Darius Delon, CCIB FCIP CRM Associate Vice President Mount Royal University – Risk Services [email protected] [email protected] Oﬃce 403 440 6196 Cell 403 999 2724 ERP – What is Your Strategy? Is this you? Emergency Response Goal Prepare – Have some tools, training and plans made up ahead of Vme to respond to an incident. Protect – Immediately respond and protect people, property, revenue, reputaVon, patents, etc. Preserve – Prevent the situaVon from geWng worse and speed up Vme to start recovery. Con.nue – Start to recover your people, property, revenue, etc and get back to doing your full operaVon. Strategies will need to diﬀer between organizaVons – there is no one size ﬁts all soluVon! Rule #1 – ERP will take Vme to be understood, accepted, and full beneﬁt achieved. Rule #2 – Baby Steps. You need a plan. Rule #3 – Strategy used must match the maturity of the ERP program. Don’t get ahead of yourself. Rule #4 – Leverage the experience of early ERP adopters in your organizaVon. Rule #5 – If you are not geWng tracVon – amend strategy. What Is Your ERP Buy-‐ In?   Vice President -‐ Get buy in from the board.   VP -‐ Get buy-‐in, support, and resources from Senior Leadership – other VP’s.   VP -‐ Hire an ERP specialist.   ERP Specialist -‐ Develop a framework for the organizaVon (ERP Steering Commicee) – including an ERP Policy. Use outside resources if needed to kick start the process. Incident Command System (ICS) Detail – Incident You need wide-‐spread incident awareness. What consVtutes an incident and who needs to be advised – immediately. You need to deﬁne incident escalaVon – many incidents that start at 1 or 2 can quickly become a 3 once you consider all the risks – reputaVon risks for an incident that does not happen on your locaVon. Communicate to non-‐members and non-‐ parVcipants that you have a ERP plan and an EOC. Detail -‐ CommunicaVons You need a well thought out, wricen, crisis communicaVons plan. Draf some template responses. You need ways to communicate – internal networks (email – will it work in an emergency), external (can you send stuﬀ to them with no power) and media. Good crisis communicaVon equals good reputaVon management. Detail -‐ ERP You need a wricen plan – on paper and on the net. Consider if power goes down -‐ you need things on paper. Need an emergency operaVons centre. What, where, how. Need an alternate site also. Need an ERP to idenVfy all the players, their roles, phone numbers, resource lists. AS SOON AS POSSIBLE – RUN A TABLETOP EXERCISE! Detail – SecVon Chiefs Need authority, diversity and 3 layers deep. Must have roles – Director, CommunicaVons, Finance, OperaVons, DocumentaVon aide. Good to have, Deputy Director, LogisVcs, IT, Liaison, Risk/Insurance and other specialists. Need individual training (in units of threes) and large group training. Each secVon chief should operate in a similar manner to the others. AS SOON AS POSSIBLE – TRAIN YOUR SECTION CHIEFS Detail – ExecuVve You need to involve your execuVve in the training. Train them and test them. Take them to the next level. Afer each training session – debrief the group and review what you have learned and what needs to change. Afer each EOC acVvaVon – debrief. Take some credit for the wins. NOTE – include your Execu.ve in the debrief. Also – kick your CEO out of the EOC room during an acVvaVon. Detail – EOC Room Primary and alternate rooms needed. Back up power needed – most frequent loss type. Land line and Voip phones. Laptops, Ipads, phones, chargers, pens, paper, sVcky, etc. Update sofware monthly. Projector and TV. (Get good cable or satellite subscripVon) You will need space for your people to talk and work – consider breakout rooms early on in the design. TacVcs -‐ ConnecVons to ERP   You need real life stories to get your point across (gain tracVon) – and           these people have them. Security – incident reports show many near miss events as well as criVcal incidents. You could trend types of incidents and know what type of incidents to expect – along with severity. OH&S – Many people get injured in interesVng ways – OHS group is required to record, report and invesVgate. Finance – at the end of the day – they have a lot of ﬁnancial incidents that they prevent – and some they don’t. (Fraud allegaVons) Human Resources – do people want to start working for you? Why not and why do they. What errors have supervisors made during performance management. Share the stories but not the names of people. CommunicaVons/Media relaVons – how is the value of your brand being protected. What do they respond to and how? Sample OrganizaVon Design Board of Governors Audit & Risk Commicee Vice President AdministraVve Services Risk Services ERM/ERP Security Risk Finance & Claims Darius Delon [email protected] [email protected] Oﬃce 403 440 6196 Cell 403 999 2724