Upload
lodge-service
View
382
Download
1
Tags:
Embed Size (px)
Citation preview
Contingency PlanningRemote Surveillance & Facilities Management
By Steve Goodwin MBE MSyICompliance and Risk Director
This Session We will explore:
Contingency Planning & Business Continuity Management (BCM)
The role of the National Intelligence Centre:
Remote location via IP network
Monitoring, Control, Management of multiple
sites and supply chain, 24-7
Protecting potential targets in the City of London and
other locations
The systems and technologies available:
Security & Facilities Management
Access control post-evacuation: audio-visual,
emergency services
Contingency PlanningBusiness Continuity Management
ISO 22301 / BS25999 - British Standard for BCM
A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders reputation, brand and value creating activities.
Contingency Planningand Resilience
Contingency Planningand Resilience
Continuity ofOperations
BusinessContinuity
CrisisCommunications
DisasterRecovery
Cyber IncidentResponse
InformationSystems Contingency
OccupantEmergency
Critical InfrastructureProtection
Stakeholders Frame Components Intended Outcome
Board Policy Procedures Understanding of Appetite
Executive & Senior Management Supporting Documents Proactive Assessment
Operational Management Plans & Training Understanding of Impact
Other Considerations
Impact on Capital Impact on Change Insurance
Synergies between the two
National Intelligence CentreConnecting Sites & the Supply
Chain
Remote:
1. Management
2. Monitoring
3. Access Control
1. Contingency Planning
2. Crisis & Vital Service Response
3. Disaster Recovery
4. Business Continuity
Data & Risk Analysis
Identify risks, scenarios
on site & in the chain
The Intelligence Centre is the hub for
Plans:
Emergency services & local teams
Crisis Management Centre
Why Remote?
Central resource & control of multiple sites, teams,
disciplines & systems
Integration: alarms, CCTV, Facial Recognition, audio,
access control, man-down, EPOS, Detectives, vehicle
tracking
Away from danger, contamination, crime scene,
influence & tampering
Communication: deployment by multiple comms
links – RF, data over IP, SMS, email
Restore services to new, disabled or temporary site
Cost savings: outsource to share resources;
back-up; redundancy; extra expertise
Timeline
Pre-emptand Prevent Disaster Strikes
Reduce
Within Minutesor Hours
Respond
Within Hoursor Days
RecoverResume
Within Weeksto Months
Restore Return
Disaster Strikes
Remote Monitoring& Access Control
Lights On CCTV Unlock Doors Audio Link Man Down
Tested with out of hours delivery for major retailers
Vehicle in transit – GPS monitoring and 2-way comms
Control evacuation & emergency services entry & egress
Services control: power supply, lighting, Lifts, HVAC, fire control
Deploy local emergency & service teams (e.g. lift repairs)
Access Control:
Target Protection
Scenarios
Data
Risks
Plan
Deploy
Test
Consider traffic & spaces: staff, deliveries, suppliers, public access & out of hours
Analysts: assess statistics, incidents, response
time, costed alternatives
Evidence: coordination of technology,
detectives, investigation
Testing: rehearsals, detectives, ‘secret
shopper’ - training
• staff interviews & checks
• store detectives, ‘secret shopper’
External v Internal threats:
Technology & Systems
IP
Review range of technology platforms and compatible devices
Systems
RF radio, internet telephony, alarms, CCTV, audio, access
control, man-down, EPOS, Building Services
1. Alarms: WebWayOne, BT Redcare, CSL Dualcom and Sur-gard Receivers
2. CCTV connections are supported via Immix, Sureview International, others
Lodge Service Accrington centre
Outsource to share resources; back-up; redundancy; extra
expertise
Operational Risk Components
Purpose /Vision
Strategy External EventsEg Weather/Terrorism
Core Processes Critical Systems Colleagues FacilitiesSuppliers &
Outsource Partners
Change Agenda
1-3 YearStrategic Plan
Control Self Assessment Operational Risk Business Continuity Insurance Programme
Operational Risk Strategy & Plan
Key Controls
End-to-end Process View
Top-down Operational Risk Profile
Bottom-up Operational Risk Profile
Incident & Near Miss Reporting
Resilience
Work-Area Recovery
Disaster Recovery
Policies
ClaimsIncident & Crisis Management
OperationalRisk Appetite
OperationalRisk Capital
Reporting
Scenarios
Finally…Embedding the Culture
Define overall risk appetite at Board level. Holistic buy-in paramount
Aligned to business processes, including suppliers
Practical considerations – need policies & procedures
Integration: Risk Department, Business Continuity, Incident Management,
Security, Facilities Management. Keep things simple – common language
Reviews: data analysis, risk assessment, scenarios, TESTING
Potential to drive efficiencies and cost-savings: set KPIs and ROI