Don’t Forget the Human Side of Business Continuity

Man grieving over destroyed house
When Hurricane Katrina struck, it left entire cities along the Gulf Coast devastated. Those who hadn’t evacuated were forced to find food when groceries and restaurants were closed, a cool place to sit when the AC was out in the sweltering South, and a place to bathe when there was limited to no running water. What are the odds of successfully implementing your business continuity plan after that? Surely employees aren’t going to work under those conditions, right? Not so for the employees of a bank branch in Pascagoula, MS.

The company’s building had flooded, so it had a Mobile Banking Center deployed. Employees showed up to work to help customers cash their FEMA checks. This service was critical to a community in need, and the branch was the only place in town providing it. The employees even brought their families to work to take advantage of the air-conditioned space. When your business experiences a regional disaster, how do you activate your business continuity plan if your employees are busy dealing with their own personal emergencies? Should you expect them to come to work? The human element of business continuity can’t be ignored.

To ensure your business continuity plan is compatible with your employees’ and community’s needs, make sure you know the answers to these questions:

Community

  • Which of your services do they value most?
  • How can you help during a crisis?
  • Will you help a community in crisis even if your business is not in crisis?
  • If yes, what would that look like?

Employees

  • Which of your services do they value most?
  • How far are they willing to drive or wait to get this service if your community is in crisis?
  • How long would they wait for the service before they went to a different company?
  • Do they have any family who would be impacted as well?

The ideal business continuity plan will merge the goals of the business, community and employees to create a situation in which everybody wins. The bank in Pascagoula was able to successfully implement its business continuity strategy during a massive catastrophe because its business continuity planners weren’t just focused on the business’s goals — they knew what the bank’s employees and community needed and found a way to meet those needs. Employees were happy to come to work because they knew they were providing their neighbors with a critical service and offering a sense of stability in the midst of a volatile time. The bank was able to keep its doors open, the community received desperately needed FEMA money, and employees didn’t have to neglect their families to perform their duties.

Does your business continuity plan accomplish your goals as well as those of your employees and your community? Let us know in the comments.

This Underutilized Group Could Save Your Business in a Crisis

Disaster team discussion circle
Over 30 years ago, Union Carbide, a U.S.-owned pesticide plant in Bhopal, India, leaked 40-plus tons of a poisonous gas into the surrounding region, killing at least 3,800 people in their sleep and producing deleterious environmental effects. The incident — the worst industrial accident in history — led to the Emergency Planning & Community Right-to-Know Act (EPCRA) of 1986.

As part of this act, the Environmental Protection Agency (EPA) created Local Emergency Planning Committees (LEPCs) to help local communities improve their ability to respond to chemical emergencies. LEPCs require facilities to submit inventories of hazardous chemicals and develop emergency response plans in collaboration with local law enforcement, city officials and members of the media. Throughout the U.S., there are more than 3,000 LEPCs for each of the designated local emergency planning districts, which are determined by city or county boundaries.

Even if your business doesn’t deal with hazardous materials, though, don’t write off LEPCs as a valuable resource for your crisis response efforts. Here are three reasons to join your local LEPC.

LEPCs Aren’t Just for Chemical Plants Anymore


Although LEPCs were initially created to help reduce risks associated with toxic chemicals, many LEPCs are taking an all-hazards approach and addressing scenarios such as active shooter incidents. Involving local first responders in drills benefits both sides by opening the lines of communication, clarifying each party’s roles and ironing out wrinkles in the response strategy.

For example, one financial services company had a local SWAT team participate in an active shooter scenario involving over 60 victims. During the drill, the shooter took 15 employees as hostages and barricaded himself in a room. The organization has three individuals trained in hostage negotiations, so the drill gave these staff members the opportunity to practice their skills. Throughout the exercise, the SWAT team sat side by side with the negotiators and trained them.

The organization also worked with the police force’s IT team to link the station’s video cameras to the business’s system so live video could be broadcast to a command center. This integration allows the police force to assess events in real time when necessary. There are also plans to look into feeding video into the responding patrol cars so the police know what to expect as soon as they arrive on a scene.

Working in conjunction with local law enforcement to prepare for an emergency will not only improve your business’s crisis response plan, but it'll also help first responders do their jobs better since they’ll be familiar with your facility and plan.

Engaging the Community Builds Reputation Currency


When a crisis impacts your company, it’s critical to gain control of how your employees, customers, community, investors and regulators perceive the situation. To do so, it’s important to have an established reputation and demonstrate that you prioritize your community’s well-being. Joining your local LEPC is a visible way for your company to both gain reputation benefits and help the community.

Through attending LEPC meetings, you create critical relationships with first responders and even members of the media. If an event affects your facility, LEPC members will gladly state that your company was actively participating in the group to better the community and can provide letters of reference when auditors come calling. Good press at a bad time is crucial to protecting your reputation during a crisis.

But joining an LEPC doesn’t — and shouldn’t — benefit your company alone. In College Station, TX, where our headquarters is located, one of our staff members participates in the Brazos County LEPC. Thanks to the efforts of individuals representing several companies, the group recently received a $100,000 grant to purchase special firefighting equipment.

Getting involved in your local LEPC will expose you to countless opportunities for corporate social responsibility initiatives. The EPA, in fact, encourages community outreach by “empowering volunteers to create meaningful tasks,” such as providing local schools and nursing facilities with educational materials about emergency preparedness topics. LEPCs are intended to include not only first responders but also representatives from a range of demographics, organizations and community groups, so networking within LEPCs helps you develop an in-depth understanding of your community’s needs.

LEPCs Foster Public-Private Collaboration


For years, public and private entities have lamented the lack of collaboration when it comes to emergency preparedness. LEPCs pave the way for cross-sector partnerships. To develop a relationship with local first responders and the city officials, encourage your staff members to participate in LEPC meetings and public-sector exercises. When involving first responders in your own drills, prioritize making the event mutually beneficial by offering first responders the opportunity to practice processes and procedures of their own. The aforementioned financial services organization, for example, tested its local police department’s new inventory system.

Unfortunately, many LEPCs are now dormant or nonexistent. They work independently and are loosely connected through the EPA region liaisons, meaning the activity level and quality of each varies greatly. Because they don’t get the press they should, they tend to stay below the radar. We would like to see that change.

To jumpstart your crisis response strategy and improve your reputation, take advantage of these resources:
  • Find your local LEPC here.
  • If you’re already involved with your local LEPC, check out the EPA’s guide for energizing your LEPC.
  • Listen to this webinar for more information on why it’s important to involve the community in your crisis response efforts.
Taking the time to participate in a local LEPC will take time and commitment, but the long-term benefits to your business and the community where you live and work will be well worth the effort.

[Webinar Recap] How to Create a Crisis Response Strategy That Will Bulletproof Your Reputation

Tips for Involving the Public in Crisis Response PlanningIn today's social media-driven world, a company's actions during a crisis can make or break its reputation in an instant. According to a study from Deloitte, 87 percent of executives rate reputation risk as more important than other strategic risks. Equally compelling, 41 percent of companies that experienced a event with a negative impact on reputation reported a loss of brand value and revenue. Having a positive relationship with your community is a key way to boost your reputation, and forming your crisis response strategy with this in mind is crucial to the long-term success of your company.

In our most recent webinar, Rentsys Senior Manager Brandon Tanner delved into the importance of the public's involvement in a company's crisis response strategy and its correlation to reputation. Key takeaways from the presentation include:
  • Engage the public in all steps of your strategy — from planning to execution —
     to ensure you're meeting their needs and maintaining their goodwill.
  • Establish communication protocols in advance.
  • Gain executive buy-in through explaining the benefits of building relationships with the community to reduce reputation risk.

To hear more, listen to the webinar recording here.

Four Businesses Making Sparks Fly in their Communities for July Fourth

Concert with fireworks
What does the Fourth of July mean for your business? Maybe it’s a day off to allow employees to spend time with friends and family, an opportunity for a marketing campaign or just another day at work. Or maybe it’s an opportunity for employees to roll up their sleeves and get involved in the community.
  
Building relationships with the people you live and work with not only humanizes your business, but it also helps shape the public’s perception of your company and builds reputation currency. If your business ever experiences a crisis, a good reputation increases your ability to rebound from the incident.

Below are four examples of businesses making fireworks — literally, in some cases — in their communities this July Fourth.

6-Ton Hoagie Feast


You’re able to get a hot dog or hamburger just about anywhere on the Fourth of July, but where do you get a 6-ton hoagie? In Philly, that’s where. In honor of the men and women serving the city of Philadelphia and our country, convenience store Wawa hosted the 25th Annual Wawa Hoagie Day as part of the six-day Fourth of July celebration Welcome America. The 6-ton hoagie serves 20,000 Philadelphians and is loaded with 4,308 pounds of meats and cheese and 5,413 pounds of veggies, oregano and oil. The ingredients are packed onto 274 pounds of hoagie wrap by 250 chefs.

Double-the-Fun Celebration


Imagine your idea of the quintessential July Fourth celebration. Now double that. In Fairfax, IA, Fairfax State Savings Bank organizes Fairfax USA Days, a two-day community celebration of Independence Day. The event brings local families together for Ferris wheel rides, sports competitions, a 5K, live music, a street market, a charity fundraiser and a large fireworks display. Thanks to the support of local organizations, the event is completely free to the public. USA Days is so popular that it’s now celebrating its 25th year.

Barbecue Dinner Sing-a-Long


People like to spend Fourth of July sharing a good meal with their friends and family, but for residents of retirement homes, that’s not always possible. Nashville, TN-based asphalt paving and highway construction company Rogers Group, Inc. (RGI) is changing that for 200 elderly citizens. For five years, RGI has sponsored an Independence Day meal for residents of a local retirement home. Several corporate employees personally serve barbecued meat, potato salad, baked beans, coleslaw and watermelon. While fireworks are understandably not allowed in the facility, RGI volunteers lead the residents in a chorus of patriotic songs such as “God Bless America!”

Guide to Local Fourth of July Celebrations


Engaging your community doesn’t have to entail a significant investment of time or money. Central Ohio’s Heartland Bank compiled a guide to all local celebrations and posted it on the bank’s website with a brief message letting patrons know that the Heartland Bank team would “be right there with you, celebrating every step of the way.” Although the bank isn’t hosting any celebrations of its own, it took the time to express its appreciation for the communities it serves. 

Whether it’s a simple gesture such as putting together a resource the community can use or going all out and planning an event, these four businesses are making it clear that their communities are important to them. And if those businesses ever experience a crisis, the community will remember that and give the company the benefit of the doubt. After all, wouldn’t you be more understanding toward an organization that had fed your elderly parent a barbecue meal in the nursing home? 

FFIEC Update to Cybersecurity Assessment Tool

Man touching shield with lockThis week, the Federal Financial Institutions Examination Council (FFIEC) updated its Cybersecurity Assessment Tool to help financial organizations improve their cybersecurity preparedness and identify risks.
There are two key updates:
  • Revisions to Appendix A, which provides guidance for mapping baseline statements to the FFIEC IT Examination Handbook. The changes correspond to the latest versions of the handbook booklets.
  • Additional response options that allow financial institution management to include supplementary or complementary behaviors, practices and processes that represent the institution’s current cybersecurity activity assessment practices.
To read more about the update, click here

Business Continuity Awareness Week: Cybersecurity

cybersecurity awareness poster: password sticky note
The Business Continuity Institute (BCI) Business Continuity Awareness Week starts May 15. As this year's theme is cybersecurity, here are some of our favorite tips for building a strong cybersecurity plan.

Create Strong Passwords


"123456" or "QWERTY" may be easy to remember, but they make for easily guessed or hacked passwords. Yet they were two of the most common passwords used in 2016, according to Keeper Security's study of 10 million passwords leaked in data breaches last year.

Protect your company from data breaches by educating employees on creating strong passwords. Warn them of the dangers of reusing previous passwords, and require them to create new unique passwords on a frequent basis.

Evaluate Your Bring-Your-Own-Device Policy


Allowing employees to connect to your company network from their own personal devices can be a great way to cut down on costs, but it can lead to possible data breaches. Minimize this risk by developing a bring-your-own-device (BYOD) policy or by updating your existing policy.

A good BYOD policy should address application permissions, public Wi-Fi use, operating system updates, locking functions and other factors that may present security risks.

Don't Neglect the Internet of Things


While most people might be aware of the importance of a strong password, many don't realize their internet-connected devices are also prime targets for hackers. Ensure your cybersecurity policy accounts for all devices connected to your network, and have a clear business continuity plan in case of an attack or downtime.

Do you have any cybersecurity tips? Let us know in the comments!

Q&A: Black Knight Financial Services Talks BC/DR Testing on the Go

Four men sitting around table with TV screens in background
Black Knight Financial Services' BC/DR Test 
When most people attend the Disaster Recovery Journal (DRJ) Spring World conference, they plan to attend sessions to enhance their knowledge of business continuity and disaster recovery (BC/DR) best practices or browse through the exhibit hall to check out technological advances in the industry. The team at Jacksonville, FL-based Black Knight Financial Services had a more ambitious schedule — they decided to perform a BC/DR test between show activities. 

Black Knight, which is a customer of ours, had heard that we’d be deploying one of our Mobile Recovery Centers (MRCs) to DRJ Spring World to showcase our new Crisis Command Center configuration. With some test deadlines looming, Black Knight approached us about scheduling a test at the show. When we say we have a flexible testing schedule, we mean it, so we made it happen.

After the test, we had a chat with William Russ, Business Continuity Analyst for Black Knight, to talk about Black Knight’s experience with testing on the go. Here’s what he had to say.

Q: What was the objective of the test?
A: Our objective was to simulate a disaster in our primary facility requiring recovery of the enterprise business continuity office at a remote facility to direct crisis management operations and any critical business continuity support functions.

Q: Who participated?
A: Five business continuity specialists and one call center support manager participated in the exercise.

Q: What functions did you test?
A: The tested functions included:
  • VPN connectivity into our backup data center network
  • Network speed test — both Wi-Fi and cabled Ethernet
  • Emergency notification system activation
  • Five-way live video conferencing between Little Rock, AR; Jacksonville, FL; and Orlando, FL MRC locations
  • VoIP softphone capability
  • Logging in to five critical systems to verify data entry and reporting capability

Q: What did you learn from the test?
A: This was the first time most of the team had ever utilized an MRC and we were quite
pleased with the facility, its capabilities and the Rentsys support team. 

Q: What was the most surprising thing the test revealed?
A: The most surprising thing about our exercise is that everything went off without even one hitch!  Also, we were impressed by the network speed back to our company network and the helpfulness of the Rentsys team.  

Quote from William Russ, Business Continuity Analyst, Black Knight Financial ServicesQ: What will you do differently next time?
A: While management was invited to participate in this exercise, a last-minute scheduling conflict required changing some of the participants. We will invite more management to participate next time for higher corporate visibility.

Have you had a unique BC/DR testing experience? We want to hear about it! Let us know in the comments. 

Popular Posts