Resilience

Sharing more from Jason Gotch and RiskLogic on resilience entitled “Two sides of the coin!:

“The resilience industry is booming!

Recent publications by the British Standards Institute, The Economist Business Unit, PwC and Control Risks, highlight the fact that while there is still some way to go in terms of implementation, resilience is being identified and accepted as an essential component of an organisations success. Make no mistake, while early days, this is a comprehensive win and should be considered an important first step in the long journey that will follow.

Another commonality shared in these publications is the growing recognition that resilience is finally being accepted as a “holistic” and “aspirational” approach and while it is agreed that it is comprised of various disciplines, it is essentially operating in two halves, “strategic” and “operational”. At a strategic level, there is a need to be able to convey the message that executives and senior department heads need, to not only understand resilience, they need to support it. Operationally, the demands are obvious, the various elements of security, crisis, emergency, continuity, etc. working in synergy to identify, protect and maintain a level of protection against disruption.

There seems little doubt that this two fold approach will present some issues going forward. Given the wide variance in current practitioner’s skillsets, who, generally speaking, could be considered “specialist”, often operating within only one area of resilience. While the debate as to who will ultimately own resilience within organisations is set to continue, the early signs are that it will more than likely remain within the operational environment. Of course, the strategic communication piece will be essential to offer greater levels of support to practitioners, in both the short and long term and ultimately will be the true test of any resilience programme.

Recognition, growth and reward are all attractive benefits of the emerging resilience industry, however while all should be included in this success, it will be important to determine who will operate at each level. Abandonment over advancement, will not serve our industry well, it will take a determined and clinical approach to identify the ‘who’s who” of the resilience world. Like any other industry it should not be assumed that participation leads to leadership, we should look to those who can see both sides of the coin, focus on one or the other or in rare cases, perform both!”

Source: http://www.linkedin.com/pulse/two-sides-coin-jason-gotch-msyl?trk=prof-post

Posted in B4Crisis | Leave a comment

BCI position statement on organizational resilience

Sharing the Business Continuity Institute (BCI) position statement on organizational resilience with key points summarised by Tim Janes FBCI and BCI Board Member:

“In recent years, there has been a significant amount of attention given to the concept of organizational resilience across the business continuity industry. Much of the debate has focused on the principles and practice of organizational resilience, and how this relates to the established business continuity management discipline.

The aim of this position statement, which has been produced and ratified by the Board of the Business Continuity Institute, is to add clarity regarding the position of business continuity in the context of organizational resilience. It also provides the BCI’s perspective on how the development of resilience concepts may impact on the practice of business continuity.

The BCI believes that this position statement will contribute to our stated purpose to ‘promote a more resilient world’. We also hope that it helps to move forward the future development of organizational resilience concepts, beyond definitional debates, towards a collaborative understanding between participants across many management disciplines.

Key Points

•Business continuity is not the same as organizational resilience.
•The effective enhancement of organizational resilience will require a collaborative effort between many management disciplines.
•No single management discipline or member association can credibly claim ‘ownership’ of organizational resilience, and organizational resilience cannot be described as a subset of another management discipline or standard.
•Business continuity principles and practices are an essential contribution for an organization seeking to develop and enhance effective resilience capabilities.
•The wide range of activities required to develop and enhance organizational resilience capabilities provide an opportunity for business continuity practitioners to broaden their skills and knowledge, building on the foundation of their business continuity experience and credentials.
•The BCI, working with related partners and industry groups where appropriate, will develop relevant knowledge resources and training to support members who wish to advance their organizational resilience knowledge and skills.

Organizational Resilience

In recent years, the concept of organizational resilience has attracted a significant amount of attention across the business continuity industry. Debate has focused on the principles and practice of organizational resilience, and how it relates to the established business continuity discipline. On occasion, the term ‘organizational resilience’ has been taken to mean the same as ‘business continuity’.

This paper does not intend to add further to the debate in terms of the formal definition of organizational resilience. Rather the aim is to clarify the position of business continuity in the context of organizational resilience and how it impacts on business continuity practitioners. While there is still much debate on the definition of organization resilience, for the sake of simplicity, this paper takes the definition contained in the draft ISO 22316.

Organizational Resilience is the:
‘adaptive capacity of an organization in a complex and changing environment’
ISO 22316. Societal Security – Guidelines for organizational resilience

It is clear from this statement that organizational resilience is characterised as a broad concept. It is also widely accepted that organizational resilience draws on the experience and efforts of a large number of interrelated management disciplines. Business continuity is just one of the management disciplines that contribute to an organization’s resilience capabilities. The list of contributory disciplines is extensive; just a few examples include emergency management, crisis management, ICT service continuity, occupational health and safety, environment protection, physical security, supply chain management, information security management and various forms of risk management (e.g. credit, market, enterprise).

For this reason, no one management discipline or member association can credibly claim ‘ownership’ of organizational resilience concepts and principles. Furthermore, organizational resilience cannot be properly described as a subset of another management discipline or standard.

Clearly, business continuity and organizational resilience are not the same thing. However, it is apparent that business continuity provides principles and practices that are an essential contributor for any organization seeking to develop and enhance its resilience capabilities.

For example, business continuity practices explain how organizations can identify their priority activities and the risks of disruption to those activities. Established business continuity standards help organizations to understand what is required to ensure priority activities can continue in the face of disruption, and to rehearse the capability to respond to disruption through practical exercises.

Therefore, business continuity practitioners possess many, but not all, of the knowledge and skills that are necessary to help organizations to develop and enhance resilience capabilities.

As noted previously, a wide range of business activities and management disciplines contribute towards enhanced organizational resilience. It is unlikely that a single person in any organization will possess the necessary knowledge and skills to implement and deliver all resilience objectives. The development and enhancement of organizational resilience capabilities will require a collaborative effort between participants across many management disciplines.

This presents an opportunity for BCI members. Business continuity practitioners who wish to become resilience professionals can build on their proven competencies, broaden their knowledge and develop new skills in areas that contribute further to an organization’s resilience activities.

It is the BCI’s stated purpose to ‘promote a more resilient world’. The BCI recognises that this objective is supported when business continuity practitioners have access to a broad range of resilience-focused information and training. The BCI will support its members who seek to develop their organizational resilience knowledge and skills by providing access to relevant resources. This may be either directly through the BCI, training partners or working in collaboration with related industry associates and professional members groups.

If you have any questions regarding the BCI’s statement on organizational resilience, please email the BCI’s Head of Learning and Development, Deborah Higgins MBCI.”

Source: http://www.thebci.org/index.php/about/news-room#/news/the-business-continuity-institute-s-position-statement-on-organizational-resilience-150976

Posted in B4Crisis | Leave a comment

Digital business trends

The summer holiday has been completed. Now its back to work and sharing insights in business continuity, resilience and more.

Sydney-based Business Strategist, Michael Harrison wrote in MyBusiness (1 February 2016) on the biggest digital trends in 2016. The following is a highlight package for you to consider in your business preparedness for these challenges and opportunities:

Forward-looking business owners and managers should be looking at possible trends that will be the “next big deal” in 2016 to construct a strategy in order to implement them into their business.

Search engines will get smarter

It’s hard to believe that search engines were first introduced by Yahoo in 1994 – pre-Google. Google, of course, has changed the way we use search engines and the company continues to innovate.

Eighty per cent of us use Google every day.

Reaching new clients

You know how you reach prospects now? You won’t be doing that in the future. Forget unfocused marketing. It’s a roll of the dice. Oh, indeed, statistical analysis of TV ratings and website performance is a highly refined science, but the next big deal is likely to change the way your company engages its market.

Mobile hardware will continue to evolve delivering more images, video conferencing, and other dense content that chews through bandwidth. Bandwidth is expanding as demand increases.

Business growth will evolve with the technology.

Cyber security

Cyber-security will have to keep pace with the black hats. It has to.

Each time we hear that a major retailer or government agency has a security breach, new security measures are deployed in a constant battle between malicious hackers and those who think like malicious hackers.


3D printing

3D printing will grow exponentially. [NOTE: One of my teeth was recently fixed using 3D printing.]

Artificial Intelligence

AI (Artificial Intelligence) just keeps getting smarter. You see it in use every time you conduct a Google search. Google Suggest – the drop down box showing what Google thinks you want – is primitive. Machines will get smarter. So will Google Suggest.

Automation

Smart automation and robotics will continue to become more sophisticated, capable of performing with increased precision in industry, medicine, CAD, and other disciplines.

As Michael concludes: “Planning for the next 12 months isn’t a roll of the dice. It’s predictable based on long-term trends. Guaranteed, the Internet will be here in 2016 and experience jaw-dropping growth and innovative utility. How do I know? It’s been happening for decades.”

Source: http://www.mybusiness.com.au/experts/the-biggest-digital-trends-to-watch-in-2016?utm_source=MBUS&utm_campaign=MyBus02_02_2016&utm_medium=email

Posted in B4Crisis | Leave a comment

Bushfire resilience

Sharing Bushfire resilience: preparing yourself and your property by Bianca Nogrady posted 17 Dec 2015 and includes her top 10 tips.

When we think of resilience, we tend to think of our ability to adapt to stressful situations and survive them. In ecological terms, resilience represents something similar; the ability of an ecosystem to resist damage and recover quickly from it.

When it comes to a bushfire, resilience is even more complex because it encompasses not just structures, but also individuals, communities and the environment in which they all exist.

We are only as resilient as the weakest link in that chain; a house built to the most stringent bushfire standards but with flammable shrubbery and trees growing right next to it is as vulnerable as an older, less bushfire-proof house that has a large cleared area around it. Similarly, a well-prepared house is effectively useless if the person living in it does not have a carefully thought-through plan for what to do when a bushfire threatens.

“The number of times we’ve done post-bushfire surveys, reviewing the circumstances around someone’s death, and you see a house that had a lot of things going for it, they had gone and done x, y and z, but in the end they just went into the bathroom and died in a house fire,” says CSIRO fire expert Justin Leonard.

“All that extra work and features weren’t helpful in the end because it wasn’t a complete package.”

The idea of bushfire resilience has changed, particularly with recent catastrophic fire events such as Victoria’s Black Saturday tragedies. We used to think that any bushfire was survivable as long as we were well prepared and equipped to defend our homes. Black Saturday brutally demonstrated that bushfire severity is an open-ended scale, and just when we think we’ve got the hang of it, nature pulls the rug out from under us.

“People shifted their philosophy to ‘there’s probably a threshold for which my circumstances are reasonably safe but above which they’re not’,” Leonard says.

Instead of the assumption that one can reasonably expect to defend one’s castle in a bushfire event, people living in bushfire-prone areas are now accepting that loss of property is not only possible but infinitely preferable to loss of life.

Preparing your property

So how do we prepare and defend against bushfires? Bushfire resilience means not only does a house need to be designed according to its ‘bushfire attack level’, or BAL, rating, but the landscape around that house needs to also be carefully maintained to lower bushfire risk.

The people living in those houses need to understand the particular bushfire characteristics of their environment and their house and armed with that information, know how to maintain their house and behave appropriately when a bushfire comes through.

While there are housing standards tailored to the higher BAL (Bushfire Attack Level) ratings – which influence things such as window design and protection, roof construction and building materials – most Australians are living in houses that were built in earlier, less bushfire-conscious times.

In this case, where the building itself can’t easily be adapted, it’s about understanding the local landscape and how it might respond to a bushfire event.

It’s like examining the layers of an onion, Leonard says, starting with the outermost layer – the local setting in which a property is located. For example, is it a mountainous, bushy region like the Blue Mountains, or flat plains that have been largely cleared of vegetation?

“That starts to quantify what the fire might look and feel like when it ends up at the back fence, but also what’s going to come with the fire, like do I have to worry about fire-induced winds that might damage the house before the fire even turns up,” Leonard says.

The next layer of the bushfire ‘onion’ is conditions 100-200 metres from the property’s boundaries; is there dense bush right up to the fenceline, or has it been tramped down and thinned because people collect firewood? Is there a steep slope?

Coming closer to the house, is there a cleared area between the boundary and the house, or trees with grass underneath?

“In many cases it might be a real benefit to have some type of windbreak between you and the unmanaged forest, or some type of radiation barrier between you and what can carry a bushfire,” Leonard says.

Then we come to the house’s immediate surroundings; is there shrubbery right up against the house, are there tanbark gardens, are there flammable items like caravans or boats near the house, are there trees overhanging the house that might drop leaves or even a limb on the house?

Answering these questions and adapting the house accordingly can make a huge difference to the severity and impact of a bushfire once it reaches a house.

“The onion approach helps build the context up and then when you start looking at the house in that context that you can see the weak links, and it’s only when you address all those weak links that the risk is appropriately addressed,” Leonard says.

Preparing yourself

But the other half of the equation is our own bushfire plan; planning how we will act when a bushfire sweeps through. Simply deciding to leave before the main front arrives is not a detailed enough plan, Leonard says. You also need to think about at what point it is no longer safe to make this journey, and how the bushfire will impact your house, and how best you can work with the house to survive.

“Then you say, what are all the ways that bushfire arrival could ignite or damage my house and if that occurred, how would the house respond to those processes?” he says.

For example, retreating to the bathroom may not help you if the house is burning down around you. A more viable plan might be to retreat to an exit with the best prospects of reaching a cleared area on your property and then as the house reaches its final stage of being tenable inside you leave the house before it overcomes you. Hopefully by that time the fire has passed and you’re leaving on to burnt ground.

“What are the best and worst range of outcomes that can play out and how many back-up plans do you have?” Leonard asks.

“When you stand back and look at that whole picture, the knowledge that’s in the head of the person — being able to make the best decisions at every point in time as something unfolds — is more important than all the things they’ve done about improving their prospects.”

Top tips for bushfire resilience

1. How well you plan to behave in a bushfire is even more important than how well you prepare your house for a bushfire.
2. Think of yourself and your house as being at the centre of an onion; each layer around you needs to be bushfire-ready.
3. Look at the area in which you live and work out how this will affect the potential severity of a bushfire; are you at the top of a steep slope? Is it densely forested?
4. Have a clearly defendable space around your house; avoid shrubbery around the edges of the house, trees overhanging the house remembering that retaining certain trees on your block can act as an effective wind and radiant heat break.
5. Have a detailed plan about when to leave, but have an equally detailed plan about how you will cope if you can’t leave; how will you actively shelter in your house, how will you get out if you house burns down, and where will you escape to?
6. Bushfire severity is an open-ended scale; while we can’t say how bad it can get, we can decide the point at which it’s no longer safe to stay. This threshold should be uniquely considered for each location and personal circumstance.
7. Always have back-up plans, because the original plan may not be possible; if the wooden deck outside your front door is burning, can you go out the back door?
8. There is no guarantee that fire fighters will be able to get to you or your property, so you have to work on the assumption that they can’t.
9. If you’re in a bushfire-prone area, resilience is a constant process. Never sit back and think you’re totally safe; always look for the things you can do to reduce your risk, these steps are often synergistic with improved lifestyle, like installing a (bushfire resistant) water tank.
10. Houses and things can be replaced. People can’t.

Source: https://blogs.csiro.au/ecos/bushfire-resilience-preparing-yourself-and-your-property/

Posted in B4Crisis | Leave a comment

Supply chains and business continuity management

Sharing more on supply chains and business continuity management from Ken Simpson. I use supply chain mapping for some clients to identify dependencies, parts of their business processes that could fail, if another business fails them and my client’s business depends on their goods and services to provide its critical products and services.

This is one of Ken’s Beyond the Black Stump blogs, BBS017 – Soundbites and the Supply Chain of future practice includes a podcast with an edited version reprinted below:

Supply chain is a major area of focus this month.

With Beyond the Black Stump I also originally promoted a sub-title – a podcast about learning, leadership and the limitations we impose on our own thinking! Thought leadership as a social activity, driven by conversations.

These conversation, the ideas and the thinking are a critical component of the supply chain of the future of the discipline and the future of practice. Without new ideas and the product we deliver will stagnate, and without critical thinking and continuous improvement we run the risk that demand for the product will dry up.

Links to the earlier shows with Dr John Bircham; Phil Wood; David Lindstedt and Mark Armour; David Porter; Nat Forbes and Luke Bird are also available.

What you will hear in this episode is people who are thinking “outside the discipline” – not just applying the legacy practices or frameworks of risk or BC.

We are part of the profession of management, just a subset of it. Do you talk about the Doctor Profession, or the Medical Profession?

I hope you have found some ideas to put into your planning pipeline for 2016 in this. Will you be planning to address the same old risks and threats next year?

Even if you approach your practice in a new way, if it still only addresses the same threats then the Leadership of your business may not notice.

Supply Chain risk and Cyber threat are not new threats – they are old threats that many in BC are just coming to appreciate.

Coming up in the next blog/podcast, I will be talking about Supply Chain resilience with Jan Husdal. Take a look at his blog www.husdal.com – it is a veritable treasure trove of literature reviews and thinking on the subject.

Source: http://blackstump.fm/2015/12/bbs017-soundbites-and-the-supply-chain-of-future-practice/

Posted in B4Crisis | Leave a comment

Cybersecurity, a concern for business continuity

After returning from a sabbatical in Europe, I am sharing Rod Crowder, Opscentre 8 December 2015 blog on Four Fatal Flaws in IT Security Flagged at Black Hat Europe 2015. Source http://www.opscentre.com.au/blog/four-fatal-flaws-in-it-security-flagged-at-black-hat-europe-2015/#more-1674

IT security flaws are now myriad, but these four stuck out like sore thumbs at the recent Black Hat Europe 2015 conference on security. Their distinguishing feature for the most part was the massive scale on which hacking could be perpetrated, either because of the number or the size of the systems affected.

1.The first flaw comes in two different technical flavours, but concerns the same issue: PC disk encryption. Laptops with self-encrypting disks (SEDs) that go into sleep mode, instead of hibernation or full shutdown, leave their SED unlocked and vulnerable to a hacker triggering a software-level system restart. Windows BitLocker, Microsoft’s program to encrypt hard drives, could leave machines at risk to somebody with physical access. Data theft or compromise could happen on unattended office desktops or laptops in coffee shops.

2.Next is the problem of the self-driving car (like the one Google has been promoting). These vehicles use Internet connectivity and components that hackers can tamper with at a distance, causing the vehicles to fail to detect obstacles. That said, other more conventional vehicles such as the Jeep Cherokee have also been proven to offer hackers the possibility to take control of a vehicle’s steering and braking remotely.

3.Enterprise resource planning systems could be one of the next mega-targets for cybercriminals. Systems from SAP in particular apparently offer hackers the possibility to change oil stock figures to artificially change the market price of oil or trigger malfunctions in oil refineries. Given that SAP claims about 78% of all oil production depends on its software, a problem could easily take on global proportions.

4.Banking software from Temenos was also on the list of flawed products, although the security expert claiming to have found the defects also decided to withhold details for the moment. Like the HSBC problems uncovered by auditors a while ago, the flaws are said to be so serious that identifying them publicly could lead to immediate risk of attack.

Now you know which IT systems to fix in your own organisation. And the self-driving car? Try a bicycle – un-hackable, less polluting, and keeps you fitter!

Posted in B4Crisis | Leave a comment

Do you know your risks?

Sharing Andrew Gissing’s post on knowing your risks and how Risk Frontiers, Macquarie University can assist your business: “Business disruption is a key risk to organisations. Whether by bushfires, cyclones, storms, floods or earthquakes, disruption can cause serious damage to your company’s assets, client services and reputation.

Ultimately, the success or failure of your business relies on its management of risk. To avoid serious disruption caused by disasters, organisations must assess risks and develop risk management plans.

Australia is exposed to a wide variety of natural disasters. Risk Frontiers has developed disaster risk models which provide information about historical events, possible future impact locations and their likely severity and frequency.

Risk Frontiers provides tools to businesses so they can manage their exposure to disasters. These tools identify disaster risks based upon the location of individual assets, enabling the detailed assessment of risk across an asset portfolio.

Risk Frontiers has an unmatched capability to model a diverse range of these in Australia including:
•Bushfire,
•Earthquake,
•Tropical Cyclone,
•Riverine Flooding, and
•Hail Storms.

In addition to information for Australia we do offer capabilities to assess risks in other parts of the Asia Pacific region.

If you would like to learn more about the disaster risks your business faces contact Andrew Gissing at andrew.gissing@mq.edu.au.”

Source http://www.linkedin.com/pulse/do-you-know-your-risks-andrew-gissing?trk=prof-post

Posted in B4Crisis, Business Continuity, Disaster Recovery, Resilience | Leave a comment

Business Impact Analysis in the Philippines

Last week, I was explaining to a client how a Business Impact Analysis (BIA) is the foundation to Business Continuity Management (BCM). Without a good BIA, you have a very shaky arrangement to keep your business keeping on during and after a crisis or business disruption. Sharing Charlie Maclean-Bristol’s insights on doing a BIA in the Philippines for a manufacturing client.

Charlie wrote: “I have been talking about doing a Business Impact Analysis (BIA), on the building manufacturing plants in the Philippines, where I am presently working. Someone asked me why I was spending so much time developing the BIA template and planning the BIA workshop. Surely, ‘as a consultant you have a standard presentation and template which only needs to be slightly adjusted to each client’. All consultants have a standard way of carrying out elements of the business continuity lifecycle. I have found with manufacturing, to make the BIA meaningful, it required a substantial adjustment of my methodology. I also had the additional dimension of conducting it within a different culture, with people whose first language was not English so this also required further thought. This week I thought I would share the lessons learned over the last few days of conducting a BIA workshop on manufacturing in the Philippines.

Normally when I do a BIA I like to conduct a workshop to capture the information; I am not a great fan of BIA interviews. During this project we decided in advance to go for a series of interviews followed by a workshop for the BIA phase. Our approach per plant was to get all the managers together on the first day and explain what we were doing, why it was important and how we would gather information. I felt at this stage it was very important to state that we were not auditing them, but asking them questions to understand what they do. Having the country manager’s buy-in was fundamental and him sending an email out beforehand, stressing the importance of business continuity, was essential in ensuring they engaged with us. We conducted a tour of the plant which took the remainder of the first day.

The following two days were spent interviewing managers from all the different departments. At this stage I was not trying to capture the BIA information but purely trying to understand their processes. A key matrix was produced to try and understand the facts and figures of the plant and the best data to capture. Should we capture the day’s stock at the various stages of production or tons of stock? Often we came up with a number of different answers speaking to different managers! The issue also came up regarding what stage you assess the plant with normal holding of stock. With the problem of defining what is normal, minimal holding or to take stock out of the equation altogether and just concentrate on each stage’s ability to produce? If we didn’t watch it we would end up with three BIA’s for different stock holdings! We ended up with taking the minimum stock, which they try not to go under.

On the fourth day was the BIA workshop. All plant managers attended. I was pleasantly surprised that they all turned up and stayed for the whole workshop. Before the workshop you never know, culturally, whether managers will dip in an out of meetings, spend most of the time looking at their phone (however interesting you think your workshop is) or have to attend to an urgent operational problem and escape.

Normally we would get each delegate to fill in a workbook for their own department and the workshop would be framed around helping them understand how to fill it in. Occasionally we have to go back to them and query the information if the workbook was filled out incorrectly, which is not too difficult if they are local. In this case, I felt it would be very difficult to collect information retrospectively, so we did the work on screen with the answers being typed straight into the BIA tables. This was effective as we came to a common agreement on stocks and all those attending contributed to inputting the data. Where this became more difficult was when we had 18 different activities; each one required to fill in their manning numbers which took ages and those that had done their numbers were nodding off!

When I first learned how to do a BIA 10 years ago, there was a great emphasis on capturing the cost of an incident as part of the BIA process. I saw people with very elaborate spreadsheets showing the impact of cost over time, which looked very impressive. Trying to do the same myself, I reached the conclusion that in most cases trying to capture the cost of an incident over time is meaningless and doesn’t tell us anything useful. There are too many variables within what we are trying to capture; turnover loss or profit, or in this case delayed income.

This is the first time in a while where I thought it would be meaningful to capture financial information. At present it is a ‘sellers market’ for my clients’ product so the market will buy all their production. We know how much they can produce at each plant per 24 hours, how much margin there is on each product and we can work out the loss or profit per 24 hours downtime. We have identified a number of threats and once the cost of possible solutions are identified, we can see if it is cost effective, looking at the number of days the incident will be shortened by, to put these in place to reduce the risk.

My final lesson is to ensure that your BIA is comprehensive and you don’t forget to capture key bits of information especially if you are going to ISO2230, as it may be very difficult to go back and capture it!”

Source http://www.b-c-training.com/BIA-In-Manufacturing

Posted in B4Crisis, Business Continuity, Resilience | Leave a comment

7/7 business continuity lessons remembered

Sharing Charlie Maclean Bristol’s lessons remembered from the 7 July 2005 London bombings. Thanks for these important reminders about exercising and training our staff before incidents. It is no accident that my business is B4Crisis. I help clients prepare before a crisis or business disruption, but also after an incident help you learn and apply those lessons to make your business more resilience. Over to Charlie and his colleagues at business continuity Training Ltd (UK):

“I thought this week with the 10th anniversary of 7/7 I would look back through one of the reports on the incident by the London Assembly (Report of the 7th July Review Committee) and highlight in this bulletin some of the learning points from the incident. If we can learn from incidents and improve our response, then something good has come out of a terrible incident.

In reading the report one of the things that struck me was a number of communication failures during the response. This should not surprise us as almost every incident report or exercise report highlights failures in communication as one of their key learning points. There were three main failures in communications; loss of communications to those responding underground, overload of the mobile phone system and the failure of the ambulance communications system.

The difficulty of communicating underground was identified as a significant issue in the report into the Kings Cross fire in 1988. During 7/7 the report noted that the Metropolitan Police Commissioner, Sir Ian Blair, told us that he regarded the inability of the emergency services to communicate underground as ‘a significant problem for London’. The lessons from the last incident in this aspect of communications had not been learned.

Do you go back through your own incident reports and those of other organisations, which are relevant, and check that the lessons identified have been learned or actioned in your organisation?

All of our mobile plans are highly dependent I suspect on mobile phones working. Much of the communications failure during the response to 7/7 was due to the emergency service and other responders having a high reliance on mobile phones and the system not working in certain areas. This was again identified in the report as a foreseeable problem. The same happened during 9/11 and actually happens in many areas each New Year’s Eve. The failure of the mobile system was due to the large number of calls overloading the system which the report details:

‘London’s telephone networks experienced unprecedented volumes of traffic. Vodafone experienced a 250 per cent increase in the volume of calls and a doubling of the volume of text messages. There were twice as many calls on the BT network as would normally be the case on a Thursday morning. Cable & Wireless handled ten times as many calls as usual to the Vodafone and O2 networks – 300,000 calls were placed every 15 minutes, compared to 30,000 on a normal working day. O2 would normally expect to handle 7 million calls per day. On 7 July, 11 million calls were connected – 60 per cent more than usual – and this does not include unsuccessful calls’.

Have you got plan of how to deal with an incident without mobiles, especially at the scene of the incidents, and how staff caught up in the incident will inform you that they are safe?

Lastly on communications, although it didn’t affect the overall response, there was a major breakdown of The Ambulance Service communications. This lead to “repeated instances of London Ambulance Service officers requesting more ambulances, supplies and equipment and receiving no response”. Failure of communication within the ambulance service was due to issues with their radios and failure of the mobile phone system. Could your response be majorly impacted by failure of communications and are your existing communications fit for purpose, tested and staff trained in their use?

One of the themes I have been promoting in my bulletins is ‘do our plans have sufficient emphasis on looking after people during an incident’. I was disheartened to see the following within the report:

“The response on 7 July demonstrated that there is a lack of consideration of the individuals caught up in major or catastrophic incidents. Procedures tend to focus too much on incidents, rather than on individuals, and on processes rather than people. Emergency plans tend to cater for the needs of the emergency and other responding services, rather than explicitly addressing the needs and priorities of the people involved”.

I am guilty of this as well, but I think we should look again at our plans and see if they take account the need to look after our people and those affected by the incident?

My last point is the importance of leadership at the scene of an incident and in someone taking command. The following is an extract from the section on communications from people in authority within the first 15 minutes:

‘Michael, survivor of the Aldgate explosion said ‘Information is essential when in shock people freeze and can’t make rational decisions, people need to know what to do, even if it is to remain on the train and wait’.

Nobody knew what to do immediately after the bombs had gone off. They were in an unfamiliar environment and were unsure whether it was safer to leave the train or to remain where they were. A number of survivors talked about the relief of having someone in authority, the train driver, tell them to what to do and ‘walk down the track to Russell Square’. This highlights to me the importance of training for staff likely to be at the scene of an incident so that they can make quick decisions and be the voice of authority in an incident.”

Source: http://www.b-c-training.com/7th-July-Lessons-Revisited

Posted in B4Crisis | Leave a comment

Free business continuity exercise videos

Sharing some business continuity exercise videos on my B4Crisis YouTube channel. https://www.youtube.com/user/Chrisl1957/videos I prepared these videos from photos to exercise one of my clients, St Vincent de Paul Society, Canberra/Goulburn Diocese (“Vinnies”). They have a major distribution and retail centre in an industrial estate at Mitchell in the NE suburbs of Canberra. There was an incident known as the Mitchell Fire. The fire and its aftermath shut Vinnies’ Mitchell distribution and retail centres for a business day and caused inconvenience, especially for the trucking fleet, the following week due to major road closures. For a crisis (senior) management team exercise, we took a real incident and escalated it using the Sunrise fire (more than 30 days off site) and the Buncefield fire (many months off site) to “test” their BCP. I learnt about the Sunrise fire when I spoke at the 2009 World Conference on Disaster Management (WCDM), Toronto and Sydney. Sunrise was the paper following my paper on the Varanus Island gas pipeline rupture, fire and explosions. Les Whittet FBCI introduced me to the Buncefield incident. Andy Osborne explained more about the Buncefield incident when we caught up face to face at the 2014 Business Continuity World Conference, London Olympia. Clearly, business continuity management is a global business. Every business wants to keep on keeping on. Business continuity management offers even more. Most importantly, reviewing and sharpening up your business as usual, especially in the most time-critical business processes. I am happy to discuss further details if any of you would like to use these scenarios to test your clients or businesses.

Posted in B4Crisis | Leave a comment