Written by Kathleen Lucey, FBCI   
Untitled Document
Blackswan

Hunting the Black Swans in Your Continuity Program


This is Vol. II, No. 11 in the DRG ongoing series regarding hunting and mastery of the black swans in your continuity program.

"Black Swans" in your Continuity Program are those events that remain outside the range of normal expectations, and may well produce a significant negative impact when they occur. For reasons of budget, culture, or simple lack of awareness, we just do not see or deal with these potentially devastating exposures in our enterprise continuity capability. This series discusses some of the most common of these "black swans" in business continuity programs, those that are really staring us in the face and screaming for attention.

Already published:

Volume I

Quarry 1: Employee Availability for Response Activities.
Quarry 2: The Level of Individual Employee Commitment to BCM
Quarry 3: Exercising Your Plans
Quarry 4: Exercising Your Plans: Objectives and Annual Programs
Quarry 5: Exercising Your Plans: Business Unit Continuity Plans
Quarry 6: Exercising Your Plans: Technology Recovery Plans
Quarry 7: Exercising Your Plans: Logistics, Communications, and Support Plans
Quarry 8: Lessons Learned
Quarry 9: New Year's Resolutions
Quarry 10: 10 Steps to Building a Black Swan-free Business Continuity Management Program
Quarry 11: New Year's Resolutions
Quarry 12: Developing "Black Swan Sighting" Skills: Warm-up Exercises

Volume II:

Quarry 1: The Centrality of Power: Seeing the Connections
Quarry 2: Power Outages: Isolation Effects
Quarry 3: Power Outages: How Employers Can Get Involved
Quarry 4: Cascading Effects on the Support Fabric
Quarry 5: Deeper Dives to Narrower Terrains: Dive 1
Quarry 6: Deeper Dives in Wider Terrains: Dive 1
Quarry 7: Cascading Black Swan Events
Quarry 8: Cascading Black Swan Events 2: Avian Flu Outbreak
Quarry 9: Black Swans in Our Midst: Debugging Your Response Preparations
Quarry 10: Black Swans in Our Midst: Effective BSE (Black Swan Event) Management in Your Recovery Plans: Part I


Volume II: Quarry 11:
Black Swans in Our Midst: Effective BSE (Black Swan Event) Management in Your Recovery Plans: Part II

Today we continue with Part II of our discussion of incident management teams and the ways that they may need to interface with each other. Last month we discussed the lower left side of the Incident Management Model. Today we will deal more fully with the complex issue of emergency communications.

Much has been written about Business Continuity Plans, both as a single unified plan as well as individual Business Unit and Information Technology applications and infrastructure. There are many different products available to help you to design and write these plans – the ones on the bottom left of the diagram. But what about the other plans that are so essential to management of an event? What about everything else that appears in this diagram? All of these activities are necessary to manage an interruption event well.

Today we will discuss more of the many specific roles of the purple octagon in the center of the diagram, the Business Continuity Coordination (BCC) Function. We introduced this concept in the last article; today we will explore it in much more depth. Later articles will deal with the teams on the upper left (Emergency Response Management) and on the right side of the diagram (Emergency Logistics, Site Repair or Relocate).

Incident-Management-layout

"Business Continuity Coordination" is an absolutely essential function about which we see very little discussed in our extensive business continuity press. Do we expect that our essential communications will flow automatically and efficiently between the right teams during an emergency? Exactly how will this work, especially when some normal communication paths are not working during an incident? Clear delineation of communications tasks and responsibilities among all participants in the management of an interruption incident is absolutely necessary to achieving the desired recovery results within the defined RTOs. And often primary channels for communications are themselves disrupted during an event, as full-time emergency responders well understand.

This function represents a single fulcrum of communications for all participating teams and personnel. It is neither a Business Continuity Plan nor an Information Technology Plan; rather, it represents the specific roles and responsibilities of the Business Continuity Coordination (BCC) function during an event. This function would be bolstered by staff from functions with longer Recovery Time Objectives (RTOs), such as Internal Audit, Training, Recruiting….just to list a few examples of staff members who could be trained to perform this function and deployed to the BCC Team for the duration of the event. The most important aspect of this function is that it is NOT OPTIONAL; it is essential to achieving day-to-day, minute-by-minute control and progression of recovery activities.

The entire purpose of the BCC function is communications: information regarding necessary support resources (housing, transportation, staffing, information), as well as status of recovery activities flows upward to the Interruption Response Management teams and/or specific Emergency Logistics teams on the upper right of the diagram, and downward from these teams back through the Recovery Coordination Teams and the ultimately the individual business unit and IT recovery teams. We discussed a few of the kinds of information that might be passed by the Coordination Teams to the BCC Team. Look at this diagram closely and try to imagine just what kinds of information may need to flow upward, downward, and across this diagram to/from the various teams you see listed there. We talked about just a few of these last month. ALL of these will flow through the BCC function.

The Automated Notification System used by the organization will be operated during an interruption event by members of the BCC Team. The initial inquiries about staff member safety and availability to participate in recovery activities will be pre-programmed and released by the BCC Team when so directed by the appropriate Interruption Response Management Team. In addition to the detailed information flow to/from the Coordination Teams that we discussed last time, we will also have information to/from these and all other teams regarding their activity. Even the activation/notification go-ahead by an Interruption Response Team of to activate an alternate site, whether internal or external, will flow through this Team.

All activity starts, issues, and completions will be recorded here to be discussed at the various meetings held to discuss issues and challenges during the course of the interruption event and at its close. All Team Leaders will get the go-ahead to activate and then deploy their teams from their respective coordination teams, who in turn receive it from the BCC Team. In large organizations, there may be a specific group within the BCC team that deals with various kinds of notifications, or certain types of these internal notifications may be performed by individual team leaders. The BCC Team will then check the notification system audit trails to monitor the results. But only the Media Relations Team, working with the BCC Team, will develop the content of messages intended for the press and other stakeholders outside of the organization.

Except in very large organizations, use of the Automated Notification System will be limited to the BCC Team members; its results will be summarized at the ongoing briefings with various working groups that occur at regular intervals throughout an emergency event. You may also want to insert a coordination team function for those teams in the upper right quadrant (Emergency Logistics) if you have a very large or complex operation. Flowing through this Logistics Coordination function would be information from the various teams that make up this logistics capability.

Specific information that may be forwarded by the coordination teams directly to the BCC Function might include the following:

  • Names of those who have responded to plan activation messages (stand by, activate, stand down) to the various teams.
  • Current functioning team leaders and their best contact information.
  • Arrival of team members at the recovery site or logging in from home.
  • Housing needs for staff at the recovery site(s).
  • Cash/credit card/direct payment needs for hotels and food for recovery staff.
  • Familial support requirements such as medical services, water, babysitters, home security, etc.
  • Injured team members' status.
  • Initiation of recovery activities; periodic status reports, including successful task completion, as well as issues and problems.
  • Successful application of fixes for system problems.
  • Release of re-created IT systems for application validation; release of validated systems for general use.
  • Availability of critical communication systems such as email and telephone.
  • Critical skill sets missing because of the inability to locate key staff members; and therefore requests for repeated periodic notification messages to all listed contact points, as well as direct vendor support staff.

You may wish to have electronic or physical forms attached within the recovery plan that can be used as reminders for information to be collected prior, during, and after the event by each of the business continuity/IT recovery/Emergency Logistics teams. Such forms could be transmitted directly to the BCC function either electronically or via fax or through whatever communication method is available during the event. Checking a box or filling in requested information on a form will certainly facilitate the collection of this information during the high-stress early hours of an interruption.

Should you be verifying the adequacy of your communications planning via exercises? Yes, of course! This is the most critical function during the early hours of an interruption event, and the one most responsible for delays early in the process. Also such testing allows those who will be deployed from other units such as Internal Audit, Training, and Recruiting to learn their roles in advance by rehearsing them.

It is difficult to believe that such a critical and complex function as communications during an interruption event would not be fully documented and regularly exercised in EVERY business continuity program. And yet it is rare to find a communications capability that is well-rehearsed and fully elaborated outside of the military and certain government and very large private sector entities. And it is inconceivable that it would not be exercised, both to debug processes and train participants. Yes, communications is always a complex area, especially during interruption events. There are many well-hidden black swans here that can be flushed out and eliminated through design of an effective emergency communications team, design and implementation of a formal communications plan, and regular exercising of such a plan.

Yes, designing, documenting, and exercising a communications plan is not easy, and in fact it can be quite difficult. But is it not the only aspect of your continuity capability that you can be sure you will need – no matter what specific type of interruption occurs? Do you really want to be making up your communications plan on the fly? As a well-honed emergency communications capability is always one of the most challenging logistical tasks associated with any event, a well-rehearsed and effective communications capability is worthy of your time, intellectual energy, and funds.

And yet it is frequently omitted entirely from the recovery organization. Simply because it is difficult to develop is an insufficient excuse for not developing, exercising, and deploying a well-rehearsed and debugged communications function in your business continuity arsenal. There is really no excuse for not doing this – and yet we see few effective and well-rehearsed communications plans. Why is this? Because such a plan is difficult to design, document, and ultimately to rehearse? Don't let your organization be among those who chose not to develop this critical tool simply because it may be both difficult to design and challenging to exercise. It is the one item that you will need to work smoothly no matter what happens. JUST DO IT.

 

About the Author:
Kathleen Lucey, FBCI, is President of Montague Risk Management, a business continuity consulting firm founded in 1996. She is a member of the BCI Global Membership Council, past member of the Board of the BCI, and the founding President of the BCI USA Chapter. IBM chose her as the first winner of its Business Continuity Practitioner of the Year Award in 1998. She speaks and publishes widely in both North America and Europe. Kathleen may be reached via email at kathleenalucey@gmail.com