Continuity management has long been tied to disaster planning and crisis response as fundamental to emergency planning but the reality is: If you’re just practicing business continuity to survive you’re never going to get much out of it.
The key to effective value creation from continuity management is a strategy that builds on how the day-to-day business is designed to create value. Today’s global market puts us all in crisis. Corporate directors are in jail. Cyber terrorists can easily hide across borders around world yet still access information kept locked away. States and countries declare bankruptcy. Instability is everywhere.
Businesses are so interdependent on one another that supply chain and technology are complex grey zones of value and accountability. The bottom line is the business needs to create value to survive. Maybe value means money, maybe it’s customer satisfaction or maybe it’s serving its nonprofit goal. Regardless, the creation of that value must be the crux of your resilience plans.
One of the most common misconceptions of business continuity planning is that it starts with a disaster and in a lucky world no one would need a plan. Luck favors the prepared. A business with a healthy continuity management program doesn’t just survive crisis; it thrives daily. The reality of the business world is that every day is more complex and risk loaded. In order to work toward corporate maturity and institutionalization of the systems that create value you have to structure and live your plan.
Think again! So many companies these days think it’s a good idea to let technology get behind the wheel of business or business recovery. This is not going to move you forward. Business is about people and systems. If you happen to have a computer to help with one of those systems, fine, but don’t let that computer boss you around and don’t EVER start thinking that computer cares about you or your company. It doesn’t and it never will.
Likewise, there’s a strong trend to push business decisions on to the people who care for the computer. They are fantastic people and they help you get what you need. You may even get to feeling like they are indispensable because they are always saying things like, “We are working on that now”. Or they make your iPad work after you screamed at it and threatened to throw it out the window. Your tech team may be working miracles but they still can not run your business. Put them back in their car seat and get back to driving!
Consider a complex manufacturing and logistics organisation, based at the North Pole, traditionally very busy around the 25th December. As you might imagine, planning for this event takes all year – no sooner has Santa Claus sat down on Boxing Day then he’’s called to deal with all sorts of unplanned events that require attention.
This year, it started early. Santa was putting the sleigh in the garage when he was accosted by Mrs Claus.
““What are these reports on the radio about you kissing somebody’’s Mommy?”” she demanded.
““W, w, what? Who?”” Santa stammered.
Santa was able to explain that there must have been a case of mistaken identity. Santa’’s image had taken a battering at the hands of an imposter. He was straight onto his Incident Management Team and, following a quick injunction and a public apology, his reputation was restored. He couldn’’t afford for his customers to think he was in anyway naughty.
February brought ice storms to the North Pole.
““Sir, it’’s too cold for the employees to work,”” his Elf and Safety Manager told him, “”I have instructed the elves to down tools.””
Santa sighed and reached for the Yellow Pages, “”Hello, heat engineers? It’s just possible you could save my elves…”.”
Despite the interruption, with a bit of overtime, the Elves were soon back on schedule.
Things carried on uninterrupted until spring saw flocks of birds returning from their winter habitats. Concern rose amongst Santa’’s employees that the wild birds may bring the H5N1 avian flu virus with them, giving rise to concerns about an epidemic. Santa consulted the WHO website for the latest advice.
““There’’s currently little risk for us, the birds are returning from countries where there has been no recorded H5N1 outbreaks, but to be sure, I’’ll employ a couple of special wardens specifically to keep an eye on the well-being of the birds”” he told his elves, hoping that he wouldn’’t have to employ more wardens when the wild reindeer herds returned. He’’d read that the Blue Tongue virus was spreading north and already had problems with one of his sleigh crew having a red nose….
The summer holidays always presented Santa with problems, bored children with too much time on their hands were always on the lookout to cause mischief. This year Santa’’s IT partners informed him one morning that his “Naughty or Nice” database had been hacked! The status of all the children had been changed and there was no way they could sort it out.
Fortunately Santa is pretty tech-savvy. He didn’’t panic and instructed his IT department to delete the data and restore from the back up. As extra insurance, he asked for a full virus check to be undertaken, arranged for the firewall firmware to be updated and instructed all the elves to change their passwords.
There were no further problems to distract Santa. Come the 24th, the Elves loaded up the sleigh and the reindeer team was harnessed. Santa clambered up into the driving seat, picked up the reins with one hand and turned the sleigh’s ignition with the other. There was a short croak and then nothing. He turned the key again, with the same result. Santa realised that when he had been managing his reputation issues last year, he’’d forgotten to turn the sleigh headlights off. The battery had gone flat.
Fortunately, on Mrs Claus’ insistence, the date was the 24th of November and Santa and Elves were running an exercise. Sure, Santa hated having to squeeze into his suit before his annual diet had worked off all the previous year’s mince pies, the Elves got cranky at having to load and unload the sleigh and the reindeer team disliked being taken from their warm stables, but Mrs Claus had seen the benefits of exercising ahead of “the “big off””. The battery was rigged up to the charger and, come the big day, all the good children received the right presents thanks to Santa’’s business continuity arrangements….
Just a bit of fun! Special thanks to Richard Jones!
Here’s a good assessment of 9 ways to Recognize a good BCPlan. Enjoy
There are all sorts of templates and thoughts on how the various Business Continuity Management (BCM) program components should look – the “plans.” Every organization has its own self-styled plan; every consulting agency has its own look and feel and every available free online template looks different from the next. So how can you recognize a good plan from a really bad and confusing plan?
The following 10 considerations will help you determine if you’ve got a good plan or a not-so-good plan
- Action Oriented: If people are expected to follow and execute plan activities, it must be action oriented. A document full of theory and suggestions won’t be of any help and will quickly be used to stop a desk from wobbling – or used to capture excess dust that may collect on a shelf. As a rule of thumb, I tend to look for the first action step/item/activity within the first 5 pages after…
View original post 1,247 more words
Sitting in a top level Management of Information Systems conference this morning with over 60 CIOs from local corporations the panel discussion started and ran on BYOD for over 90 minutes. This is a hot topic and ambivalence, though not overt, is a clear theme. Though corporations see benefits from decreasing overhead and IT inventory to employee satisfaction the risk possibilities around data security are unrealized.
Issues that arose included:
– separation of hardware from software systems
– new data and cyber policies
– data security systems and controls like management and wiping capabilities
– distinguishing or categorizing personal vs corporate data
– policy enforcement
– user safety during equipment use
– privacy concerns for employees
– device support
It will be interesting to see how this opportunity develops and what evolutions arise to support it’s progress. What are you seeing in your organizations?
I just finished an excellent book on driving change in business: Neil Smith’s “How Excellent Companies Avoid Dumb Things”
Here’s the 12 principles that cut through the barriers:
- The CEO must personally lead and support and change process carried out across the entire organization and a majority of senior management must also support it.
- The entire organization must be engaged in the change process.
- The project must be guided by “stars” who are willing to change the status quo.
- There must be no up-front targets for the company as a whole or the individual departments within it.
- Those who will implement the idea must own the idea.
- It must be easy to put ideas into the change process but hard to remove them.
- Consideration of ideas must be based on facts and analysis, not opinion.
- Consensus must be built.
- There must be a focus on increasing revenue, not just reducing expenses.
- The change process must not disrupt normal business.
- Implementation must be nothing less than 100 percent.
- The change process must be about culture change, not just a completed project.
Smith is right, constructive change that you want to see in your business is going to begin at the top and must be measured and deliberate. Don’t mistake success for luck. It’s not going to come easy!
Many executives ask themselves: “I know the basics about critical processes and mission-critical systems but what can I do to really make a difference in our ability to consistently exceed our customer’s expectations?”
One way is to focus on increasing your business value and to sustain that value regardless of expected or unexpected circumstances. Below are 10 planning actions that you can take to support your mission critical value proposition.
10. Don’t be satisfied with a computer backup plan. When your clients ask what’s the #1 reason they should use your company, do you say it’s your technology? Probably not. Why are you relying on technology to save you in a disaster?
9. Ask questions. What are your employees doing in their personal lives for emergency readiness? What are their concerns? How can you help them?
8. Talk about operational risk and continuity management in business strategy meetings. Talking is the first step to integrating it into the corporate culture.
7. Don’t count on vendors to pick up your slack in an emergency. If it’s not written into your contract don’t put it in your plan. Even then, always have a backup plan.
6. Know when to say there’s a problem. Chances are you’re not going to be the one to first notice something is wrong. If you are ignoring business deficiencies, others are too.
5. Know your emergency response plan. Every natural hazard has a professional group that monitors it and knows how to respond. The response plans are usually free online. Get a good plan for the basic natural disasters in your area. Keep it simple and your bases covered.
4. Don’t focus on the fear. It’s easy to look at the unlimited disaster scenarios and get overwhelmed. Instead look at what’s really important – a strong business plan.
3. Make a list of what is really important to your business. Keep it short – not more than ten points (tops!). Share it with everyone – your boss, your employees, your clients, your partners.
2. Build relationships with three key responders. This could be your local police department or a critical vendor. The point is being on a first name basis with the person who has the answers you’re going to need during your emergency.
1. Create a solid employee communications plan and test it quarterly or more often. People are your greatest asset; know how to connect with them. Set standards and make them clear.
Still unsure or need help developing a road map to make your path simple? We’re here for you. Call now for a free consultation. 888-297-PLAN