"Planning for Continuity of Business" has been shifting from pure disaster recovery to an "All Hazards" point-of-view on the frontline of your institution.
Following the terrorist attacks of Sept. 11, 2001, the Critical Infrastructure industries realized that no business is immune from catastrophic events.
Even the severity of the last several years of hurricane seasons, however, taught our national institutions that disaster recovery programs alone cannot protect their businesses, forcing all 16 Critical Infrastructure domains to reevaluate the strength of their backup plans.
With the destruction wrought by Hurricane Katrina and others still largely visible, industry sector leaders have renewed their focus on preparedness as they rethink their risk management strategies and bolster their business continuity plans.
Hurricane Harvey (2017)
“One of the costliest tropical cyclones in United States History, let alone the Houston area, Hurricane Harvey caused more than $120 billion in damage and killed 68 people. 300,000 structures were flooded, and structures around the city were destroyed due to 130 mph winds. A category 4 storm, Harvey even produced upwards of 60 separate tornadoes during its 5 days of destruction.”
Rather than rely on disaster recovery plans to pick up the pieces after a business disruption, companies and municipalities are shifting their activity to Proactive and Continuous focused business continuity plans to keep operations running throughout a major disaster.
An "All Hazards" perspective changes the way you Deter, Detect, Defend and Document (4D) the existing and future operational risks to your enterprise.
In many institutions, disaster recovery was the responsibility of a specific group in the company, many times found in the IT department. Not any longer.
Moving the corporate mentality to an "All Hazards" point-of-view takes the specialties of disaster recovery and spreads it across the whole organization.
A standards-based process could be:
- Identify
- Assess
- Decide
- Implement
- Audit
- Supervise
If just this six-step process is incorporated into the daily planning and continuous monitoring of corporate missions, then it's possible to quickly move from a reactive mode to a more proactive mode for managing all hazards risk.
You eliminate the thinking that a single department or person is in charge of Business Continuity or Disaster Management.
In our daily work schedule there must be time allocated to use this simple process when new missions are created or existing missions are reexamined.
The COO, CFO, CIO, CSO and CxO along with their direct reports all perform their own process within their own subject matter domain.
This puts the expertise for risk mitigation in the hands of the most knowledgeable person for that particular process, system or external event.
It includes the idea that hazards include much more than the typical thinking of hurricanes, tornadoes or earthquakes.
Even if the catalyst is not Mother Nature and just another salvo of “Ransomware,” from a renamed criminal group that is supported by a Nation State.
By implementing an "All Hazards" process for risk management that is utilized by every team and business unit, you create a true “Culture of Continuous Continuity”...
No comments:
Post a Comment