Due to the changes in the world today is more attention paid to the safety
of operations especially in the resistance businesses, or
abilities to survive and /or even exploit the dangers and risks
that come from the same environment. Under
this, primarily involves the ability to anticipate, avoid or alleviate,
respectively, in the quickest and most convenient way to overcome economic and
other danger and risks to the business, such as natural disasters, small,
medium and large scale that are due to global warming and disturbance of the
natural environment rising
in the last 30 years (tornadoes, hurricanes, earthquakes, forest fires large
EMRA, droughts, the city, the consequences of polar cold and other natural
disasters), followed by various acts of international terrorism (bombing
action, the destruction of communications, demolition of infrastructure,
biochemical attacks, kidnapping
management and technical staff, murder, blackmail), acts of civil disobedience,
violence at work, the collapse of the legal order, a collapse of the banking
system, civil and Cyber-attacks, and other threats that may jeopardize or
completely terminate business or lead to an immediate or permanent shutdowns of
operations or loss of market
position.
To prevent this it is necessary that companies manage to develop and adopt
a number of tools and techniques, then the standards in this area, but
primarily in administration, managers and employees accept the corresponding mind
set of what could jeopardize operations. It is necessary then to create
awareness and to understand the real threats and assess the risks and implement
best practices and standards in this area in order to negative consequences
could be avoided or at least mitigated. This is
especially important because the development of appropriate systemic
response to possible threats yields highly conclusive increase confidence in
the business through the growth of reputation and trust in the vendors.
It should be noted that crisis situations do not necessarily have a
negative impact on the operations of companies that are affected by a crisis or
disaster. That
this is so is best illustrated by the analysis of responses to a crisis and
disaster recovery regardless of which particular case it is done, always shows
that it came to taking customers from competitors and customers in the event
that a company is able to quickly establish a business that is satisfactory level
of service and service after the infrastructure has been destroyed over a
specific area. Specifically,
natural disasters seem influence to infrastructure and society in a similar way
as the war, and when infrastructure checked is destroyed and all companies are
affected by the same level of tangible or structural losses winner of the
emerging market is the one who is the fastest to recover from disasters and to
the affected site offer products and
services that are required. In
such a scenario, the winner takes all, therefore, not only to change its market
position better than a sudden jump, and captures sales and long-term gains the
trust of customers and service users.
The appropriate system solution is usually given in the form of Business
continuity plan and in addition to other standards prescribed continent to be
usable in the event of a disaster feasible must have a minimum of the following
units that handles:
•
The
budget for the resources required in order for the avoidance and mitigation of
risks, as well as for quick disaster recovery
•
Recovery Plan after the incident
•
It
must be clear to you that the damages and costs of recovery
•
What
damage to the business can absorb in the event of incorrect estimates of
management of crisis situations
•
How
will they be affected by the brand and whether during or after the disaster
changed the perception of consumers, ie service users
•
What
is the impact on earnings - this applies in particular to the possibility that
corporations suffer some kind of Cyber Attacks
In order to make adequate business continuity plan, we must understand the
different forms of resistance to different levels. In this regard, a
distinction is:
•
Corporate
resistance relating to suppliers, manufacturing, resources, banks, factories,
social media, brand positioning
•
Business
resilience relating to the physical security systems, environmental risks,
handling and community participation, first response
•
Organizational
resistance, which refers to people, well planned,
the right set of skills, adequate tools, redundancy ICT system
•
Technical
resistance relating to capability and amplitude performance technical system,
people who We are planning, plan capacity, DRC, contracts and insurance systems
•
Individual
resistance, which refers to the fact that employees need to be prepared at
home, preparing for extraordinary situations at work, the ability to work with
a smaller number of employees in the event of a pandemic, fast and reliable
outsourcing
Basic business continuity and disaster management based on the development
strategy for quick answers and Treatment is an operational plan in case of
disaster, and disaster recovery plan. To be able to work out a reliable plan is
necessary:
•
Conduct a realistic threat analysis (THIRA)
•
Conduct a business impact analysis (BIA)
•
Implement
the mitigation of risks and disaster impacts
•
Document the plan
•
Test plan
It is also necessary incorporate best practices to the
plans abide by standards in this area and the legal limitations. As security
becomes a hot topic in recent years is also evident and to develop more
standards in the field of continuous and uninterrupted business operations and
in cases of crises and natural disasters. The most famous and four accepted
standards in this area are:
·
NFPA
1600
·
ASIS
SPEC.1-2009
·
ISO
22301
·
FEMA:
Volontary Private Sector Preparedness Program (PS-Prep)
While the certification of experts in charge of Disaster Recovery Institute
International (AOEL) ABCP, CBCP, while certification managers that provide
services regarding of making Business continuity
plan responsible is International Association of
Emergency MENAGERS CEM.
Thus regulated area of management and
overcome the crisis, to create a system of plans and solutions that are based
on best practices and standardized and therefore quickly and easily subject to
verification and audit, which guarantees the feasibility of an operations
Business continuity plans and thus increases the resistance of business on the
dangers and risks which it is exposed in the real world.
It is important to note that any business continuity plan, no matter how good
he was conceived has no operational value if, according to it does not regularly checked and practiced procedure
designed to extraordinary circumstances of the business. In this sense, it is
necessary to regularly check the contact information of the staff responsible
for the execution of the plan disaster recovery and periodic testing of
knowledge and skills of staff for the treatment of the designed procedures.
Also, it is extremely important to have a reliable, fast and simple system of
mass communication that has to be tested on a quarterly basis, as it has been
shown that the absence of such a system not only makes it difficult for the
operational management of the crisis already has led to the spread of rumors,
which in turn may result that the occurrence of and spread panic. Any
technical system will not be able to be operational in case of panic spread
among people whom the system is supposed to serve. Good (bad) example of the
same is best visible when watching the behavior of the population and employees
during the floods of 2014, because it was the lack of mass notification system
led to the fact that not only reaches the appropriate organizational and
technical mobilization but also due to panic take a series of illogical and
very harmful steps that have greatly endangered the work and operation of large
economic systems, respectively, led to the shutdown of important infrastructure
facilities. In order to avoid such harmful consequences today of best practice
are moving towards making national incident management system such as Web EOC,
E-team, IDV. As the costs of construction of such a system for the time
being big can be said that the strategic decision to build such a system makes
sense at the national, ie, the state level and for major corporations. The
second part of this system are public systems for advertising and mass
messaging and notifications, often called the situation awaerness software such
as NC-4, NWS, summer, FEMA, CDC, which are generally free and represent the
necessary infrastructure to which are connected, and lean
operational plans from the Business continuity plan. That's
why most experts in this field recommended companies that have subscribed to
the system for monitoring the crisis and mass notification, ie, force their
employees, especially those who represent the core of the team for response in
case of disasters that have subscribed to the RSS feed and the mobile App to
submit data on weather,
earthquakes, floods, fires, availability of infrastructure (roads, electricity
supply, gas supply, availability of critical fuel reserves, etc.).
For fast and reliable response to the crisis is of crucial importance as we
see how communications were interlinked to be thoroughly studied and the
problem of excessive noise, ie, the excess of information and data provided to
the individual or to all stakeholders during crisis situations or disasters. Therefore,
it is necessary to extinguish all non-critical alarms, notifications, and
create a matrix of necessary information that would be provided to the
individuals according to their powers and responsibilities, as well as within
the development of operational solutions to respond to catastrophes when he
wants to find out what he knows, when he was this information needed and in what format
it should be delivered. One
of the common errors in connection with the same reflected in the fact that
such plans often work service agencies and individuals with the military,
police or security background that communication using acronyms, abbreviations
or slang, so messages are not understandable and transparent to end users. Also
in terms of effective crisis management and communication during a crisis it is
necessary to provide for the establishment of security operating centers (SOC)
and /or emergency operating centers (EOC).
Public-private partnership is the establishment of these national service
does not end because the establishment of a network of professional forces for
rapid response in dealing with the liability and crisis management shifted from
corporate to national level. This is especially true for mandatory public
services such as fire brigades, rescuers, anti-terrorist units, Red Cross,
FEMA, as well as engaging parts of the army and police as adaptive
infrastructure and units for rapid response to the disaster.
Furthermore, we must also address the possibility of disappointment, that
is, a significant deviation between the expectations of management corporation
in connection with the dealings of resistance and the reality that they were
caught on the ground during and after disasters. Do disappointments usually
comes from the following reasons:
•
Plan exists and is a good and workable, but he trained
and conducted at the operational level at the time of the crisis - has
scheduled the operational level-managers and key technical and human capacities
•
Plan
exists but is not clear, ie, the management was not clear when it was accepted.
The biggest problem occurs when miscomunicate
consultants or employees promise something that can not be met, then keep quiet
about assuming that nothing bad will happen
•
The plan was limited in scope and means so much depended
on the capacity of the public who are not able to on time and in sufficient
quantity to ensure the continuity of operations of the corporation. This comes
because of financial decision-making is always harder to reduce costs and
transfer them to someone else so the tendency of financial management to
transfer more operating cost business continuity plan to public services that
are available both in practice shown at the time of the crisis are public and
are not enough available because they share with all other stakeholders within
the area affected by the disaster
•
Management,
especially one who is fresh out of the seat does not understand that there is a
physical limitation of business resistance. The younger people who are familiar
with cloud technologies and disaster recovery technologies in the ICT and
outsourcing capabilities of the workforce is not clear that the production and
supply chain can not be quickly and easily
relocate or redirect, or do not understand nominal and structural limitations
of the physical world
