Contingency PlanningRemote Surveillance & Facilities Management

By Steve Goodwin MBE MSyICompliance and Risk Director

This Session We will explore:

Contingency Planning & Business Continuity Management (BCM)

The role of the National Intelligence Centre:

Remote location via IP network

Monitoring, Control, Management of multiple

sites and supply chain, 24-7

Protecting potential targets in the City of London and

other locations

The systems and technologies available:

Security & Facilities Management

Access control post-evacuation: audio-visual,

emergency services

Contingency PlanningBusiness Continuity Management

ISO 22301 / BS25999 - British Standard for BCM

A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders reputation, brand and value creating activities.

Contingency Planningand Resilience

Contingency Planningand Resilience

Continuity ofOperations

BusinessContinuity

CrisisCommunications

DisasterRecovery

Cyber IncidentResponse

InformationSystems Contingency

OccupantEmergency

Critical InfrastructureProtection

Stakeholders Frame Components Intended Outcome

Board Policy Procedures Understanding of Appetite

Executive & Senior Management Supporting Documents Proactive Assessment

Operational Management Plans & Training Understanding of Impact

Other Considerations

Impact on Capital Impact on Change Insurance

Synergies between the two

National Intelligence CentreConnecting Sites & the Supply

Chain

Remote:

1. Management

2. Monitoring

3. Access Control

1. Contingency Planning

2. Crisis & Vital Service Response

3. Disaster Recovery

4. Business Continuity

Data & Risk Analysis

Identify risks, scenarios

on site & in the chain

The Intelligence Centre is the hub for

Plans:

Emergency services & local teams

Crisis Management Centre

Why Remote?

Central resource & control of multiple sites, teams,

disciplines & systems

Integration: alarms, CCTV, Facial Recognition, audio,

access control, man-down, EPOS, Detectives, vehicle

tracking

Away from danger, contamination, crime scene,

influence & tampering

Communication: deployment by multiple comms

links – RF, data over IP, SMS, email

Restore services to new, disabled or temporary site

Cost savings: outsource to share resources;

back-up; redundancy; extra expertise

Timeline

Pre-emptand Prevent Disaster Strikes

Reduce

Within Minutesor Hours

Respond

Within Hoursor Days

RecoverResume

Within Weeksto Months

Restore Return

Disaster Strikes

Remote Monitoring& Access Control

Lights On CCTV Unlock Doors Audio Link Man Down

Tested with out of hours delivery for major retailers

Vehicle in transit – GPS monitoring and 2-way comms

Control evacuation & emergency services entry & egress

Services control: power supply, lighting, Lifts, HVAC, fire control

Deploy local emergency & service teams (e.g. lift repairs)

Access Control:

Target Protection

Scenarios

Data

Risks

Plan

Deploy

Test

Consider traffic & spaces: staff, deliveries, suppliers, public access & out of hours

Analysts: assess statistics, incidents, response

time, costed alternatives

Evidence: coordination of technology,

detectives, investigation

Testing: rehearsals, detectives, ‘secret

shopper’ - training

• staff interviews & checks

• store detectives, ‘secret shopper’

External v Internal threats:

Technology & Systems

IP

Review range of technology platforms and compatible devices

Systems

RF radio, internet telephony, alarms, CCTV, audio, access

control, man-down, EPOS, Building Services

1. Alarms: WebWayOne, BT Redcare, CSL Dualcom and Sur-gard Receivers

2. CCTV connections are supported via Immix, Sureview International, others

Lodge Service Accrington centre

Outsource to share resources; back-up; redundancy; extra

expertise

Operational Risk Components

Purpose /Vision

Strategy External EventsEg Weather/Terrorism

Core Processes Critical Systems Colleagues FacilitiesSuppliers &

Outsource Partners

Change Agenda

1-3 YearStrategic Plan

Control Self Assessment Operational Risk Business Continuity Insurance Programme

Operational Risk Strategy & Plan

Key Controls

End-to-end Process View

Top-down Operational Risk Profile

Bottom-up Operational Risk Profile

Incident & Near Miss Reporting

Resilience

Work-Area Recovery

Disaster Recovery

Policies

ClaimsIncident & Crisis Management

OperationalRisk Appetite

OperationalRisk Capital

Reporting

Scenarios

Finally…Embedding the Culture

Define overall risk appetite at Board level. Holistic buy-in paramount

Aligned to business processes, including suppliers

Practical considerations – need policies & procedures

Integration: Risk Department, Business Continuity, Incident Management,

Security, Facilities Management. Keep things simple – common language

Reviews: data analysis, risk assessment, scenarios, TESTING

Potential to drive efficiencies and cost-savings: set KPIs and ROI

YOUTHANK