“…Or High Water”: A Business Continuity Case Study

Water PipeThe Importance of Business Continuity and Leveraging Resource Loss Based Planning

SITUATION
On Sunday, January 8, 2017, the temperature in Cleveland, OH dropped significantly, which caused a water pipe to burst in the hallway of our building, right outside the entry to our Cleveland office.

No one was in the building at the time, and the water poured out for about 45 minutes before it was shut off. The water pooled primarily in our office space resulting in damage to floors, walls, and some equipment. When all was said and done, the total amount of water removed from our office space alone, was approximately 15,000 gallons. The rest of the water literally went down the elevator and main stairway – flooding three of the floors below. Continue reading

Leading Response and Recovery Teams (Part 3)

LeadershipThis perspective is the third in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruptive event.  These two foundational team leader behaviors will help response and recovery team leaders elicit the best possible performance of the team (as well as themselves).

In Part 1 and Part 2 of this series, we addressed the role of the team leader, which is to create a team vision and purpose, as well as the team leader’s responsibility to manage the chaos associated with a disruptive event.  In this perspective, Part 3, we review the team leader’s role in ensuring the team remains adaptable in a changing environment and how the team leader can work to pull these key factors together. Continue reading

Leading Response and Recovery Teams (Part 2)

LeadershipTeam leaders play a critical role in improving business continuity for their organizations but seldom receive the appropriate training to help them understand the differences between day-to-day leadership and crisis leadership following the onset of a disruptive incident.

This perspective is the second in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruption.  These two foundational team leader behaviors will help elicit the best possible performance of the team (as well as themselves). Continue reading

Chaos in Cleveland?

ClevelandSETTING THE STAGE

This morning was a non-eventful morning.  I was sitting in my office, sipping on my coffee, and working on my monthly reports. Then, the manager of our office building entered our lobby.

The Michael Brelo case is nearing an end. Closing arguments have been heard and a verdict is expected shortly. The question is, when?

Our building manager was concerned, and rightfully so.

Our office is located directly across the street from the justice center where the case is taking place. Just a couple weeks ago, we sat witness to the riots and devastation in Baltimore, and, from our ongoing monitoring of the situation and media this week, our team is aware that the City of Cleveland is actively bracing for the possible impact and chaos that could result when the verdict is announced. Continue reading

Leading Response and Recovery Teams (Part 1)

In our experience, one of the most difficult roles to fulfill in any business continuity program is the team leader responsible for a cross-functional response and recovery team (often called a crisis management team, a department business recovery team, or an IT disaster recovery team).  This is because the team leader faces three significant challenges:

  1. These teams are cross-functional, which means every person brings their expertise, as well as their opinions and personal agendas for response and recovery; Continue reading

Business Continuity Plans 101

In previous articles, Avalution has espoused the value of using a management systems approach to business continuity and articulated the notion that business continuity is more than just a collection of plan documentation. This approach is reflected in many different standards, including ISO 22301.

Even though business continuity plans represent just one component of a larger business continuity planning effort, they are what guide the organization through all phases of response and recovery following the onset of a disruptive incident – from the initial response and assessment to the eventual return to normal operations. Effective planning is meant to ensure that response and recovery efforts align to the expectations of all interested parties and provide a repeatable approach to minimize downtime.

This perspective explores the different types of business continuity plans that Avalution finds to be the most effective for organizations and examines their purpose within a wider business continuity strategy. Continue reading

Integrating Cyber Security and Business Continuity

The last several years have continued to see an increase in the sophistication and volume of cyber threats, with a 42% increase in targeted attacks in 2012 (as reported by Symantec, in its 2013 Internet Security Threat Report).  The range and types of threats vary greatly as well; in June 2013, InfoSecurity magazine listed the top five specific IT cyber security threats as: data breach, malware, DDoS, mobile threats, and industrialization of fraud – each of which requires a different preventive and response approach.  An Ipsos survey for Lloyds Risk Index 2013 indicated that cyber risk is the third biggest concern for CEOs when assessing organizational threats, jumping nine spots from the previous year’s ranking of 12th.

In most organizations, monitoring and response has continued to develop and mature within IT to proactively address vulnerabilities.  That said, there may be opportunities to better integrate IT’s response to such illicit activity with the organization’s business continuity program and structure, so that if an event does occur, the organization ensures a timely and coordinated response.  After all, cyber security incidents can have business continuity implications and impacts that extend far beyond IT. Continue reading

How to Establish an Early Warning System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.

Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading

Multi-Site Disaster Response and Coordination Best Practices

Most organizations that have experienced a crisis would likely agree that advance planning is critical to enabling an effective response. When a disaster impacts several sites simultaneously, it makes coordination even more chaotic, so the importance of a defined structure increases. Organizations with multiple facilities or sites, especially those within “at-risk” regions, should take proactive steps to prepare their organization for events that require a widespread and coordinated response. Specifically, these preparedness steps include enabling coordination, communication, and adherence to organizational policies in advance of a disaster to ensure all sites implement appropriate response procedures. This article summarizes best practices that help enable sites to work together and execute common, approved response strategies to minimize impact and reduce confusion. Continue reading

Crisis Communications: An Organizational Balancing Act

For an organization experiencing a crisis, the ever-persistent nature of our 24/7 global society means that impacts extend well beyond the location of the crisis. Organizations that successfully manage and respond to disruptive events do so because they are able to balance the operational activities associated with the disruptive event while concurrently managing the expectations of stakeholders and the general public. Organizations are able to accomplish the task of managing stakeholder and public expectations through effective, accurate, and timely communications. Continue reading