Business Continuity Management (BCM) is vital in preparing and protecting business operations from disruptions caused by threats stemming from cyber-attack and natural disasters, as well as resource unavailability such as building loss, technology loss, staff absenteeism, and supply chain failure. A robust business continuity programme manages the likelihood and impact stemming from disruptive incidents through proactive response and recovery planning, with the objective of reducing operational downtime.
As a consultant and former BCM practitioner, I am regularly asked by senior executives, “What are the most essential aspects to focus on when launching a successful BCM Programme?” This article discusses 9 key steps to follow for success. Continue reading
Published on September 16, 2016 by the Centers for Medicare and Medicaid (CMS), the “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers” Final Rule (81 FR 63860), commonly referred to as the CMS Emergency Preparedness Final Rule, sets requirements for health care providers and suppliers that participate in Medicare and Medicaid to develop enhanced emergency response programs.
The ruling is comprised of four best practice standards: Risk Assessment and Emergency Planning, Policies and Procedures, Communications Planning, and Training and Testing. As as a prerequisite for participation in Medicare and Medicaid, all participant facilities (providers and suppliers) are expected to be in compliance with these requirements by November 15, 2017.
Avalution has studied these new regulations to create services that tightly align with the requirements and help organizations become compliant and increase preparedness. If you’re looking for assistance with achieving compliance, please contact us.
In the meantime, let’s take a closer look at the background and ruling provisions. Continue reading
The Importance of Business Continuity and Leveraging Resource Loss Based Planning
On Sunday, January 8, 2017, the temperature in Cleveland, OH dropped significantly, which caused a water pipe to burst in the hallway of our building, right outside the entry to our Cleveland office.
No one was in the building at the time, and the water poured out for about 45 minutes before it was shut off. The water pooled primarily in our office space resulting in damage to floors, walls, and some equipment. When all was said and done, the total amount of water removed from our office space alone, was approximately 15,000 gallons. The rest of the water literally went down the elevator and main stairway – flooding three of the floors below. Continue reading
This perspective is the third in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruptive event. These two foundational team leader behaviors will help response and recovery team leaders elicit the best possible performance of the team (as well as themselves).
In Part 1 and Part 2 of this series, we addressed the role of the team leader, which is to create a team vision and purpose, as well as the team leader’s responsibility to manage the chaos associated with a disruptive event. In this perspective, Part 3, we review the team leader’s role in ensuring the team remains adaptable in a changing environment and how the team leader can work to pull these key factors together. Continue reading
Team leaders play a critical role in improving business continuity for their organizations but seldom receive the appropriate training to help them understand the differences between day-to-day leadership and crisis leadership following the onset of a disruptive incident.
This perspective is the second in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruption. These two foundational team leader behaviors will help elicit the best possible performance of the team (as well as themselves). Continue reading
SETTING THE STAGE
This morning was a non-eventful morning. I was sitting in my office, sipping on my coffee, and working on my monthly reports. Then, the manager of our office building entered our lobby.
The Michael Brelo case is nearing an end. Closing arguments have been heard and a verdict is expected shortly. The question is, when?
Our building manager was concerned, and rightfully so.
Our office is located directly across the street from the justice center where the case is taking place. Just a couple weeks ago, we sat witness to the riots and devastation in Baltimore, and, from our ongoing monitoring of the situation and media this week, our team is aware that the City of Cleveland is actively bracing for the possible impact and chaos that could result when the verdict is announced. Continue reading
In our experience, one of the most difficult roles to fulfill in any business continuity program is the team leader responsible for a cross-functional response and recovery team (often called a crisis management team, a department business recovery team, or an IT disaster recovery team). This is because the team leader faces three significant challenges:
- These teams are cross-functional, which means every person brings their expertise, as well as their opinions and personal agendas for response and recovery; Continue reading
In previous articles, Avalution has espoused the value of using a management systems approach to business continuity and articulated the notion that business continuity is more than just a collection of plan documentation. This approach is reflected in many different standards, including ISO 22301.
Even though business continuity plans represent just one component of a larger business continuity planning effort, they are what guide the organization through all phases of response and recovery following the onset of a disruptive incident – from the initial response and assessment to the eventual return to normal operations. Effective planning is meant to ensure that response and recovery efforts align to the expectations of all interested parties and provide a repeatable approach to minimize downtime.
This perspective explores the different types of business continuity plans that Avalution finds to be the most effective for organizations and examines their purpose within a wider business continuity strategy. Continue reading
The last several years have continued to see an increase in the sophistication and volume of cyber threats, with a 42% increase in targeted attacks in 2012 (as reported by Symantec, in its 2013 Internet Security Threat Report). The range and types of threats vary greatly as well; in June 2013, InfoSecurity magazine listed the top five specific IT cyber security threats as: data breach, malware, DDoS, mobile threats, and industrialization of fraud – each of which requires a different preventive and response approach. An Ipsos survey for Lloyds Risk Index 2013 indicated that cyber risk is the third biggest concern for CEOs when assessing organizational threats, jumping nine spots from the previous year’s ranking of 12th.
In most organizations, monitoring and response has continued to develop and mature within IT to proactively address vulnerabilities. That said, there may be opportunities to better integrate IT’s response to such illicit activity with the organization’s business continuity program and structure, so that if an event does occur, the organization ensures a timely and coordinated response. After all, cyber security incidents can have business continuity implications and impacts that extend far beyond IT. Continue reading
Part of Avalution’s Conforming to ISO 22301 Series
This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.
Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading