Posts Tagged ‘business continuity’

INSIDER focuses on Sandy, Security

Posted: December 14, 2012, 8:21 am

Check out the latest edition of our monthly newsletter, the INSIDER, a place for IT professionals to explore the latest news, trends and tips. This month’s issue features articles and videos focused on security.  We’ve addressed such topics as recovering from disasters like Superstorm Sandy, to safe identity management for your workforce, to secure change management and cloud application testing.

This month’s Recovery Services video focuses on Workforce Continuity/Workplace recovery in the face of disaster – a timely topic in the aftermath of Superstorm Sandy. Another well-timed article details exactly what steps SunGard takes in times of natural disasters like Hurricane Sandy. What exactly does SunGard do for its customers when faced with impending crises?

For the CIOs in our audience, we spoke with SunGard’s Atif Malik about the importance of executive dashboards for CIOs as a way to achieve greater efficiencies in their data centers.  We’ve also got a few new services to tell you about — the Customer Configuration Repository – designed to revolutionize change management, as well as a new security solution called Single Sign On, available for all SunGard customers.

Our Cloud trend series concludes with a brief look at what happens once you’ve developed and tested an application in the cloud.

Finally, we recap SunGard’s involvement in the latest events and conferences, including the Gartner Data Center conference and our Business Continuity Software International User Group meeting.

Stay on top of the latest SunGard news with the INSIDER, found here on the SunGard website each month. You can subscribe to our monthly newsletter here.

Tags: , , , , , , , , , , ,

Posted in Availability Services

Add a Comment

Stepping up to the Cloud [infographic]

Posted: November 15, 2012, 4:15 pm

Migrating to the cloud should be considered as part of an overall business strategy and have a defined business objective addressed. One company might want to leverage cloud services to reduce operating costs and free up IT staff, another might need the ability to rapidly scale capacity, and yet another might need to speed application development.

Keeping the business objective in mind will serve you well as you make the move to the cloud. At each step along the way, you will need to evaluate a provider’s processes, procedures, and abilities to see if they fit your needs. Your choices must be based on how well a provider can support and meet your ultimate objective. With this in mind, there are seven steps to take to ensure success.


Every cloud effort must start by defining the business reason for evaluating and leveraging cloud services. Do you want to avoid large upfront (CAPEX) costs for a new project? Do you need a more agile environment to speed application test and development? Must you scale on demand to be poised to enter a new market? Specifying the business motivator for the move helps determine what capabilities and features you will need from a cloud provider.
The next step is to assess your cloud readiness. In this part of your planning, you need to provide management with information to determine which applications and elements of your operations can make the best use of a cloud environment. When evaluating providers, you will find there are technology differences, as well as variations in operational procedures, responses to problems, governance issues, and the way security is handled.  You need to consider your availability and security requirements for each application.

Once you have decided to transition to the cloud, you need a roadmap to get there. Some applications might be ready for an easy migration. For instance, if you are already running an application in a highly virtualized environment, you might be able to simply move the virtual instances of those applications running on your servers to a cloud provider’s infrastructure. Other applications, such as custom code that is tied to a particular hardware platform, will require more effort. For those applications, you will need to develop a plan of action to get them to the cloud.

Next is the actual migration. As with any major IT undertaking, planning and testing are critical. You need to consider the impact on users. A web commerce site might have a very limited or no time window for disruption. With an internal application you might have the luxury of taking it out of service for a weekend, if users are given proper warning. Once the applications are ported over to a provider’s hardware, you will need to run tests to be sure everything is working and application performance criteria are met.

Over time, you will have the opportunity to fine-tune and optimize your cloud operations. For example, you might leverage a provider’s services that automate provisioning to improve the way you deploy your IT services.

Going hand-in-hand with optimization, you should look at the operational aspects of running your applications in the cloud. After all, cloud is a disruptive technology, and as such, requires new approaches to management and operations. Here, you should work with your provider to develop improved operations management capabilities.

Finally, clouds are not immune to outages. You must work with your provider to plan, execute, implement, and test Business Continuity and Disaster Recovery. These plans need to be documented, communicated and most importantly, tested at least once a year.

Taking these steps, your organization should be able to take advantage of the benefits a cloud approach offers, while helping meet the business goals of the organization.

Tags: , , , , , , ,

Posted in Cloud, Cloud Adoption, Cloud Consulting, IT and the Cloud

Add a Comment

SunGard Carlstadt Business Continuity Center serves as Command Post, Shelter During Hurricane Sandy

Posted: November 12, 2012, 10:29 am

By George Gobla, Technical Service Delivery Manager

Police, firefighters and EMTs from Moonachie, N.J. used the SunGard Availability Services business continuity center in Carlstadt as an emergency command post during Hurricane Sandy.

Like most other residents of the East Coast, I had been following the news about the approach of Hurricane Sandy vigilantly. As a New Jersey resident, my interest was even greater, as the storm the media dubbed “Frankenstorm” was tracking to make landfall on the evening of October 29 over the New Jersey shoreline and proceed inland.

When it became more likely that Hurricane Sandy would be as destructive as many experts were predicting, the storm was also becoming a concern from a professional standpoint.  As the technical service delivery manager for the Northeast region for SunGard Availability Services, it’s my job to make sure that our facilities in Carlstadt, N.J. – a town about 15 miles west of Manhattan—are operational for our customers during any crisis.

A week prior to the hurricane’s arrival, SunGard activated its three-stage hurricane preparedness process. As part of the process, we carefully followed tested procedures to help keep our employees safe and our customer data secure, our facilities secure and our communications consistent. Along with personnel at other data centers that could be affected by the natural disaster, our on-site facilities team verified that all environmental and electrical gear was in full working order before the storm.

We felt well prepared in Carlstadt despite the fact that New Jersey would face the full power of Hurricane Sandy.

On Monday, October 29, the weather worsened throughout the day. At about 9:30 p.m., I started the one-hour drive from my home to Carlstadt. As I found out later, I was the last person to drive through the local area just before the hurricane hit.

After navigating several detours, I arrived at SunGard’s mega center in Carlstadt—home to two data centers and a business continuity site, which provides customers with a fully functional alternate work space for employees to use while in disaster recovery.

At our Carlstadt data centers, we provide advanced recovery, testing, advanced replication and hosting for customers. That night, my colleagues and I were working furiously to assist customers. Some customers initiated an orderly process of shutting down their equipment, and we were able to control the situation so there was no customer impact due to data center issues.

We also had a number of customers at our facilities and we communicated with them personally and kept them updated throughout the evening. Additionally, there were multiple notifications from our Service Desk and direct phone calls to customers.

As this was happening, at around 11:45 p.m., we had some unexpected visitors. The fire chief of a small nearby town, Moonachie, arrived in his SUV with three ladder trucks, two ambulance squad trucks, and a police cruiser in tow. Moonachie was being overrun with floodwaters from a storm surge caused by Hurricane Sandy, and the officials said they needed refuge and shelter for their own operations, and also for citizens that would be rescued throughout the night.

They asked if SunGard would open its business continuity site for this purpose, and I immediately said yes.

Within minutes, the fire chief had pulled his SUV to the front of the building, opened the back hatch and began using the area to respond to 911 calls and direct emergency operations in the field. Soon after, more emergency responders and the mayor of Moonachie, Dennis Vaccaro, arrived at the business continuity site, and the area became the command post for the duration of the night.

Those that were rescued from their flooded homes, and in some cases from the roofs of their cars, were taken to the SunGard business continuity center. Sheltered and comforted with sheets and blankets, they remained in safety while the hurricane and flooding lashed Moonachie.

In total, our facility provided shelter for approximately 60 residents rescued from danger, and 40 fire, rescue and police.

The Carlstadt facilities remained dry and operational throughout the storm, and I was extremely proud that we were able to assist the community in a small but useful way during Hurricane Sandy.

Tags: , , , , ,

Posted in Business Continuity, Disaster Recovery, Mobile Recovery Services

Add a Comment

Q&A with @SunGardAS User Group Forum Keynote Speaker, Michael Leiter

Posted: October 15, 2012, 9:37 am


Michael LeiterMichael Leiter serves as an expert on counterterrorism, cybersecurity, and national security for NBC News and worked as the director of the National Counterterrorism Center (NCTC) from 2008 to July 2011.

On October 15, Mr. Leiter will deliver the keynote address at the annual SunGard Availability Services Business Continuity International User Group Forum at the Chicago Marriott Downtown from Oct. 14 – 16. In his address, “Leading in a Crisis: Before, During, and After,” Mr. Leiter will share lessons on instilling leadership while managing a crisis and describe his experiences with helping manage scenarios that impacted the nation’s security.

The SunGard International User Group Forum is a symposium that offers peer-to-peer sessions on business continuity (BC), real-life case studies of disaster events and success stories of business continuity plans resolving operational disruptions. Attendees will also learn about implementing BC software in an organization and view the next generation of BC Software enhancements that will shape the future of business continuity management. Follow the conversation on Twitter at #SunGardUGF

In advance of the User Group Forum, SunGard asked Mr. Leiter for his opinions on leadership, crisis management, overlooked factors, and how enterprises can learn from national security threats.

What is the most important factor in leading an organization through a crisis?

First and foremost, it’s the idea that planning is not just for a predicted future. Planning is critical for responding in a time of crisis. It allows you to understand your organization, its surroundings, and what you are faced with. And when an unpredictable or predictable event occurs that throws a wrench in works, it is that planning which allows you to respond in a crisis and change the organization’s priorities because you understand it so well.

When is leadership most important when a crisis or business disruption arises?

I’m a very strong believer in leadership from the very top at all times, but especially before and during a crisis. It affects every part of the organization. Part of the responsibility of the highest level of leadership is to create champions in every part of the organization for your business continuity and crisis plan.

Your professional background includes roles in the highest levels of government, including at the U.S. National Counterterrorism Center and the Office of the Director of National Intelligence. Even at highly organized organizations with respected leaders, do you find that crisis planning still has a role?

When you have a crisis, the best laid plans go out window, except for those pieces that help you understand how your organization can shift and change to respond to new situations. Also, in my experience, in terms of planning during a crisis, it’s critical for a leader to understand all components of an organization and what its capabilities are. Because unfortunately, no matter the organization, many people in the organization may very well lose their cool. The more you have thought about what the organization can do and cannot do, the better position you will be in to react to that time of crisis, to adjust to changed circumstances, and then reshape the organization beyond the period of crisis to be more effective when you have new requirements upon you.

How do you apply lessons you learned from managing major national security threats as director of the U.S. National Counterterrorism Center to business continuity planning for enterprises?

Let’s take the raid on Osama bin Laden [in May 2011] as an example. This was an undertaking that required an enormous amount of planning in the run up to the raid. At various intelligence agencies, people had been working on this mission for over a decade. They had been planning and thinking and identifying every possible eventuality. In this particular case, we knew when the crisis might arise, which was when the operation would be enacted. So in last two weeks before it became active, the plans were shown to an entirely new group of people who had not been involved at all. Everything was presented to them, and we said, “Come up with all the eventualities you can and tell us all things we might be getting wrong.”

Another example is the attacks in Mumbai, India [in 2008]. In evaluating security threats, it was typical at the time to always talk to local authorities like the police. In the Mumbai attacks, it turned out the attackers used fire as a weapon while inside a large building. This was an eventuality no one had thought about.

I think any organization can learn from these examples. It’s great to have intelligent, well-informed people involved in business continuity planning, but also it’s also critical before the finalizing that plan to step back. You want to give that same information and the scenarios to a group of people outside the organization who understand the problem, but who aren’t emotionally involved to the outcomes or the plan. The goal is to try to come up with alternatives to find where the planning may have gone off the mark and to identify the problems.

What are your recommendations for initial steps for building a BC/DR plan for an organization of any size?

You have to start small. You can’t plan for all eventualities and you shouldn’t start with everything falling apart. Start with a smaller crisis, such as what happens if you lose your company email. That can be a crisis, for sure, but it’s much different that losing all your electronic storage. In national security planning, we don’t start with a nuclear attack on Washington. We ask what would happen if there were a suicide bomber in Washington, D.C. and how we would react and handle that. It’s much better to start from a smaller crisis and build out.

As a former national security leader, you had stakeholders across a wide range, such as the White House, agencies like the CIA and FBI, Congressional leaders, and, more broadly, the American public. What advice can you share with organizations about communicating effectively during a crisis to all its important stakeholders?

One thing that immediately comes to mind is that it’s very easy to assume that you understand what a customer wants when a crisis hits. In the case of my own crisis planning at the National Counterterrorism Center, I tried to understand what the President, the White House and members of Congress wanted for information. But I found it’s much better to sit down and ask them, “How do you want this information? When do you want it? What information do you want first?  Who else do you think should be informed about this?” It may be difficult for some businesses to plan this way, but I think it’s important to engage customers and explain that during all these preparations to become well positioned for eventualities, you want to understand their requirements and what information they will want to know.

And internal communications is just as important. In my experience, the vast majority of people find this kind of strategic planning to be an annoyance. When you have a crisis plan developed only by the crisis planning team, it’s helpful but not nearly as useful as one developed by a broader cross section of users.

It’s incredibly important to engage stakeholders inside the organization and, sometimes, leaders have to do that with internal stakeholders by twisting their arm a little. You want to do that in a way that reduces the workload on them, but so that they understand it’s important and you need them. In the end, you will have a much better return on investment. If you leave any part of the organization out, it’s almost guaranteed that’s the part of organization that will open the plan for the first time at the moment of crisis.

During the crisis, it’s obviously about communication, communication, communication. If you can’t effectively communicate messages to employees and leaders across the organization, you could soon be faced with a workforce that thinks there is no plan. Your business crisis will quickly become an existential crisis.

Tags: , , , , , ,

Posted in Business Continuity, Disaster Recovery, Operational Resilience

Add a Comment

What You Didn’t Think About When Implementing a Telework #DR Strategy

Posted: August 6, 2012, 2:10 pm

By


Will work from home work when you need it most?

Workforce RecoveryTelework is getting more popular every year — based on current trends, with no growth acceleration, regular telecommuters will total 4.9 million by 2016, a 69% increase from the current level but well below other forecasts.[1] In fact, the US government’s Telework Enhancement Act of 2010 mandates that every department head identifies who is eligible, partially for emergency readiness, but also to reduce energy use and increase employee retention.

Teleworking has a few basic requirements:

  • A secure place to work
  • A secure computing platform
  • Sufficient and secure data bandwidth
  • Access to appropriate voice services
  • Power
  • No regulatory requirements for employee monitoring

Stockbrokers generally cannot telework due to monitoring regulations. Similarly, call center employees may need special voice equipment, although Voice over IP (VoIP) soft phones should work with many call center applications.

I am seeing more and more companies implementing telework as a workplace recovery strategy, and can’t help wondering if the planners truly thought through all the implications of their decision. When an incident occurs, it is imperative that your critical employees get back to work no matter why they cannot be in the office. And in most cases, telework will not meet this key objective.

As every business continuity practitioner knows, disasters come in three major sizes; single site, localized, and regional. Single site disasters affect one company or one building, localized disasters may affect one or a handful of city blocks, and regional disasters impact a much larger area. Some examples in the United States might be a fire in your computer room, 9/11, and Hurricane Katrina or a pandemic.

As long as your computing infrastructure is running in your data center or your hot site, telework might be a reasonable option in the case of a a single site disaster. Of course, your remote access infrastructure needs to be up, along with internet access through your contracted network provider.

In the case of a localized or regional disaster, telework could be problematic for several reasons. Unlike a traditional hard-wired phone line, there are no government uptime regulations around Internet service providers or local cable and DSL providers. When the power goes out, your landline is required to work for a minimum of 24 hours by the Federal Communications Commission (FCC) [2], but the same isn’t true for your cellular, VoIP and data connections – assuming that you have power in your house to charge your cellular device or keep your router powered up.

In a single-site disaster or a pandemic, your voice and data connections most likely will be up and your house or local coffee shop will have power. But with most of the city also stuck at home, bandwidth could be constrained by your neighbors also teleworking, playing games on their XBOX, and streaming dancing cat videos.

Telework might be okay for lower priority job functions that can be jettisoned when a larger incident occurs, but for employees that support mission critical and revenue-producing business processes, you need other options available when telework is not possible.

Commercial workplace recovery solutions may seem more expensive than outfitting your employees to work from home, but unless you have done a business impact analysis, you cannot be certain that the cost isn’t more than offset by the potential losses if your business comes to a halt.

So it may be time to take another look at whether or not commercial workarea recovery should be part of your disaster recovery plan. One phone call can bring SunGard to the table with our broad set of options including shared and dedicated seats at a recovery center, or custom-designed mobile recovery units that come to you. Be safe, and be prepared.

Tags: , , , , , ,

Posted in Disaster Recovery, Mobile Recovery Services, Operational Resilience, Recovery As a Service, Recovery-as-a-Service

Add a Comment

Disasters Have a Way of Making You “Wake Up” and Rethink Recovery

Posted: July 23, 2012, 8:09 pm

By

Hurricane Preparedness When I was a kid growing up in the Southeastern United States, I spent a lot of time in the back of my Mom’s lime-green Dodge station wagon, accompanying her on her many business trips to Miami, Florida. I used to love it when I got asked to go, because a) it meant I could miss school; and b) it meant I could eat as many of those delicious Florida mangoes as I wanted.

I remember driving back with her once during a hurricane – she thought she could “get ahead of it” and get home to Savannah before it got too bad. Well, she was wrong.

The storm seemed to descend from nowhere, and things got so windy, rainy, and gusty that we had to pull over to the side of the road to wait it out. It was actually very scary as she and I sat huddled together in the back seat, witnessing the awesome powers of nature crash through the world around us.

Suddenly, we heard a loud CRACK, followed by the sound of glass breaking. When I turned around to look behind us, I saw that a mango had crashed through our back windshield, creating a giant, gaping hole. I remember being delighted, as it meant I could eat another of my favorite fruits, but my Mom was pretty upset.

Fast forward an unspecified number of years (no chance I’m divulging my age), and now I am working at SunGard Availability Services. When I read this case study on how a series of 2004 hurricanes had forced Florida Hospital to “wake up” and rethink their disaster recovery capabilities, it brought back this memory for me.

While the hurricanes did not force Florida Hospital into a declaration of disaster, it did force them to face the unpleasant truth that they did not have the staff, or the time, or the expertise in place to meet their recovery time and recovery point objectives (RTOs/RPOs). Which is why one of the largest healthcare providers in the entire state turned to SunGard Availability Services for help. In particular, they are now relying on SunGard’s proven expertise to manage all of the aspects associated with testing and recovering their data in the event of a disaster (our “Managed Recovery Program”).

Now that I’m a Mom, I’m actually somewhat appalled at the risk my mother took with me. While I love the idea of mangoes flying unbidden into my kid’s lap, I would never drive home during a hurricane, with or without her. So I’m glad Florida Hospital looked themselves in the mirror and figured it out; it shows a greatness of vision, I think, as well as the wisdom to take responsibility for their destiny and the willingness to take concrete actions to fortify their future.

————————————————————–

You can’t predict a disaster, but you can decide how prepared you’ll be.  To help our customers keep their systems, business processes and people in operation in the face of the increasing threat presented by hurricane seasons, we’ve developed a free Hurricane Planning Toolkit—available now, for a limited time.  Download the FREE Hurricane Preparedness Toolkit 

 

Tags: , , , , , , , , , , ,

Posted in cloud-based recovery, Disaster Recovery, Mobile Recovery Services, Recovery As a Service

Add a Comment

Lessons From Hurricane Crisis Management

Posted: July 28, 2011, 8:51 am

Bob DiLossi is the Director of the SunGard Crisis Management Center. A long-time business continuity practitioner, Bob provides some commentary in this post concerning lessons gleaned from crisis management in the midst of severe weather events, such as hurricanes.

1. Does the Crisis Management Team do anything different once a hurricane has been named and a projected path is announced by the National Weather Service?
It’s important to recognize that we monitor all weather events, not just hurricanes in-season. What makes weather events unique is that sometimes, you have a warning period that allows for review of plans and preparation. Right now we are tracking a tropical storm over the Cayman Islands which may strike Texas or Louisiana, or may move in another direction. Our process is to consider potential storm direction, and contact customers who may be potentially affected. We begin by reviewing the human factors and anything that would affect the safety of employees and our ability to contact them during a crisis. Second, we discuss potential business impacts. We then put them on alert, not waiting for them to act. That act of placing them on alert often becomes an alarm for them to make sure they are taking the necessary precautions themselves. The SunGard portal then gives them visibility into our plans and status as the storm track develops.

2. What advice would you offer to SunGard customers as a storm approaches their location?
Of course, safety comes first. Immediately behind that is communications. We use our own NōtiFind product to manage calls and response tracking, as do many of our customers. Regional events such as storms can quickly become complicated from a communications perspective, both with the numbers of people to reach, and the failures in communications channels that a storm can cause. NōtiFind, integrated with LDRPS is how we manage the complexity. I also recommend that a customer never rely on just one means of communications. Land lines at home and work, cell phones, pagers and increasingly social media all serve to provide multiple channels to keep communications open.

3. Should customers do anything proactive with support vendors, such as maintenance vendors? What about with their trading partners?
Support vendors can be critical to both ongoing operations, and if needed during a recovery operation. My first critical suggestion involves fuel providers. You need a contract in place before an event, or else you become just another name on a list in the middle of the crisis. Second, review both your backup schedule and off-site transit of backups; depending on the anticipated timing of a storm, make sure that backup tapes do not sit on-site longer than necessary, and that they are stored hopefully outside the threat zone. Third, review any employee travel agreements. If you need to quickly send staff to a recovery facility, you may need to be sure that everything is in place to make that as easy as possible on your employees, such as planning the potential for emergency petty cash.  In regard to 3rd party partners and vendors, make sure you involve them in tests and validation exercises, especially during “off hours”; responses at 10 AM on a Tuesday may be very different than 3 AM on a Sunday.

4. Is there anything different in the SunGard response to a hurricane when compared to, say, a fire or power outage?
The biggest difference is that with storms, you may get some warning.  You might also get some warming with wild fires, such as we experienced this past year in the west. Most other events have no warning, and you are in a reactive mode.  So, use the idea of “hurricane season” to do a periodic review of your plan, resources and capabilities. Hopefully you are not involved in a hurricane, but you will be better prepared for other unexpected events.

Tags: , , , , , ,

Posted in Uncategorized

2 Comments

Designing for Failure Conditions

Posted: July 25, 2011, 8:57 am

Today we hear from Chip Childers, product architect for SunGard’s Enterprise Cloud Services and partners with our product management and product engineering teams to drive the overall solution design of the service…CM

I’m a big fan of designing systems to deal with component failures. But let’s be honest, doing that perfectly is pretty darn hard.

In the research paper “Fundamental Concepts of Dependability,” all possible sources of fault conditions have been classified into 16 different categories. In another paper, “Software Architecture Reliability Analysis using Failure Scenarios,” an 8-step failure analysis process is proposed for how to understand a system’s potential failure conditions. All this is about identifying and classifying fault conditions—neither provides any design or logic to resolve the issues

I’m going to go out on a limb, and declare that nobody is doing that type of full and formal analysis for their cloud applications. (OK, perhaps somebody, but certainly not many.)

So that’s the problem in a nutshell. How can you really say that you have fully designed for failure, given all of the possible failure conditions? And for the 90% of the cloud platform population that just want to get their apps built, how much time should they really be spending on solving this problem? And what if you have legacy applications that can’t be designed in a truly “failure proof” way?

This is where an enterprise class cloud infrastructure comes in. An enterprise cloud has the resiliency, redundancy, data restoration, disaster recovery and security capabilities needed to keep your system secure and operating, and the enterprise cloud provider backs those capabilities with a Service Level Agreement. Further, an enterprise cloud also offers 24/7/365 management and monitoring of your virtualized infrastructure.

Failure can not be completely avoided, but you are better off knowing that the underlying platform design was build with resiliency in mind and that you have someone watching your back when things do go wrong.

To what extent could an enterprise cloud transform your company?

Visit our Cloud Solutions Center for videos, white papers and case studies about SunGard’s Enterprise Cloud Services.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

Posted in Uncategorized

Add a Comment

A Fresh Perspective on Resilience Exercises

Posted: July 21, 2011, 11:56 am

Reading a Harvard Business Review Blog this week triggered this thought on resilience: when conducting any validation exercise, it is important to invite “outsiders” to participate.

John Baldini, writing for HBR, noted that management coaching involves having an outsider suggest ways to improve your perspective on reality and decision making, with the suggestion to invite others into routine meetings from outside the normal attendee list. It adds energy and creates some fresh dialog.  Baldini writes: “A new perspective can allow a leader to make certain that what she sees is reality, not her perception of reality.” That statement applies equally well to resilience programs, too.

During more than twenty years in the continuity business, there are two observations that remain true even though the industry has shifted from “event-driven” to “resilience” planning. The first is that if you test the same components each time you validate your continuity plan, you really are not testing anything challenging. Ask yourself if your business changed during this same period, and the answer will always be “yes.”

The second observation is that while we generally “know” what our peers do during normal times, we are likely mistaken about who is responsible for what in the midst of a crisis. Mistakes here lead to decisions we will likely regret once the crisis is over.

Supporting a number of company-wide simulations over the past few years has proven this to be the case in virtually every type of organization, large and small, governmental and private sector. We make some basic – and often reasonable – assumptions about who makes decisions during a disaster, but it is critical that these assumptions be tested. Don’t assume Department X takes care of task 123; ask them, because they may be assuming that you are responsible for that task.

Better still, schedule an annual validation exercise that involves those outsiders. It has the dual value of increasing organizational training, while energizing the validation process. Assumptions during any crisis management activity often lead to lost time or mistaken actions.

Tags: , , , , , , , ,

Posted in Uncategorized

Add a Comment

Lessons Learned … Again

Posted: March 31, 2011, 10:15 am

With continuing concern surrounding the damaged nuclear plants, the global community continues to watch the turmoil unfolding in Japan. In the twenty days since the Sendai earthquake and the resulting tsunami brought unimagined devastation to the Japanese nation, we are seeing just how small planet earth really is.

Global Dependencies are Felt Locally

Moving beyond the destructive impact on whole communities and the human toll too quickly seems to trivialize the impact, but at the same time, it is important that organizations on a global level recognize our interdependence. These dependencies can be seen clearly in the examination of global supply chains. Companies such as Boeing, Sony, Caterpillar and John Deere have been referenced in the news as enterprises that are feeling the supply chain impact, or anticipating parts shortages within a very short time frame. General Motors has announced production impacts from Louisiana to Spain to Germany related to dwindling supplies of Japanese components.

Forrester Research mentioned yesterday that business continuity is “… back on the agenda …” for business executives. Today the Wall Street Journal reported that the disaster plan from Tokyo Electric Power was inadequate, especially for the combined impact or earthquake and tsunami.

Earlier this week, in a conversation with Gartner Research about testing recovery plans, the point was raised that more than just worst case scenarios, planning for the combination of events raises maturity to a best practice level.

While the Japanese continue their struggle to recover on a massive scale, much of the world has begun to consider “lessons learned.” We did this following the attacks of 9-11-01, following Hurricane Katrina, and similar action is demanded to review plans as to whether the assumptions made are grounded in the new reality unfolding in the news and within the lives of the Japanese people. Business processes and interdependency have become more reliant on automation, built around more complex trading partner and business models, and subject to more rapid impacts for disruptions due to “just-in-time” processes and inventory levels.

Lesson #1: Acknowledge Increased Risk Levels

My point today is simple: resilience and risk managers in organizations of every size must acknowledge the increased risk, and adjust plans accordingly. The lessons gained from examining events in Japan should stir internal reviews by every organization with trading partners concerning risks, logistics, capitalization, insurance and diversification.
For most of us, it is difficult to fully comprehend the impact on the ground in Japan. But all businesses need to examine how complex supply relationships – from raw materials to manufacturing capacity to transportation and selling channels – would be impacted from disruptive events that threaten such relationships. The imperative becomes determining appropriate mitigating actions and procedures in light of what we see in new light following the natural disasters in Japan and other global regions.

Tags: , , , , , , , , , , , , , , ,

Posted in Uncategorized

Add a Comment