DRJ Blogs

One of the ongoing problems in business continuity is articulating the business case in a way that resonates with executives and others in our organizations and doesn't require a twenty slide PowerPoint presentation.  In an attempt to help, I will periodically post items as I find them in the news or wherever they turn up.  The idea is to give business continuity professionals ideas for informal conversations that highlight both the need for business continuity activities and some potential pitfalls of ignoring them.

On Wednesday, August 25^th, a hardware failure in Virginia's main data center brought the services of multiple state agencies to a halt.  The failure impacted twenty-six of eighty state agencies including the Department of Motor Vehicles and the Department of Social Services, two of the most visible, public facing agencies.  Details can be found in an article from the Richmond Times Dispatch at http://www2.timesdispatch.com/news/2010/aug/27/8/vita27-ar-475161/.  As of Monday morning, August 30^th, three of those agencies still reported outages, including the inability of the DMV to issue driver's licenses.  

The potential lessons to be learned from this situation are numerous; from the value and limitations of outsourcing in general to the cost/benefit of system consolidation to the need for plans that coordinate with outsource providers.  However, the one area that stood out to me was the lack of a consistent and positive message from state officials. 

If your morning routine always began with "L'eggo My Eggo", the great waffle shortage of 2009 probably left you missing that warm buttery and syrupy goodness.  Considering that Eggos account for nearly 70% of frozen waffles, the shortage was treated as nothing less than a national calamity.  With a flooded plant in Atlanta and broken bakery in Tennessee, Americans across the nation were left with empty freezers and a bad taste in their mouths when Kellogg Company was unable to produce some of their favorite breakfast foods.

A recent full-page ad in USA Today (see photo) prompted me to revisit the great waffle shortage of 2009, as it provides such a clear and tasty case for business continuity planning.  Heavy rains in October 2009 kicked-off Eggo's sabbatical from kitchen tables across the country.  One Kellogg spokesperson wrote "We are experiencing temporary Eggo supply constraints caused by a confluence of events [caused by] flooding at our Atlanta facility as well as equipment issues necessitating extensive enhancements and repairs at our largest waffle bakery facility."  As a result, Kellogg's added a banner to the top of their website that stated, "Some of your favorite Eggo products are out of stock nationally. We are working hard to fix this short-term issue".  Little did they know that "short-term" would actually become nine months.

Whether you want to call it inadequate planning or simply shear bad luck, the great waffle shortage of 2009 makes me think about business continuity and some key actions that may have kept our freezers stocked with Eggo waffles.  Still, as many of us can again find our favorite waffles at our local grocery, the following actions are applicable to a wide-variety of organizations and industries:

Just last week we posted on this blog about the World Health Organization’s announcement about the end of the H1N1 pandemic…. And now just less than a week later, we’re reading about a new possible threat to our health and safety.

That’s right the NDM-1 enzyme which creates an antibiotic bacteria. This superbug can exist within bacteria and the concern is that it can make such bacteria resistant to antibiotics, thereby creating a “medical threat”.

Most often people are contracting this bacteria after visiting Southeast Asian countries for medical travel. That’s right, travelers visiting countries such as India and Pakistan with the purpose of receiving specific medical care are returning to their home countries having contracted this drug-resistant bacteria. This, medical officials are warning could result in the next pandemic.

OR, HOW TO DEFEND AGAINST TERRORISM BY POWDER?

Powder Mailer Strikes Again
Monday, Aug. 16, 2010

Global Security Newswire http://gsn.nti.org/gsn/nw_20100816_2130.php
 
An unidentified individual or group of people this month has sent 30 powder-filled letters to businesses and other sites in three states, part of an apparent campaign that has involved hundreds of mailings and reached eight U.S. embassies, the Associated Press reported (see GSN, Dec. 17, 2008).

Way back on November 9, 2009, we first wrote about the H1N1 flu virus. What at first appeared to just be another in the typical “winter flu” phase, quickly turned out to be much more than that. Seemingly overnight, we went from flu epidemic to flu pandemic.

Cue the panic. Cue the stress. Cue the chaos.

No one was prepared. The international health bodies weren’t prepared. Business wasn’t prepared. School boards weren’t ready. The general public was either consumed with hysteria or sticking its collective head in the sand pretending that H1N1 wasn’t an issue.

As anyone who monitors news sources knows, British Petroleum (BP) has taken a beating in the media since the April 20^th explosion that led to eleven deaths and hundreds of millions of gallons of oil spilling into the Gulf of Mexico.  While the latest effort to cap the well appears effective, the perception associated with BP's reactive "by the seat of our pants" response effort failed to restore feelings of goodwill and faith, which will most likely lead to a continuation of boycotts, lawsuits and market-share loss. 

Even if BP survives this catastrophe long-term, it will likely take decades before they fully recover from the black mark that now stains their brand and reputation.  This article analyzes how BP's reliance on inconsistently-applied preventative measures and apparent disregard for effective planning for a high-impact, low (but not improbable) likelihood event increased the scale of this disaster.  This article also discusses ways organizations can identify their own risks and proactively respond to prevent similar fallout should a catastrophic event occur.

Thankfully, more and more businesses are recognizing the need for business continuity plans (BCP) and disaster recovery plans (DR). This means that more companies, such as yourself actually have BCP and DR plans.

But it also means that your clients and potential clients are aware of the need for such plans… So what do you do when a potential or existing client asks to see your BCP or DR plan? Is this information private internal material or should it be made “public”?

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case - Company agrees to substantial corrective action to safeguard consumer information

From an email from the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS)

=====