WIN A FREE BCM/DR PROGRAM EVALUATION!!  Find out where you really stand.

We have decided to run a great contest here at StoneRoad: Purchase a book from our founder, A. Fullick, directly from the StoneRoad website ( , your name (and company) will be entered into a draw for a FREE Business Continuity Management (BCM) program evaluation.    The more copies you purchase – of any book or combination of books – the more entries your get and the greater your chances.

Oh, and did we say it’s open to EVERYONE AROUND THE WORLD !!  How’s that for confidence in what we do!

So, head over to the StoneRoad website for details and good luck!!

This is only valid for books sold through the StoneRoad bookstore (;  purchases from any other retail outlets (online or otherwise) are not eligible.     If you have any questions, email



The StoneRoad Team

“Failure isn’t about falling down, failure is staying down” – Marillion

“Procrastination is the art of keeping up with yesterday” – Buddha


BCM and the Risk Analysis (RA): Is it Dead or Dying?

Don’t forget, you could win a FREE BCM Program Evaluation. 

For details go to  Good Luck!!


I overheard an interesting comment the other day between two senior project management representatives: ‘…just go straight to the impact analysis; we already know what are risks are.’  I’m paraphrasing a bit but what got me was that they were talking about not doing any sort of risk assessment.  As usually, I put everything into a BCM/DR/ERM context and I thought, ‘Is the risk analysis dead or just dying?’

With recent events in the world being and the various disasters that are occurring, I was wondering if anyone performs a Risk Assessment (RA) anymore.  In many cases, BCM/DR/ERM programs are started because a corporation has already had a disaster and they jump straight to developing communication and contingency strategies because they already know they’re vulnerable in areas.  If they already had a disaster, what’s the benefit of performing a time-consuming initiative like a RA only to be told they are vulnerable; they already know that.

Financial Institutions and many other like-minded and focused organizations follow RA processes when determining strategy and tactical activities – though if you read the headlines, some of them don’t perform the RA very well – to make money and increase market share.  That might be the reason why the RA is not followed as rigidly as it once was.  If there is a chance to make more money and increase market share and keep unemployment levels low while increasing the corporations brand awareness, the RA might uncover areas that can hinder the ability to make money and keep the company looking ‘good.’  Rather, corporations would rather accept the risk – or ignore it altogether – and go as far as they can with their strategies until something occurs; then worry about the impacts.

Many corporations that focus on their financial risk exposures, make assumptions of what will happen if their operations stop, basically skipping the RA and wanting to know what the impact will be when something happens.  They make the assumption that a disaster will occur and want to know the impact to the corporation, not paying attention the what the vulnerabilities are but rather what will happen if ‘anything’ occurs.

By ignoring a proper RA, corporations increase their vulnerability to disasters.  The RA is being skipped over for actual deliverables, which may – or may not, depending upon how the program is build – harm the program later on because assumptions of what will hurt them are made into contingencies, while those risks that are particular to the corporation are missed for quick and dirty plan development.  The RA can identify that an organization is vulnerable to a particular instance, which means that a proper contingency can later be developed but if it’s skipped and never identified through the RA, when it occurs –and it will – there won’t be anything in place to properly and effectively deal with the situation.

There is in itself when it’s decided to do nothing.  As an example, natural disasters are on the increase and occurring in all areas of the globe, placing people in situations they wouldn’t normally have experienced.

Here’s just a short list of things that are occurring right now:

  1. Volcanic activity (think how the Iceland eruption crippled European travel);
  2. Heat Waves scorching crops (US, Canada, Horn of Africa)
  3. Flash floods in the UK (July 2012),
  4. Flash floods in Russia (July 2012),
  5. Airplanes into buildings (think 9/11)
  6. Texas and Colorado wildfires in the US (June/July 2012)
  7. Arab Spring (which is still occurring in some areas)

For many, it’s no longer a case of what might affect us or what we might be exposed to, but rather, what do we do when we’re exposed to it?  This is the thinking we want organizations and communities to have.  But in getting people to think this way, the RA is slowly falling out of favour and organizations are heading straight to the BIA or even skipping that and going to contingency development and implementation.

Insurance and regulators also want to see results of BCM / DR / ERM planning and programs.  They want contingency strategies and plans in place that show what an organization will do when a disaster occurs.  This also aids in having an organization skip the RA (and often the BIA) and go straight for the contingency development phase.

In the past, a disaster was considered a mere minor possibility of occurring but now a disaster has become fact.  Just turn on the TV and it details the latest set of disasters around the globe.  What was a risk is no longer a risk; it’s real and occurring, driving people away from performing RA’s and moving immediately towards contingency development.  This is what we want organizations to think after all but we want them to ensure that all the right planning steps are taken to build the BCM/DR/ERM program.

There is a feeling that anything can occur – and is occurring – so it’s OK to skip the RA step because it will only validate what they already believe to be the truth; that there are risks that will impact an organizations people, places and things (IT, operations etc).  So they decide to build on the worst case scenario and then work backwards, addressing smaller risks as program development proceeds.  This is a quick and dirty approach, which if done correctly can still provide the right answers and strategies needed but if done wrong, can hinder an organization later down the road.

Could it be a sense of paranoia that is beginning to prevail?  A sense that disaster is imminent; it’s just unknown when it will occur.  If so, that would be why many are skipping the RA and heading towards the BIA first – or jumping further along the path right to the contingency development stage.

Is it possible for the leading governing bodies within the BCM/DR/ERM industries to rethink the RA and BIA processes and streamline the governance around them to meet the thinking of today’s organizations, rather than trying to change the organizations thinking to meet the needs of the governing bodies?

Personally, I think it might be a combination of both and a dialogue needs to be held, as the RA and BAI are both necessary steps in ensuring a solid foundation for any BCM/DR/ERM program.  Is it possible to combine the two?  I don’t think the RA is dying but its importance might be slipping, especially if the acceptance of the potential for a disaster is being accepted by organizations.  The RA is slipping unnecessarily, as it identifies exposures and vulnerabilities for organization, which ultimately help determine impacts and later, the development of ‘fit for purpose’ contingency strategies.

We’ve got corporations thinking the way we want – or at least Mother Nature has – and it seems we haven’t properly thought out what we’d do if organizations did accept our line of thinking (that a disaster will occur).  Now that they do, they don’t see the need for the RA, they see the need and value in contingency strategies and plans.  The industry needs to think about this and ensure that our processes and way of thinking keeps pace with what is needed.



Win a FREE BCM/DR/ERM program evaluation.   

Go to for details.


Well, we have decided to run a great contest here at StoneRoad:

Purchase a book from our founder, A. Fullick, directly from the StoneRoad website ( , your name (and company) will be entered into a draw for a FREE Business Continuity Management (BCM) program evaluation.    The more copies you purchase – of any book or combination of books – the more entries your get and the greater your chances.  Oh, and did we say it’s open to any person and corporation AROUND THE WORLD !!

How’s that for confidence in what we do?!

So, head over to the StoneRoad website for details and good luck!!

This is only valid for books sold through the StoneRoad bookstore (;  purchases from any other retail outlets (online or otherwise) are not eligible.

If you have any questions, email



The StoneRoad Team

“Failure isn’t about falling down, failure is staying down” – Marillion

“Procrastination is the art of keeping up with yesterday” – Buddha

Japanese Nuclear Power Plan Report Released (July 2012)

A week ago I’d heard the Fukushima report was coming out and that there were a bunch of conclusions and recommendations being prepared, so I set to writing an article for posting thinking I could add my thoughts as well.  Then I read the report and found that it said everything better than I could.  So, here’s a link to the report The Fukushima Nuclear Accident Independent Investigation Commission  and what the commission recommends and determined was the cause of the disaster.

One thing that I found very interesting is the fact that corporate culture attributed to the disaster – in fact, is listed as a cause of the disasters – and that the very nature of the disaster was communication; from well before the disaster to after it had occurred.  What was also fascinating was that the disaster itself was not the caused by the tsunami, which would be a normal thought but rather the cause of the power plan disaster was man-made.  The tsunami was just the catalyst to trigger all the problems that existed.

I’ve always said – in previous posts – that communications would be the glue that either holds it all together or assists with it all falling apart.  Seems I’ve been validated (and I know I’m not the only person who thinks that).

One thing that I hadn’t expected in the report was the mention of how government and agencies change the names of organizations that experienced or participated in the disasters to show that they’re taking things seriously.   But, they don’t change any of the processes and procedures within these organizations; the processes and procedures that didn’t work the first time.  You can throw paint on a decrepit old car but that won’t make it run any better and that’s what the report basically says.  There is fear that nothing will change; let’s hope it does.

Enjoy the report: I did.

(c) StoneRoad


 “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and “Made Again Volume 1 – Practical Advice for Business Continuity Programs”

by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3

Available at, &


Europeans Able to Check Hazardous Production Sites

The below notice was sent via the President of The International Emergency Managers Society (TIEMS), of which I’m a member of the editorial advisory board.   I thought this was quick interesting and wondered how this would go over in North America.


Dear TIEMS Members and Supporters,

The Council and the European Parliament have reached an informal agreement on amending a so-called «Seveso Directive ». The Directive is named after an accident which happened in 1976 in Seveso, Italy when a dense vapour cloud containing hazardous substances was released from a pesticide factory. The accident prompted the adoption of legislation aimed at the prevention and control of such accidents. Since then all the companies storing large amounts of fireworks, oil, petrol or toxic chemicals are referred to as « Seveso cites».

The new directive reinforces the rights of EU citizens regarding their access to information on hazardous production sites. European citizens will be able to see if they have dangerous industrial sites in their neighbourhood on the internet and see how to react in case of emergency. They will also be able to go to court if they think that a new Seveso site is established too close to their homes. All Seveso sites will be obliged to prepare an accident prevention policy to improve their level of safety.

Ida Auken, Danish Minister for the Environment and a fervent proponent of this proposal says that this step will allow citizens to feel more secure in their homes even if they live in the proximity of a plant producing hazardous substances.

After the European Parliament adopts its position on first reading in June 2012, the directive will be officially adopted by the Council in the second half of 2012. The amended Directive will enter into force in 2015.

More information is available here:

With Best Regards,

TIEMS Secretariat

15th TIEMS Newsletter (March 2012)

The latest newsletter from The International Emergency Managers Society (TIEMS) is now available.  StoneRoad founder A.Alex Fullick, MBCI, CBCP, CBRA is co-editor.   Check out the two articles by Alex; one in partnership with the President of TIEMS, K. Harald Drager.

Check out the link below and see what other things TIEMS is up to.




NOW AVAILABLE the New Book by A.Alex Fullick: “Made Again – Volume 2”

Announcement – A.Alex Fullick’s NEW Book Release: Made Again – Volume 2 

StoneRoad is excited to announce the new book by our founder, A.Alex Fullick, MBCI, CBCP, CBRA.  See the full Press Release below.


Stone Road releases third book: Made Again Volume 2: Practical Advice for Business Continuity Programs

It’s been a great year: revenue is up 25 per cent, profits are up, department teams are (is) functioning smoothly, your new product line has been a big seller and production efficiency and quality control have improved markedly. Employees are energized and the results of all the hard work is finally beginning to pay off.

(PRWEB) February 27, 2012

Then disaster strikes. The CEO decideds to jump ship; a key competitor has just introduced what could be a game-changer in your industry; and on top of that, your entire sales team is suddenly up in arms over commission and compensation levels, threatening to quit if you don’t come up with an enriched compensation package. In a short time, your business life has gone from glory to gory.

This is the world where Alex Fullick lives. Fullick is the Founder and Managing Director of StoneRoad, a business consultancy based in Southern Ontario specializing in Business Continuity Management (BCM) and Disaster Recovery Planning (DRP). Fullick is also an author, having published his first work in 2009 entitled Heads in the Sand; his second project, Made Again (Volume 1) was published in 2010.

Made Again (Volume 2) picks up where its precursor left off, offering practical Crisis Management, Disaster Recovery and Business Continuity advice for business owners and forward-thinking business executives. At its core, Made Again 2 asks business practitioners to work and hope for the best, but also to plan and prepare for the worst. It provides information tips and guidance for those that want to improve their BCM programs and provides details that can only be found through real-life experiences. Author Fullick encourages business owners and top execs to base their business-continuity plan on the four R’s: Resiliency, Restoration, Recovery and Resumption. It’s within this framework that the essays and advice articles are written, as his mission is to teach leaders how to prepare for the bad times as best they can, rather than trying to figure it out when a disaster strikes. A well-designed business-continuity plan/program will allow a corporation to respond to a disaster/crisis quickly and effectively; without them, the waters get murky and crisis response becomes slow, lurching, unfocussed and can potentially destroy an organization.

Fullick has that rare communications gift – his conversational writing style breathes life and passion and easy understanding into complex business subjects. An reviewer had this to say about Fullick’s conversational approach to writing: “It did not feel like I was being advised or taught, but more like I was having an informal chat with a friend. I would strongly recommend this book to anyone . . . ”

Made Again 2 is that rare publishing commodity – it’s informative, it’s original and it’s crisply and clearly presented. It’s a must-read for those in business who need to be fully prepared for the absolute certainty of an absolutely uncertain tomorrow.

Author Alex Fullick is a writer based in Guelph, Ontario. When not hard at work at the keyboard, he can be found at the curling rink or, come summer, wandering the province’s hiking trails.

Made Again: Volume 2: Practical Advice for Business Continuity Programs
by A. Alex Fullick ISBN: 9780981365732


Puchase copies for yourself and your organization at and/or Volumes Direct Publishing.