We all agree that BCP needs to be brought to the attention of senior executives. But when we get the chance to present our progress to executives, we don’t often get the “Wow!” response we were hoping for. What needs to be on an executive’s BCP dashboard? What do they really need to know about BCP?
Want proof that business continuity is going mainstream? Go to YouTube and check out the "Verizon Wireless Technicians Brave Colorado Mountain Storm" video. Among the zillions of stupid pet tricks, stupid human tricks, and clips from reality TV shows, here's a video that tells the story of a Verizon Wireless team responding to the massive 2006 Colorado blizzard.
The list of natural and man-made disasters that businesses have had to contend with has increased dramatically in the last few years. Disruptions resulting from these disasters have rippled across just-in-time supply chains, shaken entire industries, and taken their toll on employee, customer, and partner relations.
The "buzz" in the business continuity industry is the enactment of "Implementing Recommendations of the 9/11 Commission Act of 2007." Also known as H.R. 1 and Public Law 110-53, this legislation includes a key section on Private Sector Preparedness (Title IX) addressing the development and implementation of a "Voluntary Private Sector Preparedness Accreditation and Certification Program."
Continuous data protection, high availability, data backup, data security, what does it all really mean? And what does it mean to business continuity professionals? We all know that business continuity has its roots in IT, springing from data center disaster recovery plans. And as business continuity has evolved and changed, it has, in many cases, moved out of IT. Today, the people who are responsible for business continuity, crisis management, security, and the like often don't have strong IT backgrounds. So how are they to know if their data is really protected, accessible, and valid?
Life-safety is the most important part of first responder efforts. The tremendous job emergency management (EM) people do to keep people safe from all hazards must be acknowledged as world class. However, their life-safety mission can be at odds with private sector recovery and continuity efforts.
Business continuity planning continues to evolve and gain prominence thanks to occurrences like hurricanes, dirty bombs, cyber attacks, etc. And companies with foresight recognize that BCP is a business necessity demanding a move from the traditional concept where IT is the driver, to one where enterprise-wide risk management-incorporating all critical business functions-is the key to addressing a broad range of potential hazards.
Multi-national firms have a need to share information on their employees typically contained in BC plans that some data privacy and employment laws may prohibit from crossing borders. How can BC professionals ensure that their plans are complete and don't break the law?
Japan has an earthquake every five minutes — 2,000 a year can be felt by people. When a magnitude 6.8 earthquake hit Northern Japan on July 16, 2007, the Tokyo Electric Power Company, Inc. (TEPCO) found that its continuity plan had some kinks in it. Although the nuclear leakage into the sea was a billionth of the legal limit, the press went wild with the event because information was so slow to be released to the public, the information was wrong when it was reported, and nine men died due in part to an emergency contact system and fire hydrants that were faulty.
On April 19, 2004, the Department of Homeland Security and the Memorial Institute for the Prevention of Terrorism launched Lessons Learned Information Sharing (LLIS.gov). This system, designed to help prevent, protect against, respond to, and recover from all hazards by connecting emergency response providers and homeland security officials, serves as the Nation's online resource for lessons learned and best practices. LLIS.gov contains over 10,000 homeland security-related documents, including after-action reports, federal guidelines, best practices, standard and emergency operations plans, and many others.
Every day, unexpected events occur that have business continuity implications. July 18, 2007, was no different. On this seemingly normal Wednesday in Midtown Manhattan, a steam pipe exploded. At first glance (and despite the fact that the explosion was "photogenic" and therefore appeared in every news outlet), the situation appeared to have minimal business impact. However, a number of businesses were significantly and immediately impacted due to lost utilities and other city services. In many cases, employees were unable to reach their workplace (for up to three days in a number of situations).
If, on July 31, some soothsayer had told me that a major disaster was going to occur in Minneapolis the following day, I doubt my concerns would have flown to the section of Interstate 35W spanning the Mississippi River just east of the historic Stone Arch Bridge. My first thoughts might have included a terrorist attack at the Mall of America, a tornado, a plane crash, a rampage of violence committed by a deranged loner. But the sudden collapse of the nondescript bridge over which I had so often driven, over which virtually every driver in Minneapolis had driven-falling, without warning, into the Mississippi? Now, that's one I hadn't seen coming.
After much research, Wyeth made a decision late in 2006 to develop an internal Business Continuity Certification course. While comfortable with the scope of their knowledge, they thought they could do a better job training future business continuity leaders and coordinators internally. They teamed with a local college to make it happen.
In business continuity circles, risk management is a hot topic. Many business continuity professionals talk about integrating with enterprise risk management programs, wonder how to build bridges with risk managers in their organizations, and see risk management, business continuity, and related disciplines "converging" in the future. But what do risk managers think about their business continuity counterparts?
Current educational programs in the field of business continuity (BC) planning are confronted with a problem of semantics. The old school educational effort associated with "disaster recovery (DR) planning" was oriented to internal processes that were going to be needed after a disaster. This information was identified by an internal survey of department managers. This same protocol is being used to try to construct business continuity plans.