The issue I would like to think about this week is how, as business continuity people, we should approach big disasters and what should our attitude be to them. If we are affected by the incident, then our job is simple, we implement our business continuity plan and hopefully we recover our organisation successfully. If we are not affected by the disaster how should we approach it?
If we are an in house business continuity manager should we be using this as a good opportunity to re-engage with our senior managers and remind them of our existence? Should we also use it as an excuse to get all within the organisation to review their plans? As it is the end of the year should we also use this time as a good opportunity to put forward a case for increasing our business continuity budget for next year?
For those who are selling business continuity consultancy services or business continuity software services you can assume that they are using this disaster as a marketing tool to try and sell their services. Most of them are on the soft sell, “come to our webinar on the lessons learned from Sandy” and then use the webinar to promote their services. For those selling business continuity products and services there is a thin line, we don’t want to be seen as ambulance chasers taking advance of the death and destruction that the storm has caused. On the other hand this is an opportunity to remind our potential clients that the products and service’s we sell are important and that the storm is a reminder of the destruction and chaos a major storm can cause.
For both the in house managers and business continuity vendors we have to be sensitive not to be seen as taking advantage of others misery on the other hand if disasters didn’t happen then we would all be out of a job. I think that we all have to be sensitive in using major incidents such as Sandy to promote our business continuity.
What should we be doing as both vendors and in house managers in response to major disasters which don’t affect your organisation.
- I think this is an ideal opportunity for you to review your own plans and preparation and think “if your organisation was in the eye of the storm how would you cope with the incident”. This disaster is different to the normal scenarios I suspect most of us use in exercises and prepare for. We mainly prepare for an incident which is local to our building, whether it is fire or flood, rather than a wide scale incident. The interesting bit about wide scale incidents is that staff are likely to be affected and they will be more interested in recovering and looking after their family than coming into work.
- If we are going to use the incident to remind our senior managers that they have business continuity in place, organise a short workshop to see if there are any immediate lessons, issues or exposures for your organisation. I noticed that during the height of the storm in New York a hospital had to be evacuated as their standby generator didn’t work. If you have standby generators then perhaps you should think through whether your testing regime for them is rigorous enough.
- Take some time to learn the lessons of Sandy. I am sure there will be a number of speakers who will do the round of BC events giving their lessons learned. Look at the blogs and website’s which will contain individual’s lessons. Attend the product vendor’s webinars and as long as they don’t spend all the time trying to sell you something they will have useful points. Lastly sooner or later there will be some government reports and investigation on the incident they are a great opportunity to get some detailed lessons and learning.
- Lastly use the Sandy scenario for your next exercise, they can’t say it wouldn’t happen!
Lastly good to meet lots of you at the BCI World Conference this week, it was great to catch up with lots of friends and colleagues. Thanks to all who came up to me and said that they enjoyed the weekly bulletin, especially Sean McQuillan who was very enthusiastic about it. Sean congratulations to you are the team on the award!
Charlie made the following presentation at the BCI World Conference 2012. The presentation gave some thoughts on how do we gather intelligence during a crisis managment incident and looks at some possible solutions for how to carry this out.
Some organisations thrive with change, as they are prepared for it and have the skills, mechanisms and structures to be nimble and adapt to the alteration. However, those who do not foresee the signs in advance are slow to adapt to their new circumstances and are unable to change swiftly often resulting in either failure or loss of position at the top of their respective business sector. By having a robust business continuity plan in place your organisation will be equipped to handle any extreme change that a major incident may cause. This workshop will explore the level of preparation you should have in place in order to ensure that your organisation is ready!
The presentation was well received with a number of people coming up to Charlie afterwards saying how he had made a dry subject interesting!
Earlier this week I went to a CSARN event in Glasgow on “The 2014 Commonwealth Games – the race for safety and security”. It’s aim was to look at the lessons learned from the Olympics and see how they applied to the Commonwealth Games. There were presentations from David Wilton Security Operations Manager for Glasgow 2014, Richard Tolley, Head of Sports and Events Practice from MARSH and Hamish Cameron, London Resilience Manager all talking about their learning points from the Olympics.
The one major point which a number of speakers did pick up on, was there was no clarity on who owned an incident which affected visitors on the way to the games. There were clear protocols on who managed the incidents in the venues, the transport system and in the wider London area but there was no protocols for the last mile between the station and the games venue. On the whole, my impression what that, yes there was minor learning points but there were no major points or ways they could have done it better. My theory is that, if you properly plan, do it in detail and in sufficient time, then your event however complex will probably go off without a hitch. I suspect luck always plays its part, but I do believe that if you do the planning then the event is almost an anti climax because it passes of without incident and all your well planed contingencies do not need to be used.
What are the lessons for us business continuity people?
- Planning makes perfect. The more detailed the planning and the more effort you put into the planning the better your plan will be.
- The one advantage the Olympic planners had, which we don’t have, is the date of the event. They knew when their incident was and so were able to work up to being ready for it. We have the opposite, we don’t know whether the event were planning for might occur before we have our plan ready. Just as difficult is how do we maintain our state of readiness? If the date is known then it is easy to build up to it. Our plans may not be used for 5 years or more so how do we sustain that state of readiness?
- On hearing those who were planning for the Commonwealth Games, I couldn’t help wondering if there might be a very slight hint of complacency. The Olympic Games were a great success because of the planning. Will the Commonwealth planners be able to meet the high expectations set by the Olympics by doing the detailed planning or will they be complacent and think they can achieve the same success but without doing the work?
This thought always reminds me of when I have done large and complex exercises which go without a hitch and are great success. The difficulty is that the second time you run it, perhaps for the deputies, it’s never so easy to get same enthusiasm, the planning is never as good, you forget the little details which made it such a success and the running of it on the day is not as smooth. Let’s hope that the new teams for the Commonwealth games do the necessary planning it takes to make the games a success.