As 2019 draws to a close, here is a look back at MHA Consulting’s five most popular blog posts of 2019, judging by the number of clicks received.
The topics that were of the greatest interest to our readers this year were:
- The contemporary threat landscape
- Emergency plans
- Crisis management exercise scenarios
- The inadequacy of hope as a risk mitigation strategy
- The best way to plan a mock disaster exercise
By a lucky accident, these five posts amount to a good survey of the basic stuff that needs to be done in terms of business continuity and disaster recovery. Not only are they a retrospective of a year’s worth of blogging, they’re also a good overview of the core concerns of our field.
Read on as we reveal our top five posts, with links and summaries, in order starting with the most popular.
8 Bad Things: The Most Common Business Continuity Threats
These are negative events that I think actually have a high likelihood of happening to some organization somewhere in the coming week—or at any rate, they are things that happen fairly frequently, having a negative impact each time. If one of these events happens to your organization, will you be ready?
Our most popular post of the year was a rundown of the most commonly encountered business continuity threats. In this case, the hive mind chose well. There’s no better place to start than with assessing the threats and risks to your organization.
This post sets forth the eight most common business continuity threats. It tells you what you have to worry about and guides you in what to plan for.
[The No. 6 “bad thing” that will happen this week is:] An organization will be affected by a regional infrastructure outage. This one isn’t too likely to happen over the next week—but power outages are on the rise nationwide. And the chance of a region-wide outage occurring is increasing as hostile countries refine their ability to target U.S. power grids and computer networks.
The 6 Tasks Every Emergency Plan Should Address
The first and foremost task of any emergency response is to protect the people who are on the premises. For this reason, your response plan should include (in the recommended checklist form) steps about dealing with immediate human needs in terms of medical, evacuation, triage, evaluation, and search and rescue.
This post follows naturally from the one above. It lists and summarizes the six tasks that should be addressed in every emergency plan.
After you figure out the threats you’re facing, you need to devise plans to prepare for them. The stakes are too high to do any of this ad hoc.
Responsible organizations plan ahead of time for emergencies, considering the different types of problems likely to occur and developing ways of dealing with them. They think about categories of an event (rather than specific problems), and they produce their plans in simple checklist form, excluding policy statements (or consigning such statements to the back).
Crisis Management Exercise Examples – A Review of Real Exercises
. . . we’ll discuss some results from recent crisis management exercises MHA has performed. These crisis management exercise examples will give you insight on how exercises are conducted and what type of results you can expect.
This a real nuts-and-bolts post. Its popularity shows that people want to know the nitty-gritty of conducting crisis management exercises. This is heartening to us as BCM consultants because few things are more important. We like to hear that organizations are taking seriously the need to practice to be ready to respond to emergencies. A crisis management plan is only as good as the people implementing it are competent.
The goal was not to demonstrate a “successful” exercise or “check a box” but to identify gaps and areas for improvement to obtain more functional capability.
Don’t Just Hope: Choosing Strategies to Mitigate Risk
For each of the major risks you face, you should choose one of the following four risk mitigation strategies to guide your approach in managing it.
This post pairs well with the “8 Bad Things” post listed above. Both are about the need to look at risk objectively.
It also echoes one of my favorite themes, namely that hope is not a strategy.
The post stresses the need to identify what your risks are and make conscious decisions on what you’re going to do to mitigate them. Risks needs to be addressed in a conscientious, disciplined manner. The post lists four strategies for mitigating risk.
You now have a good idea of the main threats your organization faces, the likelihood that each will occur, and an estimate of the consequences to the organization if each did occur. What do you do next? Well, one thing you could do—in my experience it might be the most common choice—is assume that nothing will happen and ignore all the risks you just uncovered. However, this is a terrible idea.
How to Plan a Mock Disaster Exercise
The secret to performing well in a crisis is practicing ahead of time, but exactly how does a company get such practice? The answer is by performing mock disaster exercises, and in today’s post, we’ll look at how to go about planning such an exercise.
The final article of our top five was part of a three-part series on planning and holding mock disaster exercises. The other posts in the series were “How to Be a Mock Jock: Advice on Facilitating a Disaster Exercise” and “Little Things Mean a Lot: The Value of Micro Mock Disaster Exercises.”
This post sets forth the 12 steps of planning a mock disaster exercise.
The scenario should be a plausible, real-life type of situation. No zombie apocalypses or Marvel superhero attacks. You want people to focus on how to respond, not on the wildness of the scenario.
SEE YOU NEXT YEAR
There you have it: the five most popular posts on the MHA Consulting blog for 2019.
If you can get the areas covered by these articles right, you’ll be well on your way in terms of moving your program forward and protecting your organization from disruptions.
Thanks for reading and happy holidays.
We look forward to sharing more tips and tricks in 2020 to help you be the best BCM professional you can be – as well as providing personalized business continuity and IT/disaster recovery consulting services to organizations in all industries.