAT?Disaster Recovery Institute International (DRII)
British Standards Institution
National Fire Protection Agency 1600
International Organization for Standardization
Other regulatory guidance
IS THIS REQUIRED? YES – if you are a Federal agency
YES – if you are a vendor who does business with the Federal government
PROBABLY – if you are a State or Local government agency that receives Federal funding
Historically, “Guidelines” usually become “Requirements”
A TALE OF TWO PLANS
Business Continuity Planning (BCP)VS.
Continuity Of Operations Planning (COOP)
COOP OBJECTIVES:• Ensure the performance of an agency’s essential functions during a
COOP event. • Reduce loss of life by minimizing damage and losses. • Ensure the successful succession to office in the event a disruption
renders agency leadership unavailable to perform their responsibilities.
• Reduce or mitigate disruptions to operations. • Ensure that agencies have alternate facilities from which to operate. • Protect essential facilities, equipment, vital records, and other
assets. • Achieve a timely and orderly recovery from a COOP situation. • Achieve a timely and orderly reconstitution from an emergency and
resume full service to internal and external customers.
ELEMENTS OF A COOP PLAN:• Plans and Procedures• Essential Functions• Delegations of Authority• Orders of Succession• Alternate Operating Facilities• Interoperable Communications• Vital Files, Records and Databases• Human Capital• Test, Training and Exercise Program• Devolution of Control and Direction• Reconstitution Operations• Agency Head Responsibilities
WHAT’S THE SAME?Both programs stress the necessity of making continuity
part of the organizational culture.
COOP objectives are consistent with model BCP objectives
COMMON ELEMENTSThe foundation of planning - • Identification of essential functions (COOP)• Identification of critical functions (BCP)
COOP identifies “PMEFs” = Primary Mission Essential Functions
Government COOPs identify “MEF” = Federal Executive Branch Mission Essential Functions and “NEF” = National Essential Functions
Both BCP and COOP use a similar Business Impact Analysis method.
BENEFITS AND GOALS ARE THE SAME Anticipate events and necessary response actions. Adapt to sudden changes in the operational environment. Improve their performance through the identification of essential functions, work
processes, and communications methods. Improve management controls by establishing measures for performance. Improve communication to support essential functions throughout the agency. The absolute necessity for personal and family preparedness is stressed in both
COOP and BCP.
WHAT’S DIFFERENT?Terminology differs in some areas
COOP documents and guidance specifically exclude facility Emergency Plans
• BCP explicitly includes Emergency Response as a major function. This includes protecting , communicating with and accounting for employees.
• It should be noted that the COOP model assumes these priorities are addressed in a separate Emergency Operations Plan (EOP)
DISCRETION VS. REGULATIONCOOP requirements are clearly standardized, while BCP
standards are more discretionary (except within highly regulated industries)
COOP compliance = regulatory compliance
BCP = best business practices and reduced liability exposure
TEST, TRAINING AND EXERCISE PROGRAMCOOP mandates each plan contain a Test, Training, and Exercise
program (TT&E) to support COOP. Specific requirements are identified for:
• Testing• Training• Exercising• Participation• After-Action and Compliance Reports
BCP program “best practices” include similar requirements, but are often not followed through for a variety of reasons (lack of resources, funding, buy-in). These are not “optional” in COOP.
MORE ALIKE THAN DIFFERENTAlthough there are some differences between COOP and BCP programs
both are focused on the continuity of essential/critical functions following a disruptive event.
BCP includes a more proactive component of mitigation/prevention and the added emphasis on crisis management which not only comes into play with physical events, but is also concerned with the risks associated with the protection of an organization’s reputation and proper governance.
The core competencies for BCP and COOP are very similar and transferable between the public and private sector.
Both make good business sense and support the strategic goals and objectives of an organization.
CONSIDERATIONSKeep following the BCP Industry-Based recommendations- Could affect business with the Government in the long run- What you are paying DRII for, FEMA does for free (well, tax
dollars anyway)
Transition to the FEMA COOP “Guidelines”- Unproven, for the most part- Unclear impact on underwriting
Is your plan EFFECTIVE?
Is your plan DEFENSIBLE?
Bottom line: who underwrites your risk?
IS COOP FOR YOUR BUSINESS?What’s the impact on your business? - Are you receiving Federal Funding?- Are you in business with the Federal Government?- Are you in business with State/Local Government?
Conduct a gap analysis between your current BCP-based plan and the Federal COOP guidelines
Transition your plan’s structure and terminology to meet the COOP guidelines and format
http://www.fema.gov/about/org/ncp/coop/index.shtm
Or just Google “FEMA COOP NCP”
THANKS FOR ATTENDING!
Any Questions?
