Browsing articles in "Blog"

Have you really thought about getting ready for Winter?

Nov 8, 2011   //   by Andrew   //   Business Continuity, Management, Reputation  //  No Comments

It’s that time of year again…. It’s November, the clocks have been changed and leaves are rapidly leaving the trees. Almost exactly 12 months ago we had the first falls of snow. Last year’s problems were that the temperature stayed below zero from November through to almost the end of January. So the snow became ice and even more snow fell. Repeat for 6 to 8 weeks and that’s what happened last year. I’m sure you remember the problems this caused with roads being gridlocked, trains and planes being stuck and a general sense of “oh no”. Sure, it gave us a nice white Christmas, but for many businesses it was a stressful period. Retailers suffered with a dramatically reduced footfall in what is normally their busiest season. Distribution businesses suffered because, although main roads had been kept open, many smaller roads were dangerous and even un-driveable for weeks. Healthcare was under pressure with many more slips and falls injuries than normal. I remember all too well the number of mornings I spent shovelling snow from my driveway. Roads closed, airports closed, schools closed, businesses interrupted. We’ve already seen the east coast of America having a severe snowfall which resulted in massive disruption.

The question has to be, have you actually learned the lessons from last year?

What have you done to ensure that your business is ready for winter? We all know what happens in the UK when there is a significant snowfall. Everything stops. Despite the latitude of the country we seem to manage to be taken by surprise – every year. Why? Why should it be a surprise that when it snows transport becomes difficult? It can only be because we don’t really think back to the problems of previous winters and actually make preparations. Although the weather forecasters can give us a decent forecast for the next 48 hours or so, we’re not good at taking it seriously. A statistic from a Transport Scotland survey is that 70% of journeys to work are by car/van/minibus. Public transport only accounts for 15% of journeys to work. So when the roads become difficult it’s no wonder there’s an immediate impact on workforces. Have you considered asking your staff how they commute to work? (look out the window at the staff car park and do a quick estimate of the impact road disruption will have.)

Last winter, one of the most challenging days in Scotland came on a Monday morning when there was a severe and heavy snowfall across most of the central belt between 07:00am and 10:00am. This snowfall was forecast, but when the morning commuter traffic started the snow hadn’t. It fell at the worst possible time and led to pretty much all of central Scotland being gridlocked and closed by lunchtime. It took several days to get the main roads clear again and many weeks before all the side roads were cleared. Much criticism of the local authorities and Government followed. Now, to be fair the Scottish Government has taken this seriously and has made plans to ensure that wherever possible they are better prepared for winter. There is an increased quantity of grit/salt available across the country. All in all, it is an encouraging sign that the Government taking the problems which we had last winter seriously. There is a Ready Scotland website which will be used as one of the communications channels : http://readyscotland.org . Twitter feeds and various other real time information services will be used.

Regardless of the preparations being made by Government and other public sector bodies there are simple steps which can be taken by any business and by each and every one of us :

For Businesses/Organisations

  1. Be sure you know what your business critical processes and services are. Can you readily say what you will *not* do if the weather prevents your staff from travelling to work? If you can do this, by implication you must know what you *will* do.
  2. Be sure that you have an up-to-date and reliable (i.e. tested) way of getting a message to all staff outside of normal working hours. Likewise for suppliers and customers. Use your website or use Twitter (with care). Use a call-in messaging service for your staff, but make sure they know the number to call before the first fall of snow.
  3. Review your policies and procedures for staff working from home (if appropriate, and remember that employers still have duties under H&S law for staff working at home). Also review your staff absence policies. What decision will you make if schools are closed and staff need to look after children? How much pressure is your staff under to travel to work if the Police and Government advice is not to travel? It’s not easy, but war-gaming this scenario now could avoid considerable stress and problems later.
  4. Consider what you would do if your staff needed to stay overnight closer to their place of work. Can you help with accommodation?

For everyone who commutes by road (and surveys say that’s 70% of us)

If you travel to work by car you really should take sensible precautions to prepare yourself.

  1. Carry suitable clothing and winter shoes/boots in the car (and gloves, possibly a hat)
  2. Carry a suitable charger for their mobile phone in the car
  3. Consider buying winter tyres (most tyre dealers now have stock of common sizes. Some will store your “summer” tyres for you)
  4. Carry a grab bag of emergency resources – e.g. foil blanket, hi-visibility vest, torch/lightstick, bottle of water, something to eat –sweets maybe.
  5. Keep car fuel level higher than you may in good weather. Sitting idling for hours in traffic jam can burn more petrol/diesel than you’d expect.

 

This is probably the most common sense thing we’ve ever written about but…………

ARE YOU READY FOR WINTER ? Really??


 

Me – I’ve bought a couple of plastic snow shovels and have them ready and waiting………. And my grab bag is in the boot of my car.

 

As usual please feel free to post your thoughts and comments on this blog entry.

 

 

 

 

How Brittle is your Business?

Sep 9, 2011   //   by Andrew   //   Business Continuity, Management  //  No Comments

The biggest news in emergency and operational resilience this week has been the massive power outages in the West Coast of the United States. You can read the details in many places on the web, but the summary is:

  • A very large area affected (Arizona, California and Mexico
  • 5 million homes without power
  • Major cities without power (people stuck in elevators, traffic gridlock because of lighting failures)
  • Nuclear power stations taken off-line for safety

And it seems this was caused by a power company engineer carrying out a planned piece of maintenance work. I guess this is the law of unseen consequences in action. What it illustrates to me is just how “brittle” our services really are. If the action of one man can cause such an enormous area to be hit, what would happen if there had been a major incident which triggered the power outage? Because the source of the failure was almost immediately identified the power companies were able to commence their plans for turning the power back on very quickly. Although, as I write this there are still large areas where power may not be restored for a further 48 hours.

Can we be confident in how our business/organisation would recover if such a failure occurred where we work? We may have conducted our own operational risk and resilience planning but do we really understand how brittle the services we take for granted may be? This probably relates more to our reliance on power and telecommunication utilities. These are supplied by very large companies where it’s difficult to audit the real inherent resilience in their networks of cables and pipes. All we can do is plan for the worst. If you can answer the following two questions then you are probably in as good shape as you can be:

  1. If power fails for an extended period do you know how it would impact on your business? Have you got tested and proven plans? (remember, *everyone* will be reaching for the Yellow Pages to call the generator hire companies)
  2. If voice and data network connections fail for an extended period, how will that affect your business? (Should you consider having a satellite phone for emergencies? Can you control your voice and data network from a remote site?)

There were more than two questions, but it’s designed to make you think. With all organisations under pressure to achieve the very best results with the minimum resources, maybe we’re giving our organisations osteoporosis without understanding the risks this brings.

So how do you fix it? Fortunately help is at hand. Getting back to the basics of understanding what is critical in your organisation and developing plans to ensure that those most critical parts are protected are the essential steps. These can be done by following the guidance laid out in many business continuity planning and management standards. Yes, get help in if you can’t make headway on your own. Then test the plans. Shut off the power to your office/site. See what really happens. Don’t make assumptions about the help you’ll get from the emergency services. They’re going to be very busy and stretched dealing with real emergencies. Make your plans. Don’t assume that because the flood or power failure or severe weather only happens every 40 years that it’s not going to happen tomorrow.

If something as seemingly simple as a routine maintenance/repair task on a single strand of the power grid can have such a huge impact it makes it even more important to be sure that you know how to protect and recover your business. This incident in America proves just how brittle our businesses could be.

After all, if a butterfly flaps its wings in China, what might the consequences be………..

 

 

 

 

It’s all about Standards

Sep 6, 2011   //   by Andrew   //   Business Continuity  //  No Comments

This is all about standards. I invite anyone reading this to either add a comment to this post or to get in touch with me directly if it raises anything you feel is debatable.

In very many places in our business and domestic lives standards have been introduced over the years and they make life easier. That’s what they were designed to do of course. To ensure that there was a recognised way of doing things, to ensure that items from different manufacturers could operate together, to ensure that items we use are safe. And so on. There are many reasons to applaud the bodies that create standards. And yet I get a nagging sense of doubt when I look at the standards being proposed (or indeed actually already in circulation/use) within my business world of Business Continuity/Operational Risk/Resilience and Recovery. Let me give you a run down on some of the standards which exist, broadly within Europe.

 

ISO 22310 – Societal Security : Preparation and Continuity Management Systems

ISO 22320 – Societal Security : Emergency Management – requirements for command and control

ISO 22398 – Societal Security : Guidelines for exercising and testing

ISO 22399 – Societal Security : Guide for incident preparedness and operational continuity management

ISO 28002 – Resilience in the Supply Chain

ISO 3100 – Risk Management : Principles and Guidelines

ISO 3101 – Risk Management : Techniques

 

This is just a quick look at the ISO standards. There’s still BS.25999 and partly The Civil Contingencies Act in the UK at least. I’ve not included all the standards coming from Australasia or the USA. To add them to the list would give a bewildering array of documents. This brief list ignores also the impact of organisations operating to the ITIL standards, or using BS.7799 as a standard. If you start to need to comply with multiple standards be prepared for a headache and confusion over terms and language.

Two things occur to me when I look at all of these standards:

1: There actually isn’t a standard at all. An organisation can choose which standard(s) it wishes to use. If the organisation is a large multinational the problem is amplified by the differences in standards from different countries. In my experience most such organisations effectively create their own standards by using the parts of the international standards which they feel most comfortable with. Different divisions will follow different standards. Is this necessarily wise?

2: The bodies that create standards seem to be intent in ever thinner salami slices for their standards. This is causing problems as not all the standards use the same terms or words in a common way. How can any organisation follow a series of standards if the very standards themselves are neither coherent nor congruous? They all broadly say “make sure you know how to keep your organisation going when something unforeseen happens” but they do it in many different ways.

So, when you’re challenged in your organisation to follow a standard for Business Continuity/Operational Risk/Resilience/Recovery how do you know which is the most appropriate to use? See point 1. There really isn’t a standard. Choose the one which fits you best and then operate to it. Many years ago I worked on missile control systems. Above the entry to the development lab we had a small placard which read “Shoot First. Then call whatever you hit the target” It seems to me that the standards bodies are now following this approach in our area.

If your opinion is different – please do comment or get in touch directly.

 

 

 

 

Pages:123456789»