Sessions at CPM 2009 WEST

Tuesday, May 12, 2009

9:45 AM - 5:00 PM

BP1: Tutorial: Business Continuity 101 (100 L)

Kelley Okolita, Hanover Insurance

This popular all-day course provides a solid foundation for your business continuity education. A terrific refresher course for experienced planners, this tutorial also helps those newer to the industry to build a framework for developing and implementing a business recovery plan. Participants receive a valuable manual and sample recovery plan.

You Will Learn:

The basics of business continuity plan development
About incident response, risk analysis, and recovery strategies
How to test plans and create awareness programs

9:45 AM - 11:00 AM

BP2: Hands Free Continuity (300 L)

Phil Lambert, Center for Continuity Leadership

Having limited resources is not new to seasoned planners. And having our hands tied even tighter makes for a lousy work environment! Not all is lost; you have options. There are strategies and attitudes you can easily adopt that will ensure your program's success in times like these. A continuity program, if designed and executed properly, will help to drive the “hands free” activities that must occur when gaining buy-in, ownership, and participation from stakeholders. Some planners will cultivate a stronger program during these difficult times. Will you be one of these few? A powerful and successful program includes all the right components, leveraged in just the right way, to gain the greatest results. Come and learn and be one of the few.

You Will Learn:

How to drive your continuity program "hands free"
About leveraging these economic times for greater significance
Seven principles for doing more for your program with less

9:45 AM - 11:00 AM

BP3: Decomposing the Crisis/Incident Management Timeline (400 L)

Eric Staffin and Douglas Weldon, FBCI, Thomson Reuters

In order to cost-effectively maintain compliance with client contractual obligations, regulatory requirements, and international standards, companies must learn how to effectively decompose the crisis/incident management timeline without separating the science from the art. This presentation will provide guidance and a methodology for decomposing the multitude of recovery time objectives, recovery point objectives, work recovery times, and contingent supplier dependencies of critical internal and external assets (facilities, systems, data, and people), and a standards-based approach for mitigating risks and reducing commercial exposure.

You Will Learn How To:

Establish and maintain a cost-effective approach to manage contractual obligations and regulatory requirements
Uncover and assess risks associated with multiple RTOs, RPOs, WRTs, and contingent supplier failures
Utilize a standards-based approach for mitigating risks and reducing commercial exposure

9:45 AM - 11:00 AM

L4: Cyber Security from the Eyes of the Executive (400 L)

Steve Firestone, CA, Inc

IT projects and programs are always under scrutiny for the value they deliver to the business. Security projects are no exception, and they often can face even greater scrutiny as there may be a few executives out there who still view security as "insurance." Shrewd business executives know that security is critical to the business, but they face the challenge of limited funding for IT. Learn how to present your security programs to your boss and budget authority to ensure you gain the executive buy-in and support needed for the projects.

You Will Learn:

The hot buttons to think about when approaching bosses for a budget for security projects
How to speak in the language the budget authority will understand and relate to
Tactics to help ensure success with the budget approval process

9:45 AM - 11:00 AM

R5: MemphisFirst - A Public/Private Partnership (300 C)

Dr. Stanley Weinrich, CBCP, CPIM, International Paper and Robert Nations, Jr, Office of Preparedness, Memphis UASI

MemphisFirst is a significant public/private partnership in the Memphis metropolitan area to foster improved preparedness for businesses and individuals in the area. This session will describe the goals of the program, the trials and tribulations of its two years in existence, and offer recommendations for what to do and what not to do in your community.

You Will Learn:

How to organize an effective public/private partnership
About benefits and challenges of community partnerships
Hard-earned insights on developing such a partnership

11:15 AM - 12:30 PM

BP10: Crossing the Chasm: Delivering Value and Innovation with the Convergence of IT Governance, Security and Audit (400L)

David Cass, CISM, JPMorgan Chase

In a world of increased regulatory pressures and global commerce, IT governance, security and audit can and should be leveraged to improve the risk posture, provide a sustainable and resilient technology environment, deliver business value and contribute to innovation. Learn how to create opportunities to improve business alignment and enhance value delivery.

You Will Learn:

The need for a governance, security and audit maturity model
Overcoming challenges when adopting governance
How to take a holistic view of risk management

11:15 AM - 12:30 PM

BP7: Supply Chain Resilience (400 L)

Cliff Thomas, MBCP, HEIT, Inc. and George A. Zsidisin, Ph.D., C.P.M, Bowling Green State University

While business continuity processes and practices are gaining greater acceptance in industry today, their orientation is typically internal. At the same time, more and more organizations have an equivalent dependence on external resources to ensure supply chain continuity, in both their downstream distribution channels to customers, as well as upstream reliance on supplier organizations. Without carefully considering these external partners, any efforts to ensure business continuity will have only limited, if any, benefits to the firm. This panel of experts will offer effective practices, examples, and recommendations that participants can apply to improve supply chain continuity, with emphasis on the upstream perspective of the supply chain and third party assessment processes.

You Will Learn:

Effective practices and practical advice for supply chain continuity
Case examples of effective supply chain continuity
The importance of supply chain considerations within an overall enterprise risk management framework
Trends in supply chain continuity

11:15 AM - 12:30 PM

L8: Risk Preparedness: The Next Wave in Business (400 L)

Bruce Blythe, Crisis Management International

Recent initiatives point to risk preparedness as the next management system to be standardized and integrated into American businesses. Our businesses will soon have an opportunity to demonstrate preparedness through DHS-sponsored certification. Possibly most importantly, Standard & Poor is now correlating enterprise risk preparedness with financial outcomes, i.e. corporate credit rating scores that will be publicly displayed. This is an opportunity for continuity professionals to become more valued strategic risk preparedness partners within their organizations. This presentation will discuss the latest developments in this fast-evolving landscape. Discover how you and your organization will be impacted and what you can do to be at the cutting edge of this next wave.

You Will Learn:

An update on the international movement toward identifying and managing organizational risks
Opportunities for and barriers to establishing effective management systems to manage risks
A future look at integrating the many management systems that address the protection of organizational core assets

11:15 AM - 12:30 PM

L9: Industrial HazMat Response Teams (300 C)

Shelly Stephens, PHM, Amway Corp.

There is a great deal involved in determining whether or not to form and maintain an industrial Hazardous Materials Emergency Response Team. This case study outlines those things that need to be considered, including conducting a business impact analysis, factors in helping to make the decision, and various regulatory requirements. Hear specific examples of how the process was rolled out at Amway Corporation, how their team functions today, and some of the challenges they face in maintaining a corporate HazMat team.

You Will Learn:

HazMat team considerations and program requirements
How industrial HazMat teams are applied
About the challenges of maintaining an industial HazMat team

2:15 PM - 3:30 PM

BP12: Who Comes to the Party: Using Core Competencies as Post-Disaster Access Credentialing Criteria (300 L)

Maurice A. Ramirez, DO, PhD, High Alert

Core competencies represent the minimum knowledge base and skill set required to function in a given environment. Once identified and established, these core competencies form the basis for all credentialing and certification. (WAITING ON EXPANDED ABSTRACT)

You Will Learn How To:

Identify and develop core competencies, regardless of profession and industry
Employ core competencies as credentialing criteria
Use core competencies as minimum educational goals

2:15 PM - 3:30 PM

L13: The People Side of Contingency Planning (300 L)

Kathryn McKee, SPHR, Human Resources Consortia

All crises touch people, and it takes people to help get the business back up and running. But, employees at all levels need to be physically and emotionally ready to return to work. Learn what programs you and your HR colleagues can plan for in advance so that you can jump-start the return to productivity of your workforce. Through examples of real-life situations, you'll learn about HR policies and programs to think about in advance; how to prepare managers to deal with employees having difficulties dealing with the trauma of disaster, and the leadership competencies that you and other managers need to prepare for and deal with leading people through disaster.

You Will Learn:

The value of planning for people in your contingency plan
What and how to incorporate contingent HR policies and programs in your BCP
How to prepare managers and supervisors for dealing with employees in times of crisis

2:15 PM - 3:30 PM

L14: Establishing a Testing, Training, and Exercise Program (500 W)

Barry Boyd and Mark Spreitzer, CGI Federal

The testing, training, and exercise (TT&E) plan should define the organization's roadmap for ensuring a viable capability, and outline the organization's approach to maintaining plans, as well as enhancing and managing the capability. Critical to this is having personnel trained to fulfill their roles and responsibilities within a plan through exercises and employee awareness. In addition, the TT&E plan should identify resource and budget requirements that enable organizations to achieve an effective, proven capability, and provide a schedule for conducting various types of TT&E events. In this workshop, attendees will be walked through the process of establishing a TT&E program, including developing a TT&E policy, identifying roles and responsibilities, and documenting a TT&E event methodology. Learn how to enhance existing BCPs by integrating improvement opportunities discovered during the simulation.

You Will Learn How To:

Establish a testing, training and exercise (TT&E) program
• Develop an associated policy
Document a TT&E event methodology
Improve your BC plan based on exercise outcomes

2:15 PM - 3:30 PM

R15: Protecting Employees and Maintaining Continuity through Emergency Notification (300 C)

Chris Hartinger, Starbucks

Starbucks is not just a coffee retailer; the company is in the people business first and foremost. This is especially true concerning Starbucks' 150,000+ employees ("partners") who work in over 12,000 locations worldwide. Communicating with these partners might sound like a daunting task, especially in a crisis, but for Starbucks it is accomplished using emergency notification technology. The company relies on its "Bean Line" to convey important information or instruction in times of emergency. Notable uses include Hurricane Katrina, the Minneapolis/I-35 bridge collapse, the London bombings, and Hurricane Ike. Learn how emergency notification technology is helping Starbucks protect employees and maintain business continuity. Also share in best practices which you can easily apply to your organization's own critical communications strategies.

You Will Learn:

How emergency notification technology helps keep employees safe and ensures business continuity in a crisis
Best practices for crisis communications
Ways to incorporate emergency notification technology into your business processes and company culture

3:45 PM - 5:00 PM

The H1N1 Pandemic: Is This What We Planned For?

Michael R. Gregory, FEMA and Maurice A. Ramirez, D.O.

The speakers will discuss the current H1N1 situation (previously known as "Swine Flu"), best case and worst case scenarios, practical advice on what you can do both at work and at home, pharmaceutical and non-pharmaceutical strategies, the potential effect of the outbreak on the economy, and a comparison of the local, state and federal response.

3:45 PM - 5:00 PM

R16: Examining the Inherency of Business Continuity in the Organization (400 L)

Edward Cahn, PMP, CBCP, BAE Systems

The processes involved in developing and managing a business continuity system require a vivid understanding of the organization including its structures, dependencies, functions, and stakeholders. To be successful, a business continuity system requires a penetration into the organizational structure itself. This session will explore how business continuity requirements are already inherently defined in most organizations, and how this can be leveraged to develop and economize a resilient business continuity system.

You Will Learn:

How business continuity requirements are already inherent in the organization
Which departments are already applicable to meet the requirements
How to realize distinct labor savings in all areas in new, improving, or even established systems

3:45 PM - 5:00 PM

BP17: To BIA or Not to BIA (200 L)

Roger Stearns MBCI, CBCP, CHS-III, Ever Vigilant Consulting

In an ever-increasing risk intolerant business environment there is a desire to cover more risks and recover larger segments of business operations. But when is the right time to adopt a "do nothing" or "suspend operations" strategy? This session will look at a Business Impact Analysis (BIA), risk assessment, and the probability models to assess when the latter strategies are the right ones for you.

You Will Learn:

How to determine the right scale of Business Impact Analysis for your organization
To explore probability models and risk assessments and decide when to use them
When to choose a "do nothing" strategy

3:45 PM - 5:00 PM

L18: Integrate Control Disciplines to Increase Control and Save Money (400 L)

Kathleen Lucey, FBCI, Montague Risk Management

This session describes how all control disciplines are doing much the same functions, just applied to different arenas. Each is isolated from the others because of its own jargon and separate professional distinctions. This session discusses an organizational approach that optimizes both organizational and individual career benefits while significantly reducing costs.

You Will Learn:

A proposed organization structure that optimizes risk mitigation, continuity capability, and emergency response
The financial and other benefits of integration
About the disadvantages of current organizational structures

3:45 PM - 5:00 PM

SM19: Update: Standards and Legislation in Business Continuity (400 L)

Paul Kirvan, FBCI, CISSP, CBCP, Paul Kirvan Associates

Developments in business continuity standards and legislation are coming fast and furious. Numerous activities are occurring that can be highly confusing to BC professionals. This session puts everything into perspective, and offers delegates timely guidance for planning and management.

You Will Learn:

Latest developments in domestic and international BC standards
The value of using standards in BC activities
Status of the ASIS project to develop an American national standard for BC
The timeframe for the long-awaited international standard for BC

Wednesday, May 13

9:15 AM - 12:00 PM

L20: The Disaster Experience (300 W)

Bob Mellinger, Attainium Corp

This workshop has been designed to put you in the throes of a real-life disaster situation, as it unfolds. You will make the critical decisions any organization will have to make - and deal with the consequences of those decisions! After you've finished, you'll understand the importance of planning in advance for a disaster or other business disruption. You'll never want to be caught unprepared again!

You Will Learn:

How you might react in the event of an disaster
How to manage various roles and responsibilities during a disaster
Real-life experiences from this exercise which you can apply to future crises

9:15 AM - 10:30 AM

BP21: School Security: Overturning the "All or Nothing" Myth (400 C)

Robert A. Collins, PhD, Dillard University and Jeff Floreno, Wren Solutions

Amidst tight budgets, multiple priorities, and daily crises, creating a school security plan can seem like a Herculean task. Schools can take small steps that can go a long way toward proactively creating a more secure environment and building actionable plans that prevent losses and save lives in case of an emergency. Learn how to look at security through a different lens, evaluating the campus for opportunities and taking small steps that cost little time or money to better secure the school and be better prepared to react when an event does occur. This session includes a case study from Dillard University, the only university in New Orleans to avoid looting after Hurricane Katrina. Learn how to apply such a security plan to your school, evaluate best practices for conducting an evaluation, gap analysis, and develop a follow-up process.

You Will Learn:

Essential elements of an effective security plan for a school or university
To develop a process for tracking security gaps and progress
How to evaluate a campus for "low lying fruit" opportunities
What infrastructure and personnel are necessary to protect a university
About examples that could help secure a school immediately

9:15 AM - 10:30 AM

BP22: Update on Nuclear and Bio-Terror Threats (300 L)

Eli Dabich, Synergy Associates

This session presents a review of nuclear, biological, and chemical threats that organizations may experience in the future. The scope of these threats will be described in the context of the current world situation. Also discussed: the likelihood a terrorist attack will utilize these types of threats, and under what conditions. The practical information in this session will allow you to identify the type of threat and what you can do so you and your organization survive the threat and continue business operations. Learn how to integrate these threats into your continuity plans, and learn about a tabletop exercise which has been developed for a chemical attack.

You Will Learn:

How to identify and survive nuclear, biological, and chemical threats
About the importance of including these threats in a contingency plan
How to test a plan for such threats

9:15 AM - 10:30 AM

L23: Benefits of Applying Performance Management in Business Continuity Programs (300 L)

Dr. Stanley Weinrich, CPIM, CBCP, International Paper

Performance management (PM) is a behavior-based management process that has demonstrated effectiveness in many high-performance organizations. This presentation describes the applicability and benefits of the PM process toward business continuity programs. Insights will be provided on how to make a BC program more effective, how to engender management support, and how to sustain interest throughout the organization. Participants will leave the session with new approaches toward strengthening their business continuity programs.

You Will Learn:

What Performance Management (PM) is and how it can help support contingency planning programs
How to apply PM in gaining management buy-in for your programs
How to better manage your management

9:15 AM - 10:30 AM

R24: Lessons Learned Information Sharing (200 L)

Bill Moore, Lessons Learned Information Sharing, Department of Homeland Security

This session will provide an overview of Lessons Learned Information Sharing (LLIS.gov), the national, online network of lessons learned, best practices, and innovative ideas for the emergency response and homeland security communities. Sponsored by the US Department of Homeland Security's Federal Emergency Management Agency, LLIS.gov helps emergency response providers and homeland security officials prevent, protect against, respond to, and recover from terrorist attacks, major disasters, and other emergencies. The presentation will cover features unique to LLIS.gov, including original best practices and lessons learned and its extensive library of after-action reports, state and local plans, federal guidelines, and other related documents. The speaker will also discuss LLIS.gov's community-building network features, such as member collaboration tools, information sharing tools, feedback tools, the member directory, and LLIS.gov channels.

You Will Learn:

How to access plans, templates, and guidance documents and original content on LLIS.gov
How to share lessons with the LLIS.gov community
How to network on LLIS.gov and interact with first responders through channels and other features

10:45 AM - 12:00 PM

BP25: Situation Assessment: The Elusive Common Operating Picture (300 W)

Michael Gregory, CEM, MRG Consulting

This session will discuss situation awareness (SA) and the common operating picture (COP) as required under the National Incident Management System (NIMS). The session explores integrated communications (interoperability), plans and procedures, critical information processing, decision making/sensemaking, and information sharing and management. Attendees will gain better insight into both the technological and sociological aspects of developing and maintaining COP and SA. Also included: an interactive hands-on communication activity and case studies with lessons learned.

You Will Learn:

About Situational Awareness and Common Operating Picture: how they fit into NIMS/ICS, how they are affected by issues such as interoperability and how best to use technology such as geospatial tools/mapping
How Crew Resource Management/Human Factors affect Situational Awareness, and how CRM lessons learned in areas such as air crews, nuclear power plants and off shore rigs can be applied to emergency response
The essentials of Critical Information Processing, Decision Making, and Sensemaking – how to get information, figure out what it means, and do something with it

10:45 AM - 12:00 PM

BP26: Selecting an Emergency Communications Solution: Know the Facts Before You Buy (300 L)

Ted Brown, CBCP, CBCV, KETCHConsulting

As more organizations continue to build and refine comprehensive business continuity plans, the need for mass notification systems has grown. As a result, numerous vendors are diving into the mass notification market. While a wide range of alternatives is normally an advantage to the buyer, it can add confusion when trying to make the right choice. This session provides a useful overview of mass notification systems, explains the basics of how they work, and outlines the specific criteria organizations should use to select the solution that’s right for them.

You Will Learn:

How to identify specific notification system features your organization may require
About the various systems available, how they operate, and how they vary
The pros and cons of third generation notification technology

10:45 AM - 12:00 PM

L27: Navigating the Financial Tsunami 2009 (400 L)

Glen Boyls, AMX International

Like a tsunami, the US financial crisis has expanded to encompass our global trading partners, customers, suppliers, and outsourcers. The ripple effects will negatively impact almost every business, government, charity, consumer, employee, and student throughout 2009 and into 2010. As risk managers, internal auditors, continuity planners, and executives, we have a responsibility to ensure our organizations remain prepared and resilient during adverse conditions. This session takes an enterprise view of the financial and operational impacts that will most likely affect organizations, and provides a series of recommendations to help organizations mitigate risks, survive the next 18 to 24 months, and prepare for economic recovery.

You Will Learn How To:

Retain customers and supply chains in an unstable economic climate
Manage cost and liquidity
Improve financial and operational performance to ensure stability for the future

10:45 AM - 12:00 PM

SM28: Can Standards-Based Planning Provide Consistency across Sites? (400 L)

Bethany Gadfield and Mark Meinert, BP

This session demonstrates how BP's global integrated supply and trading organization has leveraged an application of standards and a common methodology across disparate international business units to facilitate implementation of a BCP strategy at a regional level. Learn about BP’s journey, garner lessons learned and some simple tools to guide you on your own path to a standards-based planning approach and strategy. Also included: a workshop to help participants define their own standards and yearly schedule.

You Will Learn How To:

Create and apply standards for multiple sites/business segments
Document the strategy based on the standards
Re-evaluate the strategy based on the results of plan exercises

2:15 PM - 4:30 PM

L30: Recovery Strategy Workshop: Adapting to Changed Realities (300 W)

Gisela Gadelha, CBCP, Steven Ross, CBCP, CISSP, CISA, and David Sarabacha, CBCP, CISSP

The changes companies face today are affecting their need for recoverability and resilience. In this workshop, attendees will learn how to develop recovery strategies for both business and IT that reflect altered constraints including cost, technology enhancements, workforce alignment, and internal politics. Working from a realistic case study, attendees will develop appropriate strategies for personnel deployment, workplace availability, and data center recovery. These will be presented and critiqued in terms of both their expected efficiency and the quality of the presentation of ideas. Attendees will be guided in mapping their approaches to recovery with the demands of the business and the marketplace. As important, they will learn to make the case for their recommended strategies to enhance the likelihood of management acceptance.

You Will Learn How To:

Develop recovery strategies and sell them to management
Recognize the forces of change on recovery strategy
Maintain recoverability with reduced resources

2:15 PM - 3:30 PM

BP31: Developing Enterprise Risk Management (300 L)

Eric Staffin, MBCI, CISSP, and Doug Weldon, FBCI, Thomson Reuters

To proactively approach enterprise risk management (ERM), executives need to think outside the traditional Risk Assessment and Business Impact Analysis (BIA). While the concept of ERM stretches back to the early ‘90s, it is only recently that firms treat the concept of their recovery and security from a 360-degree perspective. A good ERM program allows for: less downtime and increased productivity, adherence to regulatory standards, and greater flexibility. The common thread in ERM will be covered in a "how to" approach. Assessing risks and impacts, architecting solutions, implementing mitigation, and implementing recovery solutions will be covered. ERM scope has grown so large in the last few years that each area will be discussed, along with a process for incorporating all the areas with limited staff and budget.

You Will Learn:

The components of a successful Enterprise Risk Management program
About the technical and business ERM risks
How to develop and document an ERM plan with limited resources

2:15 PM - 3:30 PM

L32: Advanced Skills in Post-Disaster Psychological Debriefing (300 L)

Joseph DesPlaines, Frontier Airlines

Most crisis management behavioral health professionals acknowledge that people involved in the response to a crisis – especially a sudden, violent event that causes causalities and/or fatalities – need to be supported to ensure they do not become additional crisis victims. Most experts agree that Critical Incident Stress Debriefing is the preferred method of support for crisis responders. This session will discuss some of the approaches to responder support, ranging from basic psychological first aid to Critical Incident Stress Debriefing to a flexible hybrid model of psychological debriefing that can accommodate the differences in people, situations, and experiences. Included will be a “how to” model that can be provided to crisis responders to assist them with stress management.

You Will Learn:

The vital role of psychological debriefing after crisis
About the different approaches to debriefing
A new model of resilience debriefing that can be applied in your organization if needed

2:15 PM - 3:30 PM

L33: The Challenge of Assessing Supplier Reliability (400 P)

Moderator: Kathleen Lucey, FBCI, Montague Risk Management

A panel of representatives from three organizations will discuss the value of current techniques to assure acceptable levels of supplier reliability. The moderator will introduce the subject, discussing increasing demands for a high degree of confidence by customers in their suppliers, and some of the current vehicles used to provide this, such as contract terms, audits, questionnaires, SAS 70 reports, analysis of test results, and on-site inspections.

You Will Learn:

An analysis of current techniques used to assess supplier reliability
How the challenge is being handled in three organizations
How contractual terms can assist in your evaluation

2:15 PM - 3:30 PM

SM34: Using Standards to Create Your Campus Emergency Plan (200 L)

Bo Mitchell, 911 Consulting

Emergency planning for your campus is subject to many federal, state, and local laws, regulations, and standards. Most educational professionals who are tasked with creating emergency plans are confused or overwhelmed regarding those standards. Learn what laws, regulations, and standards apply to your campus emergency planning, training, and exercises. Learn what a lawsuit will do to you if you don't create your plan to standard. Learn the 17 mistakes campuses make in creating their plans today.

You Will Learn:

About the laws, regulations, and standards that control emergency plans
How lawsuits affect you and your organization
How your own employees and visitors can harm your response to a disaster
What help to expect from local municipalities

3:45 PM - 5:00 PM

L35: Leveraging ERM to Achieve Strategic Objectives (300 C)

Matthew S. Gardner, CBCP, Armodis Consulting

Enterprise risk management, by COSO's definition, is "to provide reasonable assurance regarding the achievement of entity objectives." This case study will explore the linkage between strategic objectives and effective enterprise risk management. This is based upon a practitioner's two-year journey to design and implement an appropriate enterprise risk management approach for an $80 billion global manufacturer and distributor of medical and surgical supplies. Topics include: defining a value proposition for Enterprise Risk Management; implementing an appropriate governance process; identifying key stakeholders for identifying, assessing, managing, and reviewing significant risks; and how to implement ERM in a large, complex, competitive business environment. Also included: a practical risk assessment approach, and insights on how to focus on the most significant risks an organization faces.

You Will Learn:

A value proposition for Enterprise Risk Management
How to implement ERM in a compex business environment
A practical approach for identifying and prioritizing the most significant risk

3:45 PM - 5:00 PM

BP36: Border Transportation Security Issues (400 L)

JJ Coughlin, SCI and Steve Lewis, Trans-Secure Compliance and Solutions

This session will provide an in-depth analysis of the current trends and tactics being used by organized criminals to overcome loss and security prevention tactics. Learn methods for protecting employees, cargo and business continuity. Case examples will demonstrate successful methods for meeting these objectives

You Will Learn:

How to protect your company's people and physical resources, and maintain the continuity of your business
Current trends in transportation losses
How to identify, locate, and regain assets outside the U.S.

3:45 PM - 5:00 PM

L37: How to Avoid Career-Defining Moments in Crisis: Manage the Victim Dimension (500 L)

James E. Lukaszewski, ABC, APR, Fellow PRSA, CCEP, The Lukaszewski Group Inc.

Victim management is the weakest area of crisis readiness for individuals and organizations. This powerful presentation provides an understanding of the emotional power victims have to control events, decisions, and visibility; what victims go through; why victims are difficult to manage; and, what victims need to begin to recover. Too often, afflicted organizations feel they are victims too, causing stalling, delay, denial, and even more devastating problems. Most everything else can be replaced, rebuilt, or remediated. It is victims who draw the attention of the media, plaintiff attorneys, communities, and public officials. A single angry, energized individual can alter the direction of products, industries, and careers. Participants will learn how to manage these highly emotional situations and to anticipate tough, touchy, sensitive questions, and questioners.

You Will Learn How:

Victims drive crisis visibility and control outcomes
To recognize and respond to the patterns of victimization
To avoid the causes of victimization
Best to respond to highly emotionalized situations and people

3:45 PM - 5:00 PM

R38: Sharing the Vision and Splitting the Costs: Public/Private Partnerships (300 L)

Gayle Johnson, Alta Colleges

Cooperative efforts can enhance available resources and improve outcomes – and you know that. But how do you share the vision with potential partners without losing focus and control of your project? This workshop will explore the possibilities and pitfalls of bringing potential partners to the table. A number of innovative approaches to public/private partnerships will be reviewed, including how to coordinate efforts with colleges and universities and how some of these partnerships can be used to attract additional funding. Explore strengths and weakness of each approach, along with discovering general patterns of development and keys to successful implementation. Common elements of successful (and sustainable) partnerships include common core expectations, clear channels of communication, and cultivated leaders. Tools for developing these essential characteristics will be provided. Numerous examples of actual partnerships and samples of support materials will be provided.

You Will Learn:

Tips for getting partners to follow in the same direction
About developing mechanisms for keeping your project on course: community mapping
How to tap into the new work-study funding for emergency preparedness projects at your local college

Thursday, May 14, 2009

10:00 AM - 12:00 PM

SM40: Measuring Maturity and Preparedness (300 P)

Moderator: Douglas Weldon, FBCI, Thompson Reuters
Panelists: Richard Cocchiara, IBM, Margaret Langsett, Virtual Corporation and Cliff Thomas, MBCP, HEIT, Inc.

This session features demonstrations on various approaches to measuring program maturity and resilience. Learn about the resilience maturity assessment framework (RMAF) and resilience maturity index (RMI), the Business Continuity Maturity Model®, and the Balanced Scorecard methods. Gain practical examples of how to apply these approaches to business continuity programs in order to make valuable improvements and show quantifiable metrics.

You Will Learn:

Ways to dramatically improve preparedness programs
Three approaches to implement innovative BC/DR assessments and measure program maturity
The essence of business resilience and how to determine overall resilience

10:00 AM - 11:15 AM

BP42: IT Operational Resilience (300 L)

Mijee Dirks, IBM

The drive to innovate, respond to risks and threats, and satisfy externally imposed industry and regulatory requirements leads to a state of constant change in your business environment. An organization that can respond easily and flexibly to a barrage of influences from such a wide spectrum of sources is the one that will succeed and grow in value. This capability is known as operational resilience. IT operational resilience is increasingly becoming a focus of regulatory and contractual compliance requirements and is often measured in terms of availability, recovery windows, and security vulnerability windows.

You Will Learn How To:

Create a resilient environment for recovery and reduce operational risk
Avoid software license violation penalties
Speed IT security threat assessment and response

10:00 AM - 11:15 AM

BP43: The Muskrat Theory of Business Continuity (400 C)

Roger Peters, RSM McGladrey

Last year’s record floods in the Midwest were fought with heroic efforts and millions of sandbags for hundreds of miles as downstream communities braced for their crests. Volunteers and the National Guard worked on the levee at Winfield, Missouri for over a week only to see it fail due to muskrats that tunneled into the barrier and weakened it. Small holes eventually became a 65 foot gap and the surrounding area was flooded as effectively as if a terrorist had plotted an attack for months. Disasters can quickly find the "muskrats" in recovery plans. Scenarios we didn’t expect often arise and key team members may be overextended or not available when they are needed the most. This session will discuss some of the "muskrats" that have been identified in regional disasters and should help prepare you to hunt for them in your plans.

You Will Learn How To:

Increased understanding of potential disaster risks facing their organization
Enhanced ability to identify risk mitigation controls
Enhanced skills to assess plans and determine whether additional mitigation or recovery strategy enhancements are necessary to meet the organization’s needs
Enhanced ability to more fully engage business unit leaders in their business continuity program

10:00 AM - 11:15 AM

L44: Taking BCP to BCM (400 L)

Victoria Leighton, Avanade

This discussion takes "check off the audit box" BCP to implementing BCM enterprise wide. Step out of BCP on the shelf and into managing the resiliency of an organization on an enterprise scale by the organization's executive management team. Insights include how program managers go to the next level in gaining business ownership of BCM and defining the strategic process to implement.

You Will Learn:

Steps to evolve the process of BC planning to BC management
How to gain buy-in from the executive team
How to roll out the process enterprise-wide

10:00 AM - 11:15 AM

R45: A Systems Approach to Hazard Assessment (300 L)

Dale L. Thompson, MS, ARM, CSP, Kaiser Permanente

This session will review the role of regular hazard assessments in the context of an overall emergency preparedness and response system. A comprehensive systemic approach to assessing risks, developed for healthcare by Kaiser Permanente, will be discusssed. This method has become the industry standard since its introduction some years ago. Use of the tool will be illustrated, including its influence on continuity planning, common challenges in using the model, and best practices such as community benchmarking. Finally, a case will be made that application of the model to other industries beyond healthcare is easily done and provides many benefits.

You Will Learn:

About the role of hazard assessment within a preparedness system
Details on a comprehensive model for hazard assessment
A practical application of the model including common challenges and how to use this model, developed for healthcare, in other industry settings

11:30 AM - 12:45 PM

BP47: All Hazards Exercises: A Planning Methodology (300 L)

Anthony Gelish, FACHE, Booz Allen Hamilton

Learn how the Department of Defense Major Theater Exercise planning methodology provides an efficient and effective way to plan any exercise. After examining specific cases, session adapts the DoD methodology for the private sector.

You Will Learn:

Five major exercise types and their appropriate application
Ten exercise development phases of the DoD Major Theater Exercise methodology
About the value proposition for exercises

11:30 AM - 12:45 PM

L48: Taking Your Business Resiliency Program Out of the Corporate Wilderness (500 L)

Ira Messer, Verizon Wireless

This session discusses how to leverage the operational knowledge and functional understanding derived from standard BC/DR program functions, such as the BIA, into enterprise cost savings and efficiency gains, enhancing the program's value in senior management's eyes. Learn to utilize standard tools to view resiliency with the focus on critical business functions, not only the development of a recovery solution for a data center or staff workspace. Attendees will be able to take this view and show senior management that inclusion of resiliency practices as part of the normal operations will become not only cost-effective but solidify the resiliency program at the same time. Examples will be used to demonstrate how resiliency issues were incorporated into BAU practices, and that during a crisis the enterprise performed with little or no disruption.

You Will Learn How To:

Leverage the enterprise functional knowledge generated to contribute to the overall efficiency of the organization
Incorporate the required BC/DR enhancements as part of the BAU processes
Demonstrate how incorporating BC/DR requirements can be part of an overall cost savings
Utilize BIA to determine the enterprise's critical business functions, not just geographical recovery

11:30 AM - 12:45 PM

R49: Implementing the Incident Command System in Your Organization (300 L)

Brenda Emrick, Costa Mesa Fire Department and Stephen Stempniak, Anaheim Police Department

Every event, activity, and disaster requires coordination and management. The Incident Command System (ICS) is a standard on-scene, all-hazard management system. Lessons learned point to the need for a standardized response to potential incidents and hazards within your organization. The ICS has been established by the National Incident Management System (NIMS) as the standardized incident organizational structure for the management of all incidents. The success of any operation will depend on the ability to mobilize and effectively utilize your resources. These resources must come together in an organizational framework that is understood by everyone and must utilize a common plan, as specified through a process of incident action planning. This training will allow your organization to plan, exercise, and respond using the National Incident Management System.

You Will Learn How To:

Utilize a best practice management system
Manage any type of event or situation and meet the challenges of organizing people and resources
Improve coordination and cooperation between public and private entities

Contingency Planning

Events