Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

Organizations both large and small need to have business continuity planning in place to manage unexpected business disruptions.  Whether these events are triggered by severe weather, civil unrest, product failure or any of a myriad of other factors, the time to figure out how to manage an incident is not when that incident occurs.

Getting Started – The Right Leadership Model

Typically a Business Continuity Manager is identified to lead the planning and preparedness process, and one of that person’s first responsibilities is to assemble the right team and governance structure.  For Business Continuity Management (BCM) to be effective, it is essential that the effort receives organization-wide visibility and senior management support. Studies have shown that BCM programs with executive sponsor and senior management advisory boards or steering committees in place are significantly more successful at meeting their recovery time objectives than those with less senior management support.  Executive leadership is required to:

...

Challenge: Developing a high-performance business continuity program is hard work and requires significant resource commitments and upper-management support. Respondents to the MissionMode Readiness Survey report varying levels of readiness with under 40% claiming to have business continuity management (BCM) plans in place across a wide number of potentially disruptive event types:

38% – Comprehensive BCM plans developed and trained across a wide variety of event types

37% – Plans developed and trained across a limited number of event types

...

Posted by on in DRJ Blogs

Are they the same?  Seems the BCP/DR industry has some mixed messages about the difference if any of these two terms.  Taking the definition of Recovery Time Objective from BCM Institute it states RTO is the: "Time goal for the restoration and recovery of functions or resources based on the acceptable down time in case of a disruption of operations" while it documented the Maximum Allowable Downtime (MAD) as "the absolute maximum time that the system can be unavailable without direct or indirect ramifications to the organization."  

They obviously appear related; but are they different or really identifying the same thing simply; how long before the impact is too great?

If my MAD is 6 hours (the maximum my system can be down is 6 hours), isn't my RTO also 6 hours (the objective to have the system recovered or the impact is too great)?

...

Last week, students in my risk seminar heard from UW seismologist Bill Steele, in particular about the Cascadia subduction zone we live in, including what advance planning and management of risks associated with a major earthquake can be done in advance.

This week, students will hear from Erika Lund, who oversees the City of Seattle's Disaster Recovery Plan, which is an entirely different framework from which to view a disaster.  Among the questions asked of  the Executive Advisory Group, to which Mayor Ed Murray appointed me, were:  how will the Seattle community handle short and long term recovery efforts?  How can we return our economy, education system, social service network, and other vital aspects of our community to full function?  How can we use a disaster as an opportunity to rebuild our community better than it was before? Who is responsible for making such decisions and with whose input? How and when will they be made?

Erika will describe the planning process today and talk as well about the identification of the core values that are a part of the plan.

Someone asked me yesterday if I don't find the world a very depressing place.  I answered that I do not, in part because of inspired work like this, and the people who give their time to do it.

Hits: 93

Posted by on in DRJ Blogs

This week Charlie suggests some actions organisations may take to prepare for severe weather.

 

With the severe snow and blizzards in the United States last week and also snow in Scotland, I thought I might put together some thoughts on the actions you could take in advance to plan for a heavy snow fall. As we are not yet out of the winter you may need to plan for snow.

...

Originally posted on Rentsys Recovery Services' blog.

Xaas cloud solutions are infiltrating the tech world: infrastructure-as-a-service, software-as-a-service, platform-as-a-service, desktop-as-a-service (DaaS) and so on. Of these, DaaS probably spends less time in the spotlight than its counterparts, but it's nevertheless gaining in popularity.

Last year, according to 451 Research, the market for virtual desktop infrastructure (VDI), which is the foundation for DaaS, grew 30 percent in the span of a year. It's expected to repeat that growth pattern through 2017. 

...

This week Charlie discusses the recent terror attacks in France and what they mean to business continuity managers.

 

The terrorist attacks in France last week remind us, if we need a reminder, of the dangers and impact of a terrorist attack. The attack on Charlie Hebdo and a Jewish supermarket were quite shocking and the large demonstrations in response to the attacks show the determination of the French, and other world leaders, that they will stand up to terrorists and the principle of freedom of speech.

...

Posted by on in DRJ Blogs

To all members who work at multi-national companies:

Is there a website that multi-national members use to monitor natural disasters worldwide?

We inform Sr. Management when there are disasters (Hurricane, Cyclone, Tornado, Earthquake, Flood, etc.) that could impact any of our facilities.

...

 

It won’t be long until we publish Reflections on Risk III.  Toward that end, we would like to invite any of our readers to submit a proposed research note for consideration, especially if such a note provides an alternative view of the topic or specific recommendations for managing the issues involved.  With readers in ten countries other than the United States, we particularly encourage submissions from Europe, the Americas, the Mideast, Africa and Asia.  With research notes, our aim is to move past conventional or historical explanations toward proposed solutions, guidelines, policies or regulation that reduces the amount of human or financial loss.  Without multiple perspectives on what are often muddy issues, it is difficult to see how we are headed for anything other than greater world disorder, higher levels of cultural gridlock, religious extremism, and the increased possibility of cyber-wars among nation states.  Please take a look at guidelines for submission here.

 We are not half way through the first month of the New Year, yet older operational risks have presented themselves across various critical infrastructure sectors in the form of human and financial loss from terrorism, cyber skirmishes, mishandled vendors, unexplained airplane crashes, and failed internal controls.  Of all the loss events, the Most Creative Explanation to the Regulators Award must go to Honda,  a company that undercounted certain claims, and then explained that “its own internal investigation found that it misinterpreted what issues should be counted.” (USA Today, Jan. 8, 2015)  The fines imposed by regulators on the transportation and banking sector sound large when described, but are easily expensed and there is no sign that behavioral change is on the way.

...

People ask: “What is the best experience a business-continuity analyst can bring to the table?” Well, one of the biggest things about business continuity is that it revolves around understanding the business process—knowing how an organization works. You can’t determine how best to recover an organization until you first understand how that organization normally operates.

When you’re looking at skill sets in this vein, the role of the business analyst is really an excellent starting point for the aspiring business-continuity analyst. So now we’re looking at exactly what a business continuity analyst does. A business continuity analyst will possess a variety of different skill sets—and they will all fit into business continuity planning and management.

One of the first roles is mapping business processes. A business analyst will typically do this in any one of a few different formats. We use something called the operation blueprint. This essentially maps all of the different steps to the business process. It also then links-up all of the supporting resources. Those would be your information-technology assets, your people, your vendors—essentially anything that would support the operation of each different business process, function or activity.

...

This week Charlie suggests 10 New Year's resolutions that Business Continuity Managers may want to consider.

 

Happy New Year to all readers. I hope you had a good holiday!

...

Originally posted on Rentsys Recovery Services' blog.

If you’re not an IT person but are involved in business continuity and need to be familiar with your business’s disaster recovery (DR) plan, how do you know if your organization is using the right data backup and recovery solution? The specific answer will vary based on your organization’s size and industry, but one thing holds true for all organizations: You need a solution that can back up your environment, not just your files. We’ll explain why.

File-Sharing Services

...

Posted by on in DRJ Blogs

The Handbook for EMS Medical Directors was developed by the IAFC as part of a cooperative agreement with DHS, FEMA and USFA, and was supported by DHS, Office of Health Affairs. A project team representing EMS stakeholder groups worked together to develop, contribute and author the handbook. In addition to the project team, many industry professionals contributed time, information and efforts to aid in the production of the handbook. Industry stakeholder groups reviewed and provided feedback during the handbook’s production. Please see the Acknowledgements section of the handbook for a complete list of contributing individuals and groups. Their efforts are greatly appreciated.

The position of an emergency medical services (EMS) agency medical director allows the opportunity for a physician to become engaged in the unique and ever-evolving realm of out-of-hospital care, a clinical practice offering a distinct set of challenges, and rewarding impacts in improving a community’s emergency medical care abilities. For most, the driving force behind the desire to become an EMS agency medical director stems from a deep passion for helping patients in times of marked acute medical need whenever and wherever the need appears. Yet, understanding the nuances involved in the oversight and direction of an EMS agency requires specialized knowledge, skills, and abilities beyond the typical curriculum of emergency medicine or alternative acute care medical practices. It is for this precise reason that EMS has been recently recognized by the American Board of Medical Specialties as a formal physician subspecialty.

The purpose of this handbook is to provide assistance to both new and experienced medical directors as they strive to provide the highest quality of out-of-hospital emergency medical care to their communities and foster excellence within their agencies. The handbook will provide the new medical director with a fundamental orientation to the roles that define the position of the medical director while providing the experienced medical director with a useful reference tool. The handbook will explore the nuances found in the EMS industry–a challenge to describe in generalities due to the tremendous amount of diversity among EMS agencies and systems across the Nation. The handbook does not intend to serve as an operational medical practice document, but seeks to identify and describe the critical elements associated with the position.

...

Posted by on in DRJ Blogs

Charlie discusses how the UK power supply crisis could affect your organisation.

A couple of weeks ago one of the lead stories in the news was the fire at Didcot B Power Station, a gas power station in the South of England. The station, which within the last couple of days has just been brought back on line, now has the power output of about 350MW; roughly half its normal capacity of around 700MW. The issue of power supply to the UK has been in the news for the last couple of days. The spare power capacity within the UK a couple of years ago was 17%, has now been reduced to 5%, and this may lead to the possibility of loss of power or brownouts.

 
A brownout is an intentional or unintentional drop in voltage in an electrical power supply system intentional brownouts are used for load reduction in an emergency. They can have a number of different effects on electrical systems, which can vary from the lights dimming, to burnouts of electrical motors. Equally worrying is that it can affect digital circuits in unexpected ways, such as make an electric motor run backwards, or it can cause them to produce false readings.
 
The management of power supply within the UK has been a creeping crisis for many years. The governments have failed to invest in new power supply, lacking the political will power to build new power stations, which are usually controversial. Cracks in a number of nuclear power stations have put some stations out of action leaving the country with limited spare capacity. The further loss of generating capacity coupled with a very cold winter, leading to increase in demand, could cause brownouts to occur or areas to lose power.
 
So what should we as business continuity people be doing?

...

Charlie Maclean-Bristol, FBCI, discusses whether the time has come for business continuity managers to make contingency plans for an Ebola pandemic.

Spain is now dealing with the first case of direct infection of Ebola in Western Europe; the first Ebola death has occurred in the United States; and the World Health Organization has warned that ‘Ebola is now entrenched in the capital cities of all three worst-affected countries and is accelerating in almost all settings’. So has the time come for business continuity managers to make contingency plans for a possible future Ebola pandemic? I think the answer to this question is, yes, we should be.

I am not suggesting that you immediately go out to the supermarket and buy lots of tinned food and water, barricade the house, be prepared to operate on battery power and bottled gas and then lie low. 

What I am suggesting is that we should be quietly thinking about how a possible Ebola pandemic might affect our organization; thinking through what an Ebola plan might look like; and monitoring the situation to ensure that you are ready to react if the situation escalates further.

So what at this stage should business continuity managers be doing?

1. One of the first tasks we should be doing as business continuity people is looking at what our possible exposure to Ebola is. What is our staff exposure to the disease, do we have staff travelling in areas, which have had cases of Ebola? As the disease spreads further, which most commentators are saying that it will do, then cases of Ebola may arise in a variety of places. We may have to react quickly if our staff are in the same area or they may be stranded by a country travel ban. 

2. What is our supply chain exposure to the disease and does it involve West Africa? Again, like staff travelling, as the disease spreads and turns up in expected areas then it may affect our supply chain. 

3. If the disease was to take hold in our country how would it affect our organization and would it create more work for us or less? If we work in an organization that would be responding to a pandemic (for example healthcare services) or are a supplier to such an organization, then it is likely our workload will increase. If our organization supplies essential services or part of the country’s ‘critical infrastructure’ such as power, food, water, etc. then we will be under a lot of pressure from government to keep working. Whilst if our organization does not supply something critical then we can perhaps temporarily close down our organization without a major impact beyond our own employees. Any contingency planning should reflect how it affects the individual organization!

4. Once we understand our exposure, then we should be engaging with senior managers in our organization and discussing our organization’s exposure and what action we should be taking at the moment. It we have no exposure then perhaps we should be agreeing to continue to monitor the situation. We may want to agree at this stage what sort of events might trigger further action. If we have a larger exposure then perhaps we should start some contingency planning and engaging with those parts of the business or people who may be at risk.

5. I think at this stage it is very important that we are not seen to panic or to overreact, as this might undermine any other contingency planning for other events; may undermine the credibility of the individuals involved in contingency planning; and may undermine any further escalation within the organization if this is required. Especially if there is a risk to our organization, some measured communication to staff informing them of appropriate risk reduction measures to take, any travel bans and what to do if they think they have been in contact with someone with the disease may help reassure them that you are thinking about the risk and taking appropriate action.

6. It may be appropriate for your organization to carry out some contingency planning to cover scenarios such as loss of a key supplier; if a staff member becomes infected; or if parts of your organization were quarantined. This may involve dusting off influenza pandemic plans and other contingency plans and seeing how appropriate they are in response to Ebola and amending the plans accordingly. I suspect if there was a full pandemic, government would in the main very much dictate the response and precautions to be taken by businesses and individuals.

7. I think, in the end, if we do nothing else we should monitor the situation on a day by day basis; so that we can react quickly if Ebola might, or is likely to, have an impact on our organization. 


The author
Charlie Maclean-Bristol, FBCI, FEPS, Director of Training, PlanB Consulting. PlanB Consulting is able to provide continuity planning risk assessments, advice and contingency plans for any organization that has an exposure to Ebola risk. www.planbconsulting.co.uk

Hits: 340

Posted by on in DRJ Blogs

The Dallas hospital treating the Ebola patient has just announced that the patient died.

The Liberian public health and airport security personnel in Liberia did their jobs, and checked outgoing passengers at three distinct checkpoints.  But airport personnel can do little when patients lie or the patient didn't know that what was thought to be malaria was actually Ebola.

We've patted ourselves on the back in this country for the sophistication of our medical capabilities, yet as I listened to the story today of the patient being sent away from the hospital in Dallas when his isolation and treatment might have meant that he would have lived, I thought once again of Dr. Atul Gawande's book, The Checklist Manifesto
This type of error is called one of ineptitude, as opposed to one of ignorance, presumably.  We don't know if this was an Ebola-specific checklist; one prepared by the hospital itself; or one from the Center for Disease Controls.  A quick read of Gawande's book might be very helpful, especially if the checklist has more than 5-7 items on it, without what Gawande calls "pause points."  His book is full of stories of how pilots, builders of skyscrapers and surgical teams perform extremely complicated feats, and how using checklists that involve every member of the team makes a difference.  His work in this respect for the World Health Organization has made a large impact:  deaths after surgeries have been reduced significantly by the implementation of several simple procedures that are part of the checklist.
I would also recommend the book to the new acting director of the Secret Service and to the panel that is currently being constituted to review the disturbing procedural/process failures over the last several years for the organization charged with guarding the president.  It may be that those procedures or processes have become shopworn.  Certainly it must be the case that, unless on a form of high alert (the United Nations responsibility, for example) agents' situational awareness is at an all time low.  Whether this is a factor related to the move from Treasury to the Department of Homeland Security or not is difficult to estimate, but will undoubtedly be reviewed by the panel.
The tipping point I mentioned last week seems more vivid as weeks go by.  Yet there was one piece of good news this morning:  that it appears Nigeria, the most populous and also most well-off African country in terms of infrastructure and medical personnel, has contained Ebola.  We just can't move quickly enough to get more personnel, hospitals, emergency operations centers and supplies deployed in the remaining countries. 

Hits: 281

Posted by on in DRJ Blogs
This week Charlie discusses how the Ebola crisis is creeping up on all of us. 
 
 
The situation in West Africa, with the ongoing spread of Ebola, bears all the classic symptoms of a ‘creeping’ or ‘rising tide’ crisis.

In Tolly’s Handbook of Disaster and Emergency Management Principles and Practice (edited by Lakha & Moore, 2004) a rising tide crisis is described as a: “Problem which creeps up gradually, such as occurs in the case of organised crime, corruption, a developing infectious disease epidemic or a steady stream of refugees into a country. There is no clear starting point for the crisis and the point at which it becomes a crisis may only be clear in retrospect.”

At present the disease is out of control in Sierra Leone, Liberia and Guinea. The latest news from the BBC says that in Sierra Leone there are five new cases of Ebola every hour and that a total of 765 new cases were reported in the West African state in the last week alone.

The problem is compounded by the fact that there are only 327 hospital beds in the country. The disease has killed 3,338 people so far. The situation is made even worse by the fact that 10% of Ebola deaths have been health professionals. Those trying to prevent the spread of the disease are being killed by it.

...
Tagged in: Business Continuity

This week Charlie discusses the Scottish referendum results.

 

I have written about Scottish independence before, but thought I would revisit the topic now that the referendum has been and gone.

...

Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success.  In this four part series I’ll introduce you to the four basic courses necessary when cooking up an appetizing and rewarding business continuity program. This week the focus is on doing what’s good for us…exercising and eating our veggies!

Posted by on in DRJ Blogs

DRJ Fall World is just around the corner, so now is the perfect time to turn our attention to the companies who help us ensure we can provide you with a top-notch learning and networking experience.

Gold Sponsor: Send Word Now: Headquartered in New York City, and founded as a direct result of personal experiences during 9/11, Send Word Now is the leading worldwide provider of on-demand alerting for crisis communication. The company’s easy-to-use, web-based emergency notification solutions and mobile applications are today utilized by businesses, government agencies, universities and non-profit organizations to ensure fast, effective and two-way communication when it is needed the most. Send Word Now's enterprise-class and award-winning notification service is capable of transmitting tens of thousands of voice and text messages in minutes, while ensuring a full audit trail for after-action reporting and follow-up. Its conferencing and workflow solutions keep everyone informed and connected to the people and information necessary for safety and resilience. At Send Word Now, a Silver Sponsor of DRJ Spring World 2014 and Gold Sponsor of DRJ Fall World 2014, every message counts.

Silver Sponsors:

...
Tagged in: DRJ Fall World