Last Thursday, July 10th, I had the opportunity to sit in the Spokane City/County Emergency Operations Center and observe the professionals working the Valley View Wildfire (link to video footage). There were a lot of positives that came together during the event but some lessons learned as well. When you consider that most of those folks deal with emergency responses for a living, you would think that most of the issues that surfaced should have been addressed in the past, either as the result of past emergencies or through the regular training exercises these folks conduct. From my observation, though, what it came down to was the proverbial left and right hand not knowing what the other hand was doing – not a lot of it mind you, but enough to raise one’s eyebrows.
The big question for me as I look to the private sector is, if the real professionals have challenges during an emergency, what would it look like from an individual’s company’s perspective following a major business disruption? Are you prepared? Would communications flow freely? Could you respond to a business disruption? Could you resume your business? Recover your business over time? Unless you test your plan (assuming that you have one), you will never know! My theory is, better to find out during an exercise vs. during an emergency. If you are not going to make the effort to exercise your plan - good luck following the disruption we all hope never occurs.
What were you thinking when you developed your data backup strategy? Where you thinking about data restoration at time of a major business disruption? Is it really all the data?Is it the right data? Is it what the business expects to see when you resume your critical business functions? How long will it take to restore the data? Data Management is not something you want think about at-time-of-event! It requires some preplanning.Take a peek at this article, I was impressed with how the interviewer painted a realistic picture of the issues I see every day as it pertains to data management and business continuity. You can also find a copy under my articles page.
Clients often ask about different recovery options and what they look like. Mobile Recovery Centers are a relatively new trend and were highlighted in this newscast earlier this week…..take a look.
Hey everyone! This is my first blog and I am very keyed up about it. For years I have been looking for an avenue to communicate to those interested in disaster recovery, or whatever the concept was called at the time. There is such a lack of realistic content available about disaster recovery, and more specifically Business Continuity Planning. With my extensive background and practical, hands-on experience, I hope to enlighten readers out there with information that will surprise them, mostly because they never knew they needed to address, let alone comprehend, this business continuity “stuff”. Businesses are complex and the plans that allow an organization to meet an event head-on and overcome it are even more complex. There is no substitution for being proactive to disaster since the question isn’t, “What happens IF there is a disaster,” it’s “What happens WHEN there is a disaster.” Being reactive is simply unacceptable to many industry experts, including myself, so let me try and break down the pieces into digestible form in order to shed some light on this, often overlooked, aspect of running a business successfully.
How many of you got into your profession quite accidentally? If you are considered the person responsible for disaster recovery, emergency planning or business continuity – you probably did, and the task you’ve been given falls under the “Other tasks as assigned” category on your job description.
The good and/or bad news depending on your situation is that you are not alone. Depending on which survey you read the majority of businesses in the United States do not have a business continuity plan, much less a full or part-time “planner.” Using a fully trained business continuity planner is rare according to the article. A recent Deloitte survey apparently indicated that 27% of companies had no full-time or less than one full-time equivalent employee dedicated to business continuity — it fell under someone else’s responsibilities as “Other duties as assigned.” If this is you, get ready for a steep learning curve.
You are now responsible for preparing your organization for dealing with a business disruption caused by natural, technological or human-caused events. Unfortunately this task is not an experiment. In a lot of cases you don’t get a second chance. Whatever you put in place must work when the time comes. Understanding that there is a right way and a wrong way to approach business continuity management is critical to your success.
The first lesson is that business continuity planning is a process – not a project. It has a beginning without an end. The second lesson is that it has specific components. The new buzzword is Business Continuity Management. Its elements are Crisis Management, Disaster Recovery and Business Continuity. Each element requires a plan. Crisis Management deals with responding to an event. Disaster Recovery is the traditional technology recovery and Business Continuity address the resumption of critical business functions and processes. There is a ton of information on these specific topics available to the new planner. My suggestion is to do your homework – it will save you a lot of time and effort and ultimately ensure that you develop a viable plan for your organization.
Along with the concept of Business Continuity Management, a set of suggested “best practices” have been identified by industry-independent and industry-specific, as well as regulatory and quasi-regulatory agencies. At a high level the list of generally accepted standards includes:
Process Management – managing the process from beginning to end
Risk Assessment – knowledge of rules and regulations, specific hazards and risks
Impact to the Business – effect of a major disruption on critical functions or the core business
Recovery Strategies – matching the business need to the resumption solution
Management Procedures – defining response, resumption, recovery and restoration
Training & Awareness – ensuring response, resumption, recovery and restoration
Testing & Exercising – verifying continuity strategies, ensuring the return on investment
Auditing & Maintenance – ensuring the viability of the plan
Whether your plan is mature, or you are just beginning the process keeping the concept of Business Continuity Management and the suggested best practices in mind will ensure your plans viability
John Ames, VP Business Continuity Practices, IT-Lifeline
“The only thing harder than planning for an emergency is explaining why you didn’t” Unknown
John has been involved in disaster recovery and business continuity planning for over 31 years. His work experience includes over 18 years with Washington Trust Bank, and 8 ½ years with Database, Inc. (now Iron Mountain) and Database Recovery Services as a Disaster Recovery/Continuity Planner.Prior to joining IT-Lifeline, John was the Manager of Business Continuity Planning & Corporate Records for Metropolitan Mortgage & Securities and Western United Life Assurance Company for 7 ½ years.John is a recognized leader in the local disaster planning community.John was the Chair for the Alliance for Business Continuity & Disaster Preparedness since 1998 and currently serves as its Co-chair.He has been a member of the Spokane County Citizen Corp Council/Disaster Committee, representing business & industry since 1998, and served as its Co-chair in 2005 and 2006.In addition, John currently is the Chair for a Spokane Regional Health sub-committee that is addressing pandemic planning for business & industry.
