So You Want to Be a BCP Consultant?

On my travels across the USA on client engagements, I am often asked what does it take to be a successful consultant in the field of BCP.   In mulling this over, below are what I consider key to your success as a consultant: 

• Integrity
• Superior Listening Skills
• Strong Work Ethic
• Willingness to Do the Dirty Work
• High Levels Of Performance
• Sound Knowledge Of All Areas Of BCP And The Proven Ability To Implement All Aspects Of It
• Ability To Speak To All Levels Of Senior Management And Staff
• Second To None Presentation Skills
• Ability To Think On Your Feet
• Dress Appropriately And Present A Highly Professional And Well Groomed Appearance
• Etiquette
• Ability To Get Things Done And Have Them Work
• Superior Facilitation Skills
• Exude Confidence At All Times
• Bullet Proof References
• Customer Service Skills
• Knowing Your Strengths and Weaknesses

In the end, it comes down to the relationships you have established with your clients for you to be successful long-term.  The greatest vote of confidence is having your clients refer you to their colleagues or speak to your prospective clients with no hesitation.  At MHA, we retain clients an average of five years; we are very proud of this fact and do everything we can to protect our reputation as well as our client relationship.

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations. Every day, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business. For more information on MHA, contact Michael Herrera at herrera@mha-it.com.

 

Human Factors in Crisis Management

The “Human Factor” is the single greatest variable in your BCP program.  You can have plans, strategies, multiple contingencies but it still comes down to people and their inner workings.  People have their biases and beliefs  There is a level of narcissism and a need for control.  Also, there is a fear of failing in front of their peers or a fear of reprisal.

 These various kinds of stress can have an impact on decision-making.  The belief that they must solve all issues without collaboration can lead to unfavorable results.  Knowing the personalities of the team and how they work together can greatly improve the quality of your BCP program.  Training is key here.

 A grouping of the various factors each person on a crisis management team brings with them that you must deal with include:

 

• Decision Making Styles
• Conflict Styles
• Education
• Family History
• Narcissism

 

I believe that key crisis management team members should be selected based on ability to execute and not just because they are senior leaders in a particular role.  Look out for leaders taking over and not collaborating.   Infighting, inability to make decisions, and other similar traits are also not desirable.  Some people thrive on pressure while others don’t.  People’s view of the leader can have a positive or negative impact.  Mix up the teams, change the leaders, require primaries work with alternates, use team building exercises, etc. to build a cohesive, well-oiled team that can stand strong in the heat of a crisis.

 

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations. Every day, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business. For more information on MHA, contact Michael Herrera at herrera@mha-it.com.

 

Black Swan Events

Recently, there was an article in the September Harvard Business Review and it focused on Assessing Risk today.  Traditionally, there has been a focus on planning for high probability, high impact events.  As a consequence, the planning for low probability/high consequence events has been neglected.

The article stated that companies have become adept at managing predictable, lower-level risks; they have a false sense of security about their ability to anticipate and deal with more hazardous events.

Low probability/high consequence events are also known as “Black Swan” events. Good examples of these “Black Swan” events are the Madoff Ponzi Scheme and the failure of Lehman Brothers, etc.   In the business continuity realm, September 11 was a Black Swan event.  Nassim Nicholas Taleb in his 2007 book The Black Swan deemed the following criteria to define such an event:

• The event is a surprise (to the observer).
• The event has a major impact.

 

After the fact, the event is rationalized by hindsight, as if it had been expected. So, how do we make management aware of Black Swan events and prepare for them?  We recommend you develop a “Heat Map” and plot the likelihood and significance of various types of threats at the organization.  This Heat Map, which should be a component of your Threat and Risk Assessment, should focus senior executives on unlikely but potentially devastating risk that merit but do not receive the attention they do.

 

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations. Every day, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business. For more information on MHA, contact Michael Herrera at herrera@mha-it.com.

 

The Importance of Alternate Work Site Recovery Agreements

Do each of your business units have an agreement with their alternate work site?  Your business units should have a comprehensive agreement outlining what will and will not be provided at the alternate work site.  An Alternate Work Site Recovery Agreement should include the following information:

• Name of Recovering Business Unit
• Name of Receiving Business Unit
• Alternate Work Site Address
• Alternate Work Site Space to be used
• Alternate Work Site Technology to be used.
• Hours the Alternate Work Site can be used.
• Length of time the Alternate Work Ste can be used by the Recovering Business Unit
• Contact Lists  (Alternate Work Site Personnel, Recovering Business Unit, etc.)

The agreements should be updated annually or when major changes occur within the recovering business unit or alternate work site.   Even if you have one global alternate work site, you should make you know what units are using that and what expectations exist.

Using alternate site agreements ensures the BCP Office can keep track of who is going where and all parties know what to expect.  Remember, to use these agreements in coordination with your global relocation plan I talked about in an earlier blog.

About MHA:  MHA Consulting, with its decade long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations.  Everyday, MHA helps protect trillions of dollars of global market assets and top companies around the world rely on MHA services for the continuity of their business.  For more information on how MHA can help you, contact Michael Herrera, President & CEO of MHA Consulting at herrera@mha-it.com.

 

Common Pandemic Themes Across Companies

MHA in working with clients, speaking with colleagues and researching trends, see a number of common themes and issues impacting how companies are addressing the pandemic:

1. Knowing when to activate their pandemic plan (e.g., WHO levels) has caused major confusion after the last scare.
2. Companies lack background data on how staff and communities may react to the pandemic based on lack of past history.
3. Are we ready for our social structure to break down like it did in New Orleans?
4. Companies may or may not know what is critical to their business as it has never been identified or updated.
5. Levels of proactive communication to employees varies greatly across organizations.
6. Belief that the data network can truly support the number of remote users for extended periods; many networks cannot support large groups of remote users for any period of time.
7. Length of time remote users can really work from home and maintain critical operations
8. Lack of ability to truly remote operate data centers and other critical facility based components
9. A lack of a true assessment of critical suppliers and their pandemic capabilities
10. Downsizing due to the economy will have a critical impact to the ability to recover in a number of organizations due to the lack of staff.
11. Ability to transfer voice communications to home when employees must work remotely.
12. Identifying criteria that can be used to issue social distancing controls, close offices, etc.
13. Exercising of people, plans and processes varies greatly across organizations.
14. Lack of documented HR policies to address extended absences; many do not want a documented policy in fear of lawsuits.
15. Preparing staff for the pandemic varies greatly.

 

Alternate Work Site Relocation Plan

Do you have a high-level global plan that summarizes the requirements to relocate your business units from your primary site to the alternate work site?  Even though your business unit recovery plan outlines how each unit will move to its alternate site, the BCP office should have a global plan summarizing the migration the alternate site.

Alternate Work Site Relocation Plan Sample Table of Contents:

• Activate the Alternate Site-The steps to activate the specific alternate sites and prepare them for incoming business units.
• Resume Operations-The steps to globally reestablish operations at the alternate sites including room setup, technology setup, physical security, etc.
• Return to Normal-The steps to ensure operations are as normal as they can be during the recovery efforts.
• Return Home-The high level steps to return the business units to their primary site in an organized, logical fashion.
• Appendices
  • Alternate Site Contact List
  • Alternate Site Seating Matrix by Criticality
  • Alternate Site Travel Arrangements
  • Alternate Site Fact Sheet and Map

This plan gives the BCP office a manageable document that will ensure the successful relocation of multiple business units to one or more alternate sites.  Additionally, each business unit should have a contract with its alternate site so that there is a clear expectation as to what will be provided at time of disaster as well as ensuring that the site will not be oversold and not have room when the time comes.

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices, and data center moves and relocations.  Everyday, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business.  For more information on how to attend the online session, contact Michael Herrera at herrera@mha-it.com

 

Is Your Continuity Program Resilient Enough for Today’s Global Environment?

“The world is becoming turbulent faster than organizations are becoming resilient” Gary Hamel Harvard Business Review

Is your organization achieving higher levels of resiliency as the world becomes more turbulent?  Or are you finding that your organizations resiliency is lacking or non-existent?  It is clear that the speed at which turbulence is growing in our world is mind numbing and can impact us before we know what hit us.  As the turbulence in our world increases, we must become more resilient in all aspects of business continuity planning at our organization.  We must look to prevent events from occurring versus reacting to their occurrence.

Adjectives that come to mind in defining Resiliency are
“elastic”, “flexible” and “hardy”.   So how can we heighten our resiliency?  Here are some ideas I have:

• Have a clear understanding of the “human factor” and how to maximize people’s performance before, during and after a disaster
• Regularly researching current and future trends and adjusting continuity programs to address tomorrow’s needs today
• Establishing crisis management processes that are flexible, process oriented and adapts to the situation at hand
• Hardening our corporate landscape (e.g., people, technology, facilities, etc.) to permit multiple levels of redundancy and diversity
• Recovery strategies that permit for multiple options to be implemented, if needed
• Utilizing recovery exercises that require our staff to deal with multiple contingencies and drive them to think outside the box
• Using new technologies to communicate with our staff and stakeholders

It is becoming clear that we must take a different approach to being prepared in tomorrow’s world.  I look forward to comments on the subject of resiliency and how organizations can take an enterprise wide approach.

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices, and data center moves and relocations.  Everyday, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business.  For more information on how to attend the online session, contact Michael Herrera at herrera@mha-it.com.

 

Sample Pandemic Exercise for Crisis Management Team

Need to plan a Pandemic exercise?  Below is simple exercise “straw man” to help you build from at your organization.  In this exercise, we sent out an email pre-notification alerting our Crisis Team that we have a problem and they need to prepare.  On the day of the exercise, the Crisis Team had received their pre-notification and was ready to engage.  At the exercise, we provided them with multiple updates requiring them to activate plans and people to respond.

Pre-Notification (Sent to Team 2 to 3 Days Before Exercise)	First Exercise Update Given to Team	Second Exercise Update Given to Team	Third Exercise Update Given to Team
Increase in H1N1 cases in surrounding areas. Increase in severity and impact to infected persons. First case of H1N1 confirmed at Headquarters.	Absenteeism at 25% for critical business units. School closures on the horizon. Postal Service delivering mail every 2 days.	Absenteeism is at 49% for critical business units. Schools closed in the city impacting staff ability to come to work. Two highly critical suppliers cannot support the business and have suspended product delivery for 3 weeks. IT staff absences are impacting ability to maintain system availability.	Absenteeism down to 35%. Schools remain closed. Time to process orders has increased by 75%. Postal service delivering mail every 3 days. Financial institution used by company has delays in processing payments.
SUGGESTED TEAM ACTIONS
Review plans. Prepare recovery teams. Hold status update meeting. Activate core Crisis Team.	Assess priority of business processes. Assess critical staff needs. Activate contingency plans. Update Incident Action Plan. Issue internal and external communications.	Assess priority of business processes. Assess critical staff needs. Activate contingency plans. Update Incident Action Plan. Issue internal and external communications.	Assess priority of business processes. Assess critical staff. Activate Plans. Identify impacts. Update Incident Action Plan. Issue internal and external communications.

The exercise above is highly simplified and requires you to build it based on your organization and its critical functions.  We hope this “straw man” helps you in your exercise development.  If you need help, contact me at Herrera@mha-it.com.

About MHA: MHA Consulting, with its’ decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations.  Everyday, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business.  For more information on how MHA can help you, contact Michael Herrera at herrera@mha-it.com.

 

Crisis Event Documentation—A Key Component of Crisis Management and Leadership

Do you have a standardized documentation process for your Crisis Management Team?  If you don’t, this is for you!  It is important to have a standardized process for crisis team members to follow when it comes to documenting and reporting status during an event.  Nobody likes to document, so be prepared for some grief!  Here are some steps that should be taken that will ensure a smooth-running process.

1. There should be a simple Event Reporting form that captures the “who, what, when and where” of the situation being reported.  It should be self-explanatory and require minimal training to use. Crisis Management Team members must be trained in its’ use and be strongly advised that more documentation is desirable than less during an event.
2. A person or persons should be assigned to assemble the completed Event Reporting forms, summarize them, and produce a rollup report for the Crisis Team Leader of the highest priority issues on a regularly scheduled basis (e.g., every 4 hours, etc.).  Project management and / or Audit personnel are good at performing this role.
3. A standardized Incident Action Plan (IAP) template should be documented and be ready for the Crisis Team Leader to outline the team’s actions to be taken in the next shift based on the current state of the event (e.g., recovery status, people, systems, etc.).
4. The Crisis Team Leader must use a standardized agenda to brief Senior Management and the Crisis Management Team on the open events and the Incident Action Plan for the next operational period (e.g., 8 hours, 24 hours, etc.).  A standardized briefing agenda ensures that key status updates are presented in a consistent manner and minimize the potential for omissions, etc.
5. Last, once the event is over, a comprehensive after action report should be documented using the information gathered and documented by the Crisis Management Team and provided to all entities requiring it (e.g., Legal, Insurance, etc.).

Remember, documenting where you are at and where you need to be is critical to an effective Crisis Management and Leadership process.  You should exercise your documentation process at all mock disaster exercises to ensure it improves over time.

About MHA:  MHA Consulting, with its’ decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations.  Everyday, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business.  For more information on how MHA can help you, contact Michael Herrera at herrera@mha-it.com.

 

Crisis Management versus Crisis Leadership

 

During a crisis, it is crucial for a Crisis Management Team to have balanced skills in Crisis Management and Crisis Leadership to have a successful outcome.  Crisis Management is the short-term tactical aspect and is the more attainable of the two.  It is best characterized as follows:

• Initial Reactions
• Tactical Actions
• Process Focused
• Narrow

Crisis Leadership is the long-term strategic component of the two and requires more attention as well as development.  It is best described as follows:

• Anticipating Impact of Decisions
• Using Corporate Principles to Guide Actions
• Having a Wide Focus
• Strategic in Nature

MHA has found that most teams are good at Crisis Management but need more work in developing their Crisis Leadership skills.  So how do we heighten our Crisis Leadership skills?

First, provide training to team members in the basics of Crisis Management and Crisis Leadership.  Use short 30-minute mock disaster exercises to educate the team in management and leadership skills.

Second, develop mock disaster exercises that require your team to exercise both Crisis Management and Crisis Leadership skills.  Use exercises that require them to initially focus on the immediate needs of the simulated event (e.g., assessment, disaster declaration, deal with the media, address personnel needs, etc.) and then evolve the exercise to require the team to anticipate impacts of their decisions, use corporate principles to make decisions and consider the entire enterprise over the long-term.   

We have modified our exercises to spend more time on Crisis Leadership skills once we feel the team has a good handle on Crisis Management.  Remember, it is important that your team is well-balanced in both skills for you to be successful in the face of adversity.   

About MHA:  MHA Consulting, with its decade-long track record, is a proven leader in business continuity planning, disaster recovery planning, IT best practices and data center moves and relocations.  Everyday, MHA helps protect trillions of dollars of global-market assets and top companies around the world rely on MHA services for the continuity of their business.  For more information, please visit:  http://www.mha-it.com or contact Patrick Potter at potter@mha-it.com.