A total of 16 sessions and workshops have been scheduled for the featured Case Studies track at the 2019 Continuity Insights Management Conference. The exchange of practical ideas that can help solve critical problems or improve the efficiency or effectiveness of an overall BCM program will be on full display as practitioners share information dealing with current issues based on actual events.
Featured case studies will focus on building long-term resilience into your strategy, spotting and avoiding legal issues related to workplace violence, conducting effective tabletop exercises, creating effective cyber response plans when you’re not a cyber expert, the evolving world of disaster recovery, and more.
Presenters will include expert business continuity practitioners from Vanguard, EY (Ernst & Young), Excellus Health Plan, Lockheed Martin, U.S. Department of Commerce Foundation, Flagstar Bank, RGA Reinsurance, BMO Harris, and more. The complete Case Studies track session line-up includes:
A1: Emergency Notification System Best Practices
Jeremy Gudgeon, Vanguard
Administrators of Emergency Notification Systems (ENS) find themselves on-point for the delivery of critical messages during crucial times. Examples of inaccurate activations have made their way into the news, creating a heightened sense of the need to establish a well-designed ENS program. This session will explore designing and maintaining an ENS program for business contingency response teams that establishes confidence in each activation. Looking at key aspects of Standard Operating Procedures, we’ll review methods that help provide the right message, to the right groups, with the right level of oversight and approval.
A2: Building Resiliency in 12 Months or Less at the City of San Francisco
Ted Brown, KETCHConsulting Learn what the county and city of San Francisco’s Department of Technology (CCSF-DT) developed to protect their people from workplace violence, protect data from cyber-attacks and its next line of defense – their COOP Plan, all executed in less than a year. Over a four-month period, CCSF-DT conducted a BIA, risk assessment, defined a COOP strategy, executed COOP plans for all departments, and conducted three different Tabletop exercises. This session will discuss the importance of COOP for IT and how COOP work was done on time and on budget.
A3: How to Spot and Avoid the Legal Issues Associated with Workplace Violence
Cynthia Simeone and Megan Gomez, Excellus Health Plan, Inc.
There is no federal law establishing a duty to prevent workplace violence against employees. However, an employer has a duty to provide a safe working environment under the federal Occupational Safety Health Act (OSH Act), which regulates workplace health and safety. Balancing the intricacies of employment law, while satisfying OSHA requirements to provide a safe working environment, requires a full understanding of many federal and state laws and regulations. This presentation will provide an overview and case studies of the multiple legal considerations supporting both the employer and the employee when managing situations within the workplace that fall within the spectrum of workplace violence cases.
A4: Developing a Global Compliance Management Process
Lisa Trousdale, Ernst & Young, LLP
In a large, diverse multi-national organization with more than 750 offices in 130 countries, how do you ensure that each office has an emergency response plan that is reviewed and updated on an annual basis? This case study focuses on putting a system in place to create accountability, ensure plans are up-to-date, and provide reports to management. Whether you use a product/tool or you would like to design your own compliance management process, join this presentation to learn how EY scoped this global project, developed a process, and reports outcomes to management and clients/customers.
A5: How to Build Resilience into an Organization’s Long-Term Strategy
Lynnda Nelson, President, ICOR
Organizational resilience is the future. Learn what makes organizations more or less resilient. Business continuity practitioners must have a clear understanding of the role of business continuity in increasing an organization’s resilience – and that business continuity planning does not equal organizational resilience. Drawing on the standard ISO 22316 Organizational Resilience Principles and Attributes, global research, and case studies, the presenter will provide practical examples on how to increase the resilience of your organization.
A6: The Workplace Violence Awareness Program at BMO Harris
Chris Sarcletti and Bill Simmons, BMO Harris
Created by the Business Continuity Office in collaboration with its Security Department, the BMO Harris Workplace Violence Awareness Program was introduced to employees via face-to-face sessions. This presentation will review the topics included in the program:
- Incident Response Overview
- Workplace Violence Indicators
- Responding to Workplace Violence
- Profile of an Active Shooter
- Responding to an Active Shooter Incident
- Preparation
A7: Mobilizing Critical Communication Technologies After a Multi-National Disaster
Ann Pickren, OnSolve, and Jeff Morgan, Aviem International
Disaster events can strike at anytime and anywhere, so enterprise decision-makers must be able to mobilize quickly to protect customers and employees. Disasters can often be followed by a second disaster that results from inadequate emergency response as communications break down and those impacted do not have the rapid support they need. Session attendees will gain valuable insights from this unique case study presentation of a major cruise line and airline who have turned to the Family Assistance Foundation to help coordinate multicultural support to travelers and their families when an emergency occurs.
A8: Effective Table Top Exercises – Using Tools to Conduct Real Scenarios
Timothy Smith, Flagstar Bank
Knowing what to do when a crisis strikes may save your life and those of your teams. The first steps of communicating the specifics of an incident and what to do next can make a significant difference in the immediate outcomes. Understanding why you need to communicate, how you deliver your messages, what the message should contain and collaboration of the team will determine your ability to keep people safe and maintain business operations. This workshop will demonstrate tools that are available to meet the challenges in a dynamic workplace.
A9: Five Actionable Ways to Weather-Proof Your Business Continuity Plan
Anuj Agrawal, Earth Networks
Weather is the second biggest threat to business operations, and that is not expected to change. In the past year, we’ve seen more than $300 billion US in damages due to weather events. This session will introduce five actionable ways to improve severe weather preparedness by presenting case studies of organizations and companies that have prioritized weather in their organizational operations plans. Key takeaways include: 1) Using the right technology; 2) Why free weather apps and forecasts aren’t enough; and, 3) Become the weather guru for your organization.
A10: Lessons Learned from Recent Business Interruptions
Scott Teel, Agility Recovery
Based on the real-world experiences and interactions of organizations of all types, there are common pitfalls to avoid and critical lessons to be learned when responding to business interruptions. Discussion topics will include: An analysis of recent major events causing business interruptions, including record-breaking wildfires, terrorism, and the epic hurricanes of 2017; Actionable ideas and best practices in the face of both naturally occurring and man-made threats; Practical and tactical steps any organization can take today to increase their resilience in the face of common, real-world crises without massive time, money, and internal resource allocation.
A11: How to Create a Cyber Response Plan When You are a CBCP and Not a CISSP
Ron Kamps, Mutual of Enumclaw
This presentation is from the perspective of someone with business resilience experience who is not a cyber-expert. I will share lessons, tips, and successes on how we went from having no official cyber response plan to having a documented plan, pocket guides, electronic documents, cyber vendor relationships, internal process improvement, quarterly exercises, and integration with our Business Resilience Program. Lessons shared are applicable to other areas that are (sometimes) integrated with business resilience (i.e. Active Shooter, Crisis Management, and Emergency Response).
A12: So You Have a Disaster… Now What?
Tom Serio, MTS & Associates
The presenter will walk you through a real disaster that impacted a large business and forced them to enact ALL of their business continuity plans. What’s the reality of the situation? What’s were upper management thinking? How do quickly and successfully did employees get back to work? Learn from some very valuable and real lessons learned while recovering a corporate campus from a nine-day outage.
A13: BCDR Software Implementation – Lessons Learned and Recommended Practices
Aaron Callaway and Nick Ferraro, Fairchild Resiliency Systems
Successful system implementations are a combination of art and science. Even the best systems can lead to epic fails and non-acceptance. Selecting a BCDR application to help automate your program is a significant decision, one that can determine short and long-term success. A process-driven system implementation is key to driving BCDR transformation in organizations, an effort that can also be a rewarding process for your organization and your career. This presentation will discuss many lessons learned from implementing hundreds of various systems and offer some recommended practices to help ensure program success and digital adoption.
A14: Third Party/Vendor Risk Management
Virag Shah, Hitachi Vantara
Over the last three years at Hitachi Vantara, business continuity has developed a global vendor risk management program through very tight collaboration with our Data Privacy and Information Security teams and by working closely with the Indirect Procurement team. This session will share best practices on how we started, what challenges we faced (initially), how the program implemented, and our current challenges, along with key takeaways for attendees.
A15: Hurricane Response Lessons from Ground Zero
Neeta Adkar, Lockheed Martin, and Brooks Nelson, U.S. Chamber of Commerce Foundation
Extreme weather events and natural disasters are ranked in the top three threats to business operations, yet they are among the most predictable. It’s been over a year, but the 2017 hurricane season still looms over operational planning, as many areas impacted by major hurricanes Harvey, Irma, and Maria are still suffering the consequences of those devastating storms. Hear firsthand on the response, on-going recovery, resource functionality, information and planning networks between multiple levels of stakeholders, i.e. public and private sector partnership, and challenges, etc.
A16: How RGA Reinsurance Runs Their Crisis Management Team: Effective Real-World Exercises During Day to Day Operations
Steve Seton, RGA Reinsurance, and Veronica Genao, Veoci
RGA’s philosophy is unique because it provides real-world exercises during day-to-day operations while maintaining business continuity globally. Participants therefore, do not have to take time away from their work to participate and it lends itself for a longer exercise which is more realistic. Typically, two hours for an exercise does not suffice. RGA was able to exercise over a two-day period from locations globally without the need to carve time out of the work schedule based on the setup of their team and their real-world approach.
View the complete 2019 Continuity Insights Management Conference agenda here.
