Preparing for the Unexpected: Organization and Personal Well-being During a Crisis (Dr. Jamie Gruman)

Join me Aug 6/20, as I talk to the University of Guelph’s Dr. Jamie Gruman (and author of BOOST!).

We talk about Organizational and Personal Well-Being During a Crisis.

Enjoy!

The StoneRoad Team

Show Link: https://www.voiceamerica.com/episode/124111/organizational-and-personal-well-being-during-crisis

New Business Functions: The BCM Professional and the Project Manager

I recently read an article where individuals were asked what the role of the Business Continuity Management (BCM) should be when a new business function will be introduced. There were comments from ensuring Change Management is introduced to the BCM professional needs to perform a Risk Assessment (RA), Business Impact Analysis (BIA) to developing continuity plans and implementation and rollback plans. Now, all that is good BUT, I found it odd that not a single respondent gave the most obvious answer – and it has nothing to do with the BCM professional.

If the organization has determined to introduce – or develop – a new business process (and related technology functionality), the responsibility to ensure all of the things I noted above are completed belongs to the Project Management Office (PMO) and the assigned Project Manager (PM). It’s not the responsibility of the BCM professional to ensure all that is completed.

Now, I’ve always said that BCM professionals need to have a project management experience, or at least have some basic knowledge of project management (as outlined by the Project Management Institute – PMI) but they don’t suddenly become the driver of the bus for all projects.

BCM gets involved at the time the PM – and the schedule – says it’s logical to get involved and execute the appropriate project deliverables, which when completed accordingly, help mitigate risks and/or update the appropriate risk plans, contingency plans (it may be a new plan if the new process creates new departments etc) and technology recovery plans.

With allot of PM experience behind me, I know that every single PMO office I’ve ever worked for – as a PM, Control Officer or Program Officer – there are some basic deliverables that are performed through project management. That includes completing some sort of Risk Profile and Business Impact Assessment, which the BCM professional may be brought in to assist with completion and in most cases, it’s not their responsibility to determine how this is managed. The PM will take the appropriate completed documents and provide to the project stakeholders for approval or additional input/amendments. Then, it may be provided to the BCM professional to action accordingly (e.g. update contingency plans, technology plans etc.). The BCM professional isn’t the one that makes the final determinations during project flight; that’s the responsibility of the PM.

The BCM professional has to make sure that when that inflight project becomes Business As Usual (BAU), all the appropriate activities are completed and ready to accept the new function (project deliverable).

That means that the implementation plans (business and technology) and rollback plans are developed by the appropriate project team workstream lead but is not developed by BCM. There are already people within a PMO office responsible for those activities.

On another note, the Crisis Management Team (CMT) may not even ben involved during project implementations, even when there’s an issue with implementation and roll back occurs.  If it doesn’t impact operations then it’s the project’s Command Team that takes control, though some of those individuals on the CMT may be part of the project team based on their daily roles and responsibilities.

Implementation communications are usually managed by the Business Operations team whose job it is to manage communications with clients and customers (the name of the department may change from company to company).  Still, they aren’t done or managed by BCM, they are done by the Project Team.

The PM is responsible to make sure that all of these activities are completed properly and to the standards required by the organization’s PMO and documents the handoff to the business owner, which would include ensuring that BCM/BCP/DR has been involved and are ready to accept the new process (if they haven’t been already).

I found it odd that not one responded to the question in the article mentioned Project Management, which is a discipline on its own with various skill sets. Good PMOs and good PM’s will bring in the BCM group when it’s acceptable to do so to ensure that the moment the new process (and related technical functionality) goes live, it’s in a good position to respond to a disaster situation. This might even include a dry ‘test’ or ‘DR simulation’ prior to going live or very shortly after going live. I’ve been in organizations that say a full DR of a new function/technical configuration, must be tested within 60 days of going live – or sooner.

The BCM role isn’t the same as a Project Manager’s role, but the BCM professional must understand Project Management to ensure a smooth transition from idea to implementation to a ‘live’ state.

© StoneRoad 2020

A.Alex Fullick has over 21 years’ experience working in Business Continuity and is the author of numerous books, including “Watch Your Step”, “BIA: Building the Foundation for a Strong Business Continuity Program.”and Testing Disaster Recovery and Business Continuity Plans

BCM/DR & Covid-19: The Rush is On!

All around me I see people focused on Covid-019 and as it’s such a major aspect, incident and focus in today’s world, that’s not surprising. The amount of impact a tiny virus cell has had on the world is incredible. Who ever said the small things don’t matter, obviously didn’t know anything about diseases and pandemics.  

The rush seems to be on to update plans? Seriously? Where was the updating over the last few years? Have BCM/DR practitioners forgotten that updating and maintaining plans and programs is a key aspect of the entire industry? It’s not a one-time thing, which seems to be the practices right now Anyone that comes out and says they are updating their plan now that the Covid-19 pandemic is here was not updating their plan prior to the outbreak.  I don’t get it!  Why weren’t we doing it? Did we become complacent and just not think that maintenance was necessary; that a one-time plan development was good enough?! Or that once we had a plan and did some sort of test/exercise, which probably entailed more planning than the actual development of the plan itself – was good enough.  Sorry, that’s just not going to cut it.

Why?

Why did we become so complacent and not maintain our plans? Some have kept them up to date, as you see blogs and posts on social media sites stating they they’re following their plans and protocols but they seem to be either less than or equal to, the number of those that didn’t maintain their plans. If they weren’t maintaining their pandemic plans (aka People Availability Plans), I’m curious to know just what plans or parts of the BCM program were being updated.  Call trees? Crisis Management Team (CMT) contact information? The IT Technology Recovery Plan (ITTRP) / IT Disaster Recovery Plan (ITDRP). What has been maintained?

There’s a gap with support too, because obviously executives don’t know what they’re doing for the most part and many are stating they were hit with the Covid-19 pandemic disaster by surprise.  BULLCRAP!!  We saw things coming weeks ago, as the virus began to spread from China to Japan and South Korea and then to other areas. We got the head’s up it was coming but sat by believing it ‘wouldn’t touch us’.  Well, they were wrong.
Now the rush seems to be on to ‘mitigate’ and impact but the impact is already here, so they are actually responding to Covid-19.  A few week’s ago organizations may have been able to get away with saying they were performing mitigation activities but they can’t now; they’re responding.

Perhaps it’s a way of telling themselves that they aren’t in any way responsible for what’s happening, so they can blame someone else down the road for not being prepared. Saying they are implementing mitigation plans isn’t really true at all; they just don’t want to admit they fell behind. Hence the rush to get a response in place; any response to help with where they are and how they’ve been impacted.

Alex

Preparing for the Unexpected (Nov 7/19): Prof. Yossi Sheffi – The Power of Resilience

Join us Nov 7/19 as we talk to internationally known resiliency expert Prof. Yossi Sheffi and his book The Power of Resilience.

Enjoy!

https://www.voiceamerica.com/episode/117548/the-power-of-resilience

The StoneRoad Team

Preparing for the Unexpected (2019-08-16): Health & Wellness and Organizational Resiliency

Join us August 15/19, as we talk to Health and Wellness Expert Dr. Robert Quigley who will talk to us about how H&W can enhance and organizations resiliency.

https://www.voiceamerica.com/episode/115562/how-organizational-health-and-wellness-enhances-a-resilience-cult

Enjoy!

The StoneRoad Team

Preparing for the Unexpected (Aug 8/19): Preventing and Managing Violence in Organizations

Join us August 8/19, as we talk to Workplace Violence expert and author, Dr. Marc Siegel about how we can prepare and prevent workplace violence.

https://www.voiceamerica.com/episode/113739/preventing-and-managing-violence-in-organizations

Enjoy!

 

Preparing for the Unexpected (Aug 1/19): The Role of the Business Analyst in BCM & DR

Join us August 1/19, as we talk to Business Analyst Bill Baxter who will talk to us about the role of a BA and how they help the BCM/DR professional.

https://www.voiceamerica.com/episode/113721/the-business-analyst-and-how-they-help-bcm-and-dr

Enjoy!

 

BCM PROGRAMS: It’s NOT a One-Time Thing!

When organizations build a Business Continuity management (BMC), Disaster Recovery Plan (DRP) or whatever name you want to give the program, quite often they fail to communicate a specific aspect of BCM to their sponsors and executive management: BCM is not a onetime thing.  It’s not a single goal to reach and then it’s over.  It’s not final when you’ve tested a plan and put the plan on the shelf (or saved the plans in an online application).

It’s ongoing.

It’s cyclical.  Yes, that’s right – cyclical.  That’s because for the most part any methodology you leverage to build your plans, protocols, processes, teams and programs, will fit into – one way or another – the Plan-Do-Check-Act (PDCA) framework developed by W. Edward Deming.  I won’t go into detail the overall cycle in this blog (maybe some other time) but one way or another what you’re doing to create your program is the PDCA cycle.

The cycle is a wheel, which continues round and round and if that’s the case then how could creating and especially the maintenance and review of a BCM/DR program be a onetime thing?  It can’t. This is what executives fail to either understand or aren’t told, which is why later on down the road people – especially executives, begin to question why BCM/DR activities continue after they believe the program (and its deliverables) have been established.  They fail to understand and practitioners fail all too often, to explain that BCM/DR is continuous and not a onetime project.  It’s an operationalized program (hopefully), which needs ongoing support, review and maintenance.

This really needs to be communicated up front when you first start putting you program together.  You may not know the full extent of when, who or how the program will be maintained but when you start your planning you’ve got to communicate that it’s something that’s ongoing.  You may deliver the Finance BCP plan but you’ve got to communicate that it will need to be reviewed annually (at least) for updates, as well as other program components and findings.  Organizational Changes, IT Changes and personal changes will require the continued maintenance and review of strategies and plans otherwise plans – and the program overall – won’t address the needs of the organization.

So the next time you’re talking to you program sponsor or providing an update to executives, make sure they are aware that the program is ongoing and needs continue support and resources.  Then they need to ensure that support exists in all areas and that all areas continue to support and provide updates when required.  It’s not over when the BCP or IT DRP is documented.  The program needs to move in step with the organization.

© StoneRoad 2018

A.Alex Fullick has over 21 years’ experience working in Business Continuity and is the author of numerous books, including “Watch Your Step”, “BIA: Building the Foundation for a Strong Business Continuity Program.”and Testing Disaster Recovery and Business Continuity Plans.”

Preparing for the Unexpected: LIVE @ DRJ Fall 2018 (Sep 24/18)!!

For anyone that may have missed it during our aired episodes of Preparing for the Unexpected with host, Alex Fullick on the VoiceAmerica radio network, this is just a reminder that we’re broadcasting LIVE from the Disaster Recovery Journal (DRJ) Fall 2018 conference in Phoenix, Arizona on Monday, September 24/18 from 11am (PST) to 5pm (PST). 

VoiceAmerica Live Event Page

We’ll be talking to conference speakers/presenters and attendees alike about all things Business Continuity, Disaster Planning, Resilience, Crisis Management and any other subject we happen to come across.

Enjoy!

The StoneRoad Team

fullick-Promo-Variety

Preparing for the Unexpected – March 29, 2018: The Salvage Team

Our March 29, 2018 show will focus on the often forgotten and overlooked team within the Crisis Management Team (CMT) structure: The Salvage Team.

Listen in and get some tips on how to manage this forgotten team.

https://www.voiceamerica.com/episode/105350/salvage-and-restoration-the-forgotten-crisis-team

Enjoy!

The StoneRoad Team