INTERVIEWER: Tell me about your experience with identifying potential threats and creating proactive contingency and recovery plans for such threats as fire, security breach, computer failure, social media/public relations, natural disasters, pandemics and other like threats.
Posted: May 28, 2021 Filed under: Uncategorized | Tags: continuity planning Leave a commentERYN: The first professional contingency plan I assisted in developing protected a multi-billion dollar petroleum trade floor. LITERALLY! All of the technical components the traders depended on were running through under a 4,000 square feet floor which was falsely raised by 18 inches to create a gap for fibre. Market decisions are leveraged by proximity, so the pre-COVID philosophy was that there is tremendous benefit to having traders of the same product line within arm’s reach of each other (usually 3 feet) and on top of their computers in order to minimize the distance the trade has to travel. It was risky but it was lucrative.
The trade schedule was on a 24 hour global market cycle and every second of every day billions of dollars in trades flowed through those cables. Threats we planned for included limited access to the building (mitigated primarily by a hot site), semi-trucks breaching the boundaries of a nearby highway (mitigated by heavy duty glass) and rogue traders (mitigated by, among other strategies, requiring everyone to watch the Enron movie “The Smartest Guys in the Room”).
Through 13 years of professional business continuity experience, my client base has diversified. It has included financial, manufacturing, healthcare and insurance institutions. The values my clients hold have varied widely and the threats I’ve identified to those values are even broader. This has included everything from the Spanish Plague (from fleas introduced into warehouses from vendors) to ransomware (from the real Spanish — just kidding, of course it was Russia). No matter the value at risk, having a strong eye for threats and a proactive strategy for business resilience is the only way to be in business. There’s just no telling what the future holds.
The key to identifying potential threats is understanding the values being protected, risks that would impact those values and using empirically proven sources for risk monitoring. When the big picture of value creation is clear, it doesn’t matter how tightly you zoom in: the details will always remain clear. The process starts with identifying the businesses’ core values and then mapping out how they are delivered to the market. The Business Impact Analysis lines out individual components the business relies on to create value. Then dependencies are distilled down to their most pure form.
Only after the business is defined and value has been measured, should threats be identified in a well organized Risk Assessment. Any threat that doesn’t quantitatively track back to the business value can be automatically eliminated as nonviable. We’re not in the business of being prepared – we’re in the business of creating value for the business. While of course fire, security breaches and natural disasters will erode that value, we can’t have a safety plan and feel confident our assessment has been comprehensive. In contrast, balancing the planning strategy on business value may at face-value seem narrow-minded, but actually it’s an elite design with laser precision. The bottom line is literally the bottom line. While there’s never going to be a shortage of fears to keep you up at night (fire, security breach, computer failure, reputation loss, natural disasters, etc.) there are always probabilities that can be mitigated, risks that can be diversified and promises of value that can be fulfilled. Keeping an eye to the business accurately identifies potential threats and makes planning proactive. My planning strategy uses Business Impact Analyses and Risk Assessments that allow for those successes.
getcontinuity.wordpress.com 
You must be logged in to post a comment.