HOME PAGE

SUBSCRIBE TO BIG MED AT THE BIG MED SITE ON GOOGLE GROUPS.

 
 

 

November 10, 2009

 

AFRICA

AMERICAS OCEANIA EUROPE MIDDLE EAST ASIA POLITICS BUSINESS RESEARCH EDUCATION WORKFORCE
 
   

 

Big Medicine is published by Team EMS Inc.

 

Managing Editor

Hal Newman  

 

Contact: ideas@tems.ca

 

Views

 

Avi Bachar

Steve Crimando

Angela Devlen

David Newman

Hal Newman

Chris Piper

Norm Rooker

Ghassan Michel Rubeiz

Jim Rush

Blair Schwartz

Geary Sikich

Ric Skinner

W. David Stephenson

David Suzuki

Sacha Vais

Beryl Wajsman

 

Contributor Emeritus

Erik Ronningen

 

Tools

 

Special Feature

H5N1 Briefings

News & Terrorism

Books

Africa

Americas

AustraliaNZ

Europe

Middle East

Asia

Agriculture

Alliances

Careers

Disaster Mgmt

Education

Environment

Faith

Finance

Hazard Research

Health

Logistics

Stop Violence Against Women & Girls

Technology

Urban

Weather/Climate

 

 

The views expressed here reflect the views of the authors alone, and do not necessarily reflect the views of any of their organizations. In particular, the views expressed here do not necessarily reflect those of Big Medicine, nor any member of Team EMS Inc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

 

 

VIEWS: GEARY SIKICH

 


 

Positing* Business Continuity as a Strategic Initiative [Nov 18 06]--For the vast majority of business continuity professionals the process of defining business continuity has largely focused on analysis (Business Impact Assessment), Plan development, Plan Validation (testing) and Plan maintenance. This is a familiar cycle that we all have used for services that our clients have requested. This article is designed to provide some ideas that will provoke an exchange amongst peers, some conceptualizations based on the evolution of enterprise risk management and some thought leadership (this hopefully will be the end result) regarding where we need to focus business continuity.

My basic argument expressed herein, is quite simple; “If we as continuity planners, claim to address business continuity, shouldn’t the plans we have created be comprehensive enough to ensure the survival of the business that is implementing the plan?” If the answer is “well, we already have “all hazards” plans”; then I am concerned that we as practitioners are missing some critical aspects of business continuity planning. If we have created plans that we claim are “business continuity plans”, “all hazards plans”, and plans that ensure operational resilience, are we confident that these plans will actually accomplish their intended objective? Or, have we only partially address the spectrum of planning that is required for assurance of full continuity? Are we assuring our clients, our companies the comparative advantage that they need to survive a disruptive event of crisis proportions?

As you reflect on this question and the generous amount of information on the subject of continuity planning that is available, you should begin to note that the vast majority of the articles and information is oriented toward a tactical approach/framework for continuity. We conduct Business Impact Assessments (BIA) to determine “mission critical” assets, however, with the event of H5N1 (Avian influenza) we suddenly hear from many practitioners that we must now include the “human assets” as part of our assessment and planning effort. Did we miss something over the years of touting business continuity as a corporate necessity? Perhaps human assets not part of the equation when we did our BIA and listed all those mission critical assets?

Three legal constructs should become part of every business continuity practitioner’s vocabulary.

 The first is, “Constructive Knowledge” and is defined in Black’s Law dictionary thus: If one by the exercise of reasonable care would have known a fact, he is deemed to have constructive knowledge of such fact; e.g. matters of public record.

 The second is, “Constructive Notice” defined in Black’s as: “Such notice as implied or imputed by law, as in the case of notice of documents which have been recorded with the appropriate registry of deeds or probate. Notice with which a person is charged by reason of the notorious nature of thing to be noticed, as contrasted with the actual notice of such thing.”

 Third, is “Negligence” defined in Black’s as: “The omission to do something which a reasonable man, guided by those ordinary considerations which ordinarily regulate human affairs, would do, or the doing of something which a reasonable and prudent man would not do.”

These three legal constructs will play a critical role in the argument that I am about to put forth on business continuity strategy and why I feel that it is imperative that the business continuity profession develop a strategic vision that embraces the concept of comparative advantage as it can be applied to the continuity of business; in addition to the tactical approach to continuity planning that we have fostered since the evolution and melding of disaster recovery, emergency response and crisis management. Today when there is a discussion of the business impact of an event, the orientation is focused on the response to the event, a tactical approach. We need to begin to think strategically. As an example, here is a very simple point of fact: we are not going to be able to stop a pandemic from occurring. Applying a first responder model to a pandemic situation that could last 500 – 800 days could be devastating for any organization.

As you read the next paragraph, you may start wondering to yourself, has the writer gone off the deep end? What does the concept and theory of comparative advantage have to do with business continuity? Bear with me and I will explain.

Comparative advantage was first described by Robert Torrens in 1815 in an essay on the corn trade. He concluded that it was to England's advantage to trade various goods with Poland in return for corn, even though it might be possible to produce that corn more cheaply in England than Poland. However, the theory is usually attributed to David Ricardo who created a systematic explanation in his 1817 book The Principles of Political Economy and Taxation using an example involving England and Portugal. In Portugal it is possible to produce both wine and cloth with less work than it takes in England. However, the relative costs of producing those two goods are different in the two countries. In England it is very hard to produce wine, and only moderately difficult to produce cloth. In Portugal both are easy to produce. Therefore, while it is cheaper to produce cloth in Portugal than England, it is cheaper still for Portugal to produce excess wine, and trade that for English cloth. Conversely, England benefits from this trade because its cost for producing cloth has not changed but it can now get wine at closer to the cost of cloth.

What does this have to do with business continuity? Simply put, everything. We as continuity planners should be seeking opportunities and options for our companies, clients and practice to ensure the continuum of operations that today’s modern business is involved in. We cannot afford to silo the efforts of business impact analysis (BIA), continuity plans, training, drills and exercises into a narrowly defined perspective that focuses on systems continuity.

Figure 1, entitled, “Positing Business Continuity as a Strategic Initiative” provides some perspective on the breadth that continuity planning must address in order to truly integrate the three levels (tactical, grand tactical, strategic) where our practice should focus.
 

 

Business Continuity Planning: A Strategic Tool

In today’s demanding business environment Senior Management needs tools that will help it with strategic issues that will define and ultimately protect their markets.  Business Continuity can be that strategic tool.  As a former strategic planner for a corporation told me, “we did not have IT at our strategic planning meeting every year.  It was at that meeting that we outlined new strategies and reviewed the effectiveness of existing strategies given the changes that regularly and rapidly occur in markets, competitive products and international competitors.” 

In the normal cycle of business continuity plan development we accomplish, through the Business Impact Assessment, an identification of “Mission Critical Assets”.  Generally these are in the form of systems and applications that are considered essential.  Figure 2, entitled, “Miss-Assessed?” highlights the general BIA areas of assessment.  Please note all the areas that are not highlighted!  Assets are only useful when intellect is applied.  For example, all the information about a company’s financial assets is only useful if one has the intellect to apply that information in such a manner as to benefit the user.  It was posited at a recent presentation, “Would you rather have $500 or a 256 meg thumb-drive?”  Initial reactive responses were “I’ll take the $500.”  With some thought, many answered the question, “Well it depends on what is on the thumb-drive.”  My perspective is this; it does not matter what is on the thumb-drive unless you can use it to your benefit.  
 

Developing a strategic plan for a company will focus on all the areas in figures 1 and 2, so if business continuity planning is supposed to ensure the resilience of the business, why do we not include in the business impact assessment these other areas to any great degree? 

That is “Business Continuity”

Speed, intangibles and connectivity, according to the authors of “Blur” published in March 1998, were going to be the driving force in the economy beyond 2000.  Speed, is the first critical characteristic.  Our highly mobile society operates at greater speed, allowing us to conduct business worldwide.  Speed also impacts an organization’s ability to develop, implement and manage strategic initiatives.  So if we are basing our business continuity plan on an incomplete or limited analysis of the business can we expect it to be valid?

Connectivity is the second critical characteristic.  Supply chains, outsourcing, etc. are interdependent systems (utilities for example).  We in the United States import more of our daily necessities that we produce domestically.

The third critical characteristic is Intangibles.  Today’s business environment is the product of thousands of years of forces acting on it.  The worldwide economy.  In economics, arbitrage is the practice of taking advantage of a state of imbalance between two or more markets: a combination of matching deals are struck that capitalize upon the imbalance, the profit being the difference between the market prices.  Why not take advantage of imbalance – a crisis – as an essential element of your business continuity strategy?  Companies regularly invest their capital in the markets.  Shouldn’t part of the BIA, the plan and the implementation of the plan during a crisis involve strategically directed investing (hedging, derivatives, arbitrage, etc.) as a part of the business continuity toolbox?  Strategic investing, Options, Arbitrage, Short-Selling, Derivatives, etc. have long been part of the CFO’s risk management conceptual framework.

Let us look at the business continuity cycle and reflect on how the three legal constructs relate and potentially impact current business continuity practices.

q      The first is, “Constructive Knowledge” and is defined in Black’s Law dictionary thus: If one by the exercise of reasonable care would have known a fact, he is deemed to have constructive knowledge of such fact; e.g. matters of public record.

When we do a BIA have we not created a roadmap of constructive knowledge?  We identify “Mission Critical” assets.  We diligently produce volumes of planning material to support how we are going to protect these “Mission Critical” assets.  Why have we not developed sophisticated strategies for investing during a crisis?  Perhaps it is because we have not truly identified “Mission Critical” assets, even though we have constructive knowledge by the exercise of reasonable care (due diligence) in our BIA and planning efforts. 

q      The second is, “Constructive Notice” defined in Black’s as: “Such notice as implied or imputed by law, as in the case of notice of documents which have been recorded with the appropriate registry of deeds or probate.  Notice with which a person is charged by reason of the notorious nature of thing to be noticed, as contrasted with the actual notice of such thing.”  

We seek to comply with regulatory requirements, ISO standards, best practices, standard of care concepts, etc. as part of the business continuity planning cycle.  We have therefore addressed constructive notice in our continuity plans (Sarbanes-Oxley, Basel II, etc.).  Are we putting ourselves on notice by not developing strategies that address all of the “Mission Critical” assets instead of only those that are focused on systems and applications recovery? 

q      Third, is “Negligence” defined in Black’s as: “The omission to do something which a reasonable man, guided by those ordinary considerations which ordinarily regulate human affairs, would do, or the doing of something which a reasonable and prudent man would not do.”  

"That it is logically true need not be argued before a mathematician; that it is not trivial is attested by the thousands of important and intelligent men who have never been able to grasp the doctrine for themselves or to believe it after it was explained to them." Paul Samuelson  

Prudence is occasionally an actual test, but it usually refers to a set of criteria used to measure an investment or enterprise against specific standards.  The objective is to determine whether the investment or enterprise is worth pursuing or investing in by judging how well it meets the challenge established by the judgment criteria.  Prudency testing in business continuity should refer to the ability of the business continuity plan to stand up to public scrutiny before it is allowed to continue beyond a conceptual phase.  It should also refer to testing and validating that a company sets for itself before deciding whether to proceed with a particular business activity.  Can we actually say that we are not negligent as continuity planners, when we fail to identify strategic options that will ensure the capability of the enterprise to continue as a “going concern”?  Or, that we fail to understand the intricacies of business interruption insurance and contingent business interruption riders?  Or, that we do not consider strategic scenarios, but rather sell tactical level response as a strategy? 

In his book, “The Collapse of Complex Societies”, Joseph A. Tainter states, “Human societies and political organizations, like all living systems, are maintained by a continuous flow of energy.”  He further states, “More complex societies are more costly to maintain that simpler ones, requiring greater support levels per capita.”  If the business continuity plan purports to provide resilience, continuity of operations, “all hazards”, etc., then we need to ensure that all options are available to decision-makers when the plan has to be activated.   

Concluding Thoughts – Business Continuity Myth or Magic?

Current research indicates a small portion (5%) of businesses today, have continuity plans, but virtually all realize they are at risk of something bad happening.  Do the 95% of businesses that do not have continuity plans know something that the 5% that do have continuity plans do not know?  Or are they relying on other options that they feel will give them greater flexibility, more protection and the assurance of continuing as a going concern?

In today’s demanding business environment Senior Management needs tools that will help it with strategic issues that will define and ultimately protect their markets.  Business Continuity is that strategic tool.  As a colleague, John Stagl, a former strategic planner for a corporation said, “I can tell you we did not have IT at our strategic planning meeting every year.  It was at that meeting that we outlined new strategies and reviewed the effectiveness of existing strategies given the changes that occurred in markets, competitive products and international competitors”.  That is “Business Continuity”.  The Center for Resilience at The Ohio State University defines a resilient enterprise as: 

“A resilient enterprise has the capacity to overcome disruptions and continually transform itself to meet the changing needs and expectations of its customers, shareholders and other stakeholders.”

Center for Resilience, Ohio State University

We as continuity planners have a responsibility to protect the organizations we develop plans for by facilitating continuity planning and preparedness efforts that avail themselves of all creative mechanisms that will ensure “resilience”.  Using their status as “leaders,” senior officials, senior management and board members can and must deliver the message that survivability depends on being able to find the opportunity within the crisis – and that may well include strategies and options that we currently do not include the business continuity plan, not because they do not exist, because we have chosen to limit our understanding of what continuity means.  Today we cannot merely think about the plannable or plan for the unthinkable, but we must learn to think about the unplannable and we must begin to incorporate risk reduction strategies that include the ability to quickly and efficiently implement, as an example, investment strategies as an integral element of the business continuity practice.

* 1 put forward as fact or as a basis for argument. 2 put in position; place.   — ORIGIN Latin, ‘placed’, from ponere. from the Oxford English Dictionary


References

q   Drabek TE, Tamminga HL, Kilijanek TS, Adams CR. Managing multi-organizational emergency responses: emergent search and rescue networks in natural disaster and remote area settings. Natural Hazards Research and Applications Information Center. University of Colorado, Boulder CO, 1981 

q   Meyer, Gerald C., "When it Hits the Fan: Managing the Nine Crises of Business," 1986 

q   Davis, Stanley M., Christopher Meyer, Blur: The Speed of Change in the Connected Economy, 1998 

q   Mitroff, Ian, I., Avoid "E3" Thinking, Management General, 1998 

q   Mitroff, Ian, I., Smart Thinking for Crazy Times: The Art of Solving the Right Problems, 1998 

q   Sikich, Geary W., The Financial Side of Crisis, 5th Annual Seminar on Crisis Management and Risk Communication, American Petroleum Institute, 1994 

q   Sikich, Geary W., Managing Crisis at the Speed of Light, Disaster Recovery Journal Conference, 1999 

q   Sikich, Geary W., Business Continuity & Crisis Management in the Internet/E-Business Era, Teltech, 2000

q   Sikich, Geary W., What is there to know about a crisis, John Liner Review, Volume 14, No. 4, 2001 

q   Sikich, Geary W., The World We Live in: Are You Prepared for Disaster, Crisis Communication Series, Placeware and ConferZone web-based conference series Part I, January 24, 2002  

q   Sikich, Geary W., September 11 Aftermath: Ten Things Your Organization Can Do Now, John Liner Review, Winter 2002, Volume 15, Number 4 

q   Sikich, Geary W., Graceful Degradation and Agile Restoration Synopsis, Disaster Resource Guide, 2002 

q   Sikich, Geary W., "Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty," PennWell Publishing, 2003 

q   Sikich, Geary W. “It Can’t Happen Here: All Hazards Crisis Management Planning,” PennWell Publishing 1993. 

q   Sikich Geary W., "The Emergency Management Planning Handbook", McGraw Hill, 1995. 

q   Sikich Geary W., “A new planning paradigm: Economic Consequences of a Pandemic,” Continuity Central, 2005 (also published in Disaster Resource Guide and Continuity Forum, 2005). 

q   Sikich, Geary W., Stagl, John M., “Are we missing the point of pandemic planning?”; Continuity Central, December 2005. 

q   Sikich, Geary W., “Continuity of Leadership: Repopulating Your Chain of Command”; XBHR Newsletter, December 2005. 

q   Sikich, Geary W., “Supply Chain Continuity”; Supply & Demand Chain Executive, February 2006.

q   Tainter Joseph A., “The Collapse of Complex Societies,” Cambridge University Press, 1988; Eleventh reprint 2004.

 

 


 

Integrating Business Continuity Criteria into Your Supply Chain [Jun 4 06]--Introduction. Most organizations have a supply chain that is a mix of competencies, from manufacturing to professional advisory services. Developing business continuity strategies and embedding business continuity processes into an organization’s procurement process can enhance the organization’s ability to actively assess vendor capabilities. By creating a flexible framework for augmenting, retaining, or shedding vendor competencies in order to assure supply chain integrity, the organization can meet customer demand, customer expectations and generate consistent performance.

 

No one company can deliver end-to-end products and/or services in today’s complex business environment. Your company,  like other companies is most likely dependent on vendors of various types (manufacturing, profession services, software, transportation, etc.) to meet customer expectations. Four basic assumptions form the underlying premise for this article:

 

Complexity: Companies today are complex and their procurement processes are complex management systems operating within multiple networks

 

Touchpoints: All of a company’s touchpoints (downstream & upstream) within its networks must be considered to effectively evaluate risks, threats, hazards and vulnerabilities to determine the effects and consequences of degradation on the entire system

 

Responsiveness: Actions at any given level within the network may be inadequate unless the entire network responds in kind

 

Resource Constraints: Most levels and groups within the company and the supply networks supporting the company lack the resources and specialized skills to know what to do to maximize operational resilience within the network

 

The integration of vendor business continuity capability as part of the procurement process is becoming an integral part of company strategy.  Effective business continuity strategies, like supply chain assurance, need to be designed.  Integrating business continuity principles and concepts into the a company’s business portfolio planning process and at each stage of product/service life cycle can provide opportunities to enhance the procurement process, allowing your company to deliver superior products and/or services solutions to its customers.

Structure – a key element

Identifying procurement touchpoints (internally and externally) needs to be one of the first steps in the process. Developing a custom fitted questionnaire for vendors as well as internal stakeholders can provide a basis for moving forward. Applicable policies, procedures, recognized “best practices” and regulatory requirements set the benchmarks from which metrics for assessing vendor business continuity capabilities can be developed.  Integration criteria should be contained in the vendor’s contract; spelled out in specific terms.

Touchpoints – Internal and External

Identifying procurement touchpoints should be undertaken to assure that key continuity concerns are adequately addressed.  Internal touchpoints may include any part of the organization that has direct and/or indirect interface with the procurement process.  This would include customer relationship/service touchpoints, strategic planning, quality assurance, operations, human resources, legal, audit and, in some instances, the officers and board of directors of the enterprise.  Identifying external procurement touchpoints may seem simple, but when you begin to identify vendors, you have to realize the components that allow the vendor to get their product or service to you are also touchpoints.  Therefore, identifying external procurement touchpoints becomes more complex.  In addition, due to the popularity of outsourcing today, we are finding that vendors are also outsourcing.  A tiered approach to identifying external procurement touchpoints can facilitate organizing the process.   

Vendor Continuity Capability Questionnaire

Developing the vendor continuity capabilities questionnaire needs to be carefully thought through.  You are, in essence, creating a legal document that could contain sensitive information and must be protected.  You are also creating a potential liability document for yourself.

 

Let me explain; the legal term, constructive knowledge is defined in Black’s Law Dictionary thus, If one by the exercise of reasonable care would have known a fact, he is deemed to have constructive knowledge of such fact; e.g. matters of public record.”  Constructive notice is defined in Black’s Law Dictionary thus, “Such notice as implied or imputed by law, as in the case of notice of documents which have been recorded with the appropriate registry of deeds or probate.  Notice with which a person is charged by reason of the notorious nature of thing to be noticed, as contrasted with the actual notice of such thing.”   Negligence is defined in Black’s Law Dictionary thus, “The omission to do something which a reasonable man, guided by those ordinary considerations which ordinarily regulate human affairs, would do, or the doing of something which a reasonable and prudent man would not do.” 

 

With the type of information that you will collect in order to assess vendor continuity capabilities, your organization could be held liable, under the concepts of negligence (foreseeability), constructive notice, and/or constructive knowledge, for NOT taking action to mitigate potential losses.

The questionnaire that we have most often utilized consists of eight parts as highlighted below.

Part 1: Governance Provisions & Management Commitment

Part 2: Business Continuity Strategies: Developing and Implementing BCP

Part 3: Business Impact Analysis, Risk Evaluation & Control Mechanisms

Part 4: Maintaining Continuity: Training, Awareness, Exercising & BCP Updates

Part 5: Incident Response Operations

Part 6: Crisis Communications

Part 7: Coordination (External Entities)

Part 8: Vendor Certification 

The length of vendor questionnaires will vary with the industry group represented and the depth of initial analysis that the procurement group chooses to perform.  Generally, the questionnaires that have been developed for clients have contained approximately fifty questions.  The questions are designed to require the vendor to provide quantifiable answers. Should the procurement group assessing the adequacy of the answers determine that there is a need for further analysis; a formal audit team is assembled to determine how to resolve the concern over vendor continuity capability.

 

Vendor Continuity Capability Assessment

 

During the course of assessment data will be collected, analyzed and developed into assessment findings and recommendations regarding vendor continuity capabilities.  The data should be organized by Essential Element of Analysis (EEA) criteria that the organization establishes and uses to conduct data collection, analysis and evaluation.  Examples of typical EEA are summarized below.

 

      Organization: As defined herein refers to the current procurement process, vendor roles/responsibilities and deliverables during the procurement process life-cycle and current criteria for the organization’s business continuity programs and plans.   

 

      Vulnerability Identification and Control: As defined herein refers to establishing minimum acceptable criteria    for vendor vulnerability identification and control methodologies as these methodologies relate to vendor       business continuity programs and plans and the ability of the vendor to integrate its methodologies on a sustainable basis with the client’s business continuity management strategy.   

 

      Continuity Strategy and Approach: as defined herein refers to the metrics developed and used to verify vendor integration of business continuity management program and plans with the client’s business continuity management strategy.   

 

      Documentation:  As defined herein refers to the documentation of vendor business continuity management program and plan capabilities.   

 

      Resource Management and Development: As defined herein refers to the metrics for vendor validation of staffing (Business Continuity staffing) and associated vendor integration of continuity planning, resource development and awareness of continuity. 

 

      Continuity Maintenance: As defined herein refers to the procedures used to assure resilience of the vendor continuity process. 

 

Objectives

 

The overall objective of integrating business continuity criteria is to facilitate the ongoing development and implementation of enhancements to the procurement process including program management (normal operations and incident management operations), stakeholder communication and knowledge transfer associated with vendor business continuity management programs for vendors operating within your company’s procurement system.

 

In developing the overall design objectives careful consideration should be given to ease of use by procurement staff, other personnel and external parties (as appropriate). Three elements associated with enterprise assurance apply:

 

      Strategic Element consisting of support for compliance efforts, communications to stakeholders (vendors, customers, internal groups, etc.) and strategic active analysis processes.

 

      Grand Tactical Element consisting of support for implementation efforts, sustaining business operations, communicating upwards (internal focus), and grand tactical active analysis processes.

 

      Tactical Element consisting of direct specific implementation steps, communication upwards (internal focus), external communications (vendor interface), mitigation of noncompliance/nonconformance and tactical active analysis processes (scorecards, vendor continuity questionnaire, etc.).

 

As with any process negotiating continuity commitments may need to be addressed on a case-by-case basis. Once the evaluation process has been completed, it must be managed, enforced and monitored to assure continuity of operations compliance.

 

Procurement Planning Considerations

 

Procurement planning considerations will generally consist of the normal day to day functioning of the procurement process.  Supply Chain Business Continuity integration elements should consist of a tiered evaluation structure focused on four aspects as presented in Figure 1, Supply Chain Business Continuity Elements.  These elements consist of: 

 

      Comprehending and describing supply chain continuity requirements 

      Conducting business continuity capability assessments 

      Evaluating business continuity capabilities 

      Identifying actions to be taken 

Each phase of the procurement process can be designated an Essential Element of Analysis (EEA), as defined previously.  We recommend that each EEA incorporate in the scorecard process a tiered analysis structure consisting of Measures of Effectiveness (MOE) and Measures of Performance (MOP) to provide metrics for facilitating the scoring of vendor and  potential vendor business continuity capabilities.   A Measure of Effectiveness (MOE) is a metric that forms subgroups of information relating to specific areas encompassed by an Essential Element of Analysis.  A Measure of Performance (MOP) is a data structure.  Measures of Performance answer a specific question.  Measures of Performance are grouped to form Measures of Effectiveness.  Measures of Performance are measurable and observable, that is, they provide a quantitative basis for evaluation of a specific area. For example, a Measure of Performance might be, “What is the current credit rating for the Vendor under consideration?"  Illustrative examples of the EEA – MOE – MOP structure are provided and discussed later in this report.  Figure 2, Vendor Business Continuity Metrics, provides an illustrative example of these structural components. 

Your company faces a variety of risks that have a potential impact on its supply chain assurance. These can be articulated as either internal or external as depicted in Figure 3, Internal and External Vulnerability Drivers. 

These drivers and the ability to manage them (put into place contingency measures) often are interconnected.  Understanding this potential interconnectedness is a key factor in assessing vendor business continuity capabilities.  Internal and External vulnerability drivers can materialize in a variety of ways.  Making vertical, horizontal and diagonal connections between drivers can provide a conceptual understanding and potentially reduce unexpected outcomes as you identify how risk is uniquely embedded in your company’s supply chain. 

 

Risk can be context sensitive, as risk elements interact in different ways depending on the situation.  Understanding the potential interaction of risk factors facilitates the ability to measure business continuity capabilities and plan for offsets that can be implemented should a disruptive event occur. 

 

Figure 4, entitled, “Sample Roadmap for assessing vendor capabilities” is an illustrative example of a roadmap for the  process of assessing vendor capabilities.  The assessment process has been designed to provide a phased approach with progressively more detail accumulated at each phase of the procurement process.  This assessment process can be easily embedded into your company’s procurement scorecard system, enabling you to incorporate vendor business continuity evaluation as an integral component of the procurement process. 

 

As depicted in Figure 5, “Typical Procurement Process” the integration of recommended business continuity metrics in the procurement process should be related to the key elements of the procurement process.  Incorporating the recommended business continuity capability assessment at each phase of the procurement process can help identify vulnerabilities, develop consequence management strategies, plans and implement mitigation strategies. 

Upon conclusion of assessment at each phase of the procurement process you can evaluate vendor business continuity capabilities allowing a “go/no go” decision based on measurable criteria.  Prior to proceeding to the next stage in the procurement process the vendor will have been vetted and the next stage evaluation can allow you to continue to refine the vetting requirements and gather more detail on vendor continuity capabilities.  Having an in-depth understanding of vendor capabilities at each phase of the procurement process can allow critical decision-making at earlier stages of procurement and can thus can enhance communications between you and your vendors regarding business continuity issues. 

 

Embedding into the procurement process specific business continuity objectives, guidelines and assessment metrics can enhance decision-making, communications (vertical/horizontal) and resource management.  In addition to the Vendor Continuity Questionnaire, you can develop worksheets that can be incorporated into each phase of the procurement process to further facilitate the assessment of vendor business continuity capabilities.  The benefit of having vendor continuity capabilities catalogued and indexed is threefold.  First, the company can begin to assess and quantify the risk impact of an event.  Second, a determination of how long the risk exposure will last before the event is mitigated and/or the exposure is rectified.  Third, a determination of potential recovery costs in terms of emergency actions can be estimated.

   

Early assessment and quantification of vendor, supplier, etc. business continuity capabilities is essential.  In addition to the Vendor Continuity Questionnaire we have developed a set of nine Risk Analysis Worksheets.  These worksheets are structured to build on the evaluation criteria in the form of Essential Elements of Analysis, Measures of Effectiveness and Measures of Performance. They are listed below. 

 

      Worksheet 1: Describe the Supplier  

      Worksheet 2: Determine Demand Risk

      Worksheet 3: Determine Supply Risk

      Worksheet 4: Determine Process Risk

      Worksheet 5: Determine Control Risk

      Worksheet 6: Determine Environmental Risk

      Worksheet 7: Evaluate Implications

      Worksheet 8: Identify Actions

      Worksheet 9: LMSCARVERtm Supply Chain Risk Analysis

 

We recommend that your company and its vendors negotiate periodic assessments of sub-tier vendors (vendor’s suppliers) to further assure business continuity capabilities.  This can be accomplished through contractual requirements executed at the initial stages of vendor engagement.  Your company can utilize the Vendor Continuity Questionnaire and Risk Analysis Worksheets to facilitate consistency of the vendor’s depth analysis. Figures 6, 7 and 8 provide illustrative examples of depth analysis determination criteria. 

                           

               

Procurement Incident Management Considerations

 

The second part of the procurement process relating to vendor continuity should address incident management considerations.  A vendor can complete the vetting process (Vendor Continuity Questionnaire, Risk Analysis Worksheets, Scorecard, etc.) and still experience a disruption that could affect you company’s ability to meet customer requirements (i.e., Philips, Ericcson, Nokia).  Having an incident management system as a component of the procurement process can allow your company to respond, recover and restore supply chain operations with less potential for massive disruption.  Incident management can range from assessing and classification of a vendor incident to implementation of response actions, such as sending your personnel to vendor facilities to assist in incident mitigation processes.  

 

Contingency alternatives can range from having backup response plans to alternative sources of supply.  Once the connected risk themes are identified and evaluated, actions to address consistent themes throughout the procurement process can be taken.  Identification of consistent risk themes across a number of risk dimensions can help to determine where your company should place significant effort to mitigate the risk exposure. 

 

Disruptive events (figure 9) as they occur need to be classified by their level of severity in order to determine the potential impact they may have.  A classification system can provide a consistent framework for evaluation; enhance the communication process allowing ease of communication between internal and external groups and facilitate response, management, recovery and restoration efforts.

In addition to the event classification system the incorporation of an event assessment form that would be used in conjunction with the Event Classification System for determining the event classification level and for facilitating discussion within your company and with the affected vendor(s).  As depicted in figure 10, the degree of degradation of service minus the level of preparedness equals the time for recovery.  The less prepared an organization is for service disruption the longer it takes the organization to recover its operations and restore service levels.  Having a classification system can enhance the ability to identify potentially disruptive situations early and determine how to respond effectively to minimize the level of service impacts.

 

The procurement process represents the first line of direct contact with vendors, suppliers, etc.  Detection by procurement personnel at any stage of the procurement cycle of potential disruption and classification of severity can allow your company to implement its BCP plan and coordinate with the affected vendor to assure continuity of operations and to mitigate the disruptive event. 

Early detection, classification and response can lead to less of a drop in service; a potential reduction in the chaos associated with a disruptive event and shorter recovery and restoration timeframes.  Figure 11, depicts the typical functions performed at various levels within an organization as it moves from response to restoration.  This figure also depicts the focus for an organization at the tactical, grand tactical and strategic levels.  At the tactical level the focus is generally on event response and mitigation.  The focus at the tactical level should be on response and mitigation while the need at the tactical level is for support from the next level (grand tactical).  At the grand tactical level the focus should be on support for the tactical response.

 

Additionally, at the grand tactical level the focus should be on the prevention of cascade and containment of cascade effects on the organization.  At the strategic level the focus should be on management oversight, coordination and facilitation of restoration of services.  It is important to note that a key element in this vertical and horizontal process of detection, classification, response, management, recovery and restoration is seamless communications.  Seamless communication is based on the adoption of common terminology and in the functions represented at each level, as shown in figure 11.   

Phased Development and Integration

 

With any large scale project, such as the integration of vendor business continuity criteria into the procurement process, attempting to implement on a grand scale can lead to chaotic results.  A phased approach to implementation and integration would generally consist of five phases:

 

      Phase 1: Assessment & Vendor Continuity Questionnaire – deliverable: letter report with executive summary that will include discussion and recommendations based on the results of the review of Essential Elements of Analysis (Report). 

 

      Phase 2: Procurement Integration (vertical/horizontal) – deliverables: Procurement Management System Vendor Business Continuity Management Program and Plan Integration Criteria Guide (Tools) and    Procurement Management System Vendor Business Continuity Management Program and Plan Integration Criteria Guide training program materials (Knowledge Transfer).

 

      Phase 3: Monitoring & Enforcement – deliverable: Procurement Management System Vendor Business Continuity Management Program and Continuity Plan Integration Criteria Guide maintenance criteria (Sustainability).

 

      Phase 4: Sustainability – deliverable: periodic metrics, event response reports.

 

      Phase 5: Maturity Model Evaluation – deliverable: metrics for maintaining the process, change management procedures.

 

Conclusion

 

Assuring supplier continuity capabilities are of paramount concern today.   Realizing that most business processes today extend beyond the boundaries of a single entity, awareness of critical supply chain interdependencies has risen sharply. Simply having profiles of potential high risk suppliers, while extremely important, is by itself not enough.  Developing capabilities to assess and monitor vendors to facilitate the active analysis process, providing predictive metrics to supplement the initial assessment process performed during the early stages of the procurement process.  Active Analysis is a process that utilizes predictive metrics to identify potential problems before they occur.

 

Today business leaders have the responsibility to protect their organizations by facilitating continuity planning and preparedness efforts.  Using their status as “leaders,” senior management and board members can and must deliver the message that survivability depends on being able to find the opportunity within the crisis.

 

Many people feel that the world has changed as a result of the events that took place on September 11, 2001; that we need to rethink our concepts of continuity and crisis management.  Today we cannot merely think about the plannable or plan for the unthinkable, but we must learn to think about the unplannable.

 

Market research indicates that only a small portion (5%) of businesses today have a viable plan, but virtually 100% now realize they are at risk.  Seizing the initiative and getting involved in all the phases of crisis management can mitigate or prevent major losses.  Just being able to identify the legal pitfalls for the organization of conducting a crisis management audit: can have positive results. 

 

References and Endnotes:

“Key developments in the Firestone tire case.” (www.accidentreconstruction.com.).

Levene, Lord, "Changing Risk Environment for Global Business.”  Union League Club of Chicago, April 8, 2003.

Meyer, Gerald C., When it Hits the Fan: Managing the Nine Crises of Business. (1986).

Mitroff, Ian, I., Avoid "E3" Thinking, Management General. (1998).

Mitroff, Ian, I., Smart Thinking for Crazy Times: The Art of Solving the Right Problems. (1998).

Palmer, Pamela, “When Is It Safe To Shred Unwanted Documents After Sarbanes-Oxley?”  Wall Street Lawyer, Vol. 6, No. 8, Pgs. 15-19.

Perera, Valerie C. and Sikich, Geary W., “Controlling Crisis Will Determine Corporate Survival.”  The Corporate Lawyer, Illinois State Bar Association, November, 2002.

Sikich, Geary W., “Managing Crisis at the Speed of Light.” Disaster Recovery Journal Conference (1999).

Sikich, Geary W., “Business Continuity & Crisis Management in the Internet/E-Business Era.” Teltech (2000).

Sikich, Geary W., “What is there to know about a crisis.” John Liner Review, Volume 14, No. 4 (2001)

Sikich, Geary W., “The World We Live in: Are You Prepared for Disaster?”  Crisis Communication Series, Placeware and ConferZone web-based conference series –  Part I, January 24, 2002.

Sikich, Geary W., “September 11 Aftermath: Ten Things Your Organization Can Do Now.” John Liner Review, Winter 2002, Volume 15, Number 4.

Sikich, Geary W., “Graceful Degradation and Agile Restoration Synopsis.” Disaster Resource Guide (2002).

Sikich, Geary W., “Aftermath September 11th, Can Your Organization Afford to Wait.” New York State Bar Association, Federal and Commercial Litigation, Spring Conference, May 2002.

Sikich, Geary W., "September 11th, Can Your Organization Afford to Wait?" GlobalContinuity.com, May 2002.

Sikich, Geary W., Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty.  PennWell Publishing, (2003).

Understanding Supply Chain Risk; prepared by LCP Consulting in conjunction with the Centre for Logistics and Supply Chain Management, Cranfield School of Management, Cranfield University, United Kingdom, 2003.


 

Legislation, Regulations and their impact on BCP: “How to think globally while acting locally” [May 22 06]--Copyright© Geary W. Sikich 2006. World rights reserved. Published with permission of the author.

 

Let us begin by setting aside the facts, for they do not affect the matter at hand (Rousseau)

Overview

At its beginning, we have no doubt about the sources of authority.  Will today’s all-encompassing anthill of international legislation and regulation give meaning, structure and order to businesses?  Will business continuity as a profession evolve to take aim at the wide array of legislation and regulation that has combined to make such authority function?  Or will we, like Voltaire’s six kings, claim attention through the assertion of our powerlessness?

Sarbanes-Oxley will probably be one of the most far-reaching pieces of legislation that has yet to be enacted.  The essence of Sarbanes is quite simple; compliance with all Federal regulatory matters.  But, how do you know what compliance is or what it ought to be?  What about such international precedents as BASIL or the ISO standards?  The gap between “is” and “ought” is not accidental but systematic.  It’s a gap that may leave us permanently torn. 

Legislation, Regulations and their impact on the BCP profession 

The myriad of compliance initiatives that organizations have to contend with today can leave one dazed and confused.  Starting in the late 1960’s with environmental, health and safety regulations having requirements for emergency preparedness, through today; the ever expanding requirements for greater preparedness seem without end.  Today regulations, such as NYSE rule 446 require firms to develop, maintain, review and update business continuity and contingency plans that establish procedures to be followed in the event of an emergency or significant business disruption. 

The pursuit of understanding the legislative and regulatory morass often seems to lead us to the judgment that the regulators of the world exist to drive us mad.  The search for compliance with new regulations often reveals the vices of the old; should we analyze them in sufficient detail.  Let us look at the “morass” of legislative and regulatory initiatives from a few different perspectives.  Table 1, “Regulations with BCP Implications,” depicts the legislative and regulatory impact on business continuity as a profession.  I have attempted to simplify the tables by using three vertical levels, strategic, grand tactical and tactical representing compliance in theory; and six horizontal levels representing compliance in practice as related to continuity requirements.  Before we get into a discussion of the first table, some definitions of the terms used it in this article are necessary. 

Business Continuity, "All initiatives taken to assure the survival, growth and resilience of the enterprise." 

Strategic Level, “Mission, vision, values; the direction the enterprise takes in order to achieve business continuity.” 

Grand Tactical Level, “All initiatives taken to fulfill the strategy of the enterprise by a major element of the enterprise (i.e., business unit, operating division, etc.)” 

Tactical Level, “The primary point of implementation of compliance initiatives.”  

Table1, “Regulations with BCP Implications 

Act

Sarbanes Oxley Act

Gramm Leach Bliley Act

Maritime Transportation Security Act

NYSE Rule 446

USA Patriot Act

Vital Interdiction of Criminal Terrorist Organizations Act of 2003

NASD Rule 3510

NASD Rule 3520

NFPA 1600

Occupational Safety and Health Act (OSHA)

Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA) (Public Law 96-510)

Resource Conservation and Recovery Act 1976

Emergency Planning & Community Right to Know Act 42 U.S.C. 11001 et seq. (1986)

FEMA Guidance

Homeland Security Act

U.S. -- Uniform Computer Information Transactions Act (UCITA) 

U.S. -- Uniform Electronic Transactions Act (UETA)

Privacy and Date Protection Laws

Cybersecurity Law

Digital Signatures

Public Key Incription

Health Insurance Portability and Accountability Act (HIPAA)

Clean Air Act

Clean Water Act

Oil Pollution Act of 1990

Endangered Species Act

Federal Insecticide, Fungicide and Rodenticide Act (FIFRA)

Freedom of Information Act (FOIA)

National Environmental Policy Act (NEPA)

Pollution Prevention Act (PPA)

Safe Drinking Water Act (SDWA)

Superfund Amendments and Reauthorization Act

Toxic Substances Control Act (TSCA)


In his book, "When It Hits the Fan, Managing the Nine Crises of Business," Gerald C. Meyers, former chairman of American Motors lists nine forms of crisis: 

§         Public Perception

§         Sudden Market Shift

§         Product Failure

§         Top Management Succession

§         Cash Crisis

§         Industrial Relations

§         Hostile Takeover

§         Adverse International Events

§         Regulation - Deregulation 

Note that the final form of crisis that Meyers lists is “Regulation – Deregulation”; I think that this is critical for understanding the strategic, grand tactical and tactical axis.  A new study by PricewaterhouseCoopers and the Economist Intelligence Unit has revealed that too many financial institutions continue to fall short of first-class compliance and leave themselves extremely vulnerable to reputational damage with their customers, the regulators and other stakeholders.  As part of the study, entitled 'Compliance: a gap at the heart of risk management', 160 executives responded to an in-depth global survey on the subject of compliance. Alarmingly, less than a fifth of survey participants considered awareness of compliance-related risks to be high across all parts of the business and fewer than a quarter were very confident with regulatory requirements and internal codes and policies.  

As part of the study PricewaterhouseCoopers identified three key attributes that mark out an institution in the vanguard on compliance risk management:  

  • Board and senior managers must clearly articulate a vision of compliance that goes well beyond the compliance function itself and then drive the process of delivering on that vision. Clear and accessible policies and procedures must be deeply rooted in all business units and functions within financial institutions. Responsibility for compliance should be embedded throughout the enterprise from the most junior to the most senior person.

  • An infrastructure must be put in place to allow management to track current and emerging compliance issues and to communicate these to internal and external stakeholders. A comprehensive system of internal controls and audit must create an environment of continuous improvement in managing compliance risk. Part of the strategic process should be to review emerging trends in order to get 'ahead of the game' and anticipate new issues before they become embedded and difficult to address. Technology plays a critical role in this area.

  • Compliance must be used to drive value. Good compliance involves understanding and delivering on the expectations of customers and other stakeholders, thereby improving the quality of key relationships.

Table 2, “Compliance Matrix,” depicts three levels on a vertical axis and six applications on a horizontal axis.  At the Strategic level, business continuity planning needs to be viewed as an integral element of the overall strategy of the enterprise.  For example, the popular “Balanced Scorecard” and strategy mapping are ideal vehicles to begin to assess strategic implications for the enterprise when evaluating legislative and regulatory compliance initiatives.  At the Strategic Level we should accomplish the following:

·        OBJECTIVES: What is the goal of your compliance program? How can a continuity program benefit your organization and its key stakeholders? 

·        FOCUS: Which regulations specifically will your continuity program focus on? What capabilities are required to assure compliance? How will they be coordinated across the enterprise?

·        VALUE: What metrics will you employ to measure the results and demonstrate the value of the compliance process?

 

The Grand Tactical level should be involved in the information gathering portion of compliance and the implementation of “checks and balances” to assure that compliance is being adhered to.  The Grand Tactical level provides an excellent opportunity to interview and receive input from others that you may not often interact with.  This will give you exposure with those executives while allowing these executives to participate in the development of the continuity program and “buy in” to the ultimate outputs of the Strategic level initiatives because they have a vested interest in seeing it successful.

At the Tactical Level you are forced to rationalize your current and future continuity activities in relation to compliance requirements.  In my experience, business continuity professionals that have taken the time to go through the process of identifying regulatory compliance requirements that impact continuity are much more successful getting their programs supported; and they are better able to articulate the need, value, and return on investment of the continuity program to the executive team.

With the above definitions as a starting point, let us venture to the first table.  Table 1, depicts three levels on a vertical axis and six applications on a horizontal axis.  At the Strategic level, business continuity planning needs to be viewed as an integral element of the overall strategy of the enterprise.  For example, the popular “Balanced Scorecard” and strategy mapping technique are ideal vehicles to begin to assess strategic implications for the enterprise when evaluating legislative and regulatory compliance initiatives.   

Table 2, “Compliance Matrix” 

 

Levels

 

Strategic

 

Grand Tactical

 

Tactical

 

International Standards

 

 

Develop policies, guidance to incorporate as standard of care for enterprise

 

Development and integration of continuity programs (emergency response, disaster recovery, crisis media management, crisis management, physical security, information and date security, privacy, e-commerce, outsourcing management, etc.

 

Plan Implementation and maintenance.  Conduct outreach to “value chain” partners to assure compliance interfaces. Conduct periodic assessment of new legislative initiatives.

 

Country Specific Federal Laws

 

 

Establish policy, planning guidance, metrics

 

Identification of specific legal requirements and implementation of policy guidance for developing and integrating plans

 

Plan Implementation and maintenance.  Conduct periodic assessment of new legislative initiatives.

 

Country Specific State Laws

 

 

Establish policy, planning guidance, metrics

 

Identification of specific legal requirements and implementation of policy guidance for developing and integrating plans

 

Plan Implementation and maintenance.  Conduct periodic assessment of new legislative initiatives.

 

Country Specific Local Laws

 

 

Establish policy, planning guidance, metrics

 

Identification of specific legal requirements and implementation of policy guidance for developing and integrating plans

 

Plan Implementation and maintenance.  Conduct periodic assessment of new legislative initiatives.

 

Best Practices

 

 

Develop guidance for consideration and/or implementation as a best practice for enterprise.  Assess unintended consequences for acceptance and implementation.

 

Communicate best practice and assess for unintended consequences of implementation. Monitor implementation and adherence.

 

Develop implementation program, communicate implementation status and monitor adherence.

What does all this mean for the business continuity profession?  The proliferation of regulations at the Federal, State and local level should mean that the business continuity profession will have to expand.  These regulations should mean that business continuity professionals will have a greater influence on the organizations that they are employed by or that they provide consultation to.  They also mean that business continuity professionals will have to become more educated in their chosen profession.  They mean that business continuity, as it is variously defined, will have to rethink its basis and redefine itself.

For the business leaders they mean that an “integrated” approach to business continuity; one that makes business continuity planning an integral part of the business process should be a priority.  Today business leaders cannot afford to let regulatory compliance go unanswered.  Sarbanes-Oxley and other legislation have elevated compliance initiatives to the senior management and board of director levels. 

Concluding Thoughts

U.S. regulations and legislation, such as, The Patriot Act, Vital Interdiction of Criminal Terrorist Organizations Act, HIPAA and privacy regulations will have far reaching impacts on everyone.  Add to the mix, international regulations and legislation and you have a volatile combination.  Business leaders should ask, “In a world of earthquakes, can we count on contingency to work in our favor?”  Business continuity professionals need to ask, “Can I afford not to know what compliance means?”

When developing a strategic continuity plan to address legislative and regulatory initiatives for your enterprise, make sure you consider the following areas.

  • Establish scope. You need to set parameters for your program and for the planning process.  What are the legal requirements to be addressed?  Who owns responsibility for assuring that the legal requirements are met?
  • Assess current requirements. You must be able to clearly describe what compliance requirements must be met and the potential impact of not being met.
  • Visualize the future.  Articulate current regulatory trends.  Where does your organization need to be?  What are the consequences to your organization if you don't do these things?
  • Delineate strategic, grand tactical and tactical goals and initiatives.  What is there to achieve and how to get there.  Establish measurable objectives for the program.  Communicate the benefits.
  • Strategy Mapping Implementation.  Develop a strategy map for implementation.  The strategy map has to demonstrate that you have thought things through.  What are the “unintended consequences”?
  • Audit. Measure performance against set standards to demonstrate the value of understanding the interrelationship of regulatory requirements.  Where do you currently stand? Where do you need to be (compliance trigger dates) in order to demonstrate compliance?  Business Judgment Rule in case law now is "Was the risk process reasonably adequate to provide senior management with information to make decisions."

 


 

A new planning paradigm: Economic Consequences of a Pandemic [Feb 19 06]--Copyright© Geary W. Sikich 2005. World rights reserved. Published with permission of the author.


Introduction


At the time of this writing H5N1, known as Avian Flu, is spreading throughout Asia with one of the highest mortality rates of any flu virus of the previous century. Even the Influenza (Spanish Flu) of 1918 did not have as high a morbidity and mortality rate as H5N1 (Avian Flu). We are seeing almost daily some revelation from the World Health Organization (WHO) or Centers for Disease Control (CDC) or the popular media.


I recently wrote an article on the parallels that can be drawn between the impact of Hurricane Katrina and the aftermath of a manmade ‘dirty bomb’ attack. Viruses mutate in order to adapt. It is the nature of a virus to survive and mutating is a virus’ defense mechanism against manmade antibiotics. When H5N1 mutates to allow human to human transmission the stage will be set for a global pandemic.


In the aftermath of Hurricanes Katrina and Rita, New Orleans has been reeling from the devastation. In spite of significant warnings ahead of time, the city, the State of Louisiana and the Federal Government were overwhelmed by the impact of the direct hit by Katrina and the cascade effect of the rains from Hurricane Rita. Katrina, a category 4 hurricane, rendered effective allocation of resources and rapid response totally ineffective. Hurricane Rita’s rains re-flooded an already devastated city.


The consequences of a rapid spread of H5N1 from a continuity planning perspective cannot be overlooked. If hurricanes Katrina and Rita put the people of New Orleans and the Gulf Coast in a fight for their very survival, what would a pandemic do?


Why is so much attention being paid to H5N1?
 

At present the transmission of H5N1 has been limited to animal/human transmission. This has limited the number of people who have become infected by the virus. Mortimer B. Zuckerman writes in the New York Daily News on 20 June, 2005, in his article entitled, “A Nightmare Scenario – H5N1 Pandemic” the following excerpt:

 

Should we sound the alarm for a worldwide epidemic that might not occur? There is no choice with the avian flu emerging from Asia. Should it adapt to be able to be transmitted from human to human, international health experts warn, bird flu could spark a global pandemic, infecting as much of a quarter of the world's population and killing as many as 180 million to 360 million people - at least seven times the number of AIDS deaths, all within a matter of weeks.


This is utterly different from ordinary flu, which kills between 1 million and 2 million people worldwide in a typical year. In the worst previous catastrophic pandemic, in 1918, more than 20 million died from the Spanish Flu. That's more than the number of people who died from the Black Death in the Middle Ages, and more people killed in 24 weeks than AIDS killed in 24 years.

 

There are three elements to a pandemic. First, a virus emerges from the pool of animal life that has never infected human beings, meaning no person has antibodies to fight it. Second, the virus has to make us seriously ill. Third, the virus must be capable of moving swiftly from human to human through coughing, sneezing or just a handshake.


For avian flu, the first two elements are already with us. Well over half the people who have contracted it have died. The question now is whether the virus will meet the third condition: mutating so that it can spread rapidly from human to human.


Table 1 reflects the latest statistics on H5N1 as of April 2005. The forecast, issued by the World Health Organization that accompanies the statistics reads:

 

The outbreak in Asia is not expected to diminish significantly in the short term. It is likely that H5N1 infection among birds has become endemic to the region and that human infections will continue to occur. So far, no sustained human-to-human transmission of the H5N1 virus has been identified, and no evidence for genetic re-assortment between human and avian influenza virus genes has been found.


Bird flu by the numbers
Number of human cases of H5N1 since January 2004: 88
Number of human deaths: 51
Number of suspected human-to-human transmissions: 2
Since December 2004 number of countries affected: 12
Number of countries with human fatalities: 3
Estimated number of international airline passengers per year: 1.6 billion
Types of antivirals that may be effective against bird flu: 2
Number of known bird flu types: 15
Number that can be fatal to humans: 1
Number of global dead in a best case pandemic scenario according to WHO: 2 – 7 million
Estimated global deaths during 1918-19 Spanish Flu: 40 - 50 million
Source: World Health Organization

 

It should be noted that the types of antiviral drugs that may be effective against H5N1 (bird flu) may have been diminished since April as the result of giving Tamifu, one of the antiviral drugs, to infected birds in Asia. This should be of concern, as Tamiflu is being stockpiled by many countries as their first line of defense against H5N1.


It should also be noted, that of those who have become ill with H5N1, approximately half (50%) have died. The eventual mutation of H5N1 virus into a form that can be transmitted easily from human to human has experts around the world worried due to the high mortality rate. When this mutation occurs, the current worst case forecast is for a worldwide pandemic even worse than the Spanish Flu. Note that Table 1 provides an estimate of the global deaths that resulted from the Spanish Flu at 40 – 50 million. Recent worst case scenario figures for a H5N1 are in the range of 180 – 360 million. Table 1 give a “best case” scenario figure of 2 – 7 million deaths worldwide. Please take note, the figures are for deaths, not those who get infected and are able to survive. An H5N1 pandemic could affect between 20 – 50% of the total world population.

 

If H5N1 has a mortality rate even half of its current rate, estimates of the deaths worldwide will range from 40,000,000 to 100,000,000. Even more important experts are predicting that the morbidity rate will be around 33% of the population. In the United States, current medical facilities would be overwhelmed having to support over 80 million sick individuals.

 

But the World Health Organization issues these warnings all the time


Why should we as business continuity planners be concerned? The World Health Organization (WHO) issues many warnings, for example a recent WHO advisory stated:


The World Health Organization has warned of the rapid spread of an atypical strain of pneumonia which appears to be resistant to conventional treatments. Reports of the illness have been received from Canada, China, Hong Kong Special Administrative Region of China, Indonesia, Philippines, Singapore, Thailand, and Viet Nam. Businesses should be aware of the risk to staff, especially those that have recently traveled to any of the affected countries. The new disease could be the cause of a global pandemic.

 

A recent Reuters story entitled, “Bird flu 'resistant to main drug'”, reveals that H5N1 is showing resistance to Tamiflu. The Lancet carried an article entitled, “H5N1 influenza pandemic: contingency plans” (The Lancet 2005; 366:533-534 DOI: 10.1016/S0140-6736(05)67080-8) written by Drs. Kenneth WT Tsang, University Department of Medicine, University of Hong Kong, Queen Mary Hospital, Pokfulam, Hong Kong SAR, China, Philip Eng, Department of Respiratory and Critical Care Medicine, Singapore General Hospital, Republic of Singapore, CK Liam, Department of Medicine, University of Malaya Medical Centre, Kuala Lumpur, Malaysia, Young-soo Shim and Wah K Lam, Department of Internal Medicine, Seoul National University College of Medicine, Korea, is highlighted below:

 

The current epidemic of the highly pathogenic H5N1 strain of avian influenza, with a mortality of 58%, appears relentless in Asia, particularly in Vietnam and Thailand.1 Although inefficient, there is some evidence of human-to-human transmission for the H5N1 virus.2 A possible catastrophic pandemic could, therefore, emerge should re-assortment of viral antigens occur resulting in a highly infectious strain of H5N1. Influenza pandemics in 1917–18, 1957–58, and 1968–69 have already caused approximately 15, 4, and 0·75 million deaths worldwide, respectively.


A vaccine for H5N1 will not be available in the foreseeable months. Even if pharmaceutical manufacturing begins soon after an outbreak, there would not be a sufficient supply for the countries most in need—ie, the Asian nations. Antiviral drugs are consequently the only specific treatment, pending availability of effective vaccines.

 

Governments and health agencies should also consider planning for clinical trials, for instance a combination of both neuraminidase inhibitors, with or without other potential novel drugs, such as short interfering RNAs and interferon.3 These trials, if initiated at the early stages of a pandemic, could provide useful information for further patient and outbreak management in later stages. The geographic location of vaccine manufacturers in developed countries would also delay poorer Asian nations from obtaining the updated influenza vaccine. Perhaps vaccine and neuraminidase inhibitor manufacturing activities should also begin in Asia to deal with such deficiencies. The ethics of maintaining drug patents in a potential worldwide catastrophe is questionable. Epidemiological modelling suggests that influenza is more infectious than severe acute respiratory syndrome, and that severe acute respiratory syndrome infection control measures might not be adequate for a pandemic of influenza.17 There will, therefore, be an overwhelming strain on health-care workers and hospitals in an H5N1 pandemic, and staff could be rapidly demoralised and degenerate into deserters, if colleagues develop hospital-acquired H5N1 infection, especially if not given adequate intensive-care unit treatment.18 Protection of core personnel should also be planned to underpin recovery in the aftermath, when many key players in health care and governmental institutions would have perished.


Gardener Harris of the New York Times writes in his article of October 7, 2005:

 

A plan developed by the Bush administration to deal with any possible outbreak of pandemic flu shows that the United States is woefully unprepared for what could become the worst disaster in the nation's history. A draft of the final plan, which has been years in the making and is expected to be released later this month, says a large outbreak that began in Asia would be likely, because of modern travel patterns, to reach the United States within "a few months or even weeks."


If such an outbreak occurred, hospitals would become overwhelmed, riots would engulf vaccination clinics, and even power and food would be in short supply, according to the plan, which was obtained by The New York Times.


The 381-page plan calls for quarantine and travel restrictions but concedes that such measures "are unlikely to delay introduction of pandemic disease into the U.S. by more than a month or two."


The plan's 10 supplements suggest specific ways that local and state governments should prepare now for an eventual pandemic by, for instance, drafting legal documents that would justify quarantines. Written by health officials, the plan does yet address responses by the military or other governmental departments.

 

Pandemic – Business Continuity Planners what are you doing?


We, as business continuity planners seem to be wary of addressing the issue of a pandemic as a viable scenario for planning. I recently did a tabletop simulation for a client and a presentation on pandemics at a business continuity summit for another client. The tabletop participants reflected on the experience and uniformly expressed to me that the tabletop was one of the most stressful and frustrating experiences that they had participated in. The business continuity summit attendees and many of the speakers who followed me, continued to comment on the material presented, stressing that they needed to rethink their plans. Participants in both events expressed the hope that a pandemic would not materialize.


Pandemics cause major economic losses due to absenteeism. Experts predict that during a pandemic up to 30% of the global workforce could either be off work due to sickness or stay away due to fear. Absence levels at the expected rates would cause severe problems.


The economic impact of H5N1 will be felt around the world. The impact will initially appear in two primary aspects of business. The first will be the availability of the workforce, the second and more unique impact will be in the market place.

 

Helen Branswell of the Canadian Press wrote on August 17, 2005 in her article entitled, “Flu pandemic could trigger second Great Depression, brokerage warns clients”:

 

A major Canadian brokerage firm has added its voice to those warning of the potential global impact of an influenza pandemic, suggesting it could trigger a crisis similar to that of the Great Depression.


Real estate values would be slashed, bankruptcies would soar and the insurance industry would be decimated, a newly released investor guide on avian influenza warns clients of BMO Nesbitt Burns.


"It's quite analogous to the Great Depression in many ways, although obviously caused by very different reasons," co-author Sherry Cooper, chief economist of the firm and executive vice-president of the BMO Financial Group, said in an interview Tuesday.
 

"We won't have 30-per-cent unemployment because frankly, many people will die. And there will be excess demand for labour and yet, at the same time, it will absolutely crunch the economy worldwide."
 

A leading voice for pandemic preparedness said the report is evidence the financial and business sectors - which have been slow to twig to the implications of a flu pandemic - are finally realizing why public health and infectious disease experts have been sounding the alarm.


"I think that this particular report really signifies the first time that anyone from within the financial world, when looking at this issue, kind of had one of those 'Oh my God' moments," said Michael Osterholm, director of the Center for Infectious Disease Research and Policy at the University of Minnesota.


"The financial world is finally waking up to the fact that this could be the boulder in the gear of the global economy," he said, suggesting a pandemic could trigger an implosion of international trade unlike anything seen in modern history.

"All the other catastrophes we've had in the world in recent years at the very most put screen doors on our borders. This would seal shut a six-inch steel door," Osterholm said.

Cooper, a highly influential figure in the Canadian financial sector, wrote the report with Donald Coxe, a global portfolio strategist for BMO Financial Group.

They warn investors the economic fallout out of a pandemic would inflict pain across sectors and around the globe.

Airlines would be grounded, transport of goods would cease, the tourism and hospitality sectors would evaporate and the impact on exports would be devastating, Cooper wrote.

"This would trigger foreclosures and bankruptcies, credit restrictions and financial panic," she warned, suggesting investors reduce debt and risk in their portfolios to be on the safe side.

Absence of purchases due to illness and psychological reactions to a pandemic will present a new form of business impact that is currently not assessed as part of the traditional business impact assessment; and as such, it is not addressed in any business continuity, disaster, crisis management or recovery plans. Another area that has not been addressed in impact assessment or plans is the loss or restriction of a company’s revenue. Traditional plans start with an assumption that the marketplace is still viable; a potentially false assumption. Traditional plans are designed to get an organization back into their market as quickly as possible – RTO, RPO and MTO come to mind (RTO = Recovery Time Objective, RPO = Recovery Point Objective, MTO = Maximum Tolerable Outage).

In the case of a pandemic markets may no longer be viable. If your market is materially impaired, a consequence is that the revenue that is derived from that market may be restricted and/or completely gone.

In another article, published on October 7, 2005 (NewsTarget.com) entitled, "Economic Shock Waves From Avian Influenza Spreading Faster than the Disease" the following is pointed out:

The Avian influenza crisis in Asia has already caused more than $10 billion dollars in damage in the economies of the most-seriously affected countries, but this is just the tip of the iceberg compared with the possible global economic consequences of a human influenza pandemic according to a study, Thinking Ahead: The Business Significance of an Avian Influenza Pandemic, released today by Bio Economic Research Associates (bio-era™).

"According to the quantitative measures we developed for assigning relative economic risk exposure to infectious disease outbreaks for countries in Asia, Hong Kong and Singapore are especially vulnerable to the initial economic shock waves that would ensue from a pandemic," said James Newcomb, Managing Director and principal author of the bio-era report. "However, the secondary impacts on other countries, especially China, could have far-reaching impacts for economies around the world, including the US," he added.

Other key findings in the report include:

! Avian influenza is the latest in a series of major livestock disease outbreaks that have caused more than $60 billion in economic damages worldwide over the past 15 years.

! Concerns about a possible influenza pandemic are already providing stimulus for increased spending and accelerated research and development efforts in some parts of the economy, ranging from custom microarray chips for rapid diagnostic testing to antiviral drugs.

! Governments around the world have recently made commitments totaling an estimated $1.4 billion to stockpile oseltamivir (Tamiflu)—an antiviral drug produced by pharmaceutical giant Roche.

! Manufacturers of flu vaccines are gearing up for what may be an unprecedented global demand for a vaccine effective against H5N1 variants, but it is not known whether the vaccines being developed now would be effective against the influenza strains that might emerge.

! New "DNA vaccines" offer an alternative to conventional production technologies and could speed the vaccine industry’s ability to respond, but these technologies are not yet approved by FDA.

"We’ve been looking at how things might unfold under six very different but highly plausible scenarios for the evolution of the outbreak," said Stephen Aldrich, President of bio-era. "In the process, we’ve made assessments of potential outbreak risk by country, the relative economic exposure by country — and how selected industries and companies are likely to be affected."

We have not experienced this type of business problem in our lifetimes. The last generation to have to address such a widespread issue was that of our grandparents and parents during the Great Depression.

During the Great Depression the revenue component of the free enterprise system was significantly impaired. Just as important, today on a worldwide basis we do not have any leadership in business or government who has lived through the 1918 Spanish Flu Pandemic or the Great Depression and so that experience base is lost to us. Our best option, therefore, is to start to think about the possible problems we may have to confront and take steps to avoid or deal with them in our businesses. If we wait until the pandemic starts, it will be too late.

Even if a pandemic were mild, it is estimated that about a third of the world's population would fall sick over a period of months and millions would die. If the strain is virulent, the death toll could mount to several million, over a relatively short period. If we look at previous pandemics (Spanish Flu 1918 – 1919, Asian Flu 1957 – 1958, Hong Kong Flu 1968 – 1969) they generally run their course in 18 to 24 months. As an example, the
economic consequences could be staggering; SARS wreaked economic devastation on affected cities and countries in a relatively short period.

The Health and Human Services Department plan outlines a worst-case scenario where more than 1.9 million Americans would die and 8.5 million would be hospitalized with costs exceeding $450 billion.

Current Forecasts – Business Continuity Planners where can you add value?

We often use the phrase “value added” when we promote business continuity planning. We say that we “add value” to an organization by preparing it to respond and recover from incidents. At this time I think that we can earn our keep, so to speak, by providing that “value added” service that we speak of. Current forecasts predict that the H5N1 pandemic will spread around the world in a historically short period of time. One expert stated that if this pandemic is identified on the west coast of the United States it will spread across the country in a week. When SARS spread from China just a couple of years ago, it was in 5 countries in 3 days and in 24 countries in 3 months. Time to react will be virtually non-existent. And if we are to earn our merit as business continuity planners, we need to react now! The companies that survive this extraordinary disaster when it occurs will have heeded the words of Sun Tzu centuries ago, “Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” Planning today will prove to be the only viable strategy to ensure a company’s “victory”.

What If…?

What if the pandemic does not materialize? Do we have the proverbial “egg on our face”? In the event that this pandemic does not materialize, your planning will not be lost. Most of it will be transferable. There will be future pandemics (and they occur approximately every 30 – 40 years) and to the ever present threat of terrorist attacks using chemical/biological/nerve agents. Business survivability in the face disasters is imperative to the economic strength of the world community.

We as continuity planners have an obligation to be forward thinking and to see what others choose not to recognize until it is upon them.

Steps to take…Now

The ability to effectively respond to and manage the consequences of an event in a timely manner is essential to ensure an organization's survivability in today’s fast paced business environment. With the emergence of new threats, such as cyber-terrorism and bio-terrorism; and the increasing exposure of companies to traditional threats such as, fraud, systems failure, fire, explosions, spills, natural disasters, etc. an “integrated” approach to Business Continuity Planning is essential. The “integrated” approach, as presented in this article, is based on the concept of graceful degradation and agile restoration. “Graceful degradation” refers to the ability of an organization to identify the event, classify it into a level of severity, determine its consequences, establish minimal stable functionality, devolve to the most robust less functional configuration available and to begin to direct initial efforts for rapid restoration of services in a timely fashion.

Several steps can be taken to prepare your organization. First, put in place an effective surveillance program; meaning, expand your business impact assessment activities. In my article, “"Futureproofing" - the Process of Active Analysis” written in 2003, I recommended that we rethink the business impact assessment process:

Traditional analysis such as that performed at the initiation of the business continuity plan development is recognized as necessary to develop a baseline of information. However, it should also be recognized as having certain limitations:

• Pre-Event - Best guess as to what could occur

• Static - Best guess based on available facts and models

Traditional analysis creates undecidability due to the inability to predict all behavior in a dynamic environment. Therefore one should adopt an Active Analysis methodology, such as that developed by Logical Management Systems, Corp. (LMS). LMS' methodology is based on the U.S. Military's "Joint Special Operations Targeting and Mission Planning Procedures" (JP 3-05.5 10 august 1993). It is detailed herein.

The advantages that can be realized by adopting this methodology and maintaining an active analysis process are:

• Uses Static Analysis as a basis

• Touchpoint complexity factors

• Dynamic - based on creating a mosaic

• Time Factors (Time Critical, Time Sensitive and Time Dependent) act as drivers

Termed "Futureproofing" by LMS the active analysis process is designed to create a mosaic that enhances decision making by identifying behavior patterns in a dynamic environment.

Active analysis can be subdivided into three categories of possible threats/occurrences that could befall an organization. Dr. Ian Mitroff refers to the three categories as Natural Accidents, Normal Accidents and Abnormal Accidents. I have renamed them and to differentiate the three aspects of each. That is, the threat, the actual occurrence and the consequence of the occurrence.

Natural Threats/Occurrences/Consequences consisting of such things as drought, floods, tornadoes, earthquakes, fires and other naturally occurring phenomena.

Normal Threats/Occurrences/Consequences consisting of such things as Economic Disasters, such as:

Recessions

Stock Market Downturns

Rating Agency Downgrade, etc.

Personnel Disasters, such as:

• Strikes

• Workplace Violence

Vandalism

• Employee Fraud, etc.

Physical Disasters, such as:

Industrial Accidents

Supply Chain

Value Chain

Product Failure

Fires

Environmental

Health & Safety

Abnormal Threats/Occurrences/Consequences consisting of Criminal Disasters, such as:

Product Tampering

Terrorism

Kidnapping & Hostages, etc.

Information Disasters, such as:

Theft of Proprietary Information

Hacking, Data Tampering

Cyber Attacks, etc.

Reputation Disasters, such as:

Rumors

Regulatory Issues

Litigation

Product Liability

Media Investigations

Internet Reputation, etc.

Please note Abnormal Threats/Occurrences/Consequences are becoming more of the norm than abnormal as we see the normalization of threats such as hacking and data tampering.

Five key assumptions were used as a basis to for the developmental framework of the "Futureproofing" methodology. These are:

Assumption # 1: The modern business organization represents a complex system operating within multiple networks

Assumption # 2: There are many layers of complexity within an organization and its "Value Chain"

Assumption # 3: Due to complexity, active analysis of the potential consequences of disruptive events is critical

Assumption # 4: Actions in response to disruptive events needs to be coordinated

Assumption # 5: Resources and skill sets are key issues

Based on the above assumptions and the results of the baseline analysis (static analysis) one realizes that the timely identification, classification, communication and response, management and recovery from a disruptive event are critical. As depicted in the graphic on the next page over time uncertainty will decrease, as will available options for response and recovery.

This is contrasted with increasing numbers of issues and higher and higher costs associated with response and recovery efforts. As such, an organization should seek to continually analyze situations so as to develop a clear picture of the current state of the business system network. Referred to as "Data Fusion - Constructing a Mosaic" by LMS; this is a process of getting enough bits and pieces of information in place in order to transform seeming chaos into recognizable patterns upon which decisions can be made.

Second, recognize that you cannot depend on public authorities (read this as government at all levels) to be there for your organization. They will have too many issues to deal with and they will also be impacted by the pandemic – remember that 30% of the population could be affected; that means that civil authorities are just as
susceptible to contracting the disease. Your organization and its “value chain” must its own comprehensive plan for dealing with the business consequences of a pandemic. Rethink the basis on which you developed your plan – talk to the risk management and strategic planning personnel in your organization and find out what they are looking at with regard to business expansion, contraction, risk mitigation, etc. They should be very conversant as a result of the recent hurricanes, earthquakes, tsunami and general competitive forces in the economy. Revise your business continuity plan. Develop the ability, as an organization, to sequence back your operations while ensuring that your business system and its network (“value chain”) can maintain level of functionality while operating at reduced capability. When your business system and its network reaches the state of minimum functionality, the organization can begin to conduct a campaign of "agile restoration" until it achieves a state of full functionality and a return to normal operations.

If you do the first step, putting in place an effective surveillance system, you will develop "detectors and indicators of change" metrics that can be employed to facilitate the constant analysis of the state of the business system and its complex "value chain" network. The "detectors and indicators of change" provide the early warning basis for event classification at the lowest (least severe) levels.

Third, train, drill, exercise. All the planning in the world is never going to be effective unless it can be implemented. One key to implementation is having a trained organization. That means that we have to train not only the primary position holders in our organization, but we have to train the secondary and even a third level within the organization.

If Only We Had Known…A New Paradigm for Planning Strategists

In my latest book, “Integrated Business Continuity Planning: Maintaining Resilience in Uncertain Times” I asked:

"Is Business Continuity integrated into your business operations as a way of doing business; or is Business Continuity an adjunct to the business that you are involved in?"

As you ponder this question, you need to reconsider the value proposition offered by having an integrated approach to business continuity.

I offer the following definitions for the purpose of this article and as a basis for developing an “integrated” approach to continuity:

Crisis: "A disruptive event that is amplified, elevated and magnified."

Business Continuity: "All initiatives taken to assure the survival, growth and resilience of the enterprise."

Executives have an obligation to their stakeholders to assure that everything that can reasonably be done to protect the business and ensure its competitiveness in the marketplace is done. Unless executives rethink the relationship between how they do business (strategy, competitive intelligence, etc.) and the way they currently address business continuity (managing disruptive events, security, etc.), the imbalance between "security" and competitiveness will not be resolved. Therefore, businesses must rethink their recovery strategies to be able to deal with and survive pandemics. This is a whole new paradigm for planning strategists.

The table below is a look into the proverbial “crystal ball” at what could be some of the possible outcomes when the pandemic strikes.

Conclusion: Seize the Initiative - It Makes Sense

A Chinese proverb states that "Opportunity is always present in the midst of crisis." Every crisis carries two elements, danger and opportunity. No matter the difficulty of the circumstances, no matter how dangerous the situation… at the heart of each crisis lays a tremendous opportunity. Great blessings lie ahead for the one who knows the secret of finding the opportunity within each crisis.

Today business leaders have the responsibility to protect their organizations by facilitating continuity planning and preparedness efforts. Using their status as “leaders,” senior management and board members can and must deliver the message that survivability depends on being able to find the opportunity within the crisis.

Market research indicates that only a small portion (5%) of businesses today have a viable plan, but virtually 100% now realize they are at risk. Seizing the initiative and getting involved in all the phases of crisis management can mitigate or prevent major losses. Just being able to identify the legal pitfalls for the organization of conducting a crisis management audit: can have positive results.

We cannot merely think about the plannable or plan for the unthinkable, but we must learn to think about the unplannable. Business continuity planning must be overlapping in time, corrective in purpose complimentary in effect.

References

Drabek TE, Tamminga HL, Kilijanek TS, Adams CR. Managing multi-organizational emergency responses: emergent search and rescue networks in natural disaster and remote area settings. Natural Hazards Research and Applications Information Center. University of Colorado, Boulder CO, 1981

Harris, Gardner, October 8, 2005 – New York Times; Bush Plan Shows U.S. Is Not Ready for Deadly Flu

Meyer, Gerald C., "When it Hits the Fan: Managing the Nine Crises of Business," 1986

Mittelstadt, Michelle, Dallas Morning News, Sunday, September 11, 2005 "Four years after 9-11, Katrina reveals flaws in emergency planning"

Mitroff, Ian, I., Avoid "E3" Thinking, Management General, 1998

Mitroff, Ian, I., Smart Thinking for Crazy Times: The Art of Solving the Right Problems, 1998

Sikich, Geary W., The Financial Side of Crisis, 5th Annual Seminar on Crisis Management and Risk Communication, American Petroleum Institute, 1994

Sikich, Geary W., Managing Crisis at the Speed of Light, Disaster Recovery Journal Conference, 1999

Sikich, Geary W., Business Continuity & Crisis Management in the Internet/E-Business Era, Teltech, 2000

Sikich, Geary W., What is there to know about a crisis, John Liner Review, Volume 14, No. 4, 2001

Sikich, Geary W., The World We Live in: Are You Prepared for Disaster, Crisis Communication Series, Placeware and ConferZone web-based conference series Part I, January 24, 2002

Sikich, Geary W., September 11 Aftermath: Ten Things Your Organization Can Do Now, John Liner Review, Winter 2002, Volume 15, Number 4

Sikich, Geary W., Graceful Degradation and Agile Restoration Synopsis, Disaster Resource Guide, 2002

Sikich, Geary W., "Aftermath September 11th, Can Your Organization Afford to Wait", New York State Bar Association, Federal and Commercial Litigation, Spring Conference, May 2002

Sikich, Geary W., "Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty," PennWell Publishing, 2003

"It Can’t Happen Here: All Hazards Crisis Management Planning", Geary W. Sikich, PennWell Publishing 1993.

Sikich, Geary W. and Slavik Nelson S., Industry Expectations Concerning Healthcare Response to OSHA 1910.120 "Hazardous Waste Operations and Emergency Response"; Environmental Health Manager; Spring Issue 1990, VOL. 4, No. 1.

Sikich Geary W., "The Emergency Management Planning Handbook", McGraw Hill, 1995.

Sikich Geary W., Stagl, John M., "The Economic Consequences of a Pandemic", Discover Financial Services Business Continuity Summit, 2005.

Zuckerman, Mortimer B., New York Daily News, 20 June, 2005, "A Nightmare Scenario – H5N1 Pandemic"

Economic Shock Waves From Avian Influenza Spreading Faster than the Disease Source: http://www.prweb.com/releases/2005/3/prweb220610.htm

The following citations are taken in total from The Lancet carried an article entitled, "H5N1 influenza pandemic: contingency plans" (The Lancet 2005; 366:533-534 DOI: 10.1016/S0140-6736(05)67080-8):

1. World Health Organization. Cumulative number of confirmed human cases of avian influenza A/(H5N1) since 28 January 2004. May 4, 2005 http://www.who.int/csr/disease/avian_influenza/country/... (accessed May 8, 2005)

2. Ungchusak K, Auewarakul P, Dowell SF, et al. Probable person-to-person transmission of avian influenza A (H5N1). N Engl J Med 2005; 352: 333-340. CrossRef

3. Zeitlin GA, Maslow MJ. Avian influenza. Curr Infect Dis Rep 2005; 7: 193-199.

4. Kirkbride HA, Watson J. Review of the use of neuraminidase inhibitors for prophylaxis of influenza. Commun Dis Public Health 2003; 6: 123-127.MEDLINE

5. World Health Organization. National influenza pandemic plans. 2005: http://www.who.int/csr/disease/influenza/nationalpandem... (accessed May 8, 2005).

6. GlaxoSmithKlineRelenza datasheet. Issue number 5. June 8, 2000. Evreux, France: Galxo Wellcome Production, 2000: http://www.msdsgsk.com/uk_presc/11057406.pdf (accessed June 1, 2005).

7. Hoffmann-La RocheTamiflu datasheet. Core data sheet version 1.5. May, 3 2004. Basel: F Hoffmann-La Roche, 2001:http://www.medsafe.govt.nz/profs/Datasheet/t/Tamiflucap... (accessed June 3, 2005).

8. The MIST (Management of Influenza in the Southern Hemisphere Trialists) Study Group. Randomised trial of efficacy and safety of inhaled zanamivir in treatment of influenza A and B virus infections. Lancet 1998; 352: 1877-1881. Abstract | Full Text | PDF (80 KB) | MEDLINE | CrossRef

9. Treanor JJ, Hayden FG, Vrooman PS, et al. Efficacy and safety of the oral neuraminidase inhibitor oseltamivir in treating acute influenza: a randomized controlled trial. JAMA 2000; 283: 1016-1024US Oral Neuraminidase Study Group. MEDLINE

10. McKimm-Breschkin JL. Management of influenza virus infections with neuraminidase inhibitors: detection, incidence, and implications of drug resistance. Treat Respir Med 2005; 4: 107-116. MEDLINE

11. Kiso M, Mitamura K, Sakai-Tagawa Y, et al. Resistant influenza A viruses in children treated with oseltamivir: descriptive study. Lancet 2004; 364: 759-765. Abstract | Full Text | PDF (95 KB) | CrossRef

12. Tran TH, Nguyen TL, Nguyen TD, et al. Avian influenza A (H5N1) in 10 patients in Vietnam. N Engl J Med 2004; 350: 1179-1188. CrossRef

13. Imuta F, Toyoda M, Toyoda T. New application method of zanamivir with a straw. Pediatr Int 2003; 45: 366-367. MEDLINE | CrossRef

14. Murphy KR, Eivindson A, Pauksens K, et al. Efficacy and safety of inhaled zanamivir for the treatment of influenza in patients with asthma or chronic obstructive pulmonary disease: a double-blind, randomized, placebo-controlled multicentre study. Clin Drug Invest 2000; 20: 337-349.

15. Cass LM, Brown J, Pickford M, et al. Pharmacoscintigraphic evaluation of lung deposition of inhaled zanamivir in healthy volunteers. Clin Pharmacokinet 1999; 36 (suppl 1): 21-31.

16. Hill LS, Slater AL. A comparison of the performance of two modern multidose dry powder asthma inhalers. Respir Med 1998; 92: 105-110. MEDLINE | CrossRef

17. Webby RJ, Webster RG. Are we ready for pandemic influenza?. Science 2003; 302: 1519-1522. CrossRef

18. Tzeng HM. Nurses' professional care obligation and their attitudes towards SARS infection control measures in Taiwan during and after the 2003 epidemic. Nurs Ethics 2004; 11: 277-289. MEDLINE | CrossRef

Technorati tags:

 

 

 

 

GEARY SIKICH

 

 

Geary Sikich a Principal with Logical Management Systems, is recognized as a one of America’s premier thought leaders in corporate crisis management, business continuity, enterprise risk management and strategic resiliency.

 

He has provided services to Fortune 500 companies including American Express, ExxonMobil, Amoco, Motorola and international institutions such as the World Bank.

 

He is the author of over 160 published articles and three books on crisis management and business continuity: "It Can't Happen Here: All Hazards Crisis Management Planning" (Tulsa, Oklahoma: PennWell Books, 1993). His second book, "Emergency Management Planning Handbook" (New York: McGraw-Hill, 1995) is available in English and Spanish-language versions. His third book, "Integrated Business Continuity: Maintaining Resilience in Uncertain Times," (PennWell 2003) is available on www.Amazon.com.  His latest book, “The Great Wreckoning: Pandemic and the Global Economy” is currently being finalized for publishing. 

 

Previously on Geary Sikich:

 

Legislation, Regulations and their impact on BCP: “How to think globally while acting locally” [May 22 06]

A new planning paradigm: Economic Consequences of a Pandemic [Feb 19 06]

 

 

 

 

The contents of this site, unless otherwise specified, are copyrighted by © Big Medicine 2001-2007. The news provided is for personal use only. Reproduction or redistribution of the this site, in whole, part or in any form, requires the express permission of Big Medicine or the original source. For questions or comments pertaining to this site, contact the web administrator. Big Medicine is not responsible for the content of external sites linked and does not endorse their content. Advertisers are not responsible for Big Medicine contents, the content of external sites linked and do not endorse their content.