After 9/11, Business Continuity got plenty of attention, yet to this day many companies remain ill-prepared for disaster. This CFO article in 2003 reinforces the reality of this fact.
Even if you have tested your Business Continuity Plan (BCP), it doesn't mean that your own organizations suppliers and partners have:
Source: Scott Leibs, CFO Magazine September 01, 2003 "In the weeks following September 11, 2001, the New York Board of Trade (NYBOT) was praised, in these pages and elsewhere, for having invested in a disaster recovery plan that proved nearly priceless. The commodities exchange had been spending $300,000 annually for a backup facility that sat idle for years, an expense that had been questioned but that paid off: the exchange not only used the site in the days after 9/11 but continues to use the site as its de facto headquarters as it transitions to a new one in lower Manhattan this month.
That was the kind of success story that was supposed to galvanize the business-continuity market, highlighting as it did the vulnerability not only of computer systems but also of phone, power, and transportation grids. What had been seen as an issue affecting primarily a company's data center was now framed as a strategic imperative affecting every aspect of infrastructure."
Here are ten steps for consideration to Practice Continuous Continuity (C2) for Enterprise Resilience:
- Develop and practice a contingency plan that includes a succession plan for your executive team.
- Train backup employees to perform emergency tasks. The employees you count on to lead in an emergency won't always be available.
- Consider creating offsite crisis meeting places for top executives and operational teams.
- Make sure employees—as well as executives—are involved in the exercises so that they get practice in responding to an emergency and following orders in potential chaos.
- Make exercises realistic enough to tap into employees' emotions so that you can see how they'll react when the situation gets stressful.
- Practice crisis communication with employees, customers and the outside world.
- Invest in an alternate means of communication in case the phone networks go down, including wireless devices.
- Form partnerships with local emergency response groups—firefighters, police and EMTs—to establish a good working relationship. Let them become familiar with your company and site.
- Evaluate your company's performance during each test, and make changes to ensure constant improvement. Continuity plans should reveal weaknesses.
- Regularly test your continuity plan to reveal and accommodate changes. technology, personnel and facilities as they are in a constant state of change at any organization.
As part of the audit of your Continuous Continuity (C2), include the check up on your most vital 3rd party suppliers. They must be as prepared and resilient as you are. You may require that they be included in all of your scenario exercises, to make sure that you know their level of readiness...
