Japanese Nuclear Power Plan Report Released (July 2012)

8 07 2012

A week ago I’d heard the Fukushima report was coming out and that there were a bunch of conclusions and recommendations being prepared, so I set to writing an article for posting thinking I could add my thoughts as well.  Then I read the report and found that it said everything better than I could.  So, here’s a link to the report The Fukushima Nuclear Accident Independent Investigation Commission  and what the commission recommends and determined was the cause of the disaster.

One thing that I found very interesting is the fact that corporate culture attributed to the disaster – in fact, is listed as a cause of the disasters – and that the very nature of the disaster was communication; from well before the disaster to after it had occurred.  What was also fascinating was that the disaster itself was not the caused by the tsunami, which would be a normal thought but rather the cause of the power plan disaster was man-made.  The tsunami was just the catalyst to trigger all the problems that existed.

I’ve always said – in previous posts – that communications would be the glue that either holds it all together or assists with it all falling apart.  Seems I’ve been validated (and I know I’m not the only person who thinks that).

One thing that I hadn’t expected in the report was the mention of how government and agencies change the names of organizations that experienced or participated in the disasters to show that they’re taking things seriously.   But, they don’t change any of the processes and procedures within these organizations; the processes and procedures that didn’t work the first time.  You can throw paint on a decrepit old car but that won’t make it run any better and that’s what the report basically says.  There is fear that nothing will change; let’s hope it does.

Enjoy the report: I did.

(c) StoneRoad


 “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and “Made Again Volume 1 – Practical Advice for Business Continuity Programs”

by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3

Available at www.stone-road.com, www.amazon.com & www.volumesdirect.com


Europeans Able to Check Hazardous Production Sites

15 04 2012

The below notice was sent via the President of The International Emergency Managers Society (TIEMS), of which I’m a member of the editorial advisory board.   I thought this was quick interesting and wondered how this would go over in North America.


Dear TIEMS Members and Supporters,

The Council and the European Parliament have reached an informal agreement on amending a so-called «Seveso Directive ». The Directive is named after an accident which happened in 1976 in Seveso, Italy when a dense vapour cloud containing hazardous substances was released from a pesticide factory. The accident prompted the adoption of legislation aimed at the prevention and control of such accidents. Since then all the companies storing large amounts of fireworks, oil, petrol or toxic chemicals are referred to as « Seveso cites».

The new directive reinforces the rights of EU citizens regarding their access to information on hazardous production sites. European citizens will be able to see if they have dangerous industrial sites in their neighbourhood on the internet and see how to react in case of emergency. They will also be able to go to court if they think that a new Seveso site is established too close to their homes. All Seveso sites will be obliged to prepare an accident prevention policy to improve their level of safety.

Ida Auken, Danish Minister for the Environment and a fervent proponent of this proposal says that this step will allow citizens to feel more secure in their homes even if they live in the proximity of a plant producing hazardous substances.

After the European Parliament adopts its position on first reading in June 2012, the directive will be officially adopted by the Council in the second half of 2012. The amended Directive will enter into force in 2015.

More information is available here: http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/envir/129282.pdf

With Best Regards,

TIEMS Secretariat

15th TIEMS Newsletter (March 2012)

24 03 2012

The latest newsletter from The International Emergency Managers Society (TIEMS) is now available.  StoneRoad founder A.Alex Fullick, MBCI, CBCP, CBRA is co-editor.   Check out the two articles by Alex; one in partnership with the President of TIEMS, K. Harald Drager.

Check out the link below and see what other things TIEMS is up to.





NOW AVAILABLE the New Book by A.Alex Fullick: “Made Again – Volume 2″

17 03 2012

Announcement – A.Alex Fullick’s NEW Book Release: Made Again – Volume 2 

StoneRoad is excited to announce the new book by our founder, A.Alex Fullick, MBCI, CBCP, CBRA.  See the full Press Release below.


Stone Road releases third book: Made Again Volume 2: Practical Advice for Business Continuity Programs

It’s been a great year: revenue is up 25 per cent, profits are up, department teams are (is) functioning smoothly, your new product line has been a big seller and production efficiency and quality control have improved markedly. Employees are energized and the results of all the hard work is finally beginning to pay off.

(PRWEB) February 27, 2012

Then disaster strikes. The CEO decideds to jump ship; a key competitor has just introduced what could be a game-changer in your industry; and on top of that, your entire sales team is suddenly up in arms over commission and compensation levels, threatening to quit if you don’t come up with an enriched compensation package. In a short time, your business life has gone from glory to gory.

This is the world where Alex Fullick lives. Fullick is the Founder and Managing Director of StoneRoad, a business consultancy based in Southern Ontario specializing in Business Continuity Management (BCM) and Disaster Recovery Planning (DRP). Fullick is also an author, having published his first work in 2009 entitled Heads in the Sand; his second project, Made Again (Volume 1) was published in 2010.

Made Again (Volume 2) picks up where its precursor left off, offering practical Crisis Management, Disaster Recovery and Business Continuity advice for business owners and forward-thinking business executives. At its core, Made Again 2 asks business practitioners to work and hope for the best, but also to plan and prepare for the worst. It provides information tips and guidance for those that want to improve their BCM programs and provides details that can only be found through real-life experiences. Author Fullick encourages business owners and top execs to base their business-continuity plan on the four R’s: Resiliency, Restoration, Recovery and Resumption. It’s within this framework that the essays and advice articles are written, as his mission is to teach leaders how to prepare for the bad times as best they can, rather than trying to figure it out when a disaster strikes. A well-designed business-continuity plan/program will allow a corporation to respond to a disaster/crisis quickly and effectively; without them, the waters get murky and crisis response becomes slow, lurching, unfocussed and can potentially destroy an organization.

Fullick has that rare communications gift – his conversational writing style breathes life and passion and easy understanding into complex business subjects. An Amazon.com reviewer had this to say about Fullick’s conversational approach to writing: “It did not feel like I was being advised or taught, but more like I was having an informal chat with a friend. I would strongly recommend this book to anyone . . . “

Made Again 2 is that rare publishing commodity – it’s informative, it’s original and it’s crisply and clearly presented. It’s a must-read for those in business who need to be fully prepared for the absolute certainty of an absolutely uncertain tomorrow.

Author Alex Fullick is a writer based in Guelph, Ontario. When not hard at work at the keyboard, he can be found at the curling rink or, come summer, wandering the province’s hiking trails.

Made Again: Volume 2: Practical Advice for Business Continuity Programs
by A. Alex Fullick ISBN: 9780981365732


Puchase copies for yourself and your organization at Amazon.com and/or Volumes Direct Publishing.






What is a Disaster? (Part II)

18 02 2012

So here is Part II of the old article.  Based on some emails and feedback on Part I, I’m writing a Part III (Final) piece, so watch for that in the future.


There are many types of disaster but in general, they tend to fall into two categories: natural disaster and man-made disasters.  However, it’s not so easy to put a situation into one bucket; it’s not all black or white.  Sometimes there are grey areas and by definition, the disaster may not fit into a single disaster category.  Here is how the two categories can be further split;

  1. Man-made Disasters (Intentional) – I think in many respects this      one speaks for itself.  This is the      category where you put such things as terrorism and those that      intentionally try to cause harm to someone or something.  It could be to blow up a building – like      the World Trade Centre disaster in 2001 – or it could include such things      as roaming gangs causing problems (and in many cases casualties) while      trying to establish territory for their drug operations.  It can anyone that starts a fire that      gets out of control and apartment blocks go up in smoke with people      loosing everything.  If it’s      premeditated and intentional then it would fall into this category.  It’s the most common category for      man-made disasters.
  2. Man-made Disaster (Unintentional) – Sometimes there are disasters      caused by people that aren’t intentional and aren’t premeditated.  I don’t believe that electricians and      welders intentionally start fires while they are working.  Sometimes a spark from a torch will      ignite a rag, some old dry wood or cabling and cause a major fire.  The situation is still man-made – or the      trigger was caused by a person – but there was no intentional malice      behind it.  It could simply have      been an accident, an error in judgement or lack of proper procedural      training that caused the fire.
  3. Man-Made Natural Disasters      (Unintentional)      – This category may not be so obvious.       These natural disasters can be caused as a result of human      interference with natural events.       For instance, the building of dams and the clearing of forests for      development can cause erosion to occur that can enhance the threat of      floods.  Often, the surrounding      landscape and the trees soak up the water the roots help strengthen the      soil that surround them.  But if      that is removed to help build a new mall for suburbia, it can cause the natural      environment to no longer provide the protection it once did.  It wasn’t done with intention –      hopefully – but what will trigger the natural disaster is the fact that      human changed something with the natural environment to cause potential natural      disasters to occur.  Here’s another      way of looking at it.  A wild and      thunderous storm can cause landslides, flood and other damage yet, the      landslide may not have been triggered by rain but due to man having      cleared the hillside of trees and other brush that – if untouched –      would/could have prevented the landslide from occurring.  I’m not suggesting that a hard rain      can’t and won’t cause a landslide but it might occur because of a decision      made by us.  The overall situation      will be determined a natural disaster because it was weather related to      start with but the consequences of the storm and bad decisions by man,      caused the relating scenario that caused the landslide.  The rain didn’t cause the landslide, the      decision my man to clear the land of trees quite possibly caused that      component of the disaster.  Make      sense?
  4. Natural Environmental Disasters – This is another category that      speaks for itself.  When you think      of natural disaster you think of lightening storms, tsunamis, earthquakes,      tornadoes and hurricane’s – among many other natural disasters that can      occur.  If the situation is      triggered by natural or environmental events then the situation or rather      the disaster, falls into this category.       Like the ‘man-made’ category, this is one of the two main categories      for disasters.


Often, the trigger will determine if it’s a man-made or natural disaster, not the resulting responses that are implemented as a result of the disaster.  What category would we put such things as ‘over-fishing’ or the killing of rare animals?  They are man-made disasters – or can be – and they can cause disasters for people.  The destruction of the environment by man can cause animals such as bears to enter town and cities, which if not addresses appropriate can place people in jeopardy.  Living inCanadaas I do, we do hear of stories of people being attacked by animals because man has caused problems for their environments driving them into areas they wouldn’t’ normally enter.  Are the natural or man-made disasters?  Or do they only count as a disaster until a person is involved / harmed?

So, what is a disaster?  It’s whatever an organization or person perceives it to be in some respects.  If the situation can be managed – either proactively or with adequate response mechanisms in place – then it won’t be a disaster.  If there are no risk mitigation strategies or continuity plans in place, the same situation could be termed a disaster for the company without those strategies and plans.  One situation; two corporations but because of what has been implemented and developed – such as a BCM program – one will experience a disaster while the other may not.

From a personal perspective, the closer I am to a situation and the greater the impact it has on me, the more I will see it as a disaster.  The farther away I am and the less impact to me, the less I will see it as a disaster – with a capital “D”.  That doesn’t mean that I won’t have feelings for those impacted but I won’t have the same definition of the disaster as those that are actually impacted by it.

A disaster is more than just the failure of a technology component or the obvious natural disasters such as tornadoes and forest fires, which incidentally can be caused by people.  A disaster is the level of tolerance and impact you’re willing to manage before it either gets out of hand or begins to hamper what you’re doing.  If a corporation can manage a serious situation and have the right mechanisms in place to respond – or mitigate the situation – the less of a disaster it might become.  And even then, the level of disaster / crisis management might be of a high quality and execution but the level of impact on other parties may also be significant, which will cause the situation to become a disaster even when a corporation has the right mechanisms, training, response plans and contingencies in place.

Pigeon-holing a situation to fit this type of disaster or that type of disaster isn’t as simple as it may seem.  It’s also not as easy to understand that what might be a disaster for one may not be for another.  A disaster can be many different things to many different corporations, peoples, industries and communities.  It’s our job as BCM professionals / practitioners to be aware of this and help corporations understand what a disaster is for them – the corporation – and ensure the right assessments; analysis and contingency strategies are developed.

What’s a disaster?  In short, it can be anything…  I think that covers it pretty well.



The new book by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3, “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility.”  Available at www.stone-road.com **


What is a Disaster? (Part I)

11 02 2012

Note: I came across this in an old folder, while looking for some reference material for the next BCM/DR book: “Essence”.   I wrote this 2 years ago (so it says in my notes) and decided to keep it the way it was written so the original spirit is still there, rather than editing it and making it into something else.  Even the “Now Available” section doesn’t even mention the 2nd book; Made Again.  I take full responsibility for any hiccups it may contain.  Enjoy…


Like many of you, I get asked this question quite often; ‘What is a disaster?’  I’ve been asked this by executives, employees, curious friends and families and from those are just curious as to what I do.  I started writing this as a little article but as I got going it got bigger and bigger – to the point that this might actually become a book at some point.

On the surface, we can say a disaster is something like a bomb, fire, flood, earthquake, a building collapsing and anything else that might harm people.  Honestly, that is the way the general public see a disaster; something that can be seen with the naked eye and has impact on people and facilities.  These disasters fall into two categories; the man-made disasters (terrorist actions) and the natural disaster (a peeved Mother Nature).

Yet a man-made disaster can be intentional and unintentional.  Terrorism and the actions of 9/11 was very much a disaster but it was man-made; conceived by (mad) men and executed by men and had an incredible impact on not just the World Trade Centre but the city ofNew   York, surrounding areas and the world in general – which is still being felt today.

An unintentional man-made disaster can be that of someone who starts a fire while working with a blow torch and an explosion ensues.  It might just be carelessness or negligence but it’s not an intentional act.  Or it could be someone who left a candle to burn all night and it catches the drapes/curtains or the bed spread and ‘poof!’ up goes the house. Again, it can be a disaster but it’s not an intentional disaster.  What would we call the Great Fire of Chicago (1871), when Mrs. O’Leary’s cow kicked over a lantern?  It wasn’t man-made, it wasn’t intentional and it wasn’t started by any natural phenomena, like a lightening strike.  Maybe we need a new category for things like that.  (For the record, it was never established that the cow started the fire, as a reporter some 20+ years later admitted to starting the ‘rumour’ and the story took off just like the fire did.)

I typed in “Define Disaster” into a search engine and these are some of the things that popped up (minus the punk rock band reference I found);

  1. a      failure
  2. an      unplanned, calamitous event with widespread impact
  3. something that causes great distress or destruction
  4. a state of extreme ruin and misfortune
  5. unrealized expectations (like      a big budget movie that flopped)
  6. time limiting, though the impacts may go on indefinitely
  7. something that warrants an extraordinary response from      outside the affected community area


Disasters come in many sizes, styles and circumstances.  Not all are those related to our classic BCM defined definition(s);

  1. Personal Disasters – What might happen to a single      person doesn’t affect the organization.       This is not to say that a disaster to a single person isn’t important      just that it rarely affects the operations of a corporation. It can      however, have impact on decision making if the disaster (whatever the      situation) impacts a key member of a team.       It may delay decisions and delivery times if that person cannot      provide the appropriate response when needed.
  2. When People We Know Are Impacted – Using the example above, we      see can see a disaster when something occurs to others.  We may wonder how we’d respond under the      same circumstances and may wonder why the situation seems overblown.  We may also feel it is a disaster      because the situation has hurt or impacted someone we know personally.       When that happens we are closer to the situation and can be      inadvertently impacted by it – it becomes out disaster as well.  With respect to an organization, if a      member of the team has a terrible accident, it can impact all those that      work with him or her.  Personally, I      recall coming back to the office after Monday lunch to find that a      co-worker (who sat beside me) had passed away over the weekend.  It impacted out entire team because for      days it was hard to look at the ‘empty’ desk.
  3. When People Are Powerless to do      Anything –      We will also believe things are a disaster when we are powerless to stop      things.  For instance, right now there      are terrible floods inPakistan      and if you watch the news and view maps, it looks like half the country is      under water.  Not only is it a      disaster because of the flood, it’s a disaster because we – the general      public – can’t stop it.  We can help      those in need by providing supplies, food and financial support but that      doesn’t stop the mudslides, the rain or the water from flowing.  We are powerless to do anything about      the disaster itself but we do have the ability to provide a response to      it; all the while the water continues to flow.
  4. When Corporations Experience a      Disruption –      We watch the news; we know that a simple issue for a company can have      disastrous impacts on people and other corporations.  If you’re wireless provider has a hiccup      with their service – even a small one – it can mean you loose emails,      tests and calls to your personal device, which depending on what the      contents were, could mean the loss of business, miscommunications or a      wrong decision being implemented because no one received all the      details.  When we don’t get what      we’re used to –and don’t see any progress to fix the situation – we feel      that the situation is a disaster.       It’s not being managed properly and we aren’t being compensated for      the situation.  Years ago I recall a      situation where a Financial Institution (in Canada) had an issue with      their internal systems.  It was down      for a significant amount of time – over 24hrs if memory serves correctly –      and during this time people had checks bounce, mortgages default and other      issues.  Because of what a bank      does, people saw it as a disaster for the bank and questioned their      internal recovery processes.  Sure      it was a disaster for the bank but people experienced a disaster too      because of the problem; dealing with creditors, other banks, credit card      companies and anything else financial related.  This situation alone proved that the      company needed a stronger BCM program – and they have by the way.  Again, corporations can experience a      disaster and we don’ feel it is anything significant until we feel the ramification and      impacts of the situation.
  5. When Something That People are      ‘Attached’ to No Longer Exists – This can mean people losing their jobs, the death      of a loved one, the burning of an old historic building, an earthquake      that changes the landscape, volcanoes that destroy lush forests and so      forth.  When we are attached to      something, we – as humans – want it to last forever; at least while we are      alive and can experience it. But nothing is permanent.  Everything changes and change is one      thing people don’t like.  Depending      on our proximity to the situation, when something is gone it hits us hard      and we have to face reality – that nothing lasts forever.  When our home burns to the ground we      lose everything; it’s a disaster.       However, everything in that home can be replaced and a new home can      be rebuilt.  We were to attached to      the way things were that when it’s gone we experience a disaster.  Same thing with corporations.  When they are riding high on profits      selling, selling and selling  they      eventually will run out of steam because they may have oversold and under      produced; they simply can’t handle the continued growth.  They are attached to the money and      prestige that was coming their way but now when it begins to ebb away,      they feel the company is in a disaster even if it is of their own making.
  6. When Something Foreseen as      Manageable Becomes Out of Control – Sometimes some issues are manageable due to the      reoccurrence.  There are many      instances where email has a hiccup every so often and based on daily      operationally protocols can be fixed quickly and things just continue back      to normal.  However, if it’s the      same issue over and over again and it’s not investigated and resolved,      those little incidents pile up and now you have something that can’t be      fixed so easily.  Picture a single      pebble on a trail.  One pebble      doesn’t cause too much trouble and is easily fixed but if more pebbles      being to pile up without ever investigating what’s causing the pebbles to      get there n the first place, you can end up with the path being      blocked.  Now you have a bigger      issue to deal with; one that might not be resolved so quickly.  It now has greater impact upon      operations because things can’t continue.       All those quick fixes need to be reviewed to see what has to be      changed and how to find the root-cause of the situation; when that should      have been done earlier.  What was      thought to be manageable now escalates into something greater and slowly      gets out of control.  Now, you‘ve      got a disaster on your hands.
  7. When Expectations Aren’t Met – When corporations experience      crises, we expected that they know how to rectify the situation and set      things right (cough). They have plans in place to ensure that a product or      service continues to be delivered as soon as possible with the least      amount of impact to clients, customers and partners.  I think many individuals can understand      that, well, crap happens, and will continue to happen.  That, I think many of us can grasp.  What we won’t grasp and won’t tolerate      is the fact that a corporation doesn’t know what its doing and doesn’t      have a plan to make sure I – as a customer – and continuing to get my      product or service.  I might      tolerate a day or two of downtime and work around that but after a week      with no progress; I’m not going to be so forgiving. I see that that what      might had been an mild interruption escalated into an unmanageable      disaster and now I’m not too happy.
  8. The Proximity to the Situation – If we are closer to the      situation playing our before us, the situation becomes more a      disaster.  An earthquake on the      other side of the world is a disaster but we aren’t there so we don’t feel      the impact of it – we feel the impacts of the consequences of the      earthquake by watching news reports and seeing photographs.  Hopefully we feel strongly enough to      donate aid.  But, the disaster      doesn’t have as great an impact as if it occurs to us.  Suddenly, we expect response teams to      help, aid to arrive, lives and homes to be saved and time is of the      essence.  This same feeling and need      doesn’t occur when you watch it on the news – even if you ‘feel’ for those      impacted.  The closer the disaster      is to us the more likely we are to be impacted by it and know individuals      (and maybe family members) that are impacted by it.  Our proximity seems to drive a need to      response and need to help.  The      closer the situation the greater the disaster is perceived because it      impacts us – no them.
  9. Personal Involvement and Impact – We are more apt to identify      with a ‘disaster’ when we are impacted by it.  This doesn’t mean impacted emotionally
    by seeing news reports or the feeling of having the heart strings tugged,      this is being directly impacted physically, financially and emotionally;      meaning we are part of the disaster.       The more involved we are with the situation the greater is becomes      a disaster for us.  If we loose our      homes due to a flood – it’s a disaster.       If see out neighbours home burn down and they find themselves with      nothing, then it is a great disaster to us because we ‘feel’ for tem;      loved ones (assuming they are good neighbours) are impacted and as such,      we are – though admittedly, not to the extent of the family that lost      everything.  The point is, the      closer we are to the situation – financially, physically, emotionally –      the greater the feeling of something being a disaster.  Watching the news a seeing someone’s      home burning on the news may be a disaster for a short period but we      change the channel or get up and get dinner.  It’s not the same if we live beside the      impacted family or they are members of our own family.  Suddenly, the impact of the situation is      greater and the disaster is closer to home – our personal involvement is      greater.

There can be more added to this list but for the sake of time and space (on this page) I’m only listing these 10 things.  You can add more based on your own experiences and beliefs.  There can be many ways in which we define and classify disasters.  A disaster is going to mean something different to every person and to each organization.  What may affect and impact one, may not affect or impact another – at least not a severely.  It is different for everyone.


The new book by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3, “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility.”  Available at www.stone-road.com **

Disaster Communications: More Than a Phone Line Update

12 01 2012

Continuity Magazine, published by the Business Continuity Institute (BCI) had an interesting article regarding “…Resilience in the Workplace.”  The author provided many valuable tips for corporations on how build resiliency within the work force (many ideas of which I’m quite familiar with from years of being in the industry), however there was a point in the article that caught my attention and it provided the spark for this article.

The thought was to bring together team members that aren’t part of the disaster team structure (i.e. those performing restoration and recovery efforts or those leading these teams) and were individuals that were sent home to wait for instructions.  Often, we know we are to communicate the status’ of situation to employees, stakeholders, Crisis Management Team/DR Team members, partners, suppliers, customers and clients and the thing all of these have in common is that a team is made up of people; people, not a product, service or some sort of commodity.  Therefore, we need to treat people as exactly that; people.

During a disaster, only a pre-selected (and hopefully trained) individuals are required to help restore, recovery and validate systems.  Only a select few are given tasks that relate to the disaster/crisis response; the rest may be sent home for further instruction.  This is where some additional issues can slowly creep into the fray.

It is one thing to send people home and ask them to check a phone line for updates; it’s another to actually communicate status’ and expectations with them.  For many employees, the expectation is to go home – when requested to leave for home – and monitor a phone line, website or email, for communications from the corporation (assuming of course the corporation has a communication strategy) but this only last for so long.

The website, email and/or phone messages must be consistent and provide enough information so that employees accessing the line understand what is actually occurring and how things are progressing.  Understandably, details may not be provided but a high-level overview of where things are can help people feel a part of the restoration and recovery efforts when they actually aren’t apart of those teams at all.

In addition, if after a couple of days the only communication is through the email, website or phone line, employees can begin to feel alienated and forgotten.  Not forgotten in the sense that they aren’t going to be needed as some point but forgotten because all they are getting is a phone message, which they probably have to dial into at certain specific designated time to get an update that doesn’t address any of their concerns or questions.

Many of today’s larger corporation have external parties that offer employee assistance (Employee Assistance Programs – EAP) but even here, they can only offer support and provide so much information.  If the EAP is the sole source of information, the employee once again can feel alienated and left to fend for themselves.  Corporations give the perception that they are shuffling off their staff to EAP and then turn around and focus on the restoration and recovery efforts.  That isn’t to say that corporation can’t use EAP’s to help but they can’t just shuffle the responsibility off to an EAP and expect employees to feel like they are being communicated with by the corporation.

It idea the author of the Continuity Magazine provided an interesting idea; create touch points/sessions that can bring together some of the employees sent home, so they can meet each other and bring forward their concerns and issues.  Sure, executives and DR teams are focusing on getting things back up and running but there is still a segment of employees that need to have some focus as well.

An idea could be to have one of the EAP representatives and/or a representative from the corporations Human Resources office organize an information session for those that have been sent home.  Ask them to attend a meeting at a hotel where they can come together and discuss the disaster and be reunited with their colleagues (of all levels).  If they can’t attend in person, provide a conference bridge or web access so they can follow along.  This will at least let employees know they are being looked thought of during a disaster (and being provided a platform to communicate concerns and receive information).   BTW, some of this might even be performed using notification software/applications but beware; it will take some time set up ahead of time and many individuals might not want to provide you with their contact information.  Still, this will at least give you a tool that’s easier to use (hopefully) to reach more people.

Corporations want a sense of community; a sense where everyone wants the corporation and all its employees to be successful.  But when a disaster occurs the focus goes to a select few and the rest can feel like they’ve been pushed aside only to be brought back when the corporation says they are needed again.  It can cause resentment amongst staff because they can’t share their stories and experiences with colleagues and aren’t being communicated with by the corporation; just a voicemail providing little information and continually asking to call back.  That isn’t communication.


 “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and “Made Again Volume 1 – Practical Advice for Business Continuity Programs”

by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3

Available at www.stone-road.com, www.amazon.com & www.volumesdirect.com

Disaster Recovery / Business Continuity: Employee Involvement

10 12 2011

Recently, I was reading the latest Disaster Recovery Journal (DRJ) magazine and as usual, something caught my eye as I was flipping through the pages.  It was an article on the Human Factor of Commercial Hurricane Readiness.  The author begins the article with a great Chinese Proverb: Tell me and I’ll forget, Show me and I may remember, Involve me and I’ll Understand.  I tend to believe that this proverb holds true for everyone in just about every discipline you can think of.

There was another quote later in the article that also captured my attention; “Employees want to know, ‘What do you expect of me?’”  I don’t disagree with this one bit though I couldn’t help think that it’s only half of the equation.  It is certainly a good idea to let employees understand what they are required to do – and not do – during times of crisis or disaster.  The more then know, the better prepared they’ll be.  I don’t think anyone would disagree with that.

However, I think that not only do we need to involve employees by letting them know what you (the corporation) expects of them, the corporation should involved their employees by performing the reverse; find out what employees are expecting from the corporation.  We can tout the virtues of our plans and processes and provide all sort of information to employees.  Using various awareness and training methods we can let the know what is expected of them; when to do something, when not to do something, why they are doing it and what it is they are to do.  What if they are expecting something different than what you’ve developed.  Meaning, what if they ain’t buyin’ what you’re sellin’?

Involvement has to be a two way street; like communication, it must be dialogue and not monologue.  We can’t just tell people what they are to do, we have to listen to them and understand their expectations and concerns.  If they don’t understand their role and don’t get to communicate their concerns, there is a possibility that when your plans and procedures are implemented, the people you want to follow them, don’t (or won’t).

When thinking about getting employees involved, ask yourself – and your employees – these questions:

  1. Are the instructions clearly understandable?
  2. What are your concerns with the strategies?  / What are your concerns if a disaster occurs?
  3. What do you expect (from the organization) when a disaster occurs?
  4. What can/might improve these procedures?
  5. Does the communication strategy meet your need?
  6. How can we improve our intended strategy?
  7. What do you think is missing from these plans/processes/strategies?
  8. If you had to be the one to implement these strategies, could you follow them?

This doesn’t mean that you tailor multiple strategies to the individual though you could if that is your intent.  What it does do though, is help identify gaps in your strategies that may have been assumptions or simply overlooked and not even noticed by planners.  The answers will give you perspective on not only what the expectations of the company executives are (they should know the plans and procedures you’re communicating) but also understand what the perceptions and expectations are of the general employee base.

Lets’ use a simple example to explain what I mean.  You tell me you’ve planned a trip for me and then you tell me all the things I’ll be doing.  However, when you present it to me I point out that you’ve forgotten to take into consideration by pet, my aversion to flying, my need to stay on the ground floor of a hotel because I’m scared of heights and other such details that may not have been considered – or known – when planning was under way.  You (the corporation) have a plan in place for me and expect me to follow it but I (the employee) must be able to point out my concerns/issues so that your plans can be tailored to the satisfaction of both parties.  Only when both parties understand and contribute will the plans and processes work – and I get the trip that meets my needs.  J

So when communicating your plans and processes, take time to listen to the feedback you get; it could enhance you processes and plans and ensure that everyone expectations are met and that expected outcomes occur as desired.



 “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and “Made Again Volume 1 – Practical Advice for Business Continuity Programs”

by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3

Available at www.stone-road.com, www.amazon.com & www.volumesdirect.com

Tips for DR & BCM Project Management (Part II)

10 11 2011

Here’s Part II…

8 – Proper Representation – This doesn’t mean to make sure you represent them (though you are in some ways), it’s to make sure that every department and division has a representative that you can approach.  It’s important that every area that is in scope for you has a single point of contact that you can discuss processes and plan development with.   This ensures that what is being discussed and developed for each area, is in fact a true representation of what they require.  If there is no representation, how can  you know their requirements and needs?   You can’t.  Sure, you may know some if it but you won’t know the nuances of their processes and their dependencies.  By the way, this includes not just a subject matter expert (SME) but a management     representative as well (hopefully a director or VP; someone that is close to the Senior Executive team).  This ensures that if key decisions are required in a division/department, then you’ve got the right people involved to help you get the answers you need.

9 – Leverage Existing Materials – Since the wheel has been invented, there’s no point in trying to re-invent it; the wheel is the      wheel.  The same is true for documented plans and procedures.  If you already have something that states how to  store / build/ configure the Mainframe, why get an IT person to write a document for Technology Recovery Plans (TRP)?  Leverage the items you already have.  You can reference them in other materials and always keep a copy with your disaster plans but don’t start from scratch.   True, you might have to add a couple of bits that reference TRP or amend a few pieces so hat they reference what to do in recovery/restoration situations but at least that’s easier than starting from the beginning.  If you have existing documentation and procedures that are required in a disaster, leverage them; it’ll make things much easier for you.  A good example is one I’ve encountered in the last couple of years.  With the avian flu taking the headlines a couple of times, HR personnel wanted to develop contingency plans for departments in case people weren’t available.  However, we’d already done that in the BCM program and it took some time to get the HR people to understand that the avian flu was another trigger for the existing plans we had in place; they had to concentrate on HR policies (time off, payroll etc).  Why we’d start over from the start was beyond me; we just leveraged what we had and enhanced them to add specific details related to the flu pandemic.

10 – Document Issues & Risks – Like any good project, you must capture the risks and issues associated with your initiative.  At first you identify your risks, just like you do in a Risk Analysis (RA).   Then, if the risk occurs, you raise an issue.  Ideally, you should identify all your risks prior to having issues.  If you did, then you’re better prepared for the issues when they happen and      you’re not ‘blind sided’ by them.   Rarely should issues appear out of nowhere.  With each risk and issue, capture who owns it and the estimated date of resolution/mitigation with period checkpoint (aka reviews) so that they can either be closed or the right      mitigation strategies be put in place.   Also identify what the risk/issue is impacting or could impact, so that you can watch for signs that the risk might be realized.  If the same items keep cropping up, you know you’re previous resolutions didn’t work or that there is a bigger problem than you know.

11 – Plan a Logical Approach – Trying to jump right into the final deliverable isn’t do-able.   You can’t develop a proper restoration and recovery process if you don’t have all the right details to support it nor understand why you have to develop a specific strategy.  You’ve  got to start with the foundations; you can’t build a house without a foundation so you can’t build an effective contingency strategy.  That means, starting with a Risk Analysis (RA) and a Business Impact Analysis (BA), or some hybrid of the   two that helps identify your processes and ultimate Recovery Time Objectives (RTO).  (Note: Obviously a BIA and RA provide more than that but you get the idea.)  Using the house analogy again; too many people focus on the colour of the walls but they don’t have any idea where the walls are going yet and don’t know how many bedrooms the house is supposed to be.  So make sure your approach is logical and you follow a step by step plant to get to your deliverable; an effective restoration and recovery strategy that meets the need of the organization.  Remember, Peter Drucker once said, “Efficiency is doing things right,  effectiveness is doing the right things.”

12 – Communicate Often – It may seem obvious but communication isn’t always something that is done right.  You’ve got to communicate often and use multiple channels and to multiple groups.    One memo doesn’t cover it; not everyone requires the same level of information and not everyone translates your words the same way. Each group of individuals must understand what the status is and what is happening in the project.  If you’re communications are sparse and ‘wishy-washy’ then you’ll create problems for yourself because it only invites people to ask more questions.  Not only that but they’ll approach other for information, which might not know the details you know.  They’ll do this because they see you aren’t communicating often enough with the right information and thus, they’ll seek it elsewhere.  So communicate often and ensure that the content is effective, succinct and detailed enough that everyone gets the same message but not too detailed that people begin to ignore your communications.

13 – Seek Expertise – Despite our best efforts, no one know everything.  No one can know the entire organization and that means, no one can know what is required for the DR/BCM/ERM project/program.  You might have areas of expertise and have some knowledge on subjects but there may be gaps. There may be struggles with how to even structure your program creation and if that’s the case, seek out assistance from 3rd party vendors and/or consultants.  Ensure though that they are providing the service you need, not the service they want to sell you.  Still, outside experts can help move things along better than if the project was managed internally.  If you need the help and are missing a key skill set to get your restoration and recovery strategies in place, then by all means, bring someone in to help you with that or you may not end up with what you expect and it may not get done      when you need it done.

Thus end Part II.

Part III – and the final part – will be next week.



 “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and

“Made Again Volume 1 – Practical Advice for Business Continuity Programs”

by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3

Available at www.stone-road.com, www.amazon.com & www.volumesdirect.com

Tips: Disaster Recovery & Business Continuity Management Project Management (Part I)

4 11 2011

There have been many instances where DR/BCM/ERM projects fail to meet expectations.  Not only do they fail to meet expectations but they aren’t managed effectively either, assisting in the negative results.

There are many reasons for this and one of the key items is that not everyone has project management experience.  Let’s get something clear here; working on Business as Usual (BAU) initiatives where you are the only person working on something is NOT working on a project.  Sure, that may be the word being touted but it’s not a project in the formal sense of the description.  You are just getting a task completed that was assigned to you by your manager (or someone else); that is not project management.

Unfortunately, this is also the case with many people that take over the creation and management of the DR/BCM/ERM project.  They may have some level of knowledge of what is required but there is a lack in management aspect of the overall initiative.

I’ve often been asked as to what kinds of things should be considered when managing a DR/BCM/ERM project.  In fact, as I am currently doing just that with my client so I thought I’d capture some of the items that challenge many of the individuals on the project teams.   Of course, this is not a comprehensive list, as Project Management methodologies are much more extensive that this one article (even in two parts) could ever capture.  However, the items that follow are ones that will help you manage the project and assist with delivering what you need; to your satisfaction and most importantly, to the satisfaction of the project sponsor (the one who is paying for it).

  1. Decision Log – Ensure you capture all decision made along the way; from the very beginning of the project to the      end.   Make sure you capture what the decision is, why it was made, who made it and what were the  circumstances under which it was made.   This may include assumptions that were made because we all know that assumptions can change, both for the negative and the positive.  If something is questioned in the future or a dependant decision is required (or revisited), you’ll be able to know under what circumstances the original decision was made and adjust accordingly.  A big benefit here is if someone (maybe the sponsor or audit) ask you a question of why something was performed/executed in the manner it was and you’ll be able to physically show them the decision made and its related details.
  2. Actions Items – Creating a Business Impact Analysis (BIA) isn’t just an action item; sometimes there are other  actions required before you actually get your first workshop/survey completed.  Sometimes people you’re working with need to accomplish specific tasks themselves and if you don’t record them (with a due date and specific details) action items easily get forgotten and pushed to the side.  When something is documented, people know they are being held responsible for the item; if it’s verbal, it can be forgotten and in really bad situations where something critical is forgotten, it can be denied it was even discussed (With years of Project Management experience under my belt, it happens more often than you might want to admit).  So make sure all items are captured and don’t forget to document when the action item is closed and what the resolution is if the action item was to obtain a specific detail.  Oh, and it may seem obvious but put a delivery date to each action item and review them at least once a week  with your team; more if you’re pushed for time.
  3. Minutes for Status Meetings – For each meeting you have, document minutes.  For little meetings that last a few minutes, you don’t really need to go through the detail of documenting everything but you must capture any decision and action items.  The minutes don’t have to be word for word what someone said or the details around a specific topic but you’ve got to record what was happening in the meeting on a high level.  If you don’t, how will anyone know what’s going on in the project?  How can you capture the status of the project?  How do you know when you need to escalate something and help communicate what the problem/issue/concern is?  Minutes are also used as communication devices for those outside the core project team, so they can see the progress and the status and know when/how to help (if required).  In the minutes,      you can also captured the action items and decisions.  Sometimes its just easier to manage a single document rather than multiple but that comes down to personal preference so that’s up to you.
  4. Status Reports – At least once a week, you know you’re going to have to report to someone.   This might be from a presentation for 10 minutes to senior management or a documented status report with such things as; are you running on time; are you behind schedule; your risks and issues; what you’ve completed since the last report and what’s coming up next (also known as you’re next milestone).  Status reports are usually provided to upper management, which might include your senior sponsor representative, so make sure you’re honest and open in it.  Also, if you are capturing some of the      items noted in the points prior, the items shown in the status report won’t ‘blind-side’ an executive because you’ve been communicating items early.  Status reports also help you manage yourself to know where you are and where you’re going (along with the project plan if you’ve created one).
  5. Include Sponsor/Executives – In any project – not just DR/BCM/ERM – you’ve got to include your executives.  They are the individuals that are paying for you project after all (as one of them is sure to be your sponsor) so they must be part of what is happening.   Capture their thoughts and expectations so that you can address them; either to make them happen or to explain why something can’t be performed the way they want.  Executives are more willing to help and provide guidance if they are involved; if they aren’t involved then they aren’t as easily swayed to make the decisions you want.  They need to be apart of the project, not on the outskirts of it.  If a disaster occurs, it’s them that have the overall responsibility of the organization (even when there isn’t a disaster) so they’ve got to know what is happening in the project and most importantly, they must understand their role in the DR/BCM/ERM program.
  6. Financial Reporting – Have you ever been a part of a project that didn’t track financial information?  If you have, I’d bet you weren’t on a project at all.  Every project has some sort of a budget and financial tracking in place.  You may be tracking the costs of the core project team members and the time they spend on the project (sometimes referred to as resource tracking/costs) and you may be tracking costs associated with vendors that are involved with the project.  This can be from external consultants and experts to costs associated with acquiring technology resources (i.e. servers, cables, switches etc).   Oh, and don’t forget these costs may also include those related to new facilities or the acquisition of a 3rd party DR vendor site and setup.  With today’s financial concerns hitting the headlines every day, you must track the costs associated with the BCM/DR/ERM project and program.  The costs will also assist senior management with decision they need to make because ultimately, they are responsible for signing the cheques (so to speak) and if costs out weight the benefits, they may send you back to the drawing board to create new recovery/restoration alternatives.  This is based in part with financial tracking, so ensure you track and monitor on a regular basis.  If you’re lucky, you’ll have a financial expert assigned to your project to do all of it for you, as each Project Manager has varying levels of experience with financial tracking and in this way, all financials are managed at a single point.
  7. Change Management – If you are working at building a plan and a decision is made that impacts the projects scope,  timelines or resources (people, places, things, finances), you need to manage the change through change management.        This helps ensure that if any one of these items is changed, proper evaluation is made as to the impact upon the other two.  If not, you could find yourself with a larger scope but no additional time to accomplish the tasks.  Of you the time has shortened and you now has less time to get the same amount of work accomplished.  None of us have ever experienced that have we?  ;)  Using project change management helps identify the impacts of the change and what those impacts will have on the project.  If you don’t use change management you could end up with delivering something that doesn’t      represent the corporations need.  To slightly turn a phrase, “A camel is a horse built with no project management.”
  8. Proper Representation – This doesn’t mean to make sure you represent them (though you are in some ways), it’s to make sure that every department and division has a representative that you can approach.  It’s important that every area that is    in scope for you has a single point of contact that you can discuss processes and plan development with.  This ensures that what is being discussed and developed for each area, is in fact a true representation of what they require.  If there is no representation, how can you know their requirements and needs?    You can’t.  Sure, you may know some if it but you won’t know the nuances of their processes and their dependencies.  By the way, this includes not just a subject matter expert (SME) but a management representative as well (hopefully a director or VP; someone that is close to the Senior Executive team).  This ensures that if key decisions are required in a division/department, then you’ve got the right people involved to help you get the answers you need.

Thus ends Part I.


Get every new post delivered to your Inbox.