• Home

Apple’s preparations for cyberattack

Blue Sky Operations (before the incident)


The most important work to ensure business continuity is accomplished before there is a need for it.

· The Crisis Management Department works with all departments and across all businesses, to builds enterprise resilience through a continual process of hazard identification, capacity-building, planning, exercising and training. 

Planning (Crisis Management Program) 

The core of blue sky planning for business continuity is the Crisis Management Program.  Its mission is to improve outcomes during and shorten timelines to restoration by:  

· Empowering business unit owners to take action during disruption of essential services

· Equipping managers and staff with operational tools and skills to act effectively in a crisis

The specific objectives of the Crisis Management Program include the following:

· Train front-line workers on crisis management workflows

· Ensure business unit owners have accountability to maintain critical services

· Provide business unit owners with information and tools they will need in a crisis

· Identify opportunities to improve resilience at the department level

Program components are designed to take a comprehensive approach by connecting to all levels of [Focus Organization]: 

· Connect to senior leadership the Policy Level:  Socialize resilience decision making workflows through executive tabletop exercises and real-world incidents 

· Connect to Department /unit leadership at the Operations Level: Continuity action dashboard and continuity plans testing through rigorous exercises and operationalized during disruption

· Connect to front-line workers / line managers before the incident via crisis drills; prep talks and periodic drills.  This is because the essence of resilience is front-line workers / line managers empowered with information and tools to act during a crisis 

Readiness (5 Step Incident Management Process) 

The Crisis Management Department applies the processes of the National Incident Management System, or NIMS, to maintain a proactive readiness posture that is the key to maintaining critical services.  

Table 1 
Crisis Management Department Watch Process 


Monitor emergency radios, alert systems and breaking news 24/7/365


Investigate threat or hazard to understand potential impacts and timing1

1  With potential to disrupt human resources, business continuity or physical resources

Depending on certainty, timing and severity of impacts

The watch process includes two critical steps as shown in Table 1 above: 

  Watch means scanning the horizon 24 hours a day, around the clock, searching for every possible threat, whether it be human-caused, natural or technological

Size-up means assessing every threat to understand its nature, scope, and consequences and determine an initial course of action.  This often involves consulting subject matter experts for an expert evaluation

Roles and Responsibilities

The Crisis Management Department works with all departments and across all businesses, to socialize assignments and responsibilities before the incident resilience through a continual process of hazard identification, capacity-building, planning, exercising and training. The roles critical to incident operations include the following: 

Executive Leadership

Executive Leadership is the strategic element of the enterprise.

Executive Leadership engagement will vary depending on the demands of the incident. As shown in Table 2 below, a high intensity, fast-moving incident will trigger Executive Leadership activation at the Principal Level.  

Incident Commander

Table 2
Executive Leadership Activation 







Executive Vice Presidents and above

Chief of Staff

The Incident Commander is designated by the Chief of Staff.  The Incident Commander convenes Executive Leadership and directs the Crisis Management Department Coordination Team to: 

· Ensure enterprise-wide implementation of Executive Leadership incident priorities

· Coordinate Crisis Management Department activities

· Coordinate with key external stakeholders, including local, state, and federal officials

Safety Officer 

The Safety Officer monitors incident or event operations and advises the Incident Commander on all matters relating to incident health and safety of involved personnel.

· The Safety Officer has emergency authority to stop and/or prevent unsafe acts during incident operations

Crisis Management Department

The Crisis Management Department is comprised of Crisis Management Department staff and support personnel and supports the Incident Commander by: 

· Supporting enterprise-wide implementation of Executive Leadership incident priorities

· Supporting enterprise-wide coordination and communication 

· Supporting Crisis Management Department activities

· Liaising with key external stakeholders, including local, state, and federal officials

The roles and responsibilities of the Crisis Management Department are listed in Table 3 below:

Table 3
Composition of the Crisis Management Department



Business Continuity Lead

Supports recovery operations and implements the Recovery/ Business Continuity framework 

Planning Section Lead

Conducts action planning, produce Situation Reports, document operational activities and evaluate progress towards achieving operational objectives

Department Leads

The core of the Crisis Management Department, Department Leads “own the incident” and provide any and all critical support required to achieve incident objectives 


Support Operations Center to develop action plans that accomplish incident-specific objectives 

Subject Matter Experts 

Provide specialized information and support as requested by Executive Leadership, Incident Commander, Operations Section Chief or Support Services Group Lead

Incident Command System 

The Crisis Management Department utilizes the [Focus Organization] Incident Command System (ICS) structure and process to respond to, and recover from, emergencies and disasters of every kind. 

ICS provides the command, control, and coordination that brings together all businesses and departments into a common hierarchy within which the enterprise can be decisive and act in the moment to maximize effectiveness

ICS Mission 

The mission of the ICS structure and process is to maintain access to critical services, research and education by : 

· Safeguarding human resources, 

· Maintaining business continuity, and 

· Protecting physical resources.

To achieve the mission, the ICS organization connects to, and to supports, all stakeholders – including staff, patients, families, visitors and the public.  

· The Operations Center will connect with stakeholders who operate within their mission areas to conduct contingent operations or address specific problems

· The Crisis Management Department is responsible to address all issues encountered  

If necessary, they must accommodate surge by adding more people or by subdividing into groups or subgroups (e.g., task forces)