Welcome back to my column of trends and directions in the continuity industry. I'd like to ask you to take a more participatory role in reading this article. Please let me know what you think of my perspectives, good and bad, and offer up some of your own thoughts that I can share in future articles on this topic.
Have you ever wondered how the media is able to report damage estimates within hours of an earthquake or immediately after a hurricane makes landfall? They can do this by using sophisticated natural hazard consequence models. These models, previously used only by insurance companies and the like, now are available to business continuity professionals to guide our planning for complex exposures such as natural catastrophes. We've all seen the results of earthquake and hurricane modeling, and this article will describe how these models work and how BC professionals are using them to plan for disasters.
The Children's Hospital of Philadelphia or CHOP as it is commonly known is a truly outstanding institution. In 2007, for the fifth consecutive year, U.S.News & World Report ranked CHOP the best hospital for children in the United States. Child magazine bestowed a similar honor. The oldest U.S. hospital dedicated exclusively to pediatrics, CHOP is an undisputed world leader in the advancement of healthcare for children. Here's just a smidgen of what the people at CHOP do: "Physician-researchers draw on the latest available information about the human genome to customize therapies to variations in genetic makeup.
The more things change, the more they (must) stay the same. As an industry, we've gone through significant leaps and bounds to make disaster recovery and business continuity easier. But an Achilles heel of many organizations is the tendency to focus on the latest and greatest technology, without paying due attention to the equally critical components of people, processes, and planning. In fact, as technology grows more complex and advanced, there's an even greater likelihood organizations won't pay enough attention to these elements because they erroneously think that technology has the job covered.
First responders, such as police, fire, and emergency medical technicians, are a welcome sight after an event occurs. We now live in a world where we need these individuals to not only react as they have been trained to do in the past but also take on a different role: that of possibly preventing events. The new environment in which we find ourselves requires us to be more lenient and accept certain limits to privacy and individual rights. In no way does this mean we must forgo these rights, but instead learn to live with the reasons behind relaxing them for the benefit or safety of others.
Continuous data protection, high availability, data backup, data security, what does it all really mean? And what does it mean to business continuity professionals? We all know that business continuity has its roots in IT, springing from data center disaster recovery plans. And as business continuity has evolved and changed, it has, in many cases, moved out of IT. Today, the people who are responsible for business continuity, crisis management, security, and the like often don't have strong IT backgrounds. So how are they to know if their data is really protected, accessible, and valid?
The "buzz" in the business continuity industry is the enactment of "Implementing Recommendations of the 9/11 Commission Act of 2007." Also known as H.R. 1 and Public Law 110-53, this legislation includes a key section on Private Sector Preparedness (Title IX) addressing the development and implementation of a "Voluntary Private Sector Preparedness Accreditation and Certification Program."
The list of natural and man-made disasters that businesses have had to contend with has increased dramatically in the last few years. Disruptions resulting from these disasters have rippled across just-in-time supply chains, shaken entire industries, and taken their toll on employee, customer, and partner relations.
Want proof that business continuity is going mainstream? Go to YouTube and check out the "Verizon Wireless Technicians Brave Colorado Mountain Storm" video. Among the zillions of stupid pet tricks, stupid human tricks, and clips from reality TV shows, here's a video that tells the story of a Verizon Wireless team responding to the massive 2006 Colorado blizzard.
Life-safety is the most important part of first responder efforts. The tremendous job emergency management (EM) people do to keep people safe from all hazards must be acknowledged as world class. However, their life-safety mission can be at odds with private sector recovery and continuity efforts.
Multi-national firms have a need to share information on their employees typically contained in BC plans that some data privacy and employment laws may prohibit from crossing borders. How can BC professionals ensure that their plans are complete and don't break the law?
On April 19, 2004, the Department of Homeland Security and the Memorial Institute for the Prevention of Terrorism launched Lessons Learned Information Sharing (LLIS.gov). This system, designed to help prevent, protect against, respond to, and recover from all hazards by connecting emergency response providers and homeland security officials, serves as the Nation's online resource for lessons learned and best practices. LLIS.gov contains over 10,000 homeland security-related documents, including after-action reports, federal guidelines, best practices, standard and emergency operations plans, and many others.
Every day, unexpected events occur that have business continuity implications. July 18, 2007, was no different. On this seemingly normal Wednesday in Midtown Manhattan, a steam pipe exploded. At first glance (and despite the fact that the explosion was "photogenic" and therefore appeared in every news outlet), the situation appeared to have minimal business impact. However, a number of businesses were significantly and immediately impacted due to lost utilities and other city services. In many cases, employees were unable to reach their workplace (for up to three days in a number of situations).
In business continuity circles, risk management is a hot topic. Many business continuity professionals talk about integrating with enterprise risk management programs, wonder how to build bridges with risk managers in their organizations, and see risk management, business continuity, and related disciplines "converging" in the future. But what do risk managers think about their business continuity counterparts?
Ask Rudy Garcia about his business continuity program and there are a few key phrases that you're going to hear quite a bit: crystal clear, business drivers, strategic planning, communication, useful information, day-to-day basis. Those phrases pretty well sum up Garcia's approach to BCP: Have a crystal clear understanding of the organization's business drivers. Develop a strategic business continuity program that is aligned with the business. Communicate that program to all relevant parties. Provide stakeholders, particularly top management, with useful information that will help them make business decisions. And add value to the organization on a day-to-day basis.