page-blog

Proper “Scene Size Up” Sets the Stage for Crisis Management Success

Its 3 am and your phone rings.  You answer the phone, dazed and trying to understand who is on the phone and what’s happening.   Its someone advising you of an incident at your corporate headquarters.  Here is the message:

“The Headquarters is on fire. The fire alarms are going off so it looks like a fire.  We haven’t seen any employees anywhere.  We are headed to the first floor Security Desk to see what the fire guys want us to do.”.

Based on that message you have no clue as to the extent, who is in charge, if employees have been evacuated, operational impacts, what processes have been impacted and how you can stay in contact with the team onsite.  Your notification and escalation to management from this call can and will lead to chaos in determining what immediate strategic goals and tactical objectives need to be implemented.

Scene size-up is the ongoing observation and evaluation of factors that are used to develop strategic goals and tactical objectives.  Now, lets try it again using the scene size up acronym “BELOW” or:

  • B = Building and/or Business Unit
  • E = Extent of the Situation
  • L = Life Hazard
  • O = Operational Impacts to the Business
  • W = What business unit and processes have been impacted by the event?

“This is John, Coporate Security.  We have a fire  on the second floor of the Headquarters building.  Smoke and flames have been observed by the Security Guards.  Fire and police  are on scene.  We have confirmed that there are no employees in the building.  The Call Center and Accounting functions are the business units impacted by the fire.  I will serve as the Incident Commander for our company and will work in unified command with the local Fire Department.  Command is established at the Security Desk on the first floor.  The number is 555-5555.”

Now based on this call, you know who is the Incident Commander, the location and number of the Command Post, that employees are safe, the extent of the situation, the operational impacts and what business processes are impacted.  You can now make an intelligent call to the Crisis Management Team with the specifics of the event that will lead to informed decisions on strategic goals and tactical objectives.

Scene size up is crucial to any type of event whether its man-made, technological or natural in nature.  Whether your use “BELOW” or APIE (Assess, Plan, Implement or Evaluate), scene size up is crucial to “organized chaos” in an unplanned disruption.

 

Posted in Best Practices, Business Recovery Planning, Crisis Management, Disaster Recovery Planning, Threat & Risk Assessment, Uncategorized | Leave a comment

Presentation # 4 – Traits of Effective Incident Commanders – MHA Summit 2014 (Day 2)

 

Download This Presentation




Posted in Presentation | Leave a comment

Presentation # 3 – BCMMetrics – What the Stats are Telling Us – MHA Summit 2014 (Day 2)

 

Download This Presentation




Posted in Presentation | Leave a comment

Presentation # 2 – BCM Audit in Your Future? – MHA Summit 2014 (Day 2)

 

Download This Presentation




Posted in Presentation | Leave a comment

Presentation # 5 – Business & IT Alignment – MHA Summit 2014 (Day 1)

 

Download This Presentation




Posted in Presentation | Leave a comment

Presentation # 4 – Central Arizona Project – Relocation Exercise – MHA Summit 2014 ( Day 1)

 

Download This Presentation




Posted in Presentation | Leave a comment

Presentation # 2 – Outsourcing BCM – MHA Summit 2014 (Day 1)

 

Download This Presentation




Posted in Presentation | Leave a comment

Presentation # 1 – Future Trends BCM – MHA Summit 2014 (Day 1)

 

Download This Presentation




Posted in Presentation | Leave a comment

Art of Essentialism BCM Office Leader

I recently spoke at the DRJ Fall Conference in San Diego on the Art of Essentialism and its application in the BCM arena.  The Art of Essentialism was coined by Greg McKeown and is focused on “Less means More, More Means Mediocore”.  As part of my presentation, I covered what it takes to operate a BCM program based on the Art of Essentialism and its concept of the disciplined pursuit of less.
I believe that the problem in many of the BCM programs we are called to  support in a consultative role is not the program itself but the management of the program by the BCM Office Leader.  In many cases, the program is in chaos with no strategic direction or management.
So what are the characteristics of an Art of Essentialism BCM Office Leader:
  • Uses Metrics to Track BCM Program Performance – Adopt a BCM standard or use a tool like BCMMETRICS.com to assess your level of compliance.  Identify your successes and areas of opportunity.  Focus to high importance, low compliance areas to get the highest Return on Investment (ROI) for resiliency.
  • Manages by High Value Activities (HVA) – Identify what HVA’s give us the highest ROI for resiliency.
  • Positions Right People in the Right Seats – Do you have a personnel depth chart for you and your team members?  You should know where talents lie and how you should assign to your HVA’s.  More people is not the right answer, the right people is the right answer.
  • Develops Strategic Roadmap – Based on our critical needs, a roadmap for 12 to 24 months is developed focused on HVA’s to bring highest ROI.
  • Heavily Invests BCM Personnel Time on HVAs  - Based on personnel depth, personnel are assigned to the HVA’s based on their expertise.
  • Believes in Investing Front End Time with Customers – Time is invested in building the infrastructure  needed to have a strong program.
  • Works like an Intrapreneur – Treats the BCM program as his/her own company with strategic goals and objectives to meet and a focus on resiliency ROI.

The focused disciplined pursuit of less will yield a BCM program that has a high level of resiliency for the most critical business activities and systems/applications of the organization.

Posted in Article, BCM Governance Risk Compliance, BCM Metrics, Best Practices, Business Continuity Planning, Business Recovery Planning, Crisis Management, Disaster Recovery Planning, MHA Consulting, Presentation, Uncategorized | Leave a comment

BCM Audits Gone Rogue…

As BCM professionals we have all gone through audits of our programs at one time or another and dealt with the questions, the need for a better understanding of BCM, and the cautious concern waiting for the final report, etc.

At MHA, we are the BCM Office for a good number of our clients.  We manage each program using industry best practices and standards as our measuring stick to ensure the program provides the highest level of resiliency and meets/ exceeds compliance requirements.  We know which of our managed programs are in line with best practices and which ones need more time and work.  Internal and external audits are a part of our daily consulting efforts.

We are finding that a good number of the audits we have recently dealt with have become increasingly inconsistent in their application, findings and outcomes.  Common conditions found during recent audits:

  1. Audit Teams Don’t Read What You Send Them
  2. Lack Intimate Understanding of BCM Industry Standards and Guidelines
  3. Don’t Grasp Difference between Standards and Guidelines
  4. Generate Findings that Often Have Little to Do with Raising Resiliency
  5. Regularly Lose Data/Information Sent to Them
  6. Require Busy Work Generating New Reports or Gathering Useless Data
  7. “Them versus Us” Mentality Leading to Conflict
  8. Infighting Amongst the Audit Team Members

It’s important to state that we are not saying all audits have proceeded in this manner but a good share has progressed in this manner.  What is most interesting to us is we work at programs in critical industries that should have findings but receive none and other programs that are highly sophisticated and mature receiving findings that make no sense.

So, how do we make Audits bearable and consistent as possible?

  1. Due your own diligence before the audit using a BCM GRC tool like BCMMETRICSTM (www.bcmmetrics.com) so you know where you stand (level of compliance and successes/opportunities) before the audit.  Run reports to identify where you are in compliance and where you have big gaps.  Share your due diligence.
  2. Educate auditors in the BCM process and how it’s applied at your organization before the audit starts by having a short presentation (15-20 min) to go over the program. Make sure you are well prepared and use terminology from the standars you are being audited against.  Refer back to the data and information you sent them.
  3. Compile requested data and information in a logical and highly organized manner.  The documents should tell a positive story of your program from end to end.
  4. Don’t attempt to produce documents you know you don’t have at the last minute.  It’s not worth the embarrassment.
  5. Ensure your BCM Office and internal audit have a clear understanding of the program to be able to speak to it as needed during an audit.

What do you do when you disagree with an audit finding?

We have been taught to not push back on audits in fear the repercussions could be greater if we voiced our opinion.  I believe that if you have solid evidence a finding was not merited, push back by all means.  We have cases of management not pushing back for fear of repercussions and then being saddled with needless work that does not raise resiliency of the program.

In closing, we believe working with auditors is a great investment in time that can lead to increased management focus and support when a partnership approach is used throughout the audit engagement.

Posted in BCM Governance Risk Compliance, BCM Metrics, Best Practices, Business Continuity Planning, Case Studies, Disaster Recovery Planning | Leave a comment