Follow my ruminations
Get new content delivered directly to your inbox.
- Always worth checking under the bonnet
How does management have confidence to sign off on Business Continuity Software?
Listening to sales pitches characterised by:
- Bells and whistles.
- Shiny new toys.
- Smoke and mirrors.
is too often a management burden.
I suggest keeping it simple with a couple of considerations.
- Vulnerability is at the heart of good risk assessment
How do you recognise and address your vulnerabilities to disasters? We are all exposed to different hazards. To different disasters. We are all differently vulnerable.
The internationally respected Standard on Continuity, Emergency, and Crisis Management (NFPA 1600) defines risk as a measure of the probability and severity of adverse effects that result from exposure to a hazard.
Drawing on NFPA internationally respected standards for disaster management and vulnerability assessment, the recently released Damocles Risk Assessor app applies the standards to align with your context. Supporting effective planning – before and after disaster impact.
- Old school … or … New School?
Hi – just dropping this post in response to “the needs of old schoolers” – who, while they like our free apps (OughtWe decision-maker, and Agile Business Continuity), prefer the comfort – and familiarity – of files they know (such as Word and Excel) – and have therefore requested I make them available at nominal cost.
The guidelines, tools, and templates available on this Zip file will support your planning processes and strengthen your resilience. Using familiar software such as Microsoft Word and Excel we focus on quality processes within a risk management framework.
These approaches serve as best practice models. They are not simplistic “templates for duplication” relying on “cut n pastes” and “global word changes”. They will step you through processes that evaluate the significance of requirements specific to your context – supporting you to write up your tailored approach accordingly.
The Complete Risk Management Toolkit – a 1.3 MB bundle – includes:
(a) Risk Management Planning template (Word.doc, 15 pages);
Addressing risks systematically can mitigate their negative effect – and even turn them into opportunities.
Our template will guide you through a logical workflow of nine steps – with a focus on “control assurance” and aligned with the International Standard for Risk Management ISO 31000.
The approach integrates the following key questions:
• Risk Statement – what is the uncertain event, its causes, and its effects?
• Stakeholders – who have an interest in this risk and the management of this risk?
• Engagement – how should each stakeholder be communicated to and consulted with?
• Context – what conditions or circumstances (social, technical, legal, economic) have contributed to the risk?
• Current Treatments – what are we currently doing to reduce or eliminate this risk – and how adequate are these treatments?
• Consequences – what might happen if the current situation continues (i.e. we do nothing)?
• Potential Proposed Treatments – what could we propose which might reduce or eliminate this risk?
• Potential Risks – what new risks might be introduced by the controls/treatments we are proposing to implement?
• References – what information sources (data, policy, and procedures) have been used?
(b) Business Continuity Plan template (Word.doc with embedded Excel Spreadsheets, 33 pages);
Using an approach that has worked for businesses and governments globally for over twenty-five years to integrate their Crisis Management and Business Continuity Plans, our approach empowers you to focus on your vulnerabilities.
It centers on the key activities which you need to keep doing to stay in business.
What differentiates this approach from other business continuity and crisis management products is that it will support you to understand your risks, evaluate your exposures, and take action:
– to mitigate your vulnerability before an incident, and
– to manage the consequences after an incident
(The integrated Excel Planning Workbook uses Worksheets to map critical functions and vulnerability in a clear and straightforward manner – which are then also used to report impact.)
(c) Emergency Management Plan (for facilities) template (Word.doc with embedded Tables, 46 pages).
The plan will help you to establish best practice site-specific emergency procedures. It applies the Australian Standard AS 3745 – 2010 “Planning for Emergencies in Facilities”, which is widely accepted as the benchmark when it comes to implementing emergency procedures and training for sites, buildings, and facilities. Developing an approach aligned with this best practice will assist you in meeting your legal responsibilities as well as your ethical obligations.
These tools and templates are legally owned by me – and I am authorized to sell them.
- Can simplification become simplistic?
I’m looking for some feedback on whether the soon to be released Damocles Risk Assessor App should have seperate screens for before and after impact risk – or should they be on the one screen?
- Let me count the ways …
If I was living in the Ukraine I might have benefited from reflecting on which hazards I would potentially be exposed to.
A then, how vulnerable I am.
If I wasn’t living in the Ukraine I would still benefit from this process.
A useful checklist to kickstart consideration is the Hazards from NFPA 1600 – which are to be used in the soon to be released update (NFPA 1660).
This Standard specifies – Hazards to be evaluated shall include the following:
(b) Landslide, mudslide, subsidence
(b) Extreme temperatures (hot, cold)
(d) Flood, flash flood, seiche, tidal surge
(e) Geomagnetic storm
(g) Snow, ice, hail, sleet, avalanche
(h) Wildland fire
(i) Windstorm, tropical cyclone, hurricane, tornado, waterspout, dust storm, sandstorm
(a) Food-borne illnesses
(b)* Infectious/communicable/pandemic diseases
(4) Accidental human-caused:
(a) Building/structure collapse
(d) Fuel/resource shortage
(e)* Hazardous material spill or release
(f) Equipment failure
(g) Nuclear reactor incident
(h) Radiological incident
(i) * Transportation incident
(j) Unavailability of essential employee(s) (k)* Water control structure failure
(5) Intentional human-caused:
(a) Incendiary fire
(b) Bomb threat
(c) Demonstrations/civil disturbance/riot/insurrection
(e) Disinformation (rumors, false allegations, or accusations)
(g) Geopolitical risks including acts of war, change in government, and political instability
(h) Missing person
(i) * Cyber security incidents
(j) Product defect or contamination
(l) Strike or labor dispute
(m) Suspicious package
(p) Workplace/school/university violence
(q) Supply chain constraint or failure
(a)* Hardware, software, and network connectivity interruption, disruption, or failure
(b)* Utility interruption, disruption, or failure
(a) Foreign currency exchange rate change
(b) Economic recession
(d) Theft/fraud/malfeasance/impropriety/scandal involving currency, monetary instruments, goods, and intellectual property
(a) Loss of senior executive
(b) Failed acquisition/strategic initiative
(9) Humanitarian issues
Yes, that is core to my free apps.
No data is collected by my apps.
- Taking a step back …
I recall – in the late 1980s – reflecting on the wisdom displayed in the concepts illustrated below (despite the bemusing “causal/casual” typo 😂).
It demonstrates the value of “peeling back the onion”. The value asking “why”? The value of questioning to the void.
It also flags a warning.
It flags the need to think differently.
… and to do differently
All disasters should stimulate us to step back. To explore interventions which are truly “comprehensive and integrated” – how we can peel back the onion to explore gaps and opportunities. Sometimes to change the whole way we define our needs.
- When our “lifelines” are vulnerable
- Flexible, Scalable, and Proven.
Looking to build your business continuity capability?
A sound approach to meeting the needs of individuals, small businesses, and large corporates.
Agile Business Continuity Crosswalk
The question is, which best suits you?
The answer is, they’re not mutually exclusive.
- How can I get the Agile Business Continuity app as a tool for use across the organization?
Scale up to Your Flying Fish
‘YourFlyingFish’ – Agile Business Continuity App tailored for you
The Agile Business Continuity app can be customized for your organisation
– your hazards, your care-abouts, and your risk tolerance
– supporting clarity, consistency and conversations
- Free app to support your nimble business continuity capability
The Agile Business Continuity app uses a risk-based approach recognizing people have different contexts.
We all might share some of the same exposures to extreme events. We all might share some of the same things we care about. However, context is crucial. It is useful to consider how your hazards interface with your vulnerabilities. To consider your thresholds for acceptable risk … and based on these considerations, tailor your plans to meet your needs and values.
Therefore, the focus of the app is on “you and your business” – on “continuity” and the things you “care about” which support your prioritized activities.
“Prioritized activities” are the minimum necessary activities required to deliver a product or service.
Risk is focused on as a function of the interface between hazards relevant to the business context and the vulnerability of critical resources/assets (the things we care about) (R f H x V).
1. Map your context
Identify hazards relevant to your context and score their importance by considering the criteria provided.
Examples used below – and in the app – are taken from the “Standard on Continuity, Emergency, and Crisis Management”, NFPA 1600 (2019).
Identify, and describe, the things you rely on in your context
Resources (things you care about / rely on)
For each of the identified processes or prioritized activities required for you to achieve your objectives, identify the things you “care about” that support the processes or critical activities by focusing on the following:
(3) Infrastructure (including premises)
(4) Technology (including plant and equipment)
(5) Information (digital and analog)
(6) Supply chain (supplies and suppliers)
Describe the things you care about.
2. Assess your risks
How vulnerable is this resource (“care-about”) in the current circumstances?
Describe the things you care about, and score their vulnerability to your hazard before a disaster.
(The impact slider is used in the event of a disaster)
How impacted is this resource (“care-about”) in extreme events/circumstances?
3. Implement your plans.
Communication and collaboration are fundamental to successful management. Especially the management of risk. Reports are generated based on being able to select from combinations of any – or all – of the data fields as outlined in the Menu below. These can be generated as PDF documents – to be shared and communicated as required. It is interesting to note that during the planning process – both before and during a disaster – users will frequently send screenshots to others using to arrow icon displayed at the bottom right of many screens.