The Incident Preparedness Pyramid
- Published on November 19, 2007
The day of the family reunion beckoned on the horizon, but the practitioners were no longer so confident in their ability to successfully coordinate the great event and align the conflicting schedules and priorities of the equally legitimate offspring. Nonetheless, they remained convinced that a reunion was in everyone’s best interests, and continued to plan, drawing upon their project management skills, their business savvy, their technical expertise, and their experience with human nature.
As the years flew by, the practitioners became frustrated by their fruitless struggle to achieve the reunion they knew was in everyone’s best interests. One of them decided to do something about it. He spent many hours analyzing the situation, striving to identify the obstacles thwarting the reunion.
And then one night it hit him. The simple reason why so many people fail to attend reunions: they are not comfortable with their appearance. They are no longer as well defined as they once were. They are reluctant to show themselves to those who knew them in better days.
The practitioner realized the various offspring of disaster recovery – and good old DR itself – would not join together as a collaborative group with common values until each had achieved a clear and satisfying self-definition; only then could they reunite in harmony and achieve the kind of greatness that none could achieve on its own.
The practitioner realized it was up to him to define these members of the same family in a way that would make them proud to join together and celebrate.
He began to look at some of the failings and obstacles that had stymied his efforts. These included duplication of roles and efforts, faulty cross-communication, misinterpretation of objectives, failure to leverage available resources, and counterproductive mindsets, to name a few. The practitioner knew he couldn’t tackle all of these at once – the original family had grown into a sprawling, extended family, each with offshoots and issues of its own – so he began by identifying the heads of the three largest families, the three that would encompass all the rest and lead them to the long, overdue reunion. He envisioned these family heads as the three sides of a single pyramid. He called it the incident preparedness pyramid.
Once he had identified the family heads, he considered the notion of prioritization. He quickly realized each family head was of critical importance, and he didn’t want to risk a family squabble by privileging one over another with the probable result of forestalling the reunion once again. He continued to view them as the walls of a pyramid, each critical to the integrity of the whole.
Just as a pyramid must have a base, the practitioner recognized that his pyramid would need a foundation supporting the unity of its three sides. He knew the only foundation capable of fulfilling such a critical and strenuous role – that of keeping his family heads aligned in the long term – was effective and controlled communication. He assigned two fellow practitioners to represent business continuity (BC) and emergency management (EM), while he represented disaster recovery (DR). The three practitioners sat down together and agreed upon a clear, specific strategy for achieving the long-awaited family reunion. A synopsis of their strategy consisted of the following:
- Obtain a corporate sponsor to champion and support their objective
- Devise a meaningful name for the reunion
- Work with the head of each family to clearly define its role: its values, goals, and operating methods
- Identify the areas of the pyramid where one wall is joined to another and develop a mutually agreeable process for maintaining those linkages
- Help each family head to develop the capability to do its own job well, and the maturity to achieve unity with the other walls of the pyramid
- Invite other practitioners to the reunion and show them how to build pyramids of their own
Always remember, the family that trains and maintains together remains together
The three planners discussed the first step of their strategy and agreed upon what they would require to obtain corporate sponsorship and support. The BC planner would perform a risk assessment and business impact analysis to determine the incidents likely to have the biggest impacts upon business operations, and then quantify those impacts in terms of potential lost revenues, with black-and-white, dollars-and-cents estimates. The DR planner would qualify those impacts in terms of the technology components to which they corresponded, and then determine viable recovery strategies for each, along with their estimated costs. The EM planner would analyze the impacts in terms of their potential adverse effects upon human lives, company facilities and property, and the corporate image, and then determine strategies for mitigating and responding to those effects, along with their estimated costs.
Finally, each planner would estimate the cost of man hours required to develop, maintain, and test disaster recovery plans, business unit continuity plans, and emergency response plans, taking into account the time and costs of periodic exercises, necessary software tools, and any other supporting materials or services.
The planners would organize the above information into a concise three-part report, addressing the three sides of the incident preparedness pyramid, then schedule a meeting with the executive management team and present a slide show overview of the proposed reunion, with a copy of the report for each attendee. The report’s title page boasted the name of the reunion which the planners had developed as the second step of their strategy. They wanted the name to be meaningful, but also wanted a catchy acronym people would remember. They called it “The Incident Preparedness Team-Oriented Pyramid,” or TIPTOP.
The planners liked this name because “incident preparedness” accurately described the reunion’s overall objective, “team-oriented” described the manner in which they intended to achieve that objective, and the word “pyramid” would undoubtedly arouse curiosity and provide ample opportunities to introduce the three family heads and explain the critical role of each. The executive management team liked the name too, as well as the sensible strategy proposed and the persuasive data provided, and pledged their unanimous sponsorship and support to the reunion.
Having obtained executive support for the reunion, and a meaningful name, the planners focused on the third step of their strategy. They developed a set of common values, as follows:
- Viable BC/DR/EM plans for each critical business unit, IT platform, and company facility
- BC/DR/EM plans that are in harmony with one another
- A team-oriented approach to achieving BC/DR/EM objectives
- A method ensuring effective BC/DR/EM communication between business, IT, executive level, and external contacts
- The ability to regularly exercise and maintain all BC/DR/EM plans
- A company-wide awareness of BC/DR/EM plans, procedures, and key contacts
- Strong, well-defined leadership to direct and support BC/DR/EM efforts from day-to-day and during an incident
The BC/DR/EM goals would be driven and defined by the above values. The goals would be developed and achieved by functional teams with a schedule of specific tasks and deadlines. The method of achievement would consist of the BC/DR/EM planners guiding and assisting the functional business, technology, and emergency response teams to understand their roles and complete their assigned tasks according to schedule. The success of these efforts will depend largely upon the ongoing support of executive management, and the business and IT leaders they hold accountable.
Despite necessary linkages between all three family heads, the planners recognized that DR and BC might be likened to families who were next-door neighbors, whereas EM lived at more of a distance with only occasional visits. This was because technology specialists and business unit personnel already dealt with each other often, sometimes on a daily basis. Frequent communication between these two families was necessary to keep the business running smoothly. Likewise, due to the complex nature of information system dependencies, the DR and BC plans – and testing events – would need to be integrated to a far greater extent than either would require with EM plans or exercises.
Even though technology and business personnel already had methods of communication, the planners wanted to ensure all communication related to DR and BC was being handled effectively. The integrity of DR and BC plans depended on it. The ability to plan and perform effective recovery tests depended on it. A happy family reunion and a solid foundation for TIPTOP depended on it!
The DR and BC planners decided these two pyramid walls – disaster recovery and business continuity – currently stood by virtue of resting against each other. It was better than not standing at all, but there remained the danger of slippage. The walls needed to be mortared together, and the DR and BC planners would serve as the mortar.
Together, they would work to regulate the flow of information that would go to create and maintain plans, identify system changes affecting recoverability, plan and execute recovery tests, identify personnel changes and key contacts for technology and the business, and enhance teamwork and ensure that DR and BC plans were effectively integrated.
The EM planner would work with the DR and BC planners to regulate the flow of communication that would go to create and maintain emergency response plans, plan and conduct effective EM exercises, build awareness of EM procedures across the entire pyramid, and otherwise enhance teamwork and ensure that EM plans were effectively integrated with DR and BC plans.
With this three-way communication mechanism serving as mortar, and a common awareness of each other’s roles and responsibilities so that any of them could attend the other’s duties should the mortar on one side fall away, the planners felt confident their foundation of communication would support the pyramid for many years to come.
The next step consisted of ensuring completion of the detail-oriented work, the composition of the individual bricks of the pyramid walls, the substance of contingency planning.
For the DR planner, this included negotiating contracts or reciprocal agreements for recovery facilities and managing those relationships. It included working closely with technology personnel to identify critical system components and network connections. It involved leading planning meetings, helping develop recovery objectives, ensuring effective backup and recovery strategies, analyzing test results, and recognizing the efforts of participating resources. The planner would serve as liaison between recovery teams and corporate audit or external regulatory agencies, between technology and the business, between technicians and recovery vendors. Above all, the planner would work to ensure that DR continued to evolve and mature, always moving closer to the goal of total and proven recoverability for all critical systems, effectively aligned with BC and EM.
The BC planner would work closely with the business teams, helping them document their BC plans, develop test scripts, and identify critical interfaces or third-party dependencies in their business processes. The planner would help ensure provisions for alternate work area facilities equipped with office tools and supplies sufficient for them to do their work. Other duties would include leading planning meetings, helping develop business testing objectives, analyzing and verifying test results, and serving as liaison between the business and technology in the planning and execution of recovery tests. Above all, the BC planner would work to ensure BC plans were regularly maintained, tested, and augmented as business processes expanded or changed, always remaining effectively aligned with DR and EM.
The EM planner would develop and maintain EM plans containing clear procedures for building evacuation, offsite meeting locations, media relations, coordination of regional emergency response authorities, performing damage assessment, and the exercising of leadership. The planner would form emergency response teams, develop and implement emergency response awareness-building strategies and exercises, and work closely with DR and BC to ensure alignment between all three entities. With each planner focused upon helping the three families understand and perform their respective roles, they felt confident of achieving unity and advancing the maturity of TIPTOP.
The planners knew their pyramid would not be built in a day. They toiled on with patience and faith in their strategy, sometimes feeling as if their labors and the obstacles encountered were on a par with those experienced by the builders of the pyramids of old. Every ponderous stone hefted into place seemed to be followed by two more of even greater proportions. Still, they forged ahead like ants lugging many times their own weight until the day finally arrived when the contours of the pyramid stood out in sharp relief against the white noise of day-to-day operations.
The heads of the three families came together on that long-awaited day, personified by the DR, BC, and EM planners, knowing they were all of a piece with one another and with the extended families, and they all joined seamlessly together in a unified whole, to be known henceforth as The Incident Preparedness Team-Oriented Pyramid (TIPTOP).
The venerable parent, disaster recovery, could not have been more proud of its diverse, geographically dispersed, but now solidly integrated progeny. The effective flow of communication, the team-oriented mission to achieve common goals, training of personnel and exercising of plans to verify assumptions and preparedness, and ongoing support of an executive sponsor all combined to produce an organization optimally poised to respond to, recover from, and manage the effects of any incident that might threaten or impact its ability to do business.
Afterward, the planners were more than willing to present their recipe for a successful reunion to contingency-minded colleagues wherever they could be found. They presented their success story at conferences and symposia far and wide, and were always prepared for the inevitable comment that their story strongly resembled … a fairy tale.
To this observation they would readily accede, though not without stressing the caveat inherent in the final step of their strategy. Namely, that a fairy tale ending of “happily ever after” remains contingent upon continued training and maintenance.
In the absence of these, your pyramid is destined to become, like its ancient archetype, an obsolete monument to the prodigious labors and achievements of a bygone era. With these, however, it will surely stand as one of the living wonders of the modern world of corporate contingency planning.
Doug Sievers, CBCP, has been working in the continuity and recovery planning industry for more than 10 years. He has served on the boards of both ACP and BCPA, has published articles in the field of continuity, and is an occasional conference presenter. Sievers is currently a senior continuity analyst for Metris Companies in Minneapolis and an advisory member of BCPA.