Best-in-Class Crisis Preparation: Maximize Readiness with the Four T’s
•Download as PPTX, PDF•
2 likes•1,112 views
As presented at DRJ Spring World 2015. Presenter: Robert Edson, Vice President, MissionMode While business continuity management as a discipline continues to develop rapidly, it’s clear that many companies worldwide are failing in terms of disaster readiness. There’s no doubt that business continuity management is complex, but there are things every company can do to speed up their BCM maturity curve. In this presentation, Edson takes an in-depth look at common pitfalls as well as solutions to improve program effectiveness that any company can implement. He shares results from MissionMode’s Readiness Survey and experience gained working with MissionMode clients including Gap, Inc., Xcel Energy and others to illustrate how the right combination of teamwork, templates, testing and tools helps organizations enhance their business continuity programs.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Best-in-Class Crisis Preparation: Maximize Readiness with the Four T’s
Similar to Best-in-Class Crisis Preparation: Maximize Readiness with the Four T’s (20)
More from MissionMode
More from MissionMode (16)
Recently uploaded
Recently uploaded (20)
Best-in-Class Crisis Preparation: Maximize Readiness with the Four T’s
- 1. Best-in-Class Crisis Preparation: Maximize Readiness with the Four T’s Robert Edson Vice President, Global Sales and Marketing
- 2. Business Continuity Readiness Overview Business Continuity Management (BCM) as a discipline continues to develop rapidly, but… Source: CI/KPMG 2013-2014 Benchmark Study “75% of companies worldwide are failing in terms of Disaster Readiness” Source: Disaster Recovery Preparedness Benchmark Survey, 2014
- 3. MissionMode Readiness Survey Average respondent Readiness Score only 58/100!
- 4. MissionMode Readiness Survey (cont.) • 60% of respondents have underdeveloped planning/testing
- 5. MissionMode Readiness Survey (cont.) • Only 20% have detailed templates and collaboration tools in place
- 6. Best-in-Class Crisis Preparedness KPI’s Team Templates Testing Tools BCM is Hard. Many programs have yet to reach their goals • The Four T’s Approach provides a framework for success • Success multiplies when program linked to specific KPIs
- 7. Right Team – Executive Sponsorship Multiple studies have shown the linkage between C-Level involvement and BCM Program success
- 8. Executive Sponsor Roles • Select/review BCM team leadership • Secure funding to support BC/DR initiatives • Lead steering committee • Weigh-in on key decisions • Request/review key metrics • Create a business continuity culture
- 9. Right Team – BC Team Roles 63% of companies claim between 0-2 of full-time employees dedicated to BC/DR. Let’s Explore Three Key Roles: BCM Director/Lead Functional Leads External Stakeholders
- 10. Case Study: Creating a Continuity Culture – Gap, Inc. Challenge: Building relevancy for a new global business continuity program in an organization that had only spotty BC/DR initiatives previously Keys to Success: • Clear “Source of Power” • Short chain of command to executive sponsor • Company wide visibility • Foster team-wide relationships/break-down organizational silos • Technology-driven processes • Celebrate wins
- 11. The Right Templates What templates are required depends on the event types you need to prepare for. Top threats include: 1. Severe Weather 2. IT Issues (outages, breach, virus…) 3. Power Outages 4. Natural disaster (flood, earthquake) 5. Physical Violence 6. Fire 7. Epidemic 8. Product delivery/quality 9. Scandal/reputation 10. Theft
- 12. Team ID • Primary • Alternates Risk Assessment • Situation Monitoring • Team Activation Impact Assessment (Go/No Go) • Impact Assessment • Go / No Go Decision Template Creation Response Planning • Communications • Functional Assessment • Plan Checklists Recovery • Communications • Damage Assessment • Repair planning • Vendor Impacts Metrics Review • Pre-Event ID • Decision Speed • Communication effectiveness • Recovery speed
- 13. Case Study – Xcel Energy Standardizing Incident Management Challenge: Poor response record to outages based on siloed approach to emergency response Keys to Success: • Regulatory driven requirement to improve metrics • Top-down mandate to create standardized approach • Lead appointed to champion enterprise-wide effort • Flexible tool selected to pre-populate templates (teams members, contact preferences, messages, task lists) • Standard process, customizable by division – flexibility • System applied to both emergency and routine operational events
- 14. Drills – Practice Makes Perfect Writing a plan on paper and making it work in a real emergency are wildly different. Testing critical for: • Team training • Breaking departmental silos • Validating plan effectiveness • Testing support tool configuration
- 15. How to Run a Successful Test
- 16. The Right Tools: Incident Management in the Digital age Business Continuity has gone virtual for good reasons: • Redundancy/systems access key in an emergency • Increasing geographic dispersion of BCM teams • Simplified information access speeds decision making • Affordable, easy to use tools remove barriers to automation
- 17. Key Functionality for BCM Efficiency Effective Communications Simplified Project Management • Intelligent Alert system • Escalates alerts across devices • Personalized message delivery • GIS mapping for location- specific alerts • 2-way messaging with one touch response • Easily integrates with IT systems • Real-time dashboard for delivery/receipt • Virtual Collaboration Platform • Pre-populated templates • Messages • Task checklists • Document library • Centralized event dashboard • Operational logs with time stamping • Intelligent alerting • Rich media sharing • Mobile app
- 18. Case Study: Driving Efficiency with better tools - Birmingham Airport Challenge: Consolidated emergency response teams across the airport. Needed paperless, centralized system for logging and managing both routine operational and emergency issues. Keys to success: • Ease of use • Accessible anytime/anywhere • No need to change current processes – easy start up • Logged activities are time/date stamped for regulatory compliance • Centralized dashboard of events allows management to get up to speed quickly – great for shift changes • Use system daily – becomes second nature vs. only for crises
- 19. Metrics Matter Most commonly tracked metrics: • Completion of drills • Incident response performance • Completion of objectives • Awareness generation • Operational performance (SLAs) BCM programs that systematically track and report on key performance indicators reach maturity faster. Source: Continuity Central Survey
- 20. Don’t be a Statistic • 25% small businesses close each year due to inability to recover from a disaster • 180 of 350 businesses shut down in the World Trade Center disaster never reopened Instead…Build BCM Program Maturity with the Four T’s Approach
- 21. Questions?
- 22. Thank You!
Editor's Notes
- While BCM Program maturity continues to grow, overall levels of readiness are spotty: This year’s CI/KPMG benchmarking study showed an 8pt increase in the number of respondents self-reporting program maturity BUT at the same time 2014 Disaster Recovery Preparedness benchmark report showed 75% of companies failing. MissionMode’s own Readiness Survey results show something in between
- Our Readiness Survey asks respondents to rate themselves on a wide variety of readiness factors pertaining to: Team Planning Risk assessment Response effectiveness Post response evaluation Then it gives calculates a weighed Readiness Score on a 0-100 scale. Of the hundreds of organizations who’ve taken the survey, we’re seeing an average readiness index of 58 A full third of respondents are still feeling very or slightly unprepared.
- Planning and testing is a fairly large gap: 7% have no plans in place at all 22% have preliminary plans drafted, but no training or testing 32% have plans drafted and trained but for only some event types, not all events
- In contrast to the CI Benchmarking study results, only 20% of our survey respondents have both the templates and the tools in place for incident management The majority have templates without corresponding tools and processes for execution If you’re interested in learning your organization’s Readiness Number, you can find out by taking our Readiness survey at www.missionmode.com/be-ready Or visiting us at booth #514.
- So why are so many organizations having trouble reaching program maturity? Well as most of you in this room know – Business Continuity Management is hard work! The fact is it takes a highly disciplined approach to achieve program maturity and many programs lack the support they need to succeed. That’s why MissionMode has created the Four T’s approach to help companies struggling with achieving BCM program maturity identify and fix the issues that are holding them back. The Four T’s to BC success include: Team Templates Testing Tools And a fifth success factor not starting with T – a metrics driven approach
- The First T is Team And the right team starts with Executive sponsorship in the form of a single C-level person responsible for BCM success and an executive steering committee to monitor and guide the overall program Studies prove that programs with executive support beat programs without support on nearly every metric The CI Benchmark study looked at this issue in detail – a few highlights from the chart above: Programs with steering committees are: - 63% more likely to do test exercises 105% more likely to do BCM Performance Reviews 92% more likely to do Technology recovery testing In fact, companies without steering committees are 3 times more likely to have no BCM performance metrics in place at all
- Since it’s clear that executive sponsorship is critical to program success, It’s worth a deeper exploration of the role of the executive sponsor. This person or team must get Business Continuity on the map as an internal business priority On the map with the full executive team On the map across all divisional siloes On the map with each employee Companies that are good at this actually create a Business Continuity Culture 2. This person needs to select and manage the BCM team leadership and support this team with Funding, and key risk assessment decisions
- Executive leadership is critical, but day-to-day success will be driven by the team itself: Some organizations have teams of full time employees dedicated to business continuity management, but this isn’t the norm. 63% of companies report having between 0-2 FTEs dedicated to BC/DR program management. The right team has three major roles: BCM Director/Program Lead: This person is responsible for organization and management of the company-wide effort. Including: determining what events to prepare for, making sure the right teams are in place for each event type, drafting and documenting plans, ongoing testing, collection of metrics post event and ongoing optimization of the program 2. Functional Leads: To successfully respond to any disruptive event take a cross functional approach. Team leads need to be identified to manage communications, ensure facilities security, support customer service, manage operational impacts and more. For each event type, a different team is required. 3. External stakeholders: these may include public safety officials, suppliers, media and others who need to be kept in the loop in the event of an emergency.
- Michael Lazcano was hired at GAP 8 years ago to help them create a global BCM program. Previously, they had no clear plan in place although certain divisions were more developed than others. -Luckily Michael had a clear management mandate and support -The management team made this a high visibility initiative where failure was not an option -But that alone was not enough – GAP was very geographically driven at the time and Michael had to work hard to create a global team that would work together to make this effort a success -Relationship building across multiple face-to-face sessions helped -Celebration of wins was also key But they couldn’t have achieved the level of global compliance they have attained without a technology driven approach.
- Planning and template creation is one of the most critical factors for BCM program success. The first step of the process is to identify which events you need to prepare for. Doing some preparation across a wide number of events is less effective than doing complete detailed planning and training across a smaller number of events. Plan to tackle whatever you can manage to completion before moving to the next event type. This slide illustrates the most commonly experienced event types. Over 50 % of companies with BCM programs in place, activated their teams for weather, IT and power related issues in 2013.
- Planning and template creation is a six step process which needs to be repeated for each event type you choose to tackle: Team Identification: Functional team leads and alternates plus external stakeholders need to be identified. Contact info for multiple devices should be stored for emergency notification purposes Risk Assessment: Someone needs to be responsible for monitoring risk and specific triggers identified which would merit BC Team activation Impact Assessment: Plans should cover who, how, and what information will be gathered to facilitate decision making and how that information will be shared across the full team. Response Planning: each functional team needs to use planning templates to create their detailed plans. Templates should include checklists of likely impacts and must be easily sharable Recovery: This stage is about execution and communication. Because of team interdependencies, full visibility of the situation dashboard facilitates better coordination Post Event Review: As part of the template creation process the team should determine which metrics will be measured to evaluate success.
- Xcel Energy had a real problem. Each business unit had their own approach to incident management and none did it particularly well. They were incurring fees for not meeting regulatory standards on outage response. Management determined that they needed to a standardized approach cross company and appointed a champion to lead the enterprise wide effort They opted in implement MissionMode’s Situation Center for management of both routine and emergency events and pre-populated the tool with templates for everything from power outages, severe weather risks, IT issues and more. Templates included team members/alternates, contact preferences and data, check lists, and pre-approved alert messaging, operational log procedures They evaluated the best processes across the company and used these when developing the enterprise-wide approach. Were able to configure the tools around their existing best practices vs. having to develop whole new processes. Because the system is used for both routine and emergency events, adoption was much quicker than for organizations that only deploy their emergency response solutions infrequently.
- One of the biggest issues faced by companies looking to improve their BC program maturity is overcoming the cross functional problem. Because BC teams very often include groups of people not used to working together, the more practice these teams get the better. Performance of practice drills is highly correlated with BC program success. People benefits of Drills: Training team members on their specific roles Creating a common goal across the team Breaking down silos Process benefits of Drills: Validate the plan Make sure all bases covered Test/train use of support tools
- Creating and managing effective drills is a key role of Business Continuity team leadership It all starts with strong test plans – drills need to be happening all year long across different event types and functional teams. Each test plan will include a scenario, expected response and KPI’s The BC team lead needs to create internal urgency around the drill by demonstrating importance to all team members – it helps when there is a steering committee in place to make sure drills occur and monitor results The Lead will first review the test with the team so all members know what is expected. At some point after, but not previously scheduled, the drill will be launched. Afterwards, the team will meet to review KPIs and evaluate their performance. Results will be communicated to management and, if needed, templates will be adapted to fill gaps identified by the test exercise.
- The right tools can help structure a BC team effort and make sure that key steps don’t get missed. They help standardize response and reduce the learning curve for BC Program maturity In this age of connectivity and mobility – there are huge advantages to equipping your BC team to be completely virtual Last year Gartner’s Hype Cycle Report suggested that the virtual incident management system had officially “come of age”. The main drivers of adoption from their point of view included: Manage relationships with all internal and external stakeholders of an organization More efficiently manage response, recovery and restoration actions Communicate critical information internally and externally Review and report on the incident so that an organization’s business continuity team can utilize the data for future training and improvements
- BCM program leads need two primary tools to speed and simplify incident management. First is fully featured emergency notification and second is an incident management system for to serve as your virtual command center. This chart highlights some of the key functionality you want to look for when sourcing emergency notification and incident management solutions:
- Birmingham Airport realized huge efficiencies when they adopted an automated incident management approach. Were consolidating teams and downsizing – needed to make it easier Employees distributed across wide area – needed anytime /anywhere access Needed to get away from paper-based logs for regulatory compliance. Lots of different employees using this solution. HAD TO BE EASY to use!! Run three shifts a day – having all routine and emergency events documented on centralized system made shift changes and management updates much easier and quicker Again, not to sound like a broken record, but daily adoption and use for routine events made it much easier for them to learn new tools
- As I showed earlier, companies that have BCM Program effectiveness tracking in place perform better in terms of program maturity. That being said almost half of those surveyed in a Continuity Central study on BC Program measurement said they had absolutely no tracking in place. THAT IS A PROBLEM, but it’s a problem that’s easily fixed. You don’t have to create a major complicated dashboard for BC metrics. Some will even be qualitatively reported, but the act of tracking and reporting results will make a big difference. Continuity Central found that the for those organizations that do have BC/DR program KPIs in place, the top metrics included: -Completion of drills -Incident response performance (speed, effectiveness, compliance with plan) -Completion of program objectives -Internal program awareness generation activity (building a continuity culture) -Meeting SLAs
- Being at this conference already demonstrates a desire to not be a statistic like the ones here -One of the 25% of small businesses that close each year due to the inability to recover from a disaster One of 180 businesses that never reopened after the WTC disaster By adopting the Four T’s approach to Crisis Management, you can be sure your organization will climb the majority curve in a consistent, disciplined fashion and achieve your BC readiness goals faster. Want to get your readiness number. Visit MissionMode at booth #514 or take our Readiness Survey online at: www.missionmode.com/be-ready