Ralph Petti, MBCI, CBCP
President, RP Risk Advisors, LLC
For over thirty years, disaster recovery and, later, business continuity have had as much allure for companies to pursue as life insurance has for individuals. However, as much as we do not like to pay such premiums, we always believe that we are doing the right thing in protecting our loved ones. With regard to paying for disaster recovery and business continuity protection, we have to follow the same principles. Our businesses are vital and many people depend on them.
Business Continuity protection is an absolute requirement in today’s business arena. With the technologies available for all companies – big and small – there is a level of expectation that one should be doing all that they can to protect themselves. The countless examples of infamous companies (such as Enron) have only served to extend the demand of today’s consumers that companies become more accountable.
Many of us believe that all of the preparation that went into updating – or, even creating – business continuity plans prior to the Y2K scare actually helped many companies survive during the tragedies on 9/11. Companies were prepared!
The mindset needs to be preparation for the key elements – power, communication, accessibility to a primary or secondary facility, etc. If one plans for a hurricane and then experiences a terrorist act, then how much of that preparation can be leveraged? Companies need to plan for the eventuality of any event.
The statistics are staggering! One of Symantec’s companies, Veritas, recently conducted a survey and found that 38% of all companies still do not have a business continuity or disaster recovery plan of any kind! Of those that did have a plan, another 40% had no idea how long that it would take to recover normal operations! Generally speaking, it is an accepted fact in the industry that almost half of all companies without a disaster recovery or business continuity plan, who experience a disaster event, will go out of business within two years. Staggering!
But, why today is there so much emphasis on beginning or expanding such programs? In one word – Compliance! The likes of HIPAA, Sarbanes-Oxley, NASD 3500, FEMA FPC 65, NFPA 1600 and other regulations are heightening awareness and creating the need for corporations to become more compliant. Companies can no longer beg forgiveness or plead ignorance to these regulations due to the many solutions that are available in the market today.
As usual, it all seems to start with a Risk Assessment that can tell where companies stand and what they need to do. From there, a strong foundation can be created that will allow companies to build their contingency plans. Continuing with a Business Impact Analysis, Recovery Planning, Recovery Testing and Plan Maintenance. This cycle of activities must continue and be viewed as a Program – not a Project.
The commitment of management is an absolutely critical component that needs to be received.
This article comes from Survival Insights website. The URL for this story is:
http://www.survivalInsights.com/staging2/modules.php?name=News&file=article&sid=59
Ralph Petti, MBCI, CBCP
President, RP Risk Advisors, LLC
Are you assimilating your Security Firm procedures with your Disaster Recovery and Business Continuity Planning? If not, you may be running the risk of not having a single point of communication and accountability if you are affected by a contingency or security event in your organization.
Traditionally, most firms select a reputable security firm to provide Security Guard Services, Intrusion Detection Systems, Video Surveillance Systems and other such protection methods. In some cases, they employ security firms to provide Executive Security, Biometric Access Scanning and other advance access methods. While your Physical Security program seems to be in good shape, is this area integrated with your Disaster Recovery program?
Given that, at the time of a disaster, could there be more than one list of key personnel able to enter your building? Does Operations have a list? Does IT have a list? Does HR have its own list? Chances are, the Security organization will have a list that will be the most accepted!
Are you including your Security Management Operating Procedures with the efforts of other enterprise organizations including Telecommunications and Operations (Disaster Recovery), Business Units (Business Continuity Planning), Human Resources and Administration (Communications and Notification), Governance and Finance (Regulatory Compliance), Personnel (Occupational Health and Safety) and many, many other areas to create a single plan? If you are not combining these individual areas of planning into one enterprise plan, you need to do so.
Your ability to meet your business goals and fulfill your obligations to your customers depends largely on your ability to protect your employees, guests, and physical and intellectual property so that you continue to operate without disruption.
Gaining management’s agreement that many critical areas need to be more closely entwined is a key building block in your overall business’s integrated contingency response. In most cases, each of these organizations may be somewhat territorial in nature and believe that their team members are the most critical and would need priority access. This is a natural reaction, and everyone needs to know that they should be ‘represented’ by their best or most appropriate team members to become a part of a single team of respondents.
The advent of greater public and private collaboration is driving a great deal of this new thinking. Instead of desiring to be more global in thinking, one finds themselves required to be more global in nature. If that is where the corporate world is going, it’s about time that everyone realized that less is more – and having a single response is critical.
This article comes from Survival Insights website. The URL for this story is:
http://www.survivalInsights.com/staging2/modules.php?name=News&file=article&sid=77