What’s New In the Industry
January 2001 Update

By Pat Moore, CBCP FBCI

We have seen tremendous change and growth in our industry over the last year.  Not only has there been a paradigm shift by forward thinking companies to ‘holistic’ risk management, but there has been a definite movement for the IT infrastructure to become only a portion of the organization-wide recovery plan. Line management is becoming more involved in the business continuity process.  In addition, companies are looking internally for alternate site redundancy.  We are seeing the creation of business continuity practices and programs rather than simple contingency plans. Also business continuity planning is becoming business continuity management and even enterprise continuity management.

The Internet
E-business has had a major affect on continuity planning because there is zero tolerance of ‘downtime’.  Suppliers of products and services in both the public and private sector are now expected to have, and provide documentation of, contingency plans that address ‘continuity of operations’ issues.  We also see tremendous movement to web-based planning.  Web-based planning is facilitating more executive buy-in and end user buy-in to the planning process because of the increased visibility and familiarity with the tools and techniques, as well as its portability.

Crisis-Prepared versus Crisis Prone
A large percentage of organizations are becoming ‘crisis prepared’ rather than ‘crisis prone’.  Along with increasing natural disasters such as ice storms and tornadoes in the southeast and central part of the United States, wildfires in the west, earthquakes and volcanoes erupting in Mexico, unprecedented flooding in the United Kingdom and earthquakes in Central America, there are operational and technological disruptions that organizations are facing with higher profiles than ever before.  More senior executives are realizing that ‘it can happen here’ – right in their own backyard, whether to their own organization or within their supply chain.

Power & Energy Crisis
For example, the reduced availability and potential loss of electric power in California, resulting in rolling blackouts, has played havoc with even the most sophisticated of business recovery plans. Organizations are having to rethink their options and look beyond just backup generators with appropriate fuel options and temporary alternate sites due to potential extended lengthy periods of power outages. 

At the end of the year 2000, the United Kingdom was virtually paralyzed by the lack of available petroleum products.  Fuel stocks were drained dry by the public’s panic buying.  Protestors blockaded the UK oil refineries   because they were unhappy with the cost of fuel. Businesses that relied on JIT fuel inventory for their processes found their supply chains cut.  Service industries found that staff could not get to work and hospitals were running low on food and drugs.  Protest movements had no identifiable leaders, which made negotiations almost impossible until the protestors called off their campaign, giving the government of the UK 60 days to meet their demands to lower prices. Finance Minister Gordon Brown announced that fuel duties would be frozen until 2002 and discussions continue.

Internet Cable Damaged
Damage to one of the world’s busiest Internet cables created chaos on Monday evening, November 20, 2000 for millions of people in Australia, Asia and Europe. The SEA-ME-WE-3 cable, which links the 3 continents, was damaged on the sea floor about 100 kilometers from Singapore at 3:20 a.m. Singapore time. Telstra, Australia’s largest Internet service provider with more than 650,000 customers, relies on the cable for 60 percent of its traffic.  Hundreds of other Australian ISP’s also use it. Mr. Stuart Gray, a Telstra Big Pond spokesman, said that ‘the gridlock was probably the biggest Internet problem Australia had seen’. With the damaged section of cable lying at an unknown depth, it was impossible to estimate when the problem would be fixed.  By about 10 p.m. Singapore time, Telstra had its network operating again by rerouting traffic, but Mr. Gray said service would probably not be restored to normal capacity until the cable was repaired.

The cable, which only began operating last year, is the world’s longest telecommunications system. It has 40 landing points in 34 countries on three continents, stretching from western Europe (including Germany, Britain and France) to the Far East (including China, Japan and Singapore) to Australia. The cause of the damage to the cable, built specifically to speed up Internet access, is still unknown, but the possibilities include a ship’s anchor or an earthquake. About 100 telecommunications companies around the world, including Telstra, are partners in the $1.7 billion project. Its bundle of superfine optical fibers can transfer 20 gigabits of information a second - the equivalent of about 5000 medium-length novels, 500,000 simultaneous telephone chats or a million pages of email. The damage would have caused even more havoc if it had happened before the previous week’s launch of the $2.3 billion Southern Cross cable, which links Australia to the United States.

Increasing Public & Private Sector Mandates
Increasing mandates for business continuity plans in both the public and private sector worldwide are helping to raise the awareness and need for thorough contingency planning programs.

Australia, for example, has become the first country to issue official business continuity guidelines.  In February 2000, Australia’s Auditor-General, Pat Barrett, launched ‘Better Practice Guide to Business Continuity Management’.  The Guide is presented to businesses either as a check against existing provisions, or a basis for developing a management approach to the issue.

United Kingdom – In the UK, Turnbull is the latest in a series of committees working on enhancing procedures of internal control within UK listed companies.  Previous working parties have dealt mainly with issues concerning financial risk, but Turnbull is the first to come to grips with the wider definition or risk management. The Turnbull approach is connected through the Combined Code on Corporate Governance to the Listing rule disclosure requirements of the London Stock Exchange.  Non-compliance with Turnbull would result in a disclosure on the company’s annual report that could quickly attract adverse media comment and affect share price and credit rating.

In addition, the United Kingdom Home Secretary, Jack Straw, announced that the government plans to bring in new laws aimed at putting corporate manslaughter on the statute books and is yet another indication of the speed at which the business practices climate is changing.  The planned legislation will go further than Turnbull in highlighting a company’s duty of care, placing responsibility for due diligence and pre-emptive risk management firmly at the door of corporate executives and senior management.

Also in the United Kingdom, in October 1999 the emergency planning community worked with the Home Office to produce Standards for civil protection in England and Wales. Among other things, these call for local authorities to identify the main hazards in their areas, and those within neighboring areas which could have an impact on them. Owners of large sites that could affect the public -- such as nuclear or chemical plants -- must also assess the risks. Additional information on this can be found in the Control of Major Accident Hazards Regulations 1999.

United States
Emergency Management Accreditation Program
In the U.S., the Emergency Management Accreditation Program, known as EMAP, has been developed by over a dozen national organizations, including the National Emergency Management Association (NEMA), The International Association of Emergency Managers (IAEM), The Federal Emergency Management Agency (FEMA), the U.S. Department of Transportation (DOT), the Association of State Flood Plain Managers (ASFPM), the Institute for Business and Home Safety (IBHS), the National Governors Association and the National League of Cities  to measure and enhance emergency management capabilities.  EMAP provides the opportunity to be recognized for compliance with national standards, to demonstrate accountability, and to focus attention on areas and issues where resources are needed. The EMAP Standard is based on the National Fire Protection Association  (NFPA) Standard 1600 on Disaster/Emergency Management and Business Continuity Programs, and uses the state and local CAR (Capability and Assessment for Readiness) document developed by FEMA as the self assessment tool for the state and local emergency management programs. 

The goal of EMAP is to provide a meaningful, voluntary accreditation process for state, territorial, and local programs with the responsibility of preparing for and responding to disasters.  Accreditation is voluntary and is not tied to any type of funding.  This year, EMAP will pilot accreditation standards and procedures with two state emergency management programs.  Following pilot tests, EMAP will refine its procedures and materials and offer the accreditation process to all U.S. state and territorial emergency management programs.  In 2002, the program expects to pilot the accreditation process with local emergency management programs.  The accreditation process will include application, self-assessment, on-site assessment by an outside review team, committee and commission review of compliance with the EMAP Standard, and re-accreditation every three years.

Healthcare Industry
The healthcare industry is undergoing rapid change and turmoil.  Not only is the business environment becoming increasingly complicated but there is also an attendant increase in regulatory oversight, particularly in the areas of privacy, fraud and abuse.  The Healthcare Information Portability and Accountability Act (HIPAA), for example, whose security guidelines were released in August 2000, includes a requirement for an ‘emergency mode of operation plan’ which in essence addresses ‘continuity of business operations’.  There presently is a business continuity industry task force, which is presenting insight to HCFA (Healthcare Financing Administration) on the elements of business continuity planning that are applicable in this area.

Increase in Partnerships
The partnership efforts between the public and private sectors have increased greatly, and these partnerships have had tremendous success in mitigating the causes and affects of disasters.

Project Impact
FEMA’s Project Impact initiative for creating and sustaining disaster-resistant communities has been extremely successful in bringing together the citizens, corporate business partners and state and local government entities within these communities. Since its inception in 1997, there are (as of 12/31/2000) 259 Project Impact communities, and the goal for 2001 is to reach 1000.  In addition, governments worldwide, including Argentina, Guatemala and Taiwan are looking at this successful FEMA initiative and view this as a role model for recovery of their own critical infrastructures and for disaster mitigation.

• Corporate organizations have become more involved in the mitigation effort to protect and sustain their own communities through direct involvement with and sponsorship of Project Impact communities.  Since its inception in 1997, almost 2500 corporate partners have embraced Project Impact and more are signing on every day.
• In addition, FEMA has established a Project Impact Star Community award that is given out annually to communities that exemplify the spirit, innovation and commitment necessary to be a successful Project Impact community. 
• There has also been an increase in Memorandums of Understandings (MOUs) recently being signed with FEMA.  Examples include organizations such as The Center for Corporate Citizenship of the U.S. Chamber of Commerce, the Humane Society of the United States (HSUS), the National Aeronautics and Space Administration ( NASA), the U.S. Geological Survey (USGS), NASCAR and Firehouse.com.
• The Center for Corporate Citizenship of the U.S. Chamber of Commerce will work with other organizations to address corporate responsibility issues, and includes the mandate to promote disaster mitigation measures and business disaster response operations. 
• The MOU between FEMA and HSUS will bring critical attention to the needs of household pets and animals of all kinds in both natural and man made disasters.  It will also encourage the ongoing program of pro-active education and mutual awareness of the needs of animals and their owners in times of disasters.
• Through NASA’s science, technology and remote-sensing research, this cooperative agreement will result in updated and more accurate maps of flood plains, as well as a better understanding of wildfires and maps to improve disaster recovery and mitigation by state and local communities throughout the United States.
• The U.S. Geological Survey (USGS) will assist FEMA by providing critical earth science information to better prepare for events that cause natural disasters.
• Firehouse.com will help to spread the disaster prevention message to its audience by including Web content on all hazards and interviews with FEMA experts, as well as encouraging them to participate in helping their local community become disaster resistant.
• NASCAR, "the number one spectator sport in the Nation" as stated by former FEMA Director Witt, along with their sponsors, which include Home Depot, Michael Holigan.com/MH2 Technologies, MBNA and Nestle, will be working to promote this initiative.

Emergency Management Assistance Compact
While states are capable of managing most emergencies, there are times when disasters exceed state and local resources and therefore require outside assistance.  Usually this assistance comes from federal agencies. However, not all disasters are eligible for federal disaster assistance.  The Emergency Management Assistance Compact (EMAC) is a mutual aid agreement and partnership between states.  EMAC allows for a quick response to disasters using the unique resources and expertise possessed by member states.  Since being approved by Congress in 1996 as Public Law 104-321, thirty-four states and one territory have ratified EMAC, and several other states are in the process.  The only requirement for joining is for a state’s legislature to simply ratify the language of the compact.  States are not even required to assist other states unless they are able to do so.

Local Contingency Planning Groups
Within the private sector there has been a tremendous growth in the number and location of independent contingency planning groups throughout North America.  Membership has grown to include individuals from both the public and private sectors.  These groups have grown from excellent networking and educational organizations to provide response training and exercise activities.  Many of these groups participate in their local community preparedness programs. (See page xx for a current listing of contingency planning groups.  Visit www.disaster-resource.com for updates throughout the year.

Emergency Access
The Corporate Emergency Access System (EAS) was originally a pilot program implemented in Buffalo, New York in December 1999 by the State Emergency Management Office (SEMO), along with assistance by a number of people from the Buffalo/Erie County region and throughout New York State, including the Contingency Planning Exchange (CPE) group.  This program, which helps the business community get their most important employees into the city during times of limited access due to severe winter weather,  is paving the way for similar programs throughout the country and has become a permanent element of the City of Buffalo’s emergency response planning.  An example of this is the Boston Emergency Access Program (BEAP) in Massachusetts.

A new program in New York City called The Manhattan Project is being developed with the help of the Contingency Planning Exchange organization.  This project addresses Emergency Access to a portion of the city in the event of a major disaster that impacts a building, area or region. Although it is not complete, the program, if approved, will allow companies to have their critical employees sign up to be pre-credentialed.  This would, depending upon the level of emergency access invoked, allow certain employees with proper photo ID's into their facilities.  The participants include representatives from the City, State and business community.

Programs addressing emergency notifications through the use of faxes to businesses signed up through NEDRIX (New England Disaster Recovery Information Exchange) have long been in place in the State of Massachusetts. Additional programs utilizing e-mail and pager notification to the business community have also begun in New York and Massachusetts through their Mayor’s Office of Emergency Management.

Our industry has become, and continues to be, extremely pro-active in its approach to, and dealings with, disasters.

© Copyright Strohl Systems 2001 – All Rights Reserved. This article may not be reproduced or distributed in any format or media, in total, or in part, without the express written consent of the author.

About the Author
Pat Moore, CBCP (Certified Business Continuity Professional), FBCI (Fellow of the Business Continuity Institute), Contingency Planning & Management’s 1999 Hall of Fame inductee, and winner of the Federal Emergency Management Agency’s (FEMA) "Outstanding National Business Person" award for 1999, is Vice-President, Business Continuity Education for King of Prussia, PA-based Strohl Systems.  Pat is Co-Chair of the International Association of Emergency Managers Public/Private Partnership Committee; a long term member of the National Fire Protection Association Disaster Management Committee and the American Hotel/Motel Fire Safety Board; a member of the Board of Visitors for the Emergency Management Institute (EMI); and was Chairperson of the Disaster Recovery Institute International Education & Standards Council from 1995 – 1998.  Pat has been a leading educator and participant in our industry since 1982 and is acclaimed internationally for her real-world experience and expertise in disaster recovery, business continuity planning, physical property restoration and loss mitigation.  Pat lectures and is published worldwide on these subjects.