2. What is Organizational Resilience?
Standards Selection Considerations
Review of PS Prep Program & Standards
www.GetSPP.com
3. WHAT IS BUSINESS - ORGANIZATIONAL RESILIENCE?
Trends in Corporate Protection & Preparedness
Evolution of Planning Approaches
IT-Disaster Recovery - Protection & Redundancy measures for:
Computers
Information Technology
Data Center Operations
Business Continuity – More than IT protection…
Protection & Recovery strategies to secure the assets of a corporation in
the event of a disaster:
Personnel
Operational Capability
Reputation & Public Image
Customer base and market, supply chain, and profitability
Organizational Resilience - Integrated Approach
IT-Disaster Recovery +
Business Continuity Management +
Crisis Management +
Security Management +
Recovery Management = RESILIENCE
www.GetSPP.com
4. WHAT IS ORGANIZATIONAL RESILIENCE?
The Adaptive Capacity of an Organization in a Complex - Changing Environment:
Systematic and Coordinated Activates & Practices through which an organization
…..manages its Operational Risk, and the associated Potential Threats & Impacts
Ongoing management and governance process supported by top management-
….necessary steps are taken to:
Identify the Impact of Potential losses
Maintain viable recovery strategies and plans
Ensure continuity of functions/products/services
Implement Exercises, Rehearsal Tests, Drills, Training,
…...Maintenance & Assurance.
ASIS SPC.1-2009 Standard - Organizational Resilience:
Security Preparedness, and Continuity Management
Systems
www.GetSPP.com
5. INTEGRATING ORGANIZATIONAL RESILIENCE INTO YOUR SECURITY PROGRAM
Where to Start?
There are a multitude of Standards & Programs out there to incorporate
Prevention, Response, Recovery & Resiliency Strategies into your Corporate
Organizational Structure
Selecting the one most suitable for your Organization/Business Requires
considering various factors including:
Size & Scope of Organization
Existing Procedures & Current Plans
Particular Industry
Required Industry standards
Critical Corporate Customer Requirements
Corporate Culture, Mission, Objectives, Management Perspective
AND…..
DETERMINING HOW PS-PREP MAY AFFECT AND/OR BENEFIT YOUR COMPANY
www.GetSPP.com
6. PS PREP
The Voluntary Private Sector Preparedness
Accreditation and Certification Program
The Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) is mandated by
Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the Act.)
Congress directed the Department of Homeland Security (DHS) to develop and implement a voluntary
program of accreditation and certification of private entities using standards adopted by DHS that promote
private sector preparedness, including disaster management, emergency management and business
continuity programs.
ASIS SPC.1-2009
Organizational Resilience: Security Preparedness, and Continuity Management Systems
Written by: American Society for International Security
BS 25999-2: 2007
Business Continuity Management
Written By: British Standard Institution
NFPA 1600: 2007 and 2010
Standard on Disaster/Emergency Management and Business Continuity Programs
Written by: National Fire Protection Association
www.fema.gov/privatesector/preparedness
www.GetSPP.com
7. PS PREP
Goal: To Enhance Nationwide Resilience by Encouraging
Private Sector Preparedness
Program Overview:
Provides a method to independently certify the Emergency Preparedness of an Organization
Focuses on businesses and other private-sector organizations
Provides for an independent third-party certification
Voluntary (market-driven) in nature
Private sector-led and administered outside of government
Utilizes existing private-sector standards and processes
Addresses Operational Risk including Disaster/Emergency Management & Business Continuity
…programs
Informative Interview with Bill Raisch – Founding Director at the
International Center for Enterprise Preparedness (InterCEP) at New York University
InterCEP - Academic research center dedicated to private sector risk management & resilience.
http://www.continuityinsights.com/articles/are-you-prepared-for-ps-prep
www.GetSPP.com
8. PS PREP
The Voluntary Private Sector Preparedness
Accreditation and Certification Program
Background:
•Aug 2007 - Evolved from Title IX of the Implementing Recommendations
………………… of the 9/11 Commission Act - Public Law 110-53
•July 2008 – DHS announces agreement with ANSI-ASQ National Accreditation Board
What is ANSI’s Role? Develop & oversee certification process – issue
accreditation to 3rd party certification entities
•Oct 2009 - DHS announces intent to Adopt 3 Standards
Public Forums- Invite comments & recommendations of additional standards
•June 2010 - DHS Secretary Janet Napolitano Announces Formal Adoption of the Standards
Comments may be submitted to http://www.regulations.gov or FEMA-POLICY@dhs.gov, in
Docket ID FEMA-2008-0017
www.GetSPP.com
9. PS PREP
The Voluntary Private Sector Preparedness
Accreditation and Certification Program
Private sector-led and administered outside of government
Then What is DHS’s Role?
While the Process is Administered by Private Sector, DHS is responsible for:
1) Selection of the Standards
2) Supporting the development of the certification process by designating and funding
the accrediting body
Note: Certification & Accreditation Process is still in development stage
3) Developing and communicating the business case for the program to the private sector.
www.GetSPP.com
11. BS 25999-2:2007
Business Continuity Management
BS 25999-2:2007
• Developed by a broad based group of world class experts representing a
…cross-section of industry sectors and the government to establish the process,
…principles and terminology of Business Continuity Management.
Model based on BCM Best Practice and covers the whole BCM lifecycle.
•Designed to keep business going during the most challenging and unexpected
...circumstances and interruptions:
Protecting your staff
Preserving your reputation and
Providing the ability to continue to operate and trade
www.bsigroup.com/en/Assessment-and-certification-services/management-
systems/Standards-and-Schemes/BS-25999/
www.GetSPP.com
12. NFPA 1600:2007 and 2010 Standard on
Disaster/Emergency Management and Business
Continuity Programs
NFPA 1600:2007 and 2010
Provides a conceptual framework for disaster/emergency management and
business continuity programs.
Five aspects which bring standard into alignment with related disciplines and
practices of risk management, security, and loss prevention process:
1. Prevention
2. Mitigation
3. Preparedness
4. Response
5. Recovery
June 2011 - FEMA awarded contract to NFPA to update the web-based content
of Ready Business (designed for small to mid sized companies) — which is a part
of the Ready.gov website
www.GetSPP.com
13. ASIS SPC-1:2009 Organizational Resilience: Security
Preparedness, and Continuity Management Systems
ASIS SPC.1-2009
Unique to other Preparedness Standards in that:
The only preparedness standard that is 100% compatible with existing ISO
…….management system standards (such as ISO 9000, ISO 14000, ISO27000 and ISO
…….28000), thus enabling a cost-saving integrated application.
Awarded Safety Act Certification by DHS – Sept 2011
It is the only preparedness standard that takes an ENTERPRISE-WIDE view of risk
…..management-
•Considers ALL Departments within the organization = avoids segregating risks
•Provides Strategies for prevention, preparation, mitigation, response & recovery
www.asisonline.org/guidelines/or.xml
www.GetSPP.com
15. BUILDS ON THE PDCA MODEL
ASIS SPC.1-2009 Program Features
Plan: Define & Analyze a Problem
……….Indentify Root Cause
Do: Devise Solution- Develop Detailed Action-
……..Plan & Implement it Systematically
Check: Confirm outcomes against Plan -
………….Identify Deviations & Issues
Act: Standardize Solution
Cycle of Continual Improvement
………Review & Define
……...Next Issues
www.GetSPP.com
17. Strategic Planning Partners, LLC
ll
A Resident Research Partner at
The Morrelly Homeland Security Center
510 Grumman Road West Suite 214
Bethpage, NY 11714
516-390-5281
Strategic Planning Partners (SPP) provides
Emergency Preparedness, Maritime Security & Corporate Resiliency
Solutions to Private and Public Sector Clientele.
TSinski@GetSPP.com
ll
Terri Sinski
Director, Business Continuity Services
l
www.GetSPP.com
