a second opinion isn't second best

By planning around certain harmful events you take ownership of your continuity risk. But there are things you won't know when writing your plan. You need to involve stakeholders, specialists. Seek their advice and perspectives, learn about their plans. Tell them about what risk you see and how you intend to treat it. Have your plan qualified through their input and compatible with their plans.

Business Continuity is not an arena for lone rangers. Getting a second opinion makes for a first-class plan.


in the midst of the crisis

Part of Business Continuity is dealing with crises. Throughout 2015 I've been involved in the large FSPOS Sektorsövning of the Swedish financial sector. The task was to plan, prepare and lead this simulation exercise for one participating Crisis Management Team. They faced a rapidly evolving scenario. How would they respond to threats, deal with uncertainties, communicate with customers and the market? Creativity in the midst of stress. Improvising from existing plans. Valuable lessons and loads of fun!


the future of continuity

Last week's Q&A with Master's Students in Kista, Stockholm was fun. Still in their first semester, I'm impressed by their wide-ranging questions. In fact, I even appreciate their showing up for an optional event. Arranging anything non-obligatory was kind of a hard sell when I first studied, back in a previous millennium. Many thanks to Mark Strande who kindly agreed to join me for this session to share his insight on Business Continuity. Also, presenting together is so much more fun.


innovation through dialogue

Security needs innovation, new ideas from new people. It's great to see a new Master's Programme underway at Stockholm University. Department of Computer and Systems Sciences (DSV) is set to regain its position as a leader in the field, and the industry stands to benefit.

Aiming for openness and external contacts, the programme has hosted a series of Security Dialogues, informal sessions with folks outside academia. I'm super-pleased to have been invited to meet with students December 2. Dialogue FTW!


react, adapt and return

Continuity risk can rarely be avoided and the likelihood is difficult to decrease. Our best bet tends to be lowering the consequence, preparing for how to reduce the impact of the risk event.

The way we do this is through planning to strengthen key organisational capabilities:

  • to react effectively when the event occurs (contingency plan)
  • to adapt and do business differently when necessary (continuity plan)
  • to return to normal delivery in an orderly fashion following the crisis (recovery plan)


passion vs. arguments

The Royal Swedish Academy of Sciences hosted a day on radiation risk in the context of final disposal of nuclear waste with researchers, industry, municipalities plus vocal opponents of, well, most everything.

60+ years after its introduction, nuclear energy remains an explosive topic. This sad state of affairs clouds our ability as a society to address the matter rationally. Then again, rationality is not in fashion these days.

But my thanks to all who contributed constructively. I learned a lot.


later is now

Beginning to get a grip on continuity risk, where does it hurt and where will it hurt? Ensure the involvement of top management. Where will your business be one year from now? Three years? Be sure to have your strategy framing your risk assessment.

You cannot eliminate all risk. So, which represents a cost that you can live with and which of it is existential to your business? (Hint: many owners of processes and systems believe their area is prio #1. This is precisely why you must involve the execs.)


your continuity compass

How do you manage the unknown?

For starters, make it part of your risk work. Risk is the potential for events with impact on your goals. Focus on low-likelihood events with high impact on availability. This is Continuity Risk - your continuity compass.

Have it integrated with your Risk Management. Identify, describe and quantify. Use your history, known events which could have a higher impact if repeated. How bad could it get on a rainy day? Analyse and treat. You know the drill. Expect the unexpected.


the future in your rear mirror

Once in a while things happen for the first time. Experts talk of black swans, events we couldn't imagine.

Those are the exceptions. Many accidents occur repeatedly. In fact, a useful tool for gazing into the future is a rear mirror.

But I haven't had any disasters, you say? Good for you! What about those times you were lucky? Or, not as unlucky as you could have been? Use the history within your context, think of what has happened. Imagine what the impact could be, another day, under worse conditions.


when the smoke clears

The 2014 Västmanland wildfire turned into a six weeks-long regional emergency.

It remains a source for insight into what works and what doesn't in societal preparedness. Issues from civil-military cooperation and local-regional-national coordination to volunteering, training and helicopters are subject to a broad study by Swedish Civil Contingencies Agency (MSB).

I was fortunate to attend last week's project update, and I recommend the webinar version with lessons for any practitioner in Crisis Management.