Is a unique Recovery Plan REALLY necessary for multiple offices?

Dear Dr. Dan,

Our company has 15 separate offices. We are trying to develop a recovery strategy for each office. I know that one strategy cannot apply to all offices since we are spread out across the US.

How detailed should a recovery plan be? I am trying to make it as detailed as possible, but I realize that you cannot account for all disaster events.

Those within my company believe the recovery plan should be just a general overview and most decisions should be made at the time of the disaster. I believe we should provide different options or ideas for temporary offices, such as a portable office, telecommuting, or sending employees to other office locations. Again, my peers say we should make that decision at the time of the disaster.

Another example is that I would like to create a list of items that need to be remembered to be taken care of at the time of recovery, such as mail, UPS deliveries, phone calls, a list of office supplies that will be needed immediately. Others are saying, again, that we should be able to identify those issues at the time of the disaster.

In your professional opinion, am I trying to put too much information in the plan? Are they trying to put too little information? Do we need to meet somewhere in the middle?

Thanks Dr. Dan. I appreciate your response.

Nancy
Business Continuity Planner
"A Leading Nationwide Architecture Firm"

Hi Nancy,

Thank you for your questions. They are all well founded and must be resolved in order to develop an effective, multi-site business continuity program.

Here's the short of it...

1. Every office faces unique threats and, therefore, requires unique response and recovery plans. Relying on a generic recovery plan is analogous to using a Seattle street map to navigate Chicago.
   


2. We humans don't think so well on our feet when facing a threat, especially if it's life-threatening. Waiting to figure out what to do until disaster strikes can be, well, disastrous.
   


3. Your desire to create a list of recovery issues and items for each site is not only wise, but critical to a quick and full recovery.

Think this way: Every company office is unique. The people, the basic office function, geographic location, and - more appropriately in this realm - its vulnerabilities and threats differ. For example, an office in Los Angeles must prepare for earthquakes while an office in Houston has to deal with hurricanes. That's not to mention the risks that your next-door neighbor (e.g., chemical plant, airport, hazardous cargo route, etc.) may introduce into the equation.

In this examples, how can a generic recovery plan suit both environments? Well, it can't.

As Benjamin Franklin once said, "if one doesn't plan for the worst, then the planning will be futile." His advice aligns with "if we fail to plan, we plan to fail." Cliches aside, when we plan for the worst, we've covered all the little things. That doesn't mean we need to be paranoid. We DO need to be aware and prepared.

Each office has it's own unique, worst-case scenario. If we don't accommodate that in our recovery plan, then how are me meeting our mission? How are we serving our customers? Investors? Employees? And other stakeholders?

After all, the word "plan" - according to the Merriam-Webster Dictionary - means "a method for achieving an end." In the case of business continuity, the "end" is to continue as a solvent and viable business enterprise. That's not to mention the fact that your downstream customers want to continue; If you don't, they may not.

Now let me cover the issue related to "on-the-fly disaster recovery decisions." Not to be condescending, but we humans are not usually good at thinking on our feet, especially under extremely stressful or dangerous conditions. Most tend to panic and hope that someone else knows what to do.

If we wait until "we're in deep kimchee" to identify our recovery actions, then the disaster's impact could worsen and full recovery may be impossible.

Worst case, how do we recover after experiencing fatalities in the workplace? In that scenario, there are psychological issues for the survivors. How do you account for the lost resource, skill sets, and knowledge assets? That's not to mention the lawsuits that are sure to follow from family members, especially when they discover you didn't have a plan.

One more thing: Be sure your constituents understand the difference between a response plan and a recovery plan. The response component of your BC plan is designed to stop the threat. Recovery involves repairing the damage and bringing the business back on-line as quickly as possible.

For example, if your office is threatened by a fire, then the response plan includes evacuating employees to safety, extinguishing the blaze, treating the injured, and protecting the surviving assets from further damage from exposure to the elements. Recovery activities include resolving the cause of the fire, removing debris, and repairing the damage. In most cases, some or all employees will have to office elsewhere in the meantime.

It's absurd to believe that implementing a single generic disaster recovery plan for multiple office sites is wise. As you can see, there are many, many issues that must be identified and considered for each office.

I hope this helps. Thank you again for such important questions.

DR Dan

Doctor! Doctor! Give me the news!

Dear DR Dan,

I'm curious... are you a doctor of philosophy or of medicine?

Denise From Down Under

Hi Denise,

Neither. I'm a doctor of disaster recovery, which should be documented as "DR DR Dan."

Seriously, I have over 20 years of experience in dealing with disaster recovery (DR), so I metaphorically call myself "DR Dan." "Dr. Phil" was already taken.

Thanks for your question.

DR Dan

Katrina and FEMA

Dr. Dan,

(btw, what is your degree in?)

In your considered opinion, was not the New Orleans “disaster response” by the Federal and State governments shameful at best? What went wrong or should I ask what didn’t go wrong? How can we know if our home, our city, our nation is ever truly prepared for something REALLY big?

Lefty

Hello Lefty,

Thanks for your questions.

1. (btw, what is your degree in?)
   
   I have multiple degrees: computer science, writing, and a masters degree from the Universal School of A&E (that's age and experience).
2. Was not the New Orleans “disaster response” by the Federal and State governments shameful at best?
   
   It WAS shameful. People died unnecessarily. Thousands were left homeless. But remember that America is a "for-profit state." The Federal and State Gov's response to Katrina is what it was. That being said, the disaster - whatever it is - begins in your neighborhood. Those in the epicenter must act as as if they are on an island; you must become self-sufficient. Next, the city / community will help out. Then, if possible, the county will render aid. Then the state. And finally the Fed. Please note also that FEMA - that agency which took so much heat - is NOT a responding agency. It exists simply to organize resources. It's emergency "management," not emergency response.
3. What went wrong or should I ask what didn’t go wrong?
   
   There's no doubt that a lot went wrong. Beginning in 1718 with the French building a settlement on a patch of land not much higher than sea level. This idiocy is quite analogous to building (and re-building and re-building) on a hurricane-prone coast-line or earthquake fault-line or in a floodplain. While humans continue to ignore common sense, Katrina-like events and ineffective response will continue to happen.
   
4. How can we know if our home, our city, our nation is ever truly prepared for something REALLY big?
   
   REALLY big is a REALLY relative term, my friend. REALLY big to me means M-1762 - an asteroid the size of Texas - hits the third rock from the Sun. In that case, my response protocol is simple: be penitent of my sins and drink heavily. My father's generation worried about nuclear Armageddon. My grandfather worried about the Great Depression. His father before him worried about Polio. Every generation has its own worries. Get the picture?
   
   Unfortunately, you can't know if you're REALLY safe. What you can do is prepare yourself and your loved ones. The fact of the matter is that - as I mentioned in my 2nd answer above - you have to think of yourself (and your family) as an island. Sad as it is, no one will look out for you more than you will.
   
   So, YOU need to develop (and implement) your own emergency response and recovery plan. It's pretty simple. Go to ready.gov for guidance and help.

Thanks for your questions. I hope this helps.

DR Dan

In the words of Jack Torrance, "I'm Home."

If you don't know Jack Torrance, then you've missed a great Stephen King / Stanley Kubrick flick, "The Shining."

So - like Jack - I'm "home." I've been on vacation since last week. When I'm on vacation, the only technologies I use are my SUV, an occasional greasy diner, and beer opener. No cell phones. No GPS. No laptops. Unless there's an emergency, of course.

To those of you who have submitted questions during my absence: Thank you. In the immortal words of one of my favorite technologies, the auto-answering service, "your call will be taken in the order it was received."

DR Dan

Blog Rules

Our blogging rules are simple:

1. First and foremost, don’t submit information that is considered proprietary, copyrighted, law enforcement sensitive, classified, or otherwise protected. That could get us both in trouble.


2. Don’t submit anything that could be considered offensive or slanderous. In other words, don’t write anything you wouldn’t want your hometown paper to print with your byline.


3. Keep your posts objective and factual. We’re not interested in hearsay, religious beliefs, or political alignment.


4. All submissions are reviewed for compliance with these blogging rules. When necessary, submissions will be edited, but the general essence of your message will be left intact. In other words, we're just looking for spelling errors and typos. This'll make you look good.

This site is designed to help all of us prepare for the worst. If you have information that can help, please take a minute or two to share your knowledge.

Approved submissions are usually posted within 24 hours. We look forward to your participation!

Thank you!

DR Dan

Championing the BC Cause

Dr. Dan,

For those launching a continuity program, do you have some tips on how to champion the concept with management?

Cate in OKC

Hi Cate,

Wow! That's one of those million-dollar questions that has plagued BC professionals for centuries, perhaps eons.

Seriously, management (in the private sector) usually has one priority: profitability. Every goal, every performance review, and every task are tied to the bottom line. It makes sense. That's what baseball, apple pie, and capitalism are all about.

So, you gotta hit 'em where they live. Consider these issues:

1. Is there a prevailing issue that may persuade them to be more agreeable to a program, such as a recent disaster, negative audit report, or concerned investor?
   
2. Is there an advantage to be derived from stakeholders, such as board members, investors, customers, et al., that a BC program would offer?
   
3. Are there influences in the industry that make having a business continuity program more prudent and beneficial?
   
4. Are there new laws that require a business continuity program?
   
5. Does there exist areas that are vulnerable to lawsuit, such as safety, product, or consumer liability?

Some management will realize that business continuity is a program and not a project.

Hope this helps.

DR Dan

BCP vs. COOP

DR Dan,

What would you say are the primary differences and similarities between Business Continuity (engaged in by businesses, companies or corporations) and Continuity of Operations (engaged in by Federal Agencies and now, more and more so, State Agencies)?

Jon

Thanks, Jon. This question points to a bigger issue: "Will private-enterprise business continuity plans (BCPs) and public agency continuity of operations (COOP) plans work together during a wide-scale disaster?" That'll be tomorrow's topic.

Back to your question. BCPs and COOPs are quite similar in that they are created to help the organization - private or public - recover from a disaster. Get back to "business as usual" as quickly as possible.

There are a couple of differences between BCP and a COOP plan. A BCP has a true "profit perspective." It's primary purpose is to recover profit centers and critical operations with the utmost urgency. A for-profit entity usually has very short recovery time objectives (RTOs). The COOP plan certainly intends to recover services to its constituents - the public - quickly, but the urgency may not be as high as in the business world. In short, if the business doesn't recover quickly enough, it may go bankrupt. Government will march on regardless. Theoretically.

Second, the COOP plan must consider and resolve any red-tape conflicting with recovery goals. This conflict could arise from miss-aligned priorities or policies. This issue especially comes into play when developing a community-wide COOP plan where multiple agencies at city, county, and state levels are involved.

In the private sector, bureaucracy is less prominent. If something gets in the way, it's a lot simpler and usually quicker for the CEO to fix it on the spot. Of course, a business must cooperate with outside entities such as first responders and enforcement agencies, but the lines of authority are more clearly drawn.

The bottom line is that BCPs and COOP plans have the same basic goal. Creating them also follows a similar path. Each has its own little gotchas, but these can be overcome.

Hope this helps,

DR Dan