Something was bound to happen eventually. Isn’t that what disaster planning all about; prepare for the unplanned events that can throw things in chaos? After years of never experiencing any sort of terrorist actions, today that changed in Ottawa, Canada. Terrorists, which is what they attackers are being called at the moment, shot and killed a RCMP officer guarding the Canadian War Memorial and stormed the Parliament building, where Members of Parliament were actually on site. On Monday – Oct 20/14 – a radical ran down two Canadian soldiers in uniform; one later dying in hospital. Continue reading
Arrgghhh!!! It’s one of those days! Status reports; we all hate doing them, or at least I’ve met enough people that dislike them it feels like everyone hates them. They have to be created and submitted an inopportune times and get in the way of the job we’re trying to accomplish. However, they are a key tool to communicate what you’re doing; the accomplishments (often overlooked), the current ‘lay-of-the-land’, the risks and issues and where you might be needed assistance from Sr. Mgmt to keep things on track. In BCM/DR it can become a big pain in the ol’…well, you know. This can be because BCM/DR often gets pushed to the backburner so why do a status report to detail activities on something no one really pays attention to anyway, right? Many of the status report being used by organizations are so completely out of touch with reality, they are mostly thought of as negative and nothing but a burden, especially for those that have to populate them week after week. Here’s just a small list of common complaints about status reports.
Well, it doesn’t see like I’ll be quiet about the Ebola virus anytime soon. If you’ve been paying attention to the news you’ll see that Spain has had a few cases and has recently had a nurse test positive for the disease and she was wearing protective clothing. So, is what we have in place good enough? Do the ‘people that know’ actually know how to stop and confine the disease from spreading if the care workers are still catching it? Continue reading
On Saturday, September 26, 2014 Mount Ontake – 200km west of Tokyo – suddenly erupted, spewing ash and rock over a wide area and killing nearly 50 people (at last count). What’s strange is that this volcanic eruption occurred with no warning – at least that’s what the specialists are saying at this stage. I’m not so sure that’s true.
It’s always been said that Japan has one of the best early warning / monitoring systems in the world due to its location on the Pacific Rim of Fire. If the best monitoring system in the world didn’t catch this, then is the best system even worth it? I mean, these systems are developed to help save lives and provide early warnings to evacuate people and ensure life safety. Yet, that didn’t happen so are the monitoring systems we have in place any good? Are they providing any help at all? Continue reading
So I’m listening to the radio in the car on the way home from work and not surprisingly there’s comments about the current Ebola crisis in West Africa – it is a major headline after all and serious matter. In fact, as I was listening this particular broadcast was talking about the fact that Ebola had made its way to Dallas, Texas from Liberia via a male visitor.
Now, what got me surprised was that commentators and experts were saying that people should be panicked or scared of Ebola (in the Western world anyway) and I agree with them. But then they went on to kind of criticize people for being scared; taking their kids out of school, buying masks and disinfectants. They were saying that people were over reacting and there was no need to do this sort of thing. Yet, when flu season in making the rounds – in schools, office buildings, subway systems and shopping malls – people are blamed for not taking the proper precautions to ensure they don’t catch the flu, getting sick and getting other sick (and taking a flu shot of course). So what’s the difference? Continue reading
What if there was only a single BCM/DR methodology that all organizations would follow? Would it be able to address the specific concerns of particular industries or generalize to the point where it adds no value? Would it be able to address all situations, all possible scenarios and all industries in all countries? How could any single methodology address every situation and every minute detail; taking into account language interpretation, definitions and culture? Could it be done?
If everything was the same and the same perspectives were leveraged it would make sense for what satisfies the needs of a manufacturer to use the same rationale that suits an insurance company. But that is impossible isn’t it? There are other concerns for a manufacturer has that an insurance company wouldn’t. That’s like saying what is good for one person is good for another. Well, we know that’s not correct because we are all individuals with our own wants, needs, desires…and dislikes. Continue reading
All organizations with a Business Continuity Management (BCM) or Disaster Recovery (DR) program always strive to have their Business Continuity Plans (BCP) / Disaster Recovery Plans (DRP) in a state they can use: in a state they believe will cover them in any and all situations. They want their plans to at least cover the basic minimum so that they can be responsive to any situation. But if an organization takes its program – and related plans – seriously, then these plans are never fully complete.
For a plan to be truly viable and robust, it must be able to address as many possible situations as possible while at the same time must have the flexible enough to adapt to any potential unknown situations. If it’s ‘carved in stone’ it makes a bit tough to adapt the plan to the situation (the situation won’t adapt to your plan).
This flexibility – and it’s maintenance (which keeps the plan alive) – includes incorporating lessons learned captured from news headlines and then incorporating the potential new activities or considerations that may not be in the current BCM / DRP plan. These plans aren’t quick fixes or static responses to disasters; they are ‘living and breathing’ documents that need new information to grow and become robust. This is why they should never be considered as complete; as the organization grows and changes – and the circumstances surrounding the organization changes – so to must the BCM and DRP plans.
It’s like trying to pin a cloud to the sky; it can’t be done. A BCP / DRP plan can’t stand still; it must be flexible, adaptable and continue to grow.
Risk profiles and risk triggers will continue to change as the organization develops and implements its strategic and tactical goals and objectives – the BCM program and plans must be able to follow along to assist in ensuring the organization can respond to a situation that might take them off their strategic path. A good plan or program is not a destination, it’s really a desired state of being where plans and processes are nurtured to grow and expand – it’s not a plateau you reach and then stop.
So if you want the best BCP / DRP plans to address as many situations and scenarios as possible when your organization is hit by a disaster, understand that to ensure they do just that, don’t ever consider the plans complete. Think of them as an entity that needs to grow and needs attention, otherwise when you need your plans, they won’t be able to help you because they’d reflect contingencies and strategies that represent the company when the plan was first developed – which could be years earlier.
© StoneRoad 2014
A.Alex Fullick has over 17 years experience working in Business Continuity and is the author of numerous books, including “Heads in the Sand” and “BIA: Building the Foundation for a Strong Business Continuity Program.”
A.Alex Fullick, MBCI, CBCP, CBRA, v3ITIL | Director, Stone Road Inc. | 1-416-830-4632 | email@example.com
“Failure isn’t about falling down, failure is staying down…” – Marillion