Contingency Planning

Remote Surveillance &

Facilities Management

By Steve Goodwin MBE MSyI

Compliance and Risk Director

This Session We will explore:

Contingency Planning &

Business Continuity

Management (BCM)

The role of the National

Intelligence Centre:

Remote location via IP

network

Monitoring, Control,

Management of multiple

sites and supply chain, 24-7

Protecting potential targets

in the City of London and

other locations

The systems and

technologies available:

Security & Facilities

Management

Access control post-

evacuation: audio-visual,

emergency services

Contingency PlanningBusiness Continuity Management

ISO 22301 / BS25999 -

British Standard for BCM

A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders reputation, brand and value creating activities.

Contingency Planningand Resilience

Contingency Planning

and Resilience

Continuity of

Operations

Business

Continuity

Crisis

Communications

Disaster

Recovery

Cyber Incident

ResponseInformation

Systems Contingency

Occupant

Emergency

Critical Infrastructure

Protection

Stakeholders Frame Components Intended Outcome

Board Policy Procedures Understanding of Appetite

Executive & Senior Management Supporting Documents Proactive Assessment

Operational Management Plans & Training Understanding of Impact

Other Considerations

Impact on Capital Impact on Change Insurance

Synergies between the two

National Intelligence Centre

Connecting Sites & the Supply Chain

Remote:

1. Management

2. Monitoring

3. Access Control

1. Contingency Planning

2. Crisis & Vital Service Response

3. Disaster Recovery

4. Business Continuity

Data & Risk Analysis

Identify risks, scenarios

on site & in the chain

The Intelligence Centre is the hub for Plans:

Emergency services & local teams

Crisis Management Centre

Why Remote?

Central resource & control of multiple sites, teams,

disciplines & systems

Integration: alarms, CCTV, Facial Recognition, audio,

access control, man-down, EPOS, Detectives, vehicle

tracking

Away from danger, contamination, crime scene,

influence & tampering

Communication: deployment by multiple comms

links – RF, data over IP, SMS, email

Restore services to new, disabled or temporary site

Cost savings: outsource to share resources;

back-up; redundancy; extra expertise

Timeline

Pre-empt

and Prevent Disaster Strikes

Reduce

Within Minutes

or Hours

Respond

Within Hours

or Days

RecoverResume

Within Weeks

to Months

Restore Return

Disaster Strikes

Remote Monitoring

& Access Control

Lights On CCTV Unlock Doors Audio Link Man Down

Tested with out of hours delivery for major retailers

Vehicle in transit – GPS monitoring and 2-way comms

Control evacuation & emergency services entry & egress

Services control: power supply, lighting, Lifts, HVAC, fire control

Deploy local emergency & service teams (e.g. lift repairs)

Access Control:

Target Protection

Scenarios

Data

Risks

Plan

Deploy

Test

Consider traffic & spaces: staff, deliveries, suppliers, public access & out of hours

Analysts: assess statistics, incidents, response

time, costed alternatives

Evidence: coordination of technology,

detectives, investigation

Testing: rehearsals, detectives, ‘secret

shopper’ - training

• staff interviews & checks

• store detectives, ‘secret shopper’

External v Internal threats:

Technology & Systems

IP

Review range of technology platforms and compatible devices

Systems

RF radio, internet telephony, alarms, CCTV, audio, access

control, man-down, EPOS, Building Services

1. Alarms: WebWayOne, BT Redcare, CSL Dualcom and Sur-gard Receivers

2. CCTV connections are supported via Immix, Sureview International, others

Lodge Service Accrington centre

Outsource to share resources; back-up; redundancy; extra expertise

Operational Risk Components

Purpose /

VisionStrategy

External Events

Eg Weather/Terrorism

Core Processes Critical Systems Colleagues FacilitiesSuppliers & Outsource

Partners

Change Agenda

1-3 Year

Strategic Plan

Control Self Assessment Operational Risk Business Continuity Insurance Programme

Operational Risk Strategy & Plan

Key Controls

End-to-end

Process View

Top-down Operational

Risk Profile

Bottom-up Operational

Risk Profile

Incident & Near

Miss Reporting

Resilience

Work-Area Recovery

Disaster Recovery

Policies

ClaimsIncident &

Crisis Management

Operational

Risk Appetite

Operational

Risk Capital

Reporting

Scenarios

Finally…Embedding the Culture

Define overall risk appetite at Board level. Holistic buy-in paramount

Aligned to business processes, including suppliers

Practical considerations – need policies & procedures

Integration: Risk Department, Business Continuity, Incident Management,

Security, Facilities Management. Keep things simple – common language

Reviews: data analysis, risk assessment, scenarios, TESTING

Potential to drive efficiencies and cost-savings: set KPIs and ROI