Disaster Resource Guide Advertisers   Disaster Resource Guide Advertisers   Disaster Resource Guide Advertisers   Disaster Resource Guide Advertisers   Disaster Resource Guide Advertisers

CONTINGENCY PLANNING BEYOND Y2K
MERGING EMERGENCY RESPONSE AND BUSINESS CONTINUITY

By Judy Bell, CEM

The clock strikes midnight. The next second is 00:01, January 1, 2000.

Celebrants around the world ring in the new millennium. Some are partying blissfully. Others are awaiting doom. Only time holds the answer to the mystery that has plagued the world for the last decade.

Has the Age of Technology, with its associated man-made glitches, brought everything to a halt?

The seconds tick on. The first true-life, full-scale test of the Year 2K dilemma has started. Everyone watches and waits. First hours pass, then days, weeks and months. Gradually, the crisis eases. Whatever challenges we are faced with are solved. Time moves on.

Now what? The crisis is over. Those who aren't severely affected will say, "I told you so," and no longer give credence to the value of preparing in advance. Others who are impacted will cry, "We did everything we were supposed to do, and we still had a disaster!"

How do we retain the momentum beyond January 1, 2000 to remain prepared? We must first examine the job that we, as business continuity managers, are currently doing. Have we truly prepared our businesses? Where are the gaps? What more should be included in our plans?

The first step...
in expanding business continuity planning is merging emergency response and business continuity plans into a seamless, coordinated effort.

Most companies view emergency response programs as separate from business continuity. Each group independently develops its own plan. Yet, in reality, an event is going to trigger both plans to be activated almost simultaneously. In most companies, little or no coordination during planning exists to ensure that the various elements will work together. Typically, emergency response plans are created and maintained by a safety coordinator who may be located in the human resources or security organization. The facilities department may be responsible for inspecting for damages. And at the same time, business continuity plans are the responsibility of someone in information systems. One power utility had designed two entirely separate plans that were to be activated at the time of an event. The Information Systems group was expected to move to its alternate data center with little or no coordination with the facilities department that was in charge of inspecting damage to the buildings.

Consider what happens in a real disaster. If a fire breaks out, everyone's focus will immediately shift to safely evacuating the building and treating those who are injured. Once they are treated, and depending on the extent of damage, someone will need to make a quick assessment of the facility to determine how quickly the damage can be repaired. If there is extensive damage that will take several days or weeks to fix, personnel who perform critical functions will need to be disbursed quickly to temporary work locations. Once they arrive, they will require access to systems, communications, and key equipment. Unless plans have been thoroughly integrated in advance so that systems and communications are already available at the temporary work location, people required to perform functions vital to protecting the revenue stream have little chance for success.

It is time...
for organizations to appoint an overall coordinator who facilitates all elements of the planning process.

In the author's experience, working with many different clients in both the private and public sectors, the best placement for the business continuity manager is within the finance organization. This may be someone who reports to the risk manager, auditor, or directly to the Chief Financial Officer (CFO). Why? Support for maintaining a viable business continuity process must come from the top. The risk of not having plans should fall to the individual who carries fiduciary responsibility for the entire enterprise.

When a business commits to contingency planning, the first step is to examine how it will be impacted by a disaster. The results should be shared with top executives to obtain their buy-in before the project is funded. It is the CFO's role to ensure that the money spent is the proper investment to offset the risks the business faces. This is important because as the project progresses, additional funds may be required to purchase necessary emergency supplies, introduce the appropriate back-up procedures for key systems and telecommunications, protect vital records and assets, and reduce hazards in the workplace. These costs will seem astronomical to most businesses unless viewed in relation to the potential loss if preventative measures aren't introduced. It is the CFO who should weigh the benefits of the cost of preparing against the risk of loss. Insurance rebates and other incentives can provide leverage for the business to move forward in its preparedness plans.

The business continuity coordinator...
needs to be an integral part of the corporate strategic planning team.

Once the project is approved, internal awareness grows quickly that strategic planning must also be expanded to include contingency planning in all major decisions that introduce changes to processes or systems. It is the business continuity coordinator's role to ask the right questions during the planning stage to ensure that any changes introduced will not impact the ability of the enterprise to continue to perform key functions. Here are some key questions to ask:

• How will this new process or technology continue to function if business is interrupted?

• What back-ups should be in place to ensure continued operation? (If this is a new system that is being introduced, look for back-ups for both hardware and software.)

• How long will the business experience interruption before the back-ups are in place?

• What resources will the vendor or service provider have available at the time of an event to assist the business in resuming its business?

One recent client was in the middle of bringing its check printing process in-house when it began creating its business continuity plans. By discussing its plans in advance with the business continuity manager, the client discovered that it would not be able to perform that function elsewhere if disaster struck. As the planning continued, it was able to create a solution that would allow a seamless transfer of responsibility to an outside source. Prior to the introduction of contingency planning, the new process would have been implemented with little or no consideration for the ability of the business to continue this function if disaster struck.

Public-private partnerships...
must become a reality in the planning process.

There has been much discussion the last few years about public-private partnerships in continuity planning. However, relatively few companies have introduced this concept into their plans. What does it mean? How is it accomplished? As a business, you will want to start with the basics. Are you going to expand to a new location soon? If so, what factors become important? Are local authorities consulted to determine if your potential new location is in an area that is subject to natural disasters, such as a flood or earthquake zone?

Does your business own the building(s) you occupy? Have you discussed with the city authorities what their inspection process will be to determine the extent of damages if a regional disaster occurs? Will they allow you to bring in your own structural engineers, and accept their reports, or will you experience additional delay in re-occupying your buildings until the city re-inspects?

If you lease space, the building manager or owner will make the initial determination if there is damage. Have you met with that person to discuss what the process will be? How soon will you be allowed to access your work area? What special plans will you need to make to salvage and clean up damaged furniture or equipment? How long can you anticipate that you will not be allowed back in? Where will you set up temporary operations in the meantime?

Ensure...
that key suppliers and vendors have their own contingency plans.

Dependence on suppliers and vendors has increased substantially in recent years. How has your business protected itself from impact by requiring these stakeholders to have contingency plans? Does each contract have the proper wording to ensure continued delivery of critical supplies or products?

Outsourcing has become a strategic business direction in almost every field. What obligations does the outsourcer have to make sure it will continue to perform those key business functions following a disaster? If an earthquake or hurricane strikes the area, and the community is impacted as well as your business, who will be your outsourcing company's first priority? What penalties will you and the outsourcer incur if it cannot deliver its services?

One example has come to light repeatedly with companies that outsource food preparation. Typically, these providers also service hospitals, nursing homes, and schools. If disaster strikes the area, most have already agreed to continue to provide food to those key customers first. Where does your business fit on their priority list? If you can't count on them, what other arrangements need to be made?

Another popular outsourcing strategy is hiring employees through an external company to handle payroll, benefits, and other administrative and human resources elements. How will they be available to assist your business when disaster strikes? What provisions are included in the contract to guarantee that the support you will need will be available?

Educating top Executives...
is a key responsibility as the role expands.

As an industry, we are just beginning to grasp all of the facets of a contingency planner's responsibilities. We see large fluctuations in compensation and responsibilities. Placement within organizations can occur anywhere. We must not assume that the top executives understand this new field. It is the planner's role to take every opportunity to educate them.

The learning curve applies to the planner as well. It takes time to even figure out what this field is all about, not to mention how to become an effective planner. Make sure your business is taking the proper steps to place the right people in this role.

Y2K is only one challenge. Take advantage of it as an opportunity to enlighten everyone on the importance of business continuity planning! Promote the need to expand the role to reach out into areas that your organization has not yet addressed. Let each tick of the clock bring your business closer to the goal of continuing critical business operations without interruption after disaster.

About the Author
Judy Bell is president of Disaster Survival Planning and founder of the DSP Network. For more information on this topic, call (805) 984-9547.
 
 
Copyright ©2008 DISASTER RESOURCE GUIDE P.O. Box 15243, Santa Ana, CA 92735 714/558-8940
Fax 714/558-8901