Pacific Northwest Winter Storms Grow and Present Flooding Problems

As the winter weather worsens in the Pacific Northwest, I am continually reminded of the need for PREPAREDNESS.

A series of heavy snowfall since mid-December has left Spokane buried. We broke the 24-hour, 48-hour, 72-hour, 7-day, and 1 month records for most snowfall in a given period just to give you an idea if you reside outside of this area (Mayor Mary Verner spoke to this issue and others in a press conference on 1/7/09). We experienced roof collapses all over the city – 28 buildings so far – and then came the bad news – we would be getting 6-10 more inches of snow followed by rain. Why was that such bad news, you may ask? The added weight that the rain would add to the existing snow on structures all over the area would be a major concern for buildings and structures with flat or low-pitched roofs – we would be approaching 30lbs per square ft, dangerously high. They closed all Spokane School District #81 schools, along with numerous others 4 days already this week because of safety concerns regarding the structural soundness of the buildings. On top of those issues, flooding will start to become a real threat as the rain melts the snow buildup causing transportation, drainage, and safety issues all over the state.

That is a lot of information to take in all at once so I will get back to my main point in writing this post – you must be prepared at all times, for best to worse case scenarios! We were smack in the middle of the biggest snowfall this city has ever experienced, a state of emergency on its own, and then came the next event (more snow and rain leading to heavier snow), and the next (expected flooding all over Washington state)….

As the City of Spokane tried to raise awareness of these events through Press Releases and media, they also spoke to the theme of preparedness. They wanted people/ businesses to be aware of the possible dangers and who they could turn to/ where they could go for assistance should they need it.  

Take the time to plan … plan for the next event!  Figure out NOW what you need to do before you find yourself scrambling to figure out what your next move will be, should you experience a business disruption as the result of that event – whatever it might be; this article speaks to that point. The rest of this winter should be interesting!

January 8, 2009 Posted by johnames | Business Continuity Planning | BCP, Business, business continuity, Business Continuity Planning, disaster recovery, Emergency Management, emergency preparedness | 2 Comments

The Recent Pacific Northwest Inclement Weather and Snow Events Remind us that Response Plans are a Requirement!

The media has been filled with stories about snow and more snow, freezing temperatures, high winds, broken water pipes, collapsed roofs and fires of late.  These events have disrupted a lot of businesses in our area.   I wonder how many of those businesses affected by these events had a response plan to deal with the situation.  Do you have a response plan that is part of your overall business continuity plan?  Sadly, the majority of existing plans that I review for our clients / prospects do not have a response element in place.  The above topics serve as a reminder as to why an organization should have a response plan.

Response can be defined as, the reaction to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required.  Response planning should address the policies, procedures and actions following an emergency.  This needs to be done in advance and in anticipation of an emergency – yes, even a weather related incident.  It needs to define the proverbial who, what, why, where, when and how,

Examples of actions and measures that need to be predefined include:

• Response procedures to minimize harm to personnel and assets.
• Incident management processes to control and mitigate damage to facilities and equipment.
• Crisis management strategies to address operational, service, and public image impacts of an event.
• Crisis communications tactics to address who and how information will be managed and communicated.

The primary goal of the response stage of a business continuity plan is to manage the disaster from the beginning and to position your organization for the resumption of business.  Once again, defining in advance and making sure you have the right people, in the right place, and at the right time will go a long way to ensuring your recovery.

In the meantime, for those of us in our area that have predefined our “Sight Emergency Response Teams” perhaps we should consider renaming them for the time being to the “Snow Emergency Response Teams”…..

December 31, 2008 Posted by johnames | Business Continuity Planning | BCP, Business, business continuity, business contiuity planning, disaster recovery, response plan, winter storms | No Comments Yet

Forget the Downturn in the Economy, these Winter Storms are Fierce!

Forget the Economy (for now) – Got Snow and Ice?
At time of event it’s going to be all about people and resources!

If you live in the Pacific Northwest, or other parts of the country for that matter, you have been subjected to some pretty nasty weather this last week; Spokane Valley even declared a State of Emergency due to the record snowfall. Spokane discusses what officially declaring a state of emergency would mean in this clip, and Spokane’s Mayor Mary Verner addresses the city’s issues in this news clip.  If you are in business, you more than likely had to make some decisions regarding keeping things going on the work front.  Issues dealing with people, resources and your ability to deliver your products and services were no doubt at the top of the list.

Those of you that have worked with IT-Lifeline in the development of your business continuity plans probably get tired of me preaching “right people, right place, at the right time.’  The recent snow event in Spokane, Seattle and Portland proved that little sermon to hold true.

We know in plan development you have to have the right folks in place to evaluate risk and impact to your business from a major business disruption – including a snow event.  When it comes to responding to the event and resuming your business definitely requires the right people.  If you based your response and resumption planning around your organizational chart you may have experienced some difficulties over the last week.  I encourage you to dig deeper (no pun intended) into your planning efforts to ensure you will have the resources – people and things in place when the time comes.

Many of our clients experienced a shortage of “key” staff members – they couldn’t get to work due to impassable roads, impaired local transportation, or issues on the home front. At Spokane International Airport we experienced numerous cancellations and delays after the worst of our storms.  They couldn’t get the job done with those that were able to get to work.  This raised the issue of cross training or the lack there of.  I even heard of one local business that couldn’t even get the door open – the person with the key was stuck.  Others were looking for employees with 4 wheel drive vehicles, but then what do you do when the local law enforcement agencies are saying “stay off the roads”? Do we close?  Do we remain open?  Is there someplace else we can go to get things done – even if it’s only to answer the phones? What about our suppliers? How do we get the word out to our customers and clients?  The list of issues and questions goes on and on.  You probably have your own list.

The bottom line is this – you need to think about the issues pre-event, not during the event.  Snow and ice are not new to us here.  The length and strength of the storm was unprecedented, even in our neck of the woods.  It may be obvious to some, but as a business continuity planner, and speaking on behalf of the remainder of the staff at IT-Lifeline, I can tell you that advance planning makes all the difference in the world when it comes to responding to an event and resuming your business following a major business disruption – even a prolonged snow event.

God forbid — what if there had been a secondary event?  A broken water pipe?  Loss of power? A fire?  Could you have gotten the right people, to the right place, in the right amount of time to respond to the above events and resume your critical business operations?

We ensured we were open to our clients, but that is our business – we had the right people, in the right place, at the right time – did you?  Tell me about your success stories.  Share your list / solutions with others!

December 29, 2008 Posted by johnames | Business Continuity Planning | | No Comments Yet

Outsourcing Disaster Recovery Should Protect the Continuity of Your Business!

Vendors / Providers of Critical Services Beware!

I recently read an article that was written by Colin Roe, MBCI that was published on the Continuity Central Website (http://www.continuitycentral.com/feature0628.html) that got me thinking about what this year has taught us about outsourcing critical services.

As VP, of Business Continuity Practices for IT-Lifeline, I consistently work with those whose responsibility is Vendor Management.  In March of 2008, the FFIEC, a regulatory group that oversees business continuity practices for the financial institutions issued specific guidelines that pertain to 3^rd party providers of services to banks and credit unions.  Those of you in other industries should take note!

In summary, the financial institutions were directed to hold 3^rd party providers of key services to the same standards for the development and maintenance of their business continuity planning process that are expected of the institutions themselves.  Specifically, the professional practices that pertain to business continuity planning;

 

·         Process Management

·         Risk Management & Evaluation

·         Business Impact Analysis

·         Defined Recovery Strategies

·         Defined & Documented Plan Procedures

·         Training & Awareness

·         Plan Testing & Exercises

·         Audit, Maintenance & Certification

 

If you are a provider of services to financial institutions you need to be aware of the above.  The financial institutions have been given a directive to inquire as to your efforts regarding these practices.  The options they have been given to your response are 1) accept the provider’s position, 2) Encourage the provider to develop / complete the planning process, or 3) Seek another provider for the service.  I can tell you from firsthand experience that I have seen all of the above options exercised by our bank and credit union clientele.

If you provide key / critical services to other industries you can expect this standard to rapidly become a professional best practice regardless of industry. Your clients will be asking how you approached your business continuity planning process.

December 19, 2008 Posted by johnames | Business Continuity Planning | | No Comments Yet

In Times of Economic Uncertainty, Be Proactive Not Reactive With Business Continuity

Same message, just more food for thought….

When it comes to business continuity planning or personal preparedness, is it the probability or the consequences of the outcome that should drive ones actions? Often when trying to introduce awareness of the need for emergency or business continuity planning, I often overhear such things as – “What are the chances that will ever happen?” or “We’ve never had a major business disruption so what makes you think we’ll have one?”, and the list goes on and on!

Ah yes, the big dilemma – to plan or not to plan, that is the question. If you have knowledge of your local risk, and thus the risk to your business, can you afford not to plan? That is the question! Whether it is personal preparedness at home or planning for an event that would impact your ability to conduct business, are the consequences of not panning worth the risk and probable negative end results?

Prepare your plan today; It is consequential and the end result will be preferable. Try this site as a resource: www.ready.gov.

December 11, 2008 Posted by johnames | Business Continuity Planning | BCP, Business, business continuity, Business Continuity Planning, disaster preparedness, disaster recovery, emergency planning | No Comments Yet

Business Continuity Planning Done Right – Save Money on Disaster Recovery During the Financial Crisis

So What Are you Spending on Your Business Continuity Resources?

It appears that in this time of financial crisis several organizations are looking at what they are spending on business continuity planning and the process of preparing for a major business disruption. Many are looking to “cut back” and yet others currently evaluating what resources need to be set aside are looking to cut corners. What to do? What to do?

Do you really know what you are or should be spending and for what level of protection? Are you spending too much? Are you spending enough? Either way what are you getting for your money? What level of protection have you achieved? Most folks don’t know and don’t have a clue. They see an expense but little else. Do you have the technology you need? Have you defined what your telecommunications environment should look like? How about workspace for your required personnel? Again is it too much or too little?

I’m still amazed at the number of organizations that have literally taken a “shotgun approach” to defining what is needed to protect their organization from a major business disruption. This scattered approach usually has them spending too much or too little, and whether they know it or not they are gambling with their ability to resume business should they experience that business interruption.

Unless you have done a formal business impact analysis to identify what is critical to the continuance and recovery of your business operations, and matched that to specific resources and specific recovery strategies such as data back-up, specific key hardware, applications, telecommunication and people, my guess is you really don’t know if what you are spending is adequate to protect your organization.

If you have a plan – conduct a business impact analysis. Follow that up with a resource analysis. See if you have the right solution in place – maybe you have too much? Maybe you have to little in place? It will tell you how much money you will need to spend to meet your defined recovery time objectives. If you are just now defining your resources required for resumption / recovery, and have not conducted a business impact analysis, do so and follow that up with a resource analysis. This will tell you how much you need to spend to meet your specific recovery time objectives.

My suggestion is that you review your business impact analysis annually and that you perform a formal business impact analysis every other year. Make sure this process becomes part of your program management to ensure the right monies are being spent for the right solution.

Make sure you are matching the needs of business to the money you are spending to protect the same.

December 4, 2008 Posted by johnames | Business Continuity Planning | BCP, Business, Business Continuity Planning, Business Impact Analysis, Crisis Management, Diaster Recovery, financial crisis, IT-Lifeline | 1 Comment

Business Continuity and The Financial Crisis

Has the current financial crisis impacted your business continuity program? After talking to several of my clients and prospects I learned that the answer to that question is all over the board. Most of these folks play in the financial services market. Because IT-Lifeline plays in the small to medium size business market, almost 40% of those I talked to expected to experience a negative impact on their business continuity activities. Check out this article from ContinuityCentral.com discussing a survey they conducted regarding the impact of the financial crisis on the business continuity market. In the survey they touched on impact, spending patterns, staffing, and regulatory expectations.

The response to the question regarding “more” regulations was interesting to me. Just less than half (44%) expected to see more regulations regarding business continuity. A little over half (56%) expected no change and none one expected less! I guess I could conclude from this that the need for business continuity planning will not go away!!

As one could expect, those in the financial services industry were expecting new or more regulatory scrutiny – go figure!

November 25, 2008 Posted by johnames | Business Continuity Planning | business continuity, Business Continuity Planning, BCP, Business, SMB, IT-Lifeline, financial crisis | No Comments Yet

It’s That Time Again – Are You Prepared?

Well, it’s that time of year again – winter. Are you prepared? Last year’s snow fall and our previous and infamous ice storm should have taught us a lesson in preparedness, both personally and professionally. Weather emergencies don’t respect jurisdictional borders, let alone economic environments facing large, medium and small businesses. The general public (your customers) expect  all public, private and not-for-profit entities to be able to effectively deal with a business disruption, even if its weather related.

We have a tendency to think in terms of building fires and other catastrophic events when we think of preparedness. Did you know that winter storms rate #1 on our City/County Hazard Identification and Vulnerability Analysis, but a preparedness survey of over 3oo in Spokane County say that power outages are most likely to affect them? When you think of the secondary events caused by storms, such as power and other things, the need to prepare is further amplified.

How would you handle this one? One of my clients recently suffered a catastrophic failure associated with the heating and cooling system. The parts required to fix the situation will take weeks to arrive and to be installed. Fortunately it is not a heat related part, but what if it had been? Better yet, what if this was your organization? How would you handle it – could you handle it? Technology failures lead the list of reasons for disaster declaration. How would you operate? How would you supply the goods and services expected of you by your customers? Where would you go? What about technology: your systems, applications, and your data?

Now is the time to prepare. Prepare at home and prepare your business for a major business disruption. Consider the weather, but I recommend that you take an All-Hazards approach to your planning efforts.

Ask yourself this question – ARE YOU PREPARED FOR AN UNPLANNED EVENT?

November 6, 2008 Posted by johnames | Business Continuity Planning | business continuity, emergency planning, Business Continuity Planning, BCP, Business, Crisis Management, emergency preparedness, ready.gov | No Comments Yet

Business Continuity Planning – Protecting the Bottom Line or a Moral Duty?

In yesterday’s Alliance for Business Continuity & Disaster Preparedness (www.preparespokane.com) meeting, we spent some time discussing why more businesses don’t take business continuity planning more seriously, especially the small to medium sized business owners. Owners of small to medium sized businesses have always struggled with the issue of business continuity planning. “Why do I need a plan?” is often the question that they ask.

SMB owners usually have a hard time relating to the specific risks they face and even more so the impact to their business and bottom line. In the Disaster Recovery Journal, Fall 2008 issue, John Orlando, the director for the Norwich University Master of Science in Business Continuity Management offers up a different spin on the subject for justifying the development of a business continuity plan – Is Business Continuity a Moral Duty? I suggest you take the time to read it; I think you will find his opinion quite interesting.

Is it the moral duty of a business owner to develop a business continuity plan? As Orlando suggests, when you consider the potential obligation to customers, workers, and the community, it just might be. There are many drivers when you consider why an organization should consider business continuity, and moral duty just might be another. I’d be interested in your thoughts, let me know what you think.

October 31, 2008 Posted by johnames | Business Continuity Planning | alliance for business continuity & disaster prepare, Business, business continuity, business continuity management, Business Continuity Planning, Disaster Recovery Journal, moral duty, preparespokane, SMB | No Comments Yet

Where Does Business Continuity Planning Reside in Your Organizational Food Chain?

At last count, the team at IT-Lifeline and I have been involved in 33 different business continuity planning engagements with different clients. A common thread regarding the success of those engagements has been the level to which the client planner reported inside the organization and who sponsored the planning process. The topic of who owns BCP in an organization has been a long standing issue. One thing that is obvious from my perspective is that the higher up the BCP owner is, the more clout, the greater success in terms of plan content and thus greater the plan’s viability.

So who has responsibility for BCP in your organization and to whom do they report? In a recent study that I read, a group of participants suggested 50/50 that whoever had responsibility for Risk Management or the CEO should take on that risk. An interesting observation given that the roots of BCP are IT-Based. All participants agreed that whoever ended up with the task needed the endorsement and involvement of the entire C-suite.

Business continuity planning as I’ve stated in prior blogs and presenations, ain’t what it used to be. Business continuity can no longer be “assigned” as a project and ignored by those above. My experience indicates that businesss continuity planning is not an information technology responsibility. When it is IT driven, which happens three times more than any other group in an organization today, the process often bogs down and fails.

Business continuity planning is a “business” responsibility. It must involve the senior executives, the IT group and the rest of the business. Anything less usually results in an ineffective plan that would not work at time-of-event. Where does your plan stand given its sponsorship and involvement?

October 20, 2008 Posted by johnames | Business Continuity Planning | BCP, Business Continuity Plan, business responsibility, c-suite, disaster recovery, IT, risk, risk management | No Comments Yet