5.2 Planning for Handling the Emergency 163
Chapter 5
Each county government or township typically operates an emergency
management agency for the purpose of coordinating disaster relief efforts in
that county or township. Upon exhaustion of resources at the county level,
requests for state assistance will be made to the appropriate emergency
management organization, and an element of that organization will be sent
to evaluate the damage and the assistance needed through the state. The
governor may declare a state of emergency and direct state resources into
the affected area. The State Emergency Operations Center (SEOC) will be
activated at this time and will provide a direct liaison to the County EOC
regarding the coordination of state resources operating and/or responding
into the affected area. When local and state resources are determined to be
inadequate to respond to the disaster, the governor will request assistance
through the Federal Emergency Management Agency (FEMA). The
requests will be based on state and local damage reports and expenditure
reports for disaster-related activities. When the President of the United
States declares an emergency or a major disaster, federal assistance is then
authorized to assist state governments. Each state designates an agency
responsible for coordinating assistance received through federal programs.
5.2.5 Assessing the Business Impact of an Emergency
Assessments need to be made at various stages during the recovery process
as to the potential scale of the emergency from a business perspective. Dur-
ing the disaster recovery process, these will include a preliminary damage
assessment. The initial assessments will normally be carried out by the
DRT, who may call on other specialists to help with this process as appro-
priate. The assessments will be based on the particular circumstances by
applying a five-point scale similar to the one shown in Figure 5.2.
As discussed previously, the BIA is an essential component of an organi-
zation’s business continuance plan; it includes an exploratory component to
reveal any vulnerabilities and a planning component to develop strategies
for minimizing risk. The result of analysis is a BIA report, which describes
the potential risks specific to the organization studied. One of the basic
assumptions behind BIA is that every component of the organization is reli-
ant upon the continued functioning of every other component, but that
some are more crucial than others and require a greater allocation of funds
in the wake of a disaster. For example, a business might be able to continue
more or less normally if the cafeteria had to close, but would come to a
complete halt if the information system crashed.
As part of a disaster recovery plan, BIA is likely to identify costs linked
to failures, such as loss of cash flow, replacement of equipment, salaries paid
164 5.2 Planning for Handling the Emergency
to catch up with a backlog of work, loss of profits, and so on. A BIA report
quantifies the importance of business components and suggests appropriate
fund allocation for measures to protect them. The possibilities of failures
are likely to be assessed in terms of their impacts on safety, finances, market-
ing, legal compliance, and quality assurance. Where possible, the impact is
expressed monetarily for purposes of comparison. For example, a business
may spend three times as much on marketing in the wake of a disaster to
rebuild customer confidence.
5.2.6 Secure Recovery
Secure recovery ensures that mission-critical, sensitive, or secured servers
can be restored after a disaster with minimal loss or security violations.
Secure recovery ensures that affected systems reboot into a secured state
and that all resources open and active at the time of the fault, failure, or
security violation are restored from backup, and their proper security labels
are reapplied.
5.2.7 Alternate Sites
Secure recovery can also be expanded to an entire organization under a disas-
ter recovery plan. An organization-wide secure recovery procedure involves
the use of an alternate site: a secondary location where the business can move
to and continue performing mission-critical business operations. As we pre-
viously discussed in Chapter 2, there are three basic levels of alternative sites:
hot, warm, and cold. Although a hot site is the most desired form of alter-
nate site, it is the most expensive. A cold site is the least costly, but it makes
recovery nearly impossible. When you return from the alternate site, the
Figure 5.2
A chart to help
determine the
severity of a
disruptive event.
SEVERITY
POTENTIAL LONGER TERM IMPACT FROM DISRUPTIVE
EVENTS
1 Is likely to seriously affect normal business operations for over
four weeks
2 Is likely to seriously affect normal business operations for over one week
3 Is likely to seriously affect normal business operations for less than
one week
4 Is likely to seriously affect normal business operations for less than
two days
5 Is likely to seriously affect normal business operations for less than
one day
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.