Organizations have become increasingly aware of the strategic importance of business continuity, security, and the management of operational risk. The term resiliency is being applied to a variety of efforts to improve capabilities to adaptively respond to disruptive events, be they disasters, cyber-attacks, or human error. Building a resilient organization requires a few basics: a clear definition of resilience, a way to measure capabilities, and a roadmap to provide direction for improvement. To that end, the Financial Services Technology Consortium (FSTC) and Carnegie Mellon CERT, have developed a resiliency management approach and the supporting Resiliency Engineering Framework (REF).
Today we see more people writing articles and giving speeches discussing the continuing evolution of business continuity planning. The proliferation of these presentations on this subject is a clear indication that some enhancements are needed to be an effective management tool in the 21st Century.
As business continuity matures and grows, there is an ever-increasing need to ensure that solution providers are well aware of the complex requirements of business continuity management professionals. An understanding of the strategic, analytic, and tactical components of planning and execution surrounding disaster incidents is vital in supplying the appropriate tools and solutions sets.
The more things change, the more they (must) stay the same. As an industry, we've gone through significant leaps and bounds to make disaster recovery and business continuity easier. But an Achilles heel of many organizations is the tendency to focus on the latest and greatest technology, without paying due attention to the equally critical components of people, processes, and planning. In fact, as technology grows more complex and advanced, there's an even greater likelihood organizations won't pay enough attention to these elements because they erroneously think that technology has the job covered.
The Children's Hospital of Philadelphia or CHOP as it is commonly known is a truly outstanding institution. In 2007, for the fifth consecutive year, U.S.News & World Report ranked CHOP the best hospital for children in the United States. Child magazine bestowed a similar honor. The oldest U.S. hospital dedicated exclusively to pediatrics, CHOP is an undisputed world leader in the advancement of healthcare for children. Here's just a smidgen of what the people at CHOP do: "Physician-researchers draw on the latest available information about the human genome to customize therapies to variations in genetic makeup.
Have you ever wondered how the media is able to report damage estimates within hours of an earthquake or immediately after a hurricane makes landfall? They can do this by using sophisticated natural hazard consequence models. These models, previously used only by insurance companies and the like, now are available to business continuity professionals to guide our planning for complex exposures such as natural catastrophes. We've all seen the results of earthquake and hurricane modeling, and this article will describe how these models work and how BC professionals are using them to plan for disasters.
Welcome back to my column of trends and directions in the continuity industry. I'd like to ask you to take a more participatory role in reading this article. Please let me know what you think of my perspectives, good and bad, and offer up some of your own thoughts that I can share in future articles on this topic.
I was asked by a number of readers, as well as the staff at Continuity Insights, to "predict" some of the trends we, as business continuity professionals, will deal with in 2008. In preparation for this column, I spoke with a number of leading practitioners, and generally it was agreed that very little will change in 2008, many of the key issues that emerged in the latter half of 2007 will continue to take shape. It also was agreed that despite the lack of new trends for '08, we will be dealing with some of the most significant issues our industry has ever faced.
First responders, such as police, fire, and emergency medical technicians, are a welcome sight after an event occurs. We now live in a world where we need these individuals to not only react as they have been trained to do in the past but also take on a different role: that of possibly preventing events. The new environment in which we find ourselves requires us to be more lenient and accept certain limits to privacy and individual rights. In no way does this mean we must forgo these rights, but instead learn to live with the reasons behind relaxing them for the benefit or safety of others.
We all agree that BCP needs to be brought to the attention of senior executives. But when we get the chance to present our progress to executives, we don’t often get the “Wow!” response we were hoping for. What needs to be on an executive’s BCP dashboard? What do they really need to know about BCP?
Want proof that business continuity is going mainstream? Go to YouTube and check out the "Verizon Wireless Technicians Brave Colorado Mountain Storm" video. Among the zillions of stupid pet tricks, stupid human tricks, and clips from reality TV shows, here's a video that tells the story of a Verizon Wireless team responding to the massive 2006 Colorado blizzard.
The list of natural and man-made disasters that businesses have had to contend with has increased dramatically in the last few years. Disruptions resulting from these disasters have rippled across just-in-time supply chains, shaken entire industries, and taken their toll on employee, customer, and partner relations.
The "buzz" in the business continuity industry is the enactment of "Implementing Recommendations of the 9/11 Commission Act of 2007." Also known as H.R. 1 and Public Law 110-53, this legislation includes a key section on Private Sector Preparedness (Title IX) addressing the development and implementation of a "Voluntary Private Sector Preparedness Accreditation and Certification Program."
Continuous data protection, high availability, data backup, data security, what does it all really mean? And what does it mean to business continuity professionals? We all know that business continuity has its roots in IT, springing from data center disaster recovery plans. And as business continuity has evolved and changed, it has, in many cases, moved out of IT. Today, the people who are responsible for business continuity, crisis management, security, and the like often don't have strong IT backgrounds. So how are they to know if their data is really protected, accessible, and valid?
Life-safety is the most important part of first responder efforts. The tremendous job emergency management (EM) people do to keep people safe from all hazards must be acknowledged as world class. However, their life-safety mission can be at odds with private sector recovery and continuity efforts.