Business continuity


In the United States we take water for granted.    We turn the tap, open the valve, punch the button and water flows out to meet whatever the demand is.  Not only do we expect the water to come on demand, but we have high expectations for the quality of the water.   When the water doesn’t meet the stringent requirements demanded by government for public safety, the supplier is faced with a potential mountain of cost that runs the gambit of medical coverage for people getting sick, to clean up and production losses, litigation expense and damage to both the providers brand and the customers it provides.  If the provider is smart, they have build back up systems for the back up systems, developed contingency plans for natural and man made disasters and tested both the systems and plans to make sure that everything works according to plan.  Additionally these plans are periodically reviewed to make sure that there are no new systems, technology and/or threats that should be addressed.

Water providers will also look to see how the risks they face can be minimized or transferred as well.  The newest transfer method is through Water Resiliance Insurance offered by AON.   The program is geared to water utility companies and provides not only traditional contaminants insurance, but also forensic analyses, cleaning and flushing of the water system, transportation costs, employee overtime and for third party financial losses.  The first policy was written in for Anglian Water recently.

It’s good to remember that our usable water was not so protected.  In the 1800′s the  water used for the city was usually drawn from a source up river from the sewage treatment area, or the town itself to provide protection from the sewage that entered the water down river.  Unfortunately down river was another town that practiced the same process.    Unsafe and contaminated water was the norm, not the exception. 

In many areas, clean and safe drinking water is the exception.  Managing Business Risk is joining with other bloggers today through blogactionday.change.org  to promote the United Nations efforts to bring clean, safe water to millions of individuals where it is not currently available.  Please join me in supporting this worthwhile cause and sign the petition.

Change.org|Start Petition

I want to ask you one quick question. What business fears keep you up at night. What thought pops in your mind at 3:30 in the morning the turns a night of peaceful slumber into an hour of tossing and turning, puts your mind to racing at light speed and leaves you bleary eyed when the alarm goes off?

Today, October 13th, is National Face Your Fears Day, and it a perfect time to look at your fears and concerns about what can go wrong with your company.  I advocate taking 15 minutes to brainstorm your fears for the business.  Let your mind go, look at all the areas:   financial, competition, systems, supply chain, legislation, regulation, leadership, market saturation, productivity, economy,  quality, bad publicity, the list can go on and on. 

Follow the rules for brainstorming, don’t self edit, don’t justify putting it onto the list, don’t over-think it, don’t think the idea is just to crazy, or wouldn’t happen, JUST WRITE IT DOWN! 

Once the list is completed take a few minutes and look the list over, flesh out the thoughts that may be one or two words and describe the situation or a scenario or give an example that puts the fear into a context that is understandable.

In naming the fear and providing that concrete example you can begin addressing it.   People love to solve problems and by defining your fear you are defining a problem, something that can be addressed.

Turn this into a team exercise.  Gather your department, friends, peers, and others and host a “brainstorming break” to gather the business or company fears of others.  You will be surprised at the information that comes out, and you might be able to help someone in another department remove a fear because of information you know.

Remember the words of Franklin D. Roosevelt in his first inaugural address  “So, first of all, let me assert my firm belief that the only thing we have to fear is fear itself — nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance.” 

So, take the first step, write down your fears, define them, it is the first steps into identifying risks within your organization.

I would love to hear what fears you have come up with.  Please leave a comment, or send an e-mail to me sharing your thoughts and fears.

Incidentally, tomorrow is Blog Action Day, a day where the blogging community comes together to speak on a specific topic and raises awareness of the issue.  Managing Business Risk is very proud to be part of this community.  Check back tomorrow for our posting and if you are interested in participating in the group of more than 3600 bloggers from 125 countries around the world, click here.

Back in 2007, the 9/11 commission established a number of recommendations for the public and private sector that would help both the government and private businesses be prepared for a disaster.   Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the Act.) directed the Department of Homeland Security (DHS) to develop and implement a voluntary program that would accredit and certificate private businesses have established a program using a set of standard processes that will “enhance nationwide resilience in an all hazards environment”.  This program officially known as “The Voluntary Private Sector Preparedness Accreditation and Certification Program”.  Known as PS-Prep in the business world (which I think is a heck of a lot better than VOPSPAC that sounds more like a drug to reduce upper lip sweat caused by a government initiative), it is similar to the ISO standards many companies embrace to demonstrate to their customers and potential customers an adherence to process and procedure standards designed to maintain and improve quality products and services.

Similar to ISO9000, this program is not mandatory, and does not direct the specific processes and procedures that prepare a business for a disaster.  The program does provide three different standards to be used in establishing the program and measuring the successful implementation for accrediting and certifying the program is in place and in order.  The three standards selected were determined by DHS in June of 2009 after public input to meet the comprehensive needs in the event of a disaster and can be applied to the majority of businesses. 

They are:

  • ASIS International SPC.1-2009 Organizational Resilience: Security Preparedness, and Continuity Management System – Requirements with Guidance for use (2009 Edition). Available at no cost.
  • British Standards Institution 25999 (2007 Edition) – Business Continuity Management.(BS 25999:2006-1 Code of practice for business continuity management and BS 25999: 2007-2 Specification for business continuity management) The British Standards Institution is making both parts available for a reduced fee of $19.99 each.
  • National Fire Protection Association 1600-Standard on Disaster / Emergency Management and Business Continuity Programs, 2007 and 2010 editions. Available at no cost.

Embracing PS-Prep early may be a very good thing for several reasons.

  1. Utilizing the evaluation standards can identify any holes in your business continuity program and help to plug them.
  2. It differentiates you from your competition who are not participating.
  3. The focus on risk management from the board level due to SOX and other factors will be supported.
  4. While not mandatory, it can be a contributing factor in the securing business from government and other businesses during the bid process.
  5. If you do not have a continuity or disaster recovery program, it provides frame work for developing one.

For more information on PS-Prep, visit the FEMA site, or click here.

« Previous PageNext Page »