DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 31, Issue 1

Full Contents Now Available!

Wednesday, 24 July 2013 16:05

Business Continuity vs. Incident Command

Written by  Michael Ray

This will be an overview of the use of business continuity plans vs. an incident command structure with in a multi-platform company. During this session we will look at both the current role for business continuity plans as the building blocks, which helps develop a strong incident command structure. We need to start looking at the fact; the design of business continuity is a bit old school for the modern company, when the need for true response is now in the minutes and seconds instead hours. The ability to use a business continuity model becomes less effective. Although it does provide a foundation and a direction. We will look at how to develop an area of middle ground in which we are able to utilize the business continuity as a true foundation in a company and then develop functional Incident Response protocols that will be used with an active incident.

As an example let’s take Company X which is a service thousands/millions of clients. Our company founders, when they built the company, did not sit down and plan for every situation which might or might not happen during the company’s life. They did not plan for every DNS attack, DDoS attack, hardware failure, rolling black out, and accidental spill of coffee on the laptop, toilet overflow or loss of critical data. But they did invest in an insurance policy, which covers the company as a whole. The insurance policy is the company over shadowing business continuity plan. It is real wide look at the, what could possible happen and how to protect it. But the reality is in Company X we live in the moment and deal directly with the immediate unforeseen issues, which affect our customer base.

We deal with outage, which may only last for a few minutes but can effect our company reputation and bottom lines quickly. In the modern world where we exist with customers who demand a nano seconded response from us. A simple 10 minute outage can cost a company thousands to tens of thousands of dollars and days of negative comments across a multitude of social media sources.

It is in theses small 10 to 30 minute outages that the modern company needs to build a strong incident command structure. We need to be ready for a multitude of issues, which can arise. We need to look into the problem with a logical approach and tackle issues head on. The goal is get people to start looking at new solutions to old problems and prepare for active issues within the companies they work for.

Take Aways

This topic is not designed to start some conversations and get people to look at recovery in a new way. My goal is to share some insight and lessons learned from within my environment. I also would like to encourage partnerships within the group to start. If anything it will be entertaining and a chance for everyone to have a small peak behind the curtain of GoDaddy.

Michael RayMichael Ray is currently the business continuity analyst for GoDaddy, LLC. Prior to his experience with GoDaddy, LLC., he has more than 16 years in law enforcement where he applied logical processes to solve problems. Ray is trained in Incident Command and spent years working in real life crisis issues. He has a BS degree in Psychology and has been an active trainer for the past 20 years in a number  of work place topics. He is the father of two boys and one adopted daughter. He believes flip flops should be part of any corporate clothing option and lives by two life thoughts, 1) "Nothing Changes when Nothing Changes"? and 2) "Blessed are the peacemakers."? By my nature he is  an over achiever and always look for problems to solve.