Preparing for the Unexpected: LIVE @ DRJ Fall 2018 (Sep 24/18)!!

For anyone that may have missed it during our aired episodes of Preparing for the Unexpected with host, Alex Fullick on the VoiceAmerica radio network, this is just a reminder that we’re broadcasting LIVE from the Disaster Recovery Journal (DRJ) Fall 2018 conference in Phoenix, Arizona on Monday, September 24/18 from 11am (PST) to 5pm (PST). 

VoiceAmerica Live Event Page

We’ll be talking to conference speakers/presenters and attendees alike about all things Business Continuity, Disaster Planning, Resilience, Crisis Management and any other subject we happen to come across.

Enjoy!

The StoneRoad Team

fullick-Promo-Variety

Advertisements

Ebola Protection Not as Good as They Say!

Well, it doesn’t see like I’ll be quiet about the Ebola virus anytime soon. If you’ve been paying attention to the news you’ll see that Spain has had a few cases and has recently had a nurse test positive for the disease and she was wearing protective clothing. So, is what we have in place good enough? Do the ‘people that know’ actually know how to stop and confine the disease from spreading if the care workers are still catching it? Continue reading

9 Things to Consider with BCM / DR and the Use of Manual Processes

When teams are determining and developing their Business (unit) Continuity Plan (BCP) the fact that manual procedures will be used, often crops up. ‘What will you do in a DR situation?’ they’re asked and the answer all too often – and quickly – comes back as “we’ll do ‘x’ manually.” Really, is it that easy to do; just revert to a manual process for what normally includes many checks and balances and possibly varying numbers of applications?

In some instances it might be that easy. If you telecommunications are still up you can answer calls and take down information clients are looking for and then call them back when applications come back up. Not a full manual process but you can at least get some client service going. For those old enough to remember, your credit cards were taken manually by restaurants and shops by copying the card imprint using carbon paper. That wasn’t a manual process back then – it was the process. However, if anyone in the restaurant or shop industry wants to ensure they can continue to service clients – and get paid by patrons – they still have an old dusty machine and credit card slips hidden in the back cupboard of the office. In this case, many places use this as the backup process – and it’s a manual process.

But it’s not always that easy to just say you’ll do your processes manually anymore. With huge strides in technology and technology dependencies (and interdependencies) and service level agreements, not to mention the level of governance required in today’s business world, switching to a manual process may not be that easy and in many cases may not even be possible. For that reason organizations must really think through what they can and cannot do manually and take into consideration some key factors.
Below are 9 things an organization must consider before reverting to manual processes during disaster situations and before it’s inserted into any business unit BCP.

1. Short Term Use: If you’re going to use manual processes, remember they are only intended for short term use. They are not meant to be used for any long term use, as it could cause you other problems down the road. They are short term fixes used

2. They May Break Regulations: Sometimes a manual process breaks a rule – or sidesteps a rule – so that a function can be completed. In a disaster situation when (if) you’re using manual processes, be aware that the process may not meet your usual standards simply because technology has been taken out of the loop.

3. Less Audit and Governance: If you are developing manual processes and see a need to have them, know that the level of governance and audit tracing by various technology applications won’t exist if a manual process is leveraged. Still, consider adding some level of audit or governance to lessen an potential future impacts.

4. Serious Emergencies Only: Consider the use of manual processes only in real emergencies. If an application – or some other situation – is very short term, it may not be necessary to bring everyone up to speed on what to do when using the manual process. It may simply be easier to wait until the application (or other dependency) becomes available once more.

5. Not Widely Available (or known): It may seem a bit strange to withhold information but manual processes aren’t something you want everyone to know about. If everyone did know about them, they might be used in non-emergencies, which would completely cause chaos down the road when an issue pops up with the work completed. If you have them, keep them separate from regular operating procedures and don’t distribute widely to people until necessary.

6. Not a Process Replacement: Since manual procedures are intended as a short term fix, they are not a replacement for regular operational activities. They are only mean to be used to continue a critical operation – or as a short term partial fix – until normal operational activities can continue (i.e. applications become available etc). A manual process does not equate to an alternate method of doing the same thing; it’s short term because the normal operational activity can’t continue as is due to an unforeseen circumstance and will be stopped as soon as it’s feasible.

7. Determine Use Requirements: When Can They Be Used? Under what circumstances can – or will – the manual process be utilized? It could be that as part of normal operating procedures, a manual override is required by a management representative because our own authority doesn’t allow for us to continue with a function. We’ve all be in the situation where we are waiting for something to complete but we need to the ‘special authority (or input)’ of a manager before we can continue. You also want to ensure that the manual process can’t compromise your operations and utilized for underhanded purposes, so know when it is appropriate and when the manual process fits into operations – either as a disaster contingency or as part of governance processes.

8. Oversight Requirements: Need some level of oversight on manual processes – even in DR situations, as audit / governance / legislative requirements may still need to be captured (depending on the process and procedure being manually used (i.e. old credit card slips). Keep in mind that developing oversight processes during a disaster period may delay the actual recovery timeframes and can cause unnecessary work but it all depends on what manual process(es) you’ve decided to develop and implement for DR purposes.

9. Documentation – DR Use: Keep these documented and ready for use in a DR situation (part of a BCP plan for use by the appropriate departments (an appendix)) and kept in a separate location from other operating manuals. Quite possibly, they can be kept in a locker or other container at the DR restoration and recovery centre. Make sure you keep things updated too and reviewed every so often. Even if you do have manual procedures in place, they are based on regular operating procedures, so when those change the manual procedures may need to be reviewed as well.

If you’re in a position to use manual processes to get your operational activities completed, that great however, in a DR situation you aren’t operating in normal circumstances and manual processes may not be the norm even when there isn’t a disaster. Think carefully of what you can – and cannot do – with manual processes before you document and incorporate such worded activities into BCP plans. Incorporating them before you’ve considered the ramifications might cause another disaster situation further down the road…sometimes before you’ve even recovered from your first disaster.
© StoneRoad, 2013

**NOW AVAILABLE**
Books by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3
Available at http://www.stone-road.com, http://www.amazon.com & http://www.volumesdirect.com

The 6 “C’s” of Crisis Management & Communications

While in China I had an interesting conversation with a gentleman from China (he spoke English).  Our main topic was Emergency Management but as we conversed, he kept making note of a few things related to Crisis Management and each one seemed to begin with the letter “C”.  I don’t know if it was something that was intentional or if it was something that was just coming across due to the language difficulties between us, which I didn’t find that difficult by the way.  Anyway, I thought I’d make note of them and provide a description of what he was getting across.

In every crisis, disaster or emergency situation, which he was defining as a larger community based disaster such as an earthquake (hey, he was part of the Great Sichuan Earthquake of 2008, China).  Listening to him was fascinating, as he was actually there and a part of the recovery and coordination efforts related to the massive Chinese earthquake that killed 10’s of thousands – if not more.  So here are the 6 C’s of Crisis Management – and I haven’t put them in any specific order in case you’re wondering…

  1. Contain – First, get a grip on the situation and don’t let it spread any further and do any more damage that it already has.  I guess a good example of his would be a fire and how fire fighters contain a blaze.  Even firefighters fighting brush fires burn a perimeter (a controlled burn) to ensure the fire stays contained within a certain area.  I know some of you will have experience on this disaster, so feel free to add details on how that’s done.  It’s in every organization’s best interest to ensure that a situation doesn’t get out of control – so contain it and don’t let the situation spread.
  2. Control – Take charge of the situation and don’t wait for it to play out in front of you – it could be too late.  If an organization doesn’t take control of the situation – through media and its Crisis Team structure – someone or something else will take control of it for you.  For instance, if there’s no media represented updates on the situation, then speculation and rumour will begin to run rampant. Try then to gain control of the situation – it will be next to impossible because the media (bless ‘em) will begin to make its own assumptions and presentation on what the situation is.  You’ll be fighting two fires now; the situation itself and the possible misrepresentation in the media.  Take command of the situation.
  3. Command – This referred to the various components and members of the Crisis Team and Crisis Team structures (I.e. Disaster Teams).  Take charge of the situation (…is that another “C”?) and ensure that you’re on top of things.  You can even be on top of things if you don’t have the full scale and scope of the situation yet.  You do this by taking command and having proper protocols – that have been rehearsed and validated – that everyone understands and utilizes to ensure the situation is under control.  It outlines proper roles and responsibilities that team members follow to allow proper response, crisis management, restoration and recovery efforts to be initiated.
  4. Continue – This is what you want most for you business operations, right?  After any disaster or crisis, you want to be able to continue your operations one way or another and usually the sooner the better.  The longer you’re out the greater the impact will be on your bottom line, community, shareholders, clients and employees.  All your plans and procedures should be in place not just to address and manage the crisis but to allow your operations to continue.  Managing a crisis effectively doesn’t mean your business will continue.  Business Continuity will work when the crisis is being managed effectively, if not, you’re going to end up diverting resources to ‘fire fighting’ rather than ensuring the business continues.  They go together and if you don’t have one without the other, it’s like walking a straight line while jumping on a pogo stick cross-eyed. 
  5. Communicate – Communicate quickly, often and effectively.   You’ve got more audiences that you think you have and they will all need to be addressed.  The Board of Directors will be seeking different levels of information than what the public is seeking, which is different than what your employees need.  Don’t just spit out generic comments and expect everyone to understand it.   Not every message is received the same way – and if you’ve got different people delivering the message, then you can expect differences in delivery as well.  What ever you do, don’t say “No comment” or “Off the Record”  – that’s just asking for trouble.  There’s not such thing as off the record – not in today’s world of technology and if you say ‘no comment’ it’s interpreted as something is being hidden.  If media – or anyone for that matter – thinks your hiding something or lying, you’re going to be “guilty” in the eyes of everyone who heard the message.  And those that didn’t hear it, will read and see it on the news.  Refer back to the comments in #2. 
  6. Care – Show you care about people, especially those impacted by the situation. This includes your employees.  Often, corporations will talk about the impact on customers and clients but forget the employees. Wouldn’t that make employees feel they aren’t cared for?  After all, they are the ones closest to, and the first ones influenced, by the situation (assuming an internal fire or other crisis).  I read recently a great article that said, speak and communicate to people’s emotions and how they see the disaster, not how you – the organization – sees it.  You have a better chance of controlling and containing situation is you speak the hearts and minds of people rather than to the pocketbooks of shareholders and bank managers, or worse, speak as you’re the victim.  

 I liked what he had to say overall and was busy in the back of my mind comparing his thoughts and comments to BCM and how he was also describing the crisis management component of BCM.  I know his perspective was large grander but the principles were all the same. I could go on and on into more detail but I have a 2nd and 3rd book to complete first – maybe this topic will make it on the list of other items to write about (I’ve a list of 11 books so far…).

 I think I should add that after our discussion he was presenting at the conference I was attending in Beijing (The International Emergency Management Society – TIEMS) and he only seemed to make note of 4 C’s.  But then again I was listening to his speech through a translator and he may have said all 6 from our discussion but the translator may have missed it.  May be the 2 C’s were ‘Lost in Translation’ ha ha 

**NOW AVAILABLE**

The new book by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3, “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility.” Available at www.stone-road.com **

StoneRoad Announces New Document Templates to Help Your BCM / DR Program!!

StoneRoad is happy to announce that we now have more BCM / DR document templates available for purchase from our shop at www.stone-road.com.  We’ve said it before and we’ll say it again; everything we do is to help you and your corporation move forward with your Business Continuity / Disaster Planning programs.  To help with that, we’ve now got the following document templates available:

a) Business Impact Analysis (BIA)   

b) BCM/DR Test-Exercise Scope Template    

c) BCM/DR Test-Exercise Project Change Template    

d) Operating Unit Business Continuity Plan (BCP) Template     

Each comes with built in ‘how-to’ notes so that you can work your way through the documents and help build your program.  Each is build in a modular format so you can either copy/paste components when you need more room or delete components when you don’t.

We’re working on more templates for 2013…so we’ve only just begun to give you tools you need.

Check things out at www.stone-road.com.

Happy planning!
The StoneRoad Team

StoneRoad at 2013 Australia & New Zealand DR/ERM Conference!!

We’re happy to announce that StoneRoad founder A.Alex Fullick will be presenting at the 2013 Australia & New Zealand Disaster and Emergency Management Conference in Brisbane, Australia (May 29-31, 2013).   The topic of discussion will be based on Business Continuity Management (BCM) and Social Responsibility.

The conference is sure to be a great experience, full of intesting presentations by knowledgeable professionals from many diverse industries and backgrounds.

For details on the conference, checkout the website at http://anzdmc.com.au/.

We hope to see you there!!

Regards,

The StoneRoad Team

WIN A FREE BCM/DR PROGRAM EVALUATION!!

WIN A FREE BCM/DR PROGRAM EVALUATION!!  Find out where you really stand.

We have decided to run a great contest here at StoneRoad: Purchase a book from our founder, A. Fullick, directly from the StoneRoad website (www.stone-road.com) , your name (and company) will be entered into a draw for a FREE Business Continuity Management (BCM) program evaluation.    The more copies you purchase – of any book or combination of books – the more entries your get and the greater your chances.

Oh, and did we say it’s open to EVERYONE AROUND THE WORLD !!  How’s that for confidence in what we do!

So, head over to the StoneRoad website for details and good luck!! www.stone-road.com

This is only valid for books sold through the StoneRoad bookstore (https://stone-road.netfirms.com/cart/);  purchases from any other retail outlets (online or otherwise) are not eligible.     If you have any questions, email inquiries@stone-road.com.

GOOD LUCK!!

Regards,

The StoneRoad Team

“Failure isn’t about falling down, failure is staying down” – Marillion

“Procrastination is the art of keeping up with yesterday” – Buddha