BCM & DR: Can Organizations be Resilient?

6 07 2014

There’s allot of talk of organization’s becoming resilient and how they need to be resilient if they are to compete successfully and respond accordingly to the ever increasing disasters of the world – both man-made and natural in causation. But that begs the question: Can organizations be resilient? In this practitioner’s opinion, yes, they can though it takes more than a single aspect to become resilient.

Many would have you believe that you can buy resiliency off a shelf; a service or product purchased from a firm touting that they can make your organization resilient, as though the procurement of a ‘product’ will make an organization resilient. Well, unless they are a pseudo-psychologist or have a background in leadership psychology, they can’t; at least not completely. Sure, it’s fine to say that Business Continuity Plans (BCP) and Technology Recovery Plans (TRP) et al will make an organization resilient but that’s just not the complete picture. It’s only part of the overall picture.

It’s just not a simple concept – though it would be great it if was. What will make an organization resilient? Is there some sort of magic ingredient that will suddenly ensure that an organization will bounce back from any adverse situation? Well, yes and no. It’s not one single ingredient, it’s multiple ingredients that when combined just so, will help any organization get through difficult situations.

The following sections outline some areas that must be considered as part of the overall resiliency plan if an organization is to become resilient. See which one’s fit within your organization and which items you might want to focus on to improve or instil a sense of resiliency.

1 – Previous Adverse Experiences
Resilient by definition means ‘bouncing back from adversity’ so no one can be resilient if there hasn’t been previous adverse situations that the person / organization hasn’t bounced back from. How is an organization resilient if it’s never had an adverse experience? How can you measure resiliency? What are you measuring against? What has it bounced back from to prove it became resilient? It can’t be because it’s wouldn’t have anything to bounce back from, so how could it ever know it was resilient? It can’t. Of course, some would say that because the organization didn’t suffer badly during a disaster, it was resilient. Well, maybe it really wasn’t a disaster or major crisis, just a well-timed and coordinated response; that doesn’t automatically equate to being resilient.

2 – Plans/Process
It would be ridiculous to suggest that BCPs and TRPs etc don’t help make an organization resilient; of course they do. These are what get opened up and followed (or used as a guide) when the ‘real’ situation occurs. Through consistent validation and testing, amendments are made and they become more and more robust over time; able to deal with a myriad of situations. If the plans are living, validated and leveraged, then the plans will help the organization become resilient. Not just from providing point by point activities but because the validation and the testing that goes on behind them helps instil a sense of accomplishment and progression to those who use them.

3 – Technology
You can set technology functions up in a way that keeps it going even when the power goes out; even when a primary server (or other component) goes down and data/communications are redirected. You can keep the ‘green lights’ on in many ways (too many for this small article). The technology component is the single most discussed area of resiliency, to the point where many organizations believe they are resilient simply if they have a strong technology recovery or IT disaster plan in place. Well, we know that IT is only part of the overall picture.

4 – Leadership
Leaders are usually leaders because they are resilient as a person, not because they have a high profile title behind their name. They have fought there way through the ranks, overcoming obstacles and thought their way through many complex challenges, all so they can be the leader – or a leader – of an organization; a reward for hard work and perseverance. A good leader will give back to the organization and help train others within the organization how to better focus energies and deal with adverse situations.

5 – Culture
Who creates the culture? Leaders, create it. If the aspects noted in #4 are true, then the corporate culture will eventually sway in that direction, even when those that oppose the leader find they have to deal with the new way of doing things or decide to leave for other pastures. We all know what flows downhill when theirs a problem, but if a good leader really is a good leader, then the good also flows downhill. This positive aspect will help

6 – People
People. People are the most important component of resiliency. Without resilient minded people, no organization will ever truly be resilient. Its people that bounce back from adversity and as the old English adage states, ‘Carry On.’ From the org’s leadership right down to the newest person walking through the door. They all must work together to support each other; from the top down to the bottom up. Everyone has something offer in an organization and everyone has a role to play when a disaster occurs.

When all these aspects are combined, then and only then, will an organization have the chance to become resilient. Then, an organization must encounter a situation that tests all these components and that’s when an organization can determine if it’s resilient or not. Once an organization has bounced back and can stand in front of its clients, customers, partners and the general public stating that it has weathered the storm with its reputation intact, that’s when it becomes resilient; not when it buys a product or service off a shelf.

© StoneRoad 2014 (A.Alex Fullick)





Business Continuity Management (BCM) / Disaster Recovery (DR) Document Templates Available for Small and Medium Businesses!!

3 07 2014

Not every business can spend thousands and thousands of dollars on expensive software packages to get their BCM / DR programs off the ground – or has the time to get software configured and ready for use.

Having experienced these challenges first hand, StoneRoad developed a cheaper alternative: we developed document templates for Business Impact Analysis (BIA), Business Continuity Plans (BCP) and more.

Visit the StoneRoad site and go to the Shop section to view the various templates available and get your program moving with a low cost alternative to expensive software! Each template provides instructions on what information is needed so that you can build your program with less fuss – and with more results!

Here’s just a sample of our document offerings:

1) Test Scope Charter Document (Word Document)
2) Business Impact Analysis (BIA) (Excel Worksheets)
3) Operating Unit Business Continuity Plan (BCP) Template (Word Document)
4) Emergency Employee Logistics & Pandemic Plan (Word Document)
5) Test Executive Summary (Word Document)

…and more. We’re adding new templates all the time to help you. We even have BCM & DR books and ebooks available.

So download what you need and get started!

Happy planning!

Regards,
The StoneRoad Team

“Reduce Suffering Through Disaster Planning”

© 2014, Stone Road Inc.





BCM & DR Books to Help Build Your Program by A.Alex Fullick, MBCI, CBCP, CBRA, v3ITIL

3 07 2014

The message about disasters, disaster planning and business continuity is slowly spreading throughout the globe, as we see more and more organizations beginning to realize the value of preparedness and response activities to protect their operations and instil confidence in those they do business with.

Here at StoneRoad, we’ve seen a spike in people asking us questions and seeking advice on Business Continuity Management (BCM) / Disaster Recovery Programs – and we couldn’t be happier.

So we’d like to remind you that there are some great books by our founder, Alex Fullick, that can help provide great insight into how a good program operates – and how it shouldn’t. The books noted below are available on Amazon.com and at our own shop over at www.stone-road.com.

1) Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility

2) Business Impact Analysis (BIA): Building the Foundation for a Strong Business Continuity Program

3) Made Again – Volume 1: Practical Advice for Business Continuity Programs

4) Made Again – Volume 2: Practical Advice for Business Continuity Programs

Keep an eye out for the next book by A.Alex Fullick; “Testing Disaster and Business Continuity Plans” expected to launch in the fall of 2014.

Until then, happy planning!!

Regards,
The StoneRoad Team

© 2014, Stone Road Inc.





BCM / DR: eBooks Now Available by A. Alex Fullick (Stone Road Inc)

21 06 2014

We’ve been a bunch of busy beavers here at StoneRoad. We’re very happy to announce that two books by our founder A.Alex Fullick, ‘Heads in the Sand’ and ‘Business Impact Analysis’ are now exclusively available as ebooks at the StoneRoad shop.

Get your copies now using the links below:

Heads in the Sand
OR

https://stone-road.netfirms.com/cart/index.php?main_page=document_product_info&cPath=3&products_id=201&zenid=3d712e28f2680972874f7e4a8d473940

Business Impact Analysis
OR

https://stone-road.netfirms.com/cart/index.php?main_page=document_product_info&cPath=3&products_id=202&zenid=3d712e28f2680972874f7e4a8d473940

‘Like’ Join us on Facebook too at Stone Road Inc.

The StoneRoad Team.
(C) Stone Road Inc, 2014





BCM / DR: How Does an Organization Become Resilient?

21 06 2014

There’s allot of talk of organization’s becoming resilient and how they need to be resilient if they are to compete successfully and respond accordingly to the ever increasing disasters of the world – both man-made and natural in causation. But that begs the question: Can organizations be resilient? In this practitioner’s opinion, yes, they can though it takes more than a single aspect to become resilient.

Many would have you believe that you can buy resiliency off a shelf; a service or product purchased from a firm touting that they can make your organization resilient, as though the procurement of a ‘product’ will make an organization resilient. Well, unless they are a pseudo-psychologist or have a background in leadership psychology, they can’t; at least not completely. Sure, it’s fine to say that Business Continuity Plans (BCP) and Technology Recovery Plans (TRP) et al will make an organization resilient but that’s just not the complete picture. It’s only part of the overall picture of what will make an organization resilient.

It’s just not a simple concept – though it would be great it if was. What will make an organization resilient? Is there some sort of magic ingredient that will suddenly ensure that an organization will bounce back from any adverse situation? Well, yes and no. It’s not one single ingredient, it’s multiple ingredients that when combined just so, will help any organization get through difficult situations.

The following sections outline some areas that must be considered as part of the overall resiliency plan if an organization is to become resilient. See which one’s fit within your organization and which items you might want to focus on to improve or instil a sense of resiliency.

1 – Previous Adverse Experiences
Resilient by definition means ‘bouncing back from adversity’ so no one can be resilient if there hasn’t been previous adverse situations that the person / organization hasn’t bounced back from. How is an organization resilient if it’s never had an adverse experience? How can you measure resiliency? What are you measuring against? What has it bounced back from to prove it became resilient? It can’t be because it’s wouldn’t have anything to bounce back from, so how could it ever know it was resilient? It can’t. Of course, some would say that because the organization didn’t suffer badly during a disaster, it was resilient. Well, maybe it really wasn’t a disaster or major crisis, just a well-timed and coordinated response; that doesn’t automatically equate to being resilient.

2 – Plans/Process
It would be ridiculous to suggest that BCPs and TRPs etc don’t help make an organization resilient; of course they do. These are what get opened up and followed (or used as a guide) when the ‘real’ situation occurs. Through consistent validation and testing, amendments are made and they become more and more robust over time; able to deal with a myriad of situations. If the plans are living, validated and leveraged, then the plans will help the organization become resilient. Not just from providing point by point activities but because the validation and the testing that goes on behind them helps instil a sense of accomplishment and progression to those who use them.

3 – Technology
You can set technology functions up in a way that keeps it going even when the power goes out; even when a primary server (or other component) goes down and data/communications are redirected. You can keep the ‘green lights’ on in many ways (too many for this small article). The technology component is the single most discussed area of resiliency, to the point where many organizations believe they are resilient simply if they have a strong technology recovery or IT disaster plan in place. Well, we know that IT is only part of the overall picture.

4 – Leadership
Leaders are usually leaders because they are resilient as a person, not because they have a high profile title behind their name. They have fought there way through the ranks, overcoming obstacles and thought their way through many complex challenges, all so they can be the leader – or a leader – of an organization; a reward for hard work and perseverance. A good leader will give back to the organization and help train others within the organization how to better focus energies and deal with adverse situations.

5 – Culture
Who creates the culture? Leaders, create it. If the aspects noted in #4 are true, then the corporate culture will eventually sway in that direction, even when those that oppose the leader find they have to deal with the new way of doing things or decide to leave for other pastures. We all know what flows downhill when theirs a problem, but if a good leader really is a good leader, then the good also flows downhill. This positive aspect will help

6 – People
People. People are the most important component of resiliency. Without resilient minded people, no organization will ever truly be resilient. Its people that bounce back from adversity and as the old English adage states, ‘Carry On.’ From the org’s leadership right down to the newest person walking through the door. They all must work together to support each other; from the top down to the bottom up. Everyone has something offer in an organization and everyone has a role to play when a disaster occurs.

When all these aspects are combined, then and only then, will an organization have the chance to become resilient. Then, an organization must encounter a situation that tests all these components and that’s when an organization can determine if it’s resilient or not. Once an organization has bounced back and can stand in front of its clients, customers, partners and the general public stating that it has weathered the storm with its reputation intact, that’s when it becomes resilient; not when it buys a product or service off a shelf.

© StoneRoad 2014
A.Alex Fullick has over 18 years experience working in Business Continuity and is the author of numerous books, including “Heads in the Sand” and “BIA: Building the Foundation for a Strong Business Continuity Program.”





10 Tips to Remember When You Don’t Have a Disaster Plan…and Disaster Strikes!

8 06 2014

(c) Stone Road Inc. 2014 (A.Alex Fullick)

When disaster strikes, keep calm and march on!! Sometimes it’s not always that easy and in a real situation you really do need to carry on; if you don’t, you’re done! Over! Caput! Even with the numerous disasters occurring in the world – some man-made some natural in nature – there are still many organizations that would rather take their chances with fate than invest in a Disaster Response / Emergency Response / Business Continuity Management program. When disaster does strike, these organizations are left empty handed. With no plans or processes in place to respond to the situation they must ‘wing it’ if they’re to continue staying in business – or attempt to stay in business.
So what should organizations consider and focus on if they are caught in a serious situation and they don’t have a BCM/DR program in place? What do they need to do to try to get some level of coordination in response, restoration, recovery and resumption efforts? Below are some tips for how leaders need to view the predicament they find themselves in; a disaster/crisis with no BCM/DR program or plan in place.

1. Don’t Throw in the Towel – Don’t give up! You’ve got to do something even if you don’t have a proven plan in place, so keep going and do what you feel is right. Under no circumstances should you give up, as you really don’t have an alternative unless you really want your organization to fail. As the saying goes, ‘Keep calm and carry on!’

2. Figure it Out Quickly – Don’t waste time debating and getting everyone’s input on what to do. Figure out what your main objectives are then take it from there. The longer you take the less likely you are to remain in business much longer. And even if you do get up and running, because you took so long to do anything, confidence in your organization will vanish.

3. Focus on People – Make people your priority. A little bit of care and compassion can go along way in public and media perceptions and if you make people priority #1, you’ll be forgiven a bit more for not having a plan or program in place.

4. Reconfigure – Time will be of the essence, so don’t bother trying to get things like-for-like; it won’t happen. You have no plan, which may also mean no alternate site, so get what you can and start rebuilding. It may mean patch-working systems and services together and getting people to do activities they don’t normally do but do it anyway to get your operations up and running. You’ve got a clean slate in front of you, so feel free to reconfigure what you need to make things work. A small beat-up car will get you to “location A” just as well as a luxury car, so if you need to reconfigure…do it.

5. Get Rid of Expectations and Assumptions – Don’t bother asking questions and wondering about assumptions; you need to action things immediately and start doing something. If you’ve had a disaster and have no plan in place, then there are no rules, guidelines, directives or assumptions to work around; no boundaries to hold you back. So everything is possible to you and you’ve got to start trying to get your organization back up and running with technology recovery, business continuity and crisis management so that you can begin to service your clients with the services and products you provide. With assumptions, you may be thinking that everything you need is easily available – including people. However, this might not be the case so throw your assumptions out the window because the only assumption that gets proven correct in a disaster is that all your assumptions are wrong.

6. Emotion Over Intellectual Response – If you want to stay in the good graces of people, then speak to them emotionally, not like an automaton full of intellectual platitudes. If you don’t have a plan in place, you’re biggest fight will be with through how you respond to the disaster as perceived by onlookers not how two IT servers are connected to the internet. Speak with an emotional approach and you may find that people will approach you offering help, assistance and with compassionate sympathy.

7. Don’t Blame – Don’t play the blame game right away. You’re in a disaster and the public, employees, partners and the media what to see you dong something and managing the situation; blaming others is seen as a smoke screen in an effort to deflect questions and criticism. But the opposite occurs so don’t bother playing a game you can’t win. When the dust has settled and you’ve performed investigations into the cause, then you might be in a position to start blaming but it shouldn’t be your priority.

8. Request Help – It’s not time to be proud. If you need assistance to get resources then ask for it. Don’t be shy, as trying to hide the fact you need assistance can cause even more problems. Many organizations are willing to help competitors and partners when they have a disaster but many are too afraid to ask for help because asking for assistance is seen as a weakness when in fact, not asking for assistance is a sign of proud arrogance. If you need help, ask and don’t shy away from stating the issues you have, as it a response or helping hand may appear to help resolve some of the problems you’re facing.

9. People Are Resilient – People do not wantonly wish to fail; they want to succeed and responding to a disaster by their employer is going to make them want to work hard and overcome the situation. Their livelihood is at stake and they aren’t about to let that disappear without fighting for it. Many want to be part of restoration and recovery efforts, as it takes them away from the trauma of what has occurred and helps them focus on areas with which they have more control and knowledge – rebuilding servers, loading applications, testing etc. Your organization isn’t the first to experience and disaster and won’t be the last and in the majority of cases, people overcame adversity by sheer hard work and will power – and never giving up. Let the employees do what they know needs doing instead of trying to make it up on the spot, they are aware of what they need to do, as they do it each day – it’s why you employ them.

10. Listen – Listen to those around you – especially those Subject Matter Experts (SME) and End Users that can offer all sorts of advice on how to get something working again. Often, experts are leveraged from external sources and all too often, they are doing things with their own gain in mind, so don’t throw away suggestions from others, as they may have ideas that can be of assistance and those ideas may work better than some other specialists because they often are thinking outside the box. They are also thinking or ensuring they get their jobs back and their employer operational; a different perspective than some vendors and partners who are more worried about the impact upon their bottom line rather than yours.

11. (BONUS) Document Everything: When the disaster is over – or when you’ve got time to start – begin to document everything you’ve done. Every action item and resolution. Every decision. Every communication – the good and the bad. Every participating role required and what they did – and didn’t need to do. Every action asked and required of partners, vendors and suppliers. Every aspect required to assist employees. This will help start you formal BCM/DR program and begin to pull ideas together for plans because as sure as the sun will rise tomorrow, you’ll be building your program immediately. In fact, it’ll probably be the #1 priority of executives and management, assuming you’re organization was able to get through the situation and come out the other side – though probably battered and bruised.

No matter what happens, you have to be doing something. The situation won’t resolve itself by wondering what to do or wondering what ‘might have been’ had you a BCM/DR plan.
When it seems you’re down, get back up and keep playing on – you’re only beaten if you give up, not if the issue continues. It’s said that Edison failed at inventing the light bulb dozens of times but did he give up, no, he played on. Abraham Lincoln give up, despite losing a couple of elections and became President of the United States.

© StoneRoad 2014
By A.Alex Fullick, MBCI, CBCP, CBRA, v3ITIL, author of multiple books on BCM including “BIA: Building the Foundation for a Strong Business Continuity Program” and “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility.”





Crisis Communications: 11 Ways to Recognize that it May Not Be Working

25 05 2014

All BCM program components must be validated prior to any disaster ever occurring; the more validation performed, meaning the more tests with varying situations and scenarios are performed, the better the overall Crisis Management plan and strategy will achieve. The problem is that all too often an organization will draft a crisis management strategy (contained within the crisis management plan) and believe that it will work as documented. This isn’t always the case and in too many instances, it can prove to be detrimental to an organization when it’s experiencing a major business interruption – regardless of the trigger.
There are many indicators to show an organization that what it’s doing isn’t working and that the strategy they are currently working with needs an immediate change.
Disasters and crises can present many challenges for organization and an organization should no compound their own problems by not being alert to early signals that they might be heading down the wrong road.
Below are just a few of those early warning signs that can help an organization amend its crisis communication strategy (the plan) to ensure it doesn’t end up losing control of the overall situation.

1. Negative Social Media Traffic: You’re communicating all sorts of information but no matter what you do messages being posted on the various social media sites are negative towards you and your efforts. The cause could be that the messages you’re sending out aren’t addressing the concerns of those impacted or those that require information. Instead the messages are ‘self-serving’ and thus causing friction with the public, which results in negative comments being posted. Negative traffic can also be caused by the organization itself; it’s not all external. If an organization has schedule postings or updates about the latest product or service, it doesn’t hold well when these keep coming out during a disaster.

2. The Speaker is confused: Nothing is worse than having the ‘face’ face of the organization (that is experiencing the disaster) seem confused and not knowledgeable of what is going on; what the overall disaster situation is or what the organizations plans are in responding to the disaster. Any speaker should know what is occurring and be able to speak to the situation at hand and what the organization is doing; if they can’t, they will make the organization seem unprepared to respond and being in total confusion.

3. Rumours Abound: If you are addressing the situation and providing accurate information but rumours are still being spread, then the organization isn’t addressing the concerns of those needing information. Like #1, people will begin to determine their own conclusions based on little bits of information they come across and then post those conclusions to social media sites or through emails to others. When this occurs, ensure you address the rumours so that they can be dispelled immediately; not addressing rumours will mean they continue, which will harm your crisis management efforts even if you are doing the best you can.

4. Staff Rebellion: When staff begins to moan and groan, it probably means they’re not receiving information they require. Often, organizations focus so much on ensuring that others receiving information and they assume that employees know what they need to do or know where they need to go to get it; this isn’t always the case. You must include employee communications – and continued updates – in your crisis management strategy.

5. Media Questions & Responses: If the media are asking the same question over and over, or leading you back to the same question it means that a key point hasn’t been addressed. It may be something you don’t want to address or don’t know completely, and if so, you better be aware that the media won’t let go of the topic until they feel that it’s been addressed. If you don’t know, then state you don’t know and will update them when it’s possible to do so but ignoring it or simply ‘skirting’ around the topic will only cause them to continue to press for information, which in the end will look like you’re hiding something. And when that occurs, some organizations become antagonistic and begin to debate – to put it politely – with social media posters and traditional media representatives. Don’t get into a debate with them about what has or hasn’t occurred; you’re just being sidetracked by fictitious situations and scenarios being presented by people who have not received the basic information the organization needs to communicate.

6. Clear Lack of Awareness & Training: Nothing says a person don’t know what they’re talking about when they are full of “um’s” and “uh’s”. It shows that there is clearly no proper training in speaking in front of people or that a basic understanding of what the organization will do is severely lacking. It’s as though the person standing in front of the camera’s making it up as they are going or that their responses on social media sites are just basic run-of-the-mill responses; the kind you can relate to sports figures that rattle off basic one-liners after a game (i.e. it was a tough game, I thought the team did well, we played hard…etc). If anyone sounds like that, they know there is no real awareness or training on what needs to be done because during a disaster people are looking for specifics, not boiler plate responses. When there is a lack of training and overall response awareness by company spokespeople, messages can be contradictory because they are speaking ‘off the cuff’ or making it up based on what they ‘think’ is occurring behind the scenes rather than what is occurring. This is why training and awareness must be tailored for all areas of an organization; from the most senior position to the newest employee. Each must have a reasonable understanding of expectations and what role – if any – they will plan. Awareness isn’t just about the response activities but also awareness of what actually happened. People will send messages on social media based on what they know and if you’re organization isn’t aware of what happened, you won’t be perceived as really understanding the situation.

7. Lawyer Speak: There is a time and place for lawyers and lawyer speak but it’s not at the outset of a disaster when people need to know what has happened, what they need to do and if they are going to be impacted by the situation (if they haven’t been already). Lawyers don’t want leaders of organizations to take responsibility for the disaster but they have to take responsibility because they need to respond to it. Taking responsibility does NOT equate to accepting blame, which is what many legal representatives tell leaders. The time for legal speak comes when the dust has begun to settle and a clearer view of the situation comes to light; not at the outset when the main concern is people safety and getting operations back to an operating level. When legal representatives do all the talking for an organization, it sends the wrong message to the public, which are expecting the leader(s) of the organization to do all the talking and direction; to be the human face of the organization. Leaders are leaders during good times and must also be leaders during bad times, or else it shows that the organization has no plan in place and lacks clear leadership, which may not be the case…but will be the perception. It’s commonly joked by many individuals – the public in general – that lawyers and politicians can speak for ages but never say anything, so don’t let lawyers do the talking for you, even though they will play a key role in the crisis at later stages.

8. Communication & Decision Delays: If the chain of command is too long and the delay in obtaining decisions takes allot of time; then you can imagine the silence that would be coming from the organization when the demand for information by the media and public is increasing. If the decision process is taking too long then there is too much discussion occurring in the “Crisis Management” team and not enough action. This could be that the restoration/recovery/resumption/continuity plans are not sufficient enough to deal with the situation or possibly that required plans don’t exist. If they don’t, then that would cause the delay for decisions and in communications. Too much time at the boardroom table trying to figure out an action plan means no one is communicating outward to those needing information and that absence shows the media (and public) that there is no action plan in place. This is what causes rumour and conjecture to take hold and then cause a PR disaster for the organization. Not only are you fighting the disaster itself, you’re fighting public perception.

9. Leadership Visibility: During the Lac Megantic rail disaster in Quebec, Canada (July 6, 2013), the President of the rail line (Montreal, Maine and Atlantic Railway) waited days before appearing in the devastated town, believing that his presence was best spent at his corporate headquarters coordinating efforts. He wasn’t visible to those impacted or anyone else requiring information; the railway was ‘faceless’ and only press releases and comments released through the media were seen by people, which gave the message that the railway was hiding and wasn’t addressing the situation at hand; a situation that literally levelled the centre of the small town. This was not seen as acceptable especially when there are examples of leaders being on scene and taking control of bad situations such as the then New York mayor, Rudy Giuliani, who was coordinating efforts almost immediately after the 9/11 attacks.

10. Focusing on Blame: Continuing from #7, everyone will want to know the cause of the disaster and who’s at fault…but not immediately. Despite perceptions, an organizations first priority to ensure people safety; finding the blame can come later once the first priority has been taken care of. Unfortunately, some organizations would rather try to deflect criticism first and find the blame rather than addressing the key point of life safety. Even if 1st responders are available and internally employees were there to help any injured parties, if the communication coming out of the organization is about blame then the fact that the organization did help those impacted first, will get lost. There is a time for blame – and that’s when the time for investigating the cause has begun, not when the disaster first begins. Organizational resources will be focuses on people and then obtaining some level of operational capability and when that occurs, and then the cause can be looked at. Of course, if a major hurricane occurs then the cause of the disaster should be obvious but then the questions about why you weren’t prepared will surface.

11. Appear to be Uncaring: You can communicate all you wish and if you’re perceived to be uncaring then no amount of communications is going to change that. In a majority of situations, an organization tries to make itself the victim but in all cases, it’s the people impacted (or hurt) by the disaster that is the victim – not the organization. An organization is rarely seen as the victim, though the people within it can be perceived as victims. A crisis management plan addresses the situation at hand but must also address and focus on the impact the disaster on people; the real victims of the situation. If an organization doesn’t seem to come across as caring in its communications then it can be seen as a pariah within the community, rather than a member of the community and no amount of back-tracking is going to change that perception any time soon. Your crisis management plan – regardless of how extensive and comprehensive it is – won’t ever be perceived as successful because the external view of the organization is negative.

If any of the above noted aspects occur, you’re on your way to more problems as each item is an indication that your current crisis management strategy isn’t working and you need to ‘change gears’ quickly to get things back on track. Remember, this isn’t the restoration, recovery or resumption activities, this is how the organization manages the crisis (disaster) and if that isn’t working well, it makes no difference how successful your restoration and recovery activities are, people will still see your organization in a negative light.

© StoneRoad 2014
A.Alex Fullick has over 17 years experience working in Business Continuity and is the author of numerous books, including “Heads in the Sand” and “BIA: Building the Foundation for a Strong Business Continuity Program.”








Follow

Get every new post delivered to your Inbox.