Rod_Young

7/28/2019 Rod_Young

1/47

DISASTERS..

SUCCESS .

PRESENTATION TO ITU EMERGENCYCOMMUNICATIONS AND INFORMATION

20 FEBRUARY 2012

4X

3

BLUE

BETA

|TELPPTV4

ROD YOUNG

EMERGENCY RESPONSE MANAGERTELSTRA CORPORATION LIMITED

TELSTRA

TEMPLAT

ITU Presentation Bangkok | Rod Young| Feb 2012 |

TELSTRA IN CONFIDENCE

7/28/2019 Rod_Young

2/47

TELSTRA BUSINESS SNAPSHOT

Australias leading telecoms & information services company xe an mo e n ras ruc ure, pro uc s an servces, .

million fixed and 13.2 million mobile services

World class core IP network Next IP

Largest fully integrated IP network in the world, supportingxe wre ess

Sin le national WBB network Next G

Coverage to >2.1 M sq kms & >99% population(810,000 sq mi)

z spec rum, +,

DC- HSPA+ 42 Mbps* enabled. LTE launched in Sep 2011 an Australian first

High speed wireless backhaul to 95% pops of which 90% isGigabit Ethernet

ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE

Peak network downlink speed. ctual customer speeds are lower

7/28/2019 Rod_Young

3/47

3

7/28/2019 Rod_Young

4/47

BUSHFIRE


7/28/2019 Rod_Young

5/47

QUEENSLAND FLOODS 2011


7/28/2019 Rod_Young

6/47

QUEENSLAND FLOODS 2011


7/28/2019 Rod_Young

8/47

CYCLONE YASI FEB 2011


7/28/2019 Rod_Young

9/47

Bridgewater Exchange15 J an 2011

an

TELSTRA IN CONFIDENCE

7/28/2019 Rod_Young

10/47

NETWORK IMPACT:

BLACK SATURDAYSEVERE TC LARRY 06 VICTORIAN BUSHFIRES

09QLD FLOODS 11 SEVERE TC YASI 11

28,000 PSTN 8,000 PSTN 23,200 PSTN 94,000 PSTN

services impacted services impacted services impacted services impacted

40 mobile base 27 mobile base stations 159 mobile base stations 220 mobile base stations

3000 ADSLservices im acted 2700 ADSLservices im acted 13,600 ADSLservices im acted 32,000 ADSLservices im acted

190 network siteslost mains power




40 portablegenerators deployed

53 portable generatorsdeployed

70 portable generatorsdeployed

110 portable generators

104 red zones 43 red zones 450 red zones 268 red zones

10

7 Missing

fumes


7/28/2019 Rod_Young

11/47

EMERGENCY

MANAGEMENTFRAMEWORK

: MANAGING DISRUPTION-RELATED RISK STANDARD


7/28/2019 Rod_Young

12/47

TELSTRAS BUSINESS RESILIENCE CONTEXT

nc enManagement

Resilience

pera onaResilience

Business

Continuity

Critical InfrastructureProtection

Risk Management


7/28/2019 Rod_Young

13/47

WHAT IS BUSINESS CONTINUITY

- BCM is a risk management discipline, which through the development ofstrategies, plans, and actions provides for the protection and alternativemodes of o eration for the essential rocesses which if interru ted brin

serious consequences to the business.

- e s ra s me o o ogy s rec e a ma or a verse even s a :

Have extreme or major impacts on the business

Require a planned and organised response.

-

There are a range of options that provide an appropriate level of BCMassurance to protect the related operational business objectives and,

Do nothing

Operational controls Business Continuity Plans

Crisis PlanITU Presentation Bangkok | Rod Young| Feb 2012 |

7/28/2019 Rod_Young

14/47

- The level of impact is commercially acceptable and no action is needed.

(2) Operational controls

- Proactive measures designed to prevent the occurrence and or mitigate the impact ofevents that eo ardise business continuit

-Can exist without a continuity plan for high frequency and relatively low impact eventsreferred to as operational outages. These controls include physical access restrictions,

(3) Business Continuity Plans- Document the procedures that provide protection to critical processes and alternative

modes of operation to ensure continuity of service

- Address extreme or ma or im act events that have a low fre uenc of occurrence.

(4) Crisis Plan

- Is activated when a major adverse event is elevated to crisis status or a crisis occurssuch as kidnap of staff or major financial loss

-Will focus on mana in the com an s re utation throu h effective communicationwith stakeholder groups.


7/28/2019 Rod_Young

15/47

PUTTING INTO CONTEXT

Very

CrisisPlans

g

Bus Continuit PlansHigh

MedRisk Treatments

.

15`LIKELIHOOD High

Low

7/28/2019 Rod_Young

16/47

TELSTRA BCM METHODOLOGY - 5 STAGES

12 Month Cycle

51 2 3 4Business Business Test &BusinessRiskContext ImpactAnalysis MaintainPlansAssessment

Threats to critical

parts of theEssential /Criticality of

processes and

Alternative strategies

to ensure an Business

omes

businessdetermined and risktreatments areimproved if

BusinessProcesses

dependencies isdetermined, as wellas the impact ofloss to Telstra

accep a e eve oservice identified,developed &

documented.

plans testedand

Ou

t necessary.identified. maintained

tputs

BCP TestingDocument

BusinessContinuity

Risk RegisterBIA & RA Report

BusinessImpact

Anal sis

BusinessContext

l

Oan

Worksheetocumen


7/28/2019 Rod_Young

17/47

STAGE 1 - BUSINESS CONTEXT

usines

Context

usines

Impact

Analysis

Risk

ssessme

usines

ontinuit

Plans

Test&

Maintain

t

The business environment in which the area conducts its

operations What are the major business objectives / deliverables?

What are the key performance indicators?

o are our ma or s a e o ers

Who are our key suppliers / vendors?

What are the markets served?


7/28/2019 Rod_Young

18/47

STAGE 1 - BUSINESS CONTEXT

Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

Business

ContinuityPlans

Test &

Maintain

Outcome - Essential business processes & key dependencies requiringBusiness Impact Analysis identified

Corporate Criteria - Mandatory deliverables and supportingdocumentation for the Business Context stage 1

Outputs A document based on the corporate template, and endorsedby senior management.


7/28/2019 Rod_Young

19/47

STAGE 2 - BUSINESS IMPACT ANALYSIS

Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

Business

ContinuityPlans

Test &

Maintain

What?

Analysis that establishes the potential impact on the business from amajor disruption to essential business processes and its keydependencies.

Why?

J ustifies the business continuity effort on the basis of impact.

Ranks processes and dependencies according to criticality. Establishes minimum acceptable service levels based on the impact

and duration of the failure.


STAGE 2 BUSINESS IMPACT ANALYSIS

7/28/2019 Rod_Young

20/47


Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

Business

ContinuityPlans

Test &

Maintain

How?

Part 1 - Process Impact Analysis

1. List key essential business processes identified in Stage 1

Determine the Maximum Allowable Outage (MAO) Determine Recovery Time Objective (RTO)

Determine the Worst Case Outage (WCO)

List impact from 1 to 5


STAGE 2 BUSINESS IMPACT ANALYSIS

7/28/2019 Rod_Young

21/47


Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

Business

ContinuityPlans

Test &

Maintain

How?

ar epen ency mpac na ys s

Identif the ke de endencies for rocesses with a Severe (4) or Extreme(5) impact.

Creation of BIA worksheets


7/28/2019 Rod_Young

22/47

STAGE 3 RISK ASSESSMENT

7/28/2019 Rod_Young

23/47

STAGE 3 - RISK ASSESSMENT

Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

BusinessContinuity

Plans

Test &

Maintain

What?

ssessment to un erstan t e r s s an t e us ness exposure, an toassess the adequacy of risk treatments.

that were classified with a 4 or 5 impact rating in the BIA Stage 2.

To determine if appropriate treatment mechanisms and strategies are inlace to mana e those risks to the business.

To establish whether tighter risk treatments are required to reduce thethreat likelihood and impact.



7/28/2019 Rod_Young

24/47


Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

BusinessContinuity

Plans

Test &

Maintain

How?

1. Risk Identification - Identify risks to critical dependencies

. -impacting the dependencies, which in turn determine the risk exposure.

3. Risk Evaluation Are any additional treatments required to mitigate therisks.

4. Risk Treatments - Develop strategies where risk exposure isunacceptable.



7/28/2019 Rod_Young

25/47


Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

BusinessContinuity

Plans

Test &

Maintain

Risk Identif ication Examples of risks to Business Continuity

Supply chain interruptions

Employee / third party malicious acts

Business risks industrial disputes, downsizing

Technology risks (major network, computer)

.ITU Presentation Bangkok | Rod Young| Feb 2012 |TELSTRA IN CONFIDENCE


7/28/2019 Rod_Young

26/47


Business

Context

Business

ImpactAnalysis

Risk

Assess-ment

BusinessContinuity

Plans

Test &

Maintain

Current Risk Analysis What is the likelihood of the risk?



7/28/2019 Rod_Young

27/47


Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Current Risk Analysis By identifying the likelihood of the risk, and understanding the consequence, the risk

exposure can be determined.



7/28/2019 Rod_Young

28/47


Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Effective vendor management, multiple vendor contracts

Documented operating standards and procedures Staff with relevant experience

Physical and logical security

rus pro ec on

Backup of data Evacuation lans

Available cash reserves


STAGE 4 - BUSINESS CONTINUITY PLANS (BCP)

7/28/2019 Rod_Young

29/47

STAGE 4 BUSINESS CONTINUITY PLANS (BCP)

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

What are BCPs?

BCPs are documents that guide the actions to be taken:

Prior to,

During andFollowing an adverse event.

Ensuring acceptable levels of service,Recoverin business continuit ca abilit

What needs to be communicated and to whom


STAGE 4 - BUSINESS CONTINUITY PLANS

7/28/2019 Rod_Young

30/47

STAGE 4 BUSINESS CONTINUITY PLANS

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

How?1. Select a BCP team

2. Identify Trigger Scenarios

For loss of dependencies (with a 4 or 5 impact rating in the BIA).

3. Develop alternate workaround strategies

4. Prepare plans Document the alternate strategy in a Business Continuity Plan and

procedural documents and assign responsibility for requiredactions



7/28/2019 Rod_Young

31/47

STAGE 4 BUSINESS CONTINUITY PLANS

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Business Continuity Team Responsibilit ies

The Business Continuity team is responsible for:

Maintaining procedures and contact lists

Testin the lans abilit to achieve service levels

Actioning the plan when required



7/28/2019 Rod_Young

32/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Develop Continuity Strategies The 5 Rs



7/28/2019 Rod_Young

33/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

procedures into the BCP template ensuring the steps clearly describe:

What has to be done Who does what (role / responsibility, awareness)

When it has to be done (MAO, timeframes)

Escalation procedures References to supporting documentation



7/28/2019 Rod_Young

34/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Prepare Plans Alternative Sites

Specify details of arrangements in place for any alternate sites to be utilisedas part of a workaround strategy.

An alternate site on permanent standby

Suitable workgroups at alternate sites that may be able totemporarily accommodate staff

Details of procedures for accommodation requests.


7/28/2019 Rod_Young

35/47


7/28/2019 Rod_Young

36/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Prepare Plans Contacts

In the event of a major disaster contacting relevant people will be essential to

ensuring an organised and co-ordinated effort.

Contact lists need to be kept up to date & should include contacts for:

Continuity Team Members / alternates Stakeholders

Staff (after hours details)



7/28/2019 Rod_Young

37/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Workaround strategies documented in continuity plans to ensure aprepared response occurs during a major adverse event

Corporate Criteria

Mandatory deliverables and supporting documentation the BCP stagecorporate criteria document

Outputs A BCP based in the corporate template

Plan Administration

System)


STAGE 5 -TEST & MAINTAIN

7/28/2019 Rod_Young

38/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

What is BCP Maintenance? A regular review process to ensure that changes in the business

environment are reflected in the Plan (6 monthly)

a s a es

An interactive exercise that validates the Plan, and assists inidentif in o ortunities to further develo and stren then the Planand the team that supports it (12 monthly)



7/28/2019 Rod_Young

39/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Why do BCPs require ongoing maintenance?

Organisation restructures may impact business processes

Personnel - a loss of key personnel may impact the composition of youreams an con ac s s

Technology - new systems may change the way things are done

Vendors may change due to end of contract Suppliers may change the level of service support.


STAGE 5 - TEST & MAINTAIN

7/28/2019 Rod_Young

40/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

ypes o es sWalkthrou h - Subect-matter ex erts stakeholders res onse team

members and a representative from the business area managementread through the plan to assess its effectiveness.

Simulation - Continuity Plan team members perform the tasks documentedin the plan simulating as close as possible the environment that wouldexist during the actual event.

- considered as meeting the test requirement.



7/28/2019 Rod_Young

41/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Developing an Impact Scenario

Returning from lunch .

Building has been evacuated

What happens next?

What do you do?

ere o you go

Who do you notify?

When will you be able to get back in?



7/28/2019 Rod_Young

42/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Testing Stages After

Validate test outcomes Has it met objectives?

Do the procedures work?

What problems had to be handled that were not anticipated?

a cou e one eren y o mnmse us ness srup on

Review test results & document in Testing template worksheet

Change BCP as required


TELSTRA ESLOS

7/28/2019 Rod_Young

43/47

VISIT AN INCIDENT CONTROL CENTRE


ESLO CONFERENCE 2011

7/28/2019 Rod_Young

44/47


VICTORIA POLICE STATE EMERGENCY

7/28/2019 Rod_Young

45/47


TELSTRA BCM METHODOLOGY - 5 STAGES

7/28/2019 Rod_Young

46/47

12 Month Cycle

51 2 3 4Business Business Test &BusinessRiskContext Impact

AnalysisMaintain

PlansAssessment

Threats to critical

parts of the

Essential / Criticality of

processes and

Alternative strategies

to ensure an

Business

omes

businessdetermined and risktreatments areimproved if

BusinessProcesses

dependencies isdetermined, as wellas the impact ofloss to Telstra

accep a e eve oservice identified,developed &

documented.

plans testedand

O

ut necessary.identified. maintained

tputs

BCP TestingDocument

BusinessContinuity

Risk RegisterBIA & RA Report

BusinessImpactAnal sis

BusinessContext

l

O

anWorksheetocumen


STAGE 1- BUSINESS CONTEXT

7/28/2019 Rod_Young

47/47

Business

Context

BusinessImpact

Analysis

RiskAssess-

ment

BusinessContinuity

Plans

Test &

Maintain

Essential functions

and processes

supporting key

business

objectives


Rod_Young

Documents

Transcript of Rod_Young