I was asked by a number of readers, as well as the staff at Continuity Insights, to "predict" some of the trends we, as business continuity professionals, will deal with in 2008. In preparation for this column, I spoke with a number of leading practitioners, and generally it was agreed that very little will change in 2008, many of the key issues that emerged in the latter half of 2007 will continue to take shape. It also was agreed that despite the lack of new trends for '08, we will be dealing with some of the most significant issues our industry has ever faced.
First responders, such as police, fire, and emergency medical technicians, are a welcome sight after an event occurs. We now live in a world where we need these individuals to not only react as they have been trained to do in the past but also take on a different role: that of possibly preventing events. The new environment in which we find ourselves requires us to be more lenient and accept certain limits to privacy and individual rights. In no way does this mean we must forgo these rights, but instead learn to live with the reasons behind relaxing them for the benefit or safety of others.
The Children's Hospital of Philadelphia or CHOP as it is commonly known is a truly outstanding institution. In 2007, for the fifth consecutive year, U.S.News & World Report ranked CHOP the best hospital for children in the United States. Child magazine bestowed a similar honor. The oldest U.S. hospital dedicated exclusively to pediatrics, CHOP is an undisputed world leader in the advancement of healthcare for children. Here's just a smidgen of what the people at CHOP do: "Physician-researchers draw on the latest available information about the human genome to customize therapies to variations in genetic makeup.
The more things change, the more they (must) stay the same. As an industry, we've gone through significant leaps and bounds to make disaster recovery and business continuity easier. But an Achilles heel of many organizations is the tendency to focus on the latest and greatest technology, without paying due attention to the equally critical components of people, processes, and planning. In fact, as technology grows more complex and advanced, there's an even greater likelihood organizations won't pay enough attention to these elements because they erroneously think that technology has the job covered.
Life-safety is the most important part of first responder efforts. The tremendous job emergency management (EM) people do to keep people safe from all hazards must be acknowledged as world class. However, their life-safety mission can be at odds with private sector recovery and continuity efforts.
Continuous data protection, high availability, data backup, data security, what does it all really mean? And what does it mean to business continuity professionals? We all know that business continuity has its roots in IT, springing from data center disaster recovery plans. And as business continuity has evolved and changed, it has, in many cases, moved out of IT. Today, the people who are responsible for business continuity, crisis management, security, and the like often don't have strong IT backgrounds. So how are they to know if their data is really protected, accessible, and valid?
The list of natural and man-made disasters that businesses have had to contend with has increased dramatically in the last few years. Disruptions resulting from these disasters have rippled across just-in-time supply chains, shaken entire industries, and taken their toll on employee, customer, and partner relations.
The "buzz" in the business continuity industry is the enactment of "Implementing Recommendations of the 9/11 Commission Act of 2007." Also known as H.R. 1 and Public Law 110-53, this legislation includes a key section on Private Sector Preparedness (Title IX) addressing the development and implementation of a "Voluntary Private Sector Preparedness Accreditation and Certification Program."
Want proof that business continuity is going mainstream? Go to YouTube and check out the "Verizon Wireless Technicians Brave Colorado Mountain Storm" video. Among the zillions of stupid pet tricks, stupid human tricks, and clips from reality TV shows, here's a video that tells the story of a Verizon Wireless team responding to the massive 2006 Colorado blizzard.
Ask Rudy Garcia about his business continuity program and there are a few key phrases that you're going to hear quite a bit: crystal clear, business drivers, strategic planning, communication, useful information, day-to-day basis. Those phrases pretty well sum up Garcia's approach to BCP: Have a crystal clear understanding of the organization's business drivers. Develop a strategic business continuity program that is aligned with the business. Communicate that program to all relevant parties. Provide stakeholders, particularly top management, with useful information that will help them make business decisions. And add value to the organization on a day-to-day basis.
Business continuity planning continues to evolve and gain prominence thanks to occurrences like hurricanes, dirty bombs, cyber attacks, etc. And companies with foresight recognize that BCP is a business necessity demanding a move from the traditional concept where IT is the driver, to one where enterprise-wide risk management-incorporating all critical business functions-is the key to addressing a broad range of potential hazards.
Japan has an earthquake every five minutes — 2,000 a year can be felt by people. When a magnitude 6.8 earthquake hit Northern Japan on July 16, 2007, the Tokyo Electric Power Company, Inc. (TEPCO) found that its continuity plan had some kinks in it. Although the nuclear leakage into the sea was a billionth of the legal limit, the press went wild with the event because information was so slow to be released to the public, the information was wrong when it was reported, and nine men died due in part to an emergency contact system and fire hydrants that were faulty.
Current educational programs in the field of business continuity (BC) planning are confronted with a problem of semantics. The old school educational effort associated with "disaster recovery (DR) planning" was oriented to internal processes that were going to be needed after a disaster. This information was identified by an internal survey of department managers. This same protocol is being used to try to construct business continuity plans.
After much research, Wyeth made a decision late in 2006 to develop an internal Business Continuity Certification course. While comfortable with the scope of their knowledge, they thought they could do a better job training future business continuity leaders and coordinators internally. They teamed with a local college to make it happen.
If, on July 31, some soothsayer had told me that a major disaster was going to occur in Minneapolis the following day, I doubt my concerns would have flown to the section of Interstate 35W spanning the Mississippi River just east of the historic Stone Arch Bridge. My first thoughts might have included a terrorist attack at the Mall of America, a tornado, a plane crash, a rampage of violence committed by a deranged loner. But the sudden collapse of the nondescript bridge over which I had so often driven, over which virtually every driver in Minneapolis had driven-falling, without warning, into the Mississippi? Now, that's one I hadn't seen coming.