C²: Continuous Continuity in the Enterprise...

Many enterprises today understand the myriad of potential threats to its people, processes, systems and structures. It stands to be better equipped for sustained continuity. 

Business Crisis and Continuity Management (BCCM) is a dynamic change management initiative that requires dedicated resources, funding and auditing.

Certainly the largest organizations realize that the risks are taking on different forms than the standard fire, flood, earthquake and hurricane/twister scenarios. These large catastrophic external loss events have been insured against and the premiums are substantial.

What it is less easy to analyze from a threat perspective are the constantly changing landscapes and continuity postures of the many facets of the organization having to do with people, processes and systems.

The many sources of significant loss events are changing as we speak. Here are a few that should not be overlooked:

• · Public perception
• · Unethical dealings
• · Regulatory or civil action
• · Failure to respond to market changes
• · Failure to control industrial espionage
• · Failure to take account of widespread disease or illness among the workforce
• · Fraud
• · Exploitation of the 3rd party suppliers
• · Failure to establish a positive culture
• · Failure in post employment process to quarantine information assets upon termination of employees

Frankly, corporate directors have their hands full helping executives managing risk and continuity on behalf of the shareholders.

The risk management process will continue to have as big an impact on the enterprise as other key functions because shareholders will be asking more questions about the changing landscape of managing risk for corporate governance.

Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C², or “Continuous Continuity”.

A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare.

These nightmares are “Loss Events” that could have been prevented or mitigated all together.

Most of the best practices talk about a BCCM plan that will be periodically updated. Periodic is not continuous. Change is the key factor here.

What changes take place in your organization between these periodic updates? How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.

This will change over time as organizations figure out that this is now as vital a business component as Accounts Receivable. The BCCM will become a core process of the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise.

As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time. This takes the operational management that much closer to C², or “Continuous Continuity”.

So what?

Boards of Directors have the responsibility to insure the resiliency of the organization. The people, processes, systems and external events that are constantly changing the operational risk landscape become the greatest threat to an enterprise.

It’s the shareholders duty to scrutinize which organizations are most adept at “Continuous Continuity” before they invest in their future.

Business Resilience: Beyond Readiness…

The continuity of your telecom operations is an operational risk that in many cases is underestimated until a significant business disruption occurs. When telecom is down, this means a combination of voice and data services that serve your business enterprise may not be available. The resilience of both the voice and data communications is the holy grail of continuity of operations and disaster recovery professionals on a global basis.

Business Resilience and the ability to effectively anticipate or absorb the impact of an incident, whether man made or as a result of a natural phenomenon differentiates your suppliers. When is the last time you tested your Tier I service supplier for a mission critical business process to determine the ability to keep their voice and data services running during a time of crisis?

And maybe more important, is your own enterprise Incident Command system survivable so that you can provide voice leadership to your "Incident Commanders" where ever they may be located?

As we approach the middle of the Hurricane season here in the U.S., you can understand why having energy to power systems is an important aspect of most COOP discussions. This simple yet valid argument for back-up power has been going on for a decade or more.

When it comes to planning for the next Hurricane Katrina or the "Tip of the Spear" overseas operations readiness, resilient business organizations need to implement robust planning, exercises and systems to be able to overcome the operational risks that are before them.

Power blackouts are the catalyst for many risks to the critical infrastructure including Transportation, Internet, Voice communications and even those services that you take for granted like pumping gas at the local petrol station or emergency services at the local hospital. 

September is DHS Preparedness Month in the US and the focus is once again on the physical readiness of our nation.

Cyberspace as we know it is so embedded into most of the mission essential aspects of business today that our readiness factor needs to go well beyond redundant power supplies and battery back ups for power. 

Cyber-Readiness is a key component of any organizations plan to stay resilient in the face of a Distributed Denial of Service Attack (DDOS) and other cyberspace exploits that disrupt our operations.

Do you think you're spending too much time with your team planning and training? You haven’t.

Success in your organization doesn't happen because everything goes according to the plan. It happens because you were prepared when things go wrong.

"The organizations whose team has planned for every possible scenario and trained together in live simulations will become the most successful in their strategy execution. Their missions will be accomplished on time and within budget."

Incidents of different severity and frequency are happening around you and your organization every day. Would your employees know what an incident looks like let alone know what to do next to mitigate the risk to them and the organization?

9/11/2025: Never Forget...

Where were you on 9/11/2001?  Do you remember…

What this day is about every year beyond these memories, is the renewed vow of vigilance. A time to revisit all the reasons why you have made the decisions you have since that Tuesday morning in America so many years ago.

Never forget that day. Never forget why you wake each morning.

9/11 vigilance is about being adaptive. It is about resilience. For those of us who have never paid the same price as those who have served, supported and are the mothers, fathers, brothers, sisters or relatives of those who have, we can never know or really feel what they have. We can only pledge our vigilance in continuing our respective missions.

Most of all. The mission is not America's alone and the entire planet understands this. As they teach the history of 9/11 in the schools of New York City, Haiti, Chile, Pakistan, India and even Saudi Arabia, what do you think the lesson is about?

If it is not about vigilance and resilience, then we are doing our children a disservice. We must be preparing them for the future threats that this globe will be facing in the years and decades before us.

Whether it is the wrath of "Mother Nature" or the evil planning of ordinary people does not matter. We can never predict exactly the day the hour or when and where the next attack will occur.

Whether it will impact our buildings, bridges, rivers, schools or the Internet is unknown. If all of us on this 3rd rock from the sun, have done our job teaching our kids about vigilance and resilience, then we should all be able to have a peaceful nights sleep.

Devoid of nightmares.

"Remember that Tuesday in September across the globe for the lessons we have all learned since that infamous day in New York City, Washington, DC and Shanksville, Pennsylvania."

For the children, teach them the truth…