10 May 2006

Flu Pandemic: NIMS to the Rescue...

An operational risk benchmarking survey conducted by The Risk Management Association in April 2006 indicates that many financial institutions are preparing for a possible flu pandemic.

Key findings are:
-- Large North American institutions with asset sizes greater than $10 billion are taking the threat seriously. Least concerned are banks with assets of less than $500 million.
-- Most banks expect disruptions to last three to nine months.
-- Two-thirds expect 30% or more of their key workers to be absent during peak periods of disruption.
-- More than 60% have identified someone to lead the planning, but less than a third have rolled out plans and begun regular testing.
-- Only about a third of banks are well along in establishing policies for such things as employee compensation, evacuations, and reducing workplace transmission of risk.

Participants in RMA's "How Serious Is the Threat of a Pandemic and What Are Bankers Doing about It" included 190 financial institutions. Of those, 168 are from North America, 14 from Europe, and eight from Asia, Australia, and Africa. The results are broken out by geographic area and asset size, with respondents' asset sizes ranging from under $500 million to over $500 billion.

Continuity of Operations and Business Crisis Conintuity Management experts are prepared to handle the requirements from the two thirds of the banks who still HAVE NOT begun regular testing. Along with the typical exercises where a third of the work force stays home for a day to see how the IT assets handle the load, there is much to do with the testing of your third party suppliers and critical supply chain vendors.

Make sure that the people you trust to get you through the tests, exercises and consulting advice are NIMS compliant. The National Incident Management System (NIMS) in the US is the standard for a comprehensive, national approach to incident management that is applicable to a full spectrum of potential incidents. This includes a myriad of hazard scenarios, regardless of size or complexity.

All corporate officers who plan on being part of the Unified or Area Command must have the tools and the training far in advance to accomplish COOP or BCP goals. Here is the scenario:

"An outbreak of a suspicious flu-like virus has broken out throughout the State. So far, victims seem to have contracted the virus through personal contact, but public health officials cannot trace the source of the virus to naturally occurring outbreak. Because the contamination area is spreading, the entire region has been placed on alert. This incident should be managed by an Area Command."

Using Incident Command System (ICS) protocols in combination with the NIMS framework allows the organization to become more resilient to the risks associated with a major disruption in business operations. This may include denial of service, both online and offline, lack of key personnel, or quarantine of company facilities. For more information and answers to how to get your company NIMS compliant and ready for the next tornado, hurricane, earthquake or terrorsit incident, see WashingtonDC FIRST.

No comments:

Post a Comment