Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security & Business Resilience

How to Prepare for ‘Business not as Usual’

By Jeff Schmidt
Generic image for Business Continuity
April 1, 2012
How many times a month do we hear on the news about product recalls – on everything from vehicles and produce to toys and pharmaceuticals? How often do we hear about manmade and natural disasters that not only seriously impact the people in a locale – but the businesses that operate in that region?

To survive the “unexpected,” businesses today, both in the private and public sectors, must be prepared for unusual business conditions, whether they are caused by manmade, natural, environmental or accidental circumstances. And it’s essential that businesses develop crisis plans and regularly test them.

 Crisis planning can be broken down into three main areas: emergency management, business continuity and resilience plans.

Most businesses look at one or maybe two of these areas, but a good plan needs to encompass all aspects. The flaw many companies often encounter is that they develop crisis plans to show that they will work – but they are seldom tested for failure. But failure is where we learn how things really work – or not. What chain of unforeseen events might be set off by an incident when best-laid plans are set aside, and improvisation is key. 

So why are these three areas so important?

 

Emergency Management

In most “emergencies,” the first thing to take into consideration is how you assess the situation in preparation for an event – for example, a natural disaster like a hurricane or a scheduled occurrence like the Super Bowl. Questions to ask: what is my team, who does it include? How do I ensure I have the qualified resources as well as the assurance that in an emergency situation, they will be able to be first responders? Is any individual critical in the process? How do you get people where they need to be – or, do you have access remotely?  What is the impact if you pull a few key people out of the process or facilities?

 

Business Continuity

It’s admirable for companies to talk about 99.999 percent as an effective measure for up-time around networks and systems, but rarely does this get discussed at the application level or even further down the stack, at the customer level. How do you make sure your business is operational and functioning as normal?

This vigilance should be extended to your business partners, suppliers, transporters, maintenance, etc. The aftermath of the tsunami and Fukushima nuclear power incident in Japan has shown us how important this can be, given the disruption we have seen within the technology industry since then. 

 

Resilience

Then there is resilience. How much redundancy do you need in your business, either in the “business as usual” process, or as it relates to business as “unusual.” 

In reality, the three major areas noted here all merge together in a solid risk management process and an accompanying assessment of the organization’s risk appetite. Although the term risk appetite is more often associated with security, a risk appetite should be applied generally to how and what you view as critical within your business. Where is your lifeline and what aspects of the organization does it encompass?   

Here is what I consider the top ten tips for what you should cover in crafting your organization’s risk management strategy:

1)         What are the requirements of the business as it relates to governance and compliance?

2)         Who is your end customer and how do you make money?  The answer to this question can then be interpreted as your company’s “lifeline” – you must be able to service your end-customer. In the case of public sector organizations, you will be defining your end-users and stakeholders and the critical services you are expected to maintain.

3)         What key processes, partners, divisions have to be up and running to ensure you can make your end-product or deliver your service to users?

4)         What systems are critical? Which ones already have resilience built in? This could also be applied to partners and other areas.

5)         Know where your “single points of failure” (SPOF) are and minimize these, even in your business “as usual” scenario.

6)         Who are the key individuals, teams, groups within the business? It’s essential you bring them into the planning process.

7)         Start with a good foundation. Don’t try to swallow the elephant but take the bites out of it and measure the program against results.

8)         Having a solid governance tool as a way to manage is important. It helps in knowledge-sharing and to ensure the intellectual capital is where you can find it and not stuck in someone’s head. It also allows you to measure progress against key business objectives, which is always good when money is being spent against objectives.

9)         Integrate your change management processes to include this as part of the standard implementation.

10) Test regularly and test to get to failure! The only time you have a chance for a “mulligan” is when you are testing. When the real incident happens you need to know you have the right people, ingenuity and familiarity with what to do when something goes wrong.

 

So When The “Unexpected” Actually Happens . . .

The hours – and actions you take – immediately following an incident are particularly critical. What you do then can make a big difference – not just to the costs you incur and the business you may lose – but to the possible public relations fall out. So again, it’s essential to have a crisis management plan in place – one that makes it clear what everyone should do and, in particular, how communications with customers, the media and other stakeholders are to be handled.

Experience suggests honesty is the best policy. Attempts to minimize problems and downplay their impact have a habit of making things worse.

Your crisis management plan must follow a few simple but important principles.

First, you need to “Confirm” the nature, scale and impact of the incident if your response is going to be appropriate. Is the incident real? Where is it, and who is affected by it?

Second, prompt and effective early intervention can “Contain” the incident and prevent escalation of severity and resultant impacts. This intervention proves most effective in those organizations where regular and realistic testing of the plan has taken place.

Finally, what and how you “Communicate” is vital. In the early stages of the crisis, the demand for good quality information is at its highest – exactly at the time when the quality of that information is at its lowest. This position is reversed as the timeline of the crisis progresses.

The effectiveness of the communication strategy will very much depend on how successfully you have managed to confirm and contain the impact of the incident and, coming full circle, how effectively you built and tested your crisis plan in the first place.  

KEYWORDS: business continuity crisis plan emergency management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jeff schmidt potrait

Jeff Schmidt is executive global head of business continuity, security & governance at BT Global Services. Previously, he managed the security side of BT’s business in the Western United States, where he had full profit-and-loss responsibility for the sales and delivery of networks, managed security services, consulting services and security software. He has more than 25 years of experience in leadership positions in the information technology business, including positions with Home Savings of America (now a part of JPMorgan Chase), Lucent, the California State Automobile Association (AAA), Paramount Pictures, and InCode Telecom Group (which has since become part of Ericsson). He joined BT when it acquired INS in 2007.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Light bulbs on a black background

    How to Protect Your Organization’s Intellectual Property

    See More
  • CSOs securing business

    Despite Global Upset, CSOs Secure Business, As Usual

    See More
  • Business as Usual?

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing