Stay Calm in the Storm by Protecting Vital
Stay Calm in the Storm by Protecting Vital Records Amy Van Artsdalen, ERIM Operations Principal David Mc. Kinnon, Chief of Staff, Infrastructure & Operations Nathan New-Waterson, ERIM Risk Expert Paul Nielsen, Director, Disaster Recovery and IT Emergency Response Pacific Gas and Electric Company Education Code: TU 01 -4522 1
Learning Objectives Upon completing this session, you will be able to: 1. 2. 3. 4. 2 Analyze and Mitigate Risk Develop a Project Plan Conduct Vital Records Training Identify Recovery Methods
3 Amy Van Artsdalen CRM, IGP Nathan J New-Waterson, CPCU, ARM, AIS Enterprise Records and Information Management ERIM Operations Principal PG&E ERIM Risk Expert PG&E Paul Nielsen David Mc. Kinnon Information Technology Director of Solutions Engineering PG&E Chief of staff for Infrastructure and Operations PG&E
Polling Question • What is a Vital Record? 4 A. I don’t know B. Birth Certificate, Marriage Certificate, Death Certificate C. Records that are critical to the continuation or survival of the organization before, during or following a crisis to continue operations and necessary to recreate the legal and financial status and preserve the rights and obligations of stakeholders, including employees, customers and
Stay Calm in The Storm 5
6
Analyze and Mitigate Risk 7
Polling Question How do you identify yourself? • I’m a Records Manager • I’m a Risk and Records Manager • I’m an innocent bystander 8
9
5 Steps of Risk Management Identify Risk Vital Records (Type and Location) 10 Evaluate Risk Analyze Select and Alternatives Implement Monitor Risk Control Alternatives Are these Qualitative versus Risk Analysis the right vs. mitigations Financing Quantitative ?
Partnerships Records Managem ent Internal Audit / Correctiv e Action Program 11 Compliance and Governance Manageme nt
Physical Vital Records Must be: • Secured with limited access • Easily available and/or retrievable • Segregated and duplicated 12 Duplicates should be stored where you can avoid: • Natural hazards such as flood, earthquake, fire, etc. • Utility operations / chemical factories • Airports • High crime and high traffic areas • Water based suppression systems
Potential Consequences of Non-retrievable Vital Records Include: Delay in or inability to restart or continue operations Penalties associated with non-compliance Reputational harm Increased expenses (labor and legal) Reduction in revenue 13
Vital Records Project Plan Development 14
Polling Question • Do you have a Vital Records Program in place? • Yes, we have a Vital Records Program. • No, but we’re thinking about it. • No. 15
Program Development Why Protecti on Increases reliability and return time to normal business operatio ns 16 Costs Trust Reduces costs by saving time Allows you to provide a quick and reliable response Respon se Prepares personne l to think quickly, act safely, and function effectivel y
Program Development - How Develop a Policy or Standard Develop and Conduct Training Take an Inventory of Vital Records Identify Protection Methods Test the Process Mitigate Findings from Testing 17
Program Development Considerations Standard Development Training – including methods Inventory Consistency Competing Priorities 18
Vital Records Training & Vital Records Inventory 19
20 Take the Inventory for Vital Records - How Execu Plan • Content • People • Process • Select Train • Live Sessions • Job Aids • Schedule • Review • Dashboar d • Close • Definition • Align s • Examples • Data Form 20 te • Repositor Close
21 Plan Train Execu te Close Define • Explain why this needs to be done – What’s in it for me? (WIFM) • Set a clear scope and schedule - roadmap • Provide clear definitions of vital records 21
22 Plan Train Execu te Close People • Contact leaders and ask for volunteers / “voluntolds” Process for the Effort • Refer back to the roadmap for your guide • Set up recurring meetings • Course correct along the way • Provide an easy to use location to store the inventories 22
23 Plan Train Execu te Close • Job Aids • Definitions / Examples • Data Form / Repository Emergency Operating – Essential for emergency operations Business Continuity – Essential for immediate resumption and continuation of business following a disaster 23 Legal – Essential for legal or audit purposes
24 Plan Train Execu te Close • Schedule • Progress Dashboard • Meetings to check for alignment and provide guidance and support 24 Course corrections along the way
25 Plan Train Execu te Close Review – Peer review of records inventories to share perspectives and look for gaps Close – Did you achieve the objective you outlined in your roadmap? 25
Identify Recovery Methods Disaster Recovery and Business Continuity 26
Understanding Your Risks New Data Center 1 Legacy Data Centers New Data Center 2 • Earthquake and flood • Recovery (Legacy Data Center 2) • Long Recovery Time Different Hazards Zones No Single-Points of Failure Legacy Data Center 1 27 Data Center 2 Modern Data Center Infrastructure Capable of Resilient Architectures
Understanding Your Business Process Business Continuity Disaster Recovery Operational / Critical Infrastructure Protection 28 Market Protection Mapping Mission Critical Processes Customer / Consumer Protection Employee / Corporate Protection
Assessment and Classification Criticality 29 Business Mapping IT Mapping Business Impact Tier Mission Critical 1 Business Critical 2 Significant 3 Important 4 No Impact Best Effort
Foundational Technology Design Global Site Selector Data Center 1 Data Center 2 Mirrored Network / Security Zone POD Infrastructure 30 POD Infrastructure Web/Presentation Servers Application Servers Database Servers
Testing and Continuous Improvement Test “Raise the Bar” Continuous Improvement Share 31 Addre ss Asses s
Summary Understand Risks & Priorities Perform Assessment & Classifications Build Foundational Environment with Modern Data Centers Continuous Improvement with Testing and Metrics 32
Questions? 33
Handou ts and e valuatio in confe ns rence a pp! Please Complete Your Session Evaluation Stay Calm in the Storm by Protecting Vital Records Amy Van Artsdalen, eav 9@pge. com Education Code: TU 01 -4522 34
- Slides: 34
