Business continuity planning continues to evolve and gain prominence thanks to occurrences like hurricanes, dirty bombs, cyber attacks, etc. And companies with foresight recognize that BCP is a business necessity demanding a move from the traditional concept where IT is the driver, to one where enterprise-wide risk management-incorporating all critical business functions-is the key to addressing a broad range of potential hazards.
Multi-national firms have a need to share information on their employees typically contained in BC plans that some data privacy and employment laws may prohibit from crossing borders. How can BC professionals ensure that their plans are complete and don't break the law?
Japan has an earthquake every five minutes — 2,000 a year can be felt by people. When a magnitude 6.8 earthquake hit Northern Japan on July 16, 2007, the Tokyo Electric Power Company, Inc. (TEPCO) found that its continuity plan had some kinks in it. Although the nuclear leakage into the sea was a billionth of the legal limit, the press went wild with the event because information was so slow to be released to the public, the information was wrong when it was reported, and nine men died due in part to an emergency contact system and fire hydrants that were faulty.
On April 19, 2004, the Department of Homeland Security and the Memorial Institute for the Prevention of Terrorism launched Lessons Learned Information Sharing (LLIS.gov). This system, designed to help prevent, protect against, respond to, and recover from all hazards by connecting emergency response providers and homeland security officials, serves as the Nation's online resource for lessons learned and best practices. LLIS.gov contains over 10,000 homeland security-related documents, including after-action reports, federal guidelines, best practices, standard and emergency operations plans, and many others.
Every day, unexpected events occur that have business continuity implications. July 18, 2007, was no different. On this seemingly normal Wednesday in Midtown Manhattan, a steam pipe exploded. At first glance (and despite the fact that the explosion was "photogenic" and therefore appeared in every news outlet), the situation appeared to have minimal business impact. However, a number of businesses were significantly and immediately impacted due to lost utilities and other city services. In many cases, employees were unable to reach their workplace (for up to three days in a number of situations).
If, on July 31, some soothsayer had told me that a major disaster was going to occur in Minneapolis the following day, I doubt my concerns would have flown to the section of Interstate 35W spanning the Mississippi River just east of the historic Stone Arch Bridge. My first thoughts might have included a terrorist attack at the Mall of America, a tornado, a plane crash, a rampage of violence committed by a deranged loner. But the sudden collapse of the nondescript bridge over which I had so often driven, over which virtually every driver in Minneapolis had driven-falling, without warning, into the Mississippi? Now, that's one I hadn't seen coming.
After much research, Wyeth made a decision late in 2006 to develop an internal Business Continuity Certification course. While comfortable with the scope of their knowledge, they thought they could do a better job training future business continuity leaders and coordinators internally. They teamed with a local college to make it happen.
In business continuity circles, risk management is a hot topic. Many business continuity professionals talk about integrating with enterprise risk management programs, wonder how to build bridges with risk managers in their organizations, and see risk management, business continuity, and related disciplines "converging" in the future. But what do risk managers think about their business continuity counterparts?
Current educational programs in the field of business continuity (BC) planning are confronted with a problem of semantics. The old school educational effort associated with "disaster recovery (DR) planning" was oriented to internal processes that were going to be needed after a disaster. This information was identified by an internal survey of department managers. This same protocol is being used to try to construct business continuity plans.
Ask Rudy Garcia about his business continuity program and there are a few key phrases that you're going to hear quite a bit: crystal clear, business drivers, strategic planning, communication, useful information, day-to-day basis. Those phrases pretty well sum up Garcia's approach to BCP: Have a crystal clear understanding of the organization's business drivers. Develop a strategic business continuity program that is aligned with the business. Communicate that program to all relevant parties. Provide stakeholders, particularly top management, with useful information that will help them make business decisions. And add value to the organization on a day-to-day basis.
Eight Southeastern states are working together to improve how frail and elderly citizens are cared for during a major disaster. Leadership from the state emergency command centers and long term care (LTC) organizations in Florida, Louisiana, Mississippi, Alabama, Texas, Georgia, Virginia, and North Carolina met at a May Hurricane Summit to improve how LTC needs are incorporated into disaster planning. Federal level representatives from FEMA, CMS, and HHS also participated, along with representatives from the AARP.
When you plan your work area space, make sure you anticipate not just day one needs, but also how end user requirements will change over time. Have a handle on the amount and configuration of space so that growth can occur without disrupting the recovery operation that is already in place.
In May 2006, seasonal hurricane forecasters predicted 17 named storms, including nine hurricanes and five major hurricanes. In reality, the 2006 season ended with 10 named storms, five hurricanes, and two major hurricanes. There are several reasons for the bad 2006 forecasts. Let's look back at 2006 and ahead to 2007.
Without exception, organizations leveraging BS 25999 are finding that the content is actionable and positioned to be understood by executive managers. And by evaluating and implementing the process recommendations found in BS 25999, business continuity management organizations are realizing higher levels of credibility with their executive management teams.
Compensation for business continuity professionals has been on the rise since 2003. In fact, 2006 showed the highest increases in compensation for full-time, permanent employees (FTEs) with an average of 7 percent. Last year also marked the first time that average total compensation surpassed $100,000 for FTEs.