Does Social Media apply to Business Continuity and Disaster Recovery?

Last week, all of our thoughts were consumed with Boston.  Everywhere you looked, there was never ending information streaming towards us – on TV, in newspapers, and especially on social media.  Social media, being relatively new, is sometimes greeted with skepticism.  Everyone is talking about it, but how does it actually apply to business continuity and disaster recovery? Well, take a look what David Nolan said about these social technologies in the fall of 2012.  Since then we have already seen how social media can affect command and control, crisis management, and how we communicate.  These effects can be both good and bad, helpful and disruptive.  Regardless, it is something that we need to acknowledge.


To discuss this further, feel free to Contact Fusion. You can also follow us on LinkedIn, Twitter, and Facebook.


“Can’t get no…Satisfaction…”

Optimists, pessimists. Happy, sad. Net promoters, net detractors.

No matter who you are or what you do, it is human nature to want to see the good, to be happy, to share what you like with others. Look no further than the “Like” buttons on this page and virtually every web page you see for evidence of the importance satisfaction plays in our business and personal lives.

So we set out to see just how happy BC Managers are with their programs and the tools they use to manage. What we found was a strikingly clear delineation into four primary categories. The categories we came up with included:

Satisfied and fulfilled – people who felt that their programs were headed in the right direction and the tools they use enabled them to succeed and in many cases expanded their visions and contributions.

Building/Rebuilding – people who are starting or starting over for whatever reason and are looking for new and innovative ways to accomplish their goals.

Out of gas – people whose programs have hit a wall, and who also feel that their tools and methods are not enabling them and in many cases may actually be holding them back.

Fed up – people whose programs are constrained by legacy tools that simply cannot address the needs of the organization in terms of functionality and ease of use.

Before we get into a protracted debate about whether I have put the right labels on the categories or used exactly the right words, please hang on long enough to get to the real point of this post.

It was not so much the clear delineation of these four camps that got our attention but the small minority in the Satisfied and Fulfilled group! Why aren’t people happier? If they are so unhappy, why don’t they embrace change more readily? Could it be that BC Managers are so consumed with getting through the day to notice that others around them are getting more done with less by embracing new methods and technologies?

The answers we got were diverse, but most boiled down to making the business case. How could spending money on automated systems possibly make sense when my company is cutting every corner possible?

The answer requires re-orientation. The question needs to be reversed. How could it make sense to deploy resources and capital and not complement that investment with tools that improve the effectiveness and efficiency of those investments? The business case is based on driving leverage and value from all of the other investments an organization needs to make to reduce continuity risk. It always strikes me when an organization effortlessly absorbs incremental headcount and cuts POs for technology, ostensibly to reduce risk, and cannot see the value of investing in tools that could deliver more for much less. But I digress.

The crux of the issue is Satisfaction! One is satisfied when one’s expectations are exceeded, not merely met, and certainly not when they are not. But satisfaction is a two-way street. It requires someone willing to make an investment, embrace change, and/or take a leap of faith. In exchange it requires someone willing to do whatever it takes to please. Doing whatever it takes means innovation.

And the punch line is that no one is happy when innovation is out of their reach; when their programs and their tools fall behind. So it is incumbent on program managers to demand and embrace change and service providers to innovate, solve and deliver. Innovation drives satisfaction.

To discuss this or related topics please contact us.  We would be happy to set up a demo and help you get to the Satisfied and Fulfilled category. You can also connect with us on LinkedIn, Twitter, and Facebook.


Standards play an important role in the way our world works. Standards define how light bulbs will fit into sockets as a practical matter. But standards can also be valuable when applied to business processes and best practices. For example, the Uptime Institute Standard created a fast path for understanding the way a data center is built; and SAS70 provided context and content to more quickly determine how well run that data center might be.

But in the DR/BCP world we can’t seem to even agree on basic terminology much less a universal standard…until now? ISO 22301 couple with ISO 27001 provide the first hope that a true standard will emerge that will allow firms to quickly assess their trading partners making it easier to assess and easier to comply. Instead of chasing myriad, poorly defined objectives, these standards provide the foundation for business to business conversation between trading partners. How will Standards evolve? Who knows for sure. But what we do know is that solid standards reduce complexity and miscommunication and provide a clear, concise and reusable form for managing your DR/BC program. While we may individually have our own opinions about some elements of a given standard, we should all be motivated to contribute toward a future state where our compliance with a standard is stamp of approval that says “we have taken DR/BC seriously and have achieved measurable results!”

To discuss this or any other related topics further, feel free to contact us. You can also connect with us on LinkedIn!

Business Resilience – Focus on the Facility or Focus on the Business Unit?

Have you ever been caught between the need to develop plans for individual facilities and addressing risk more comprehensively at the business unit level?  What do you do?

While disasters frequently focus on the facility or building as the cause, smart organizations design their continuity and risk management plans around business units and business processes. For a mid-sized or large enterprise, designing risk mitigation strategies and continuity plans at the business level means having comprehensive plans that span multiple facilities — such as offices, manufacturing plants, R&D facilities, etc. When it comes to a specific event, it is the facility that suffers the outage, and it is the facility that must be remediated and returned to service, but the business units and processes are what keep the business operating, so the continuity and risk focus needs to be at the business unit level.

When assessing a business unit, practitioners must understand for each business unit and its associated processes how quickly these need to be back in service should an interruption occur. This translates into the type of recovery plan required and defines what mitigation alternatives are available. It also covers what technologies are required, how electronic and paper based records are protected, and how voice, internet and data networks need to be reconnected. These plans also need to be extended beyond the walls of the business itself to consider how external providers, vendors and customers are impacted. In the development of risk mitigation and business continuity plans, such issues are not easily addressed, and in some cases skipped altogether.

So while recovery and remediation plans often focus at the facility level, a comprehensive business continuity and risk management plan must be focused at the business unit level. We find that when practitioners “stick to their guns” and take this approach, the organization gains a greater ability to respond to unplanned events, the executive team gains greater confidence in the overall plan, and they find it to be a much more efficient and economical path to achieving the overall goal of ensuring that the business can remain operational.

Please contact Fusion to discuss these and related topics with you. You can also connect  with us on LinkedIn, Twitter, and Facebook!

Does every risk need a plan?

The connections all around us drive risk.  Those risks are what drive our industry.  And every risk needs to be addressed and managed… but does every risk need a plan?  How do we prepare for the endless amounts of vulnerabilities and threats, when the funds to address them are far from endless?  Check out what David Nolan has to say:

If you haven’t seen the previous videos in this series from David Nolan and John Jackson at DRJ Fall World 2012, you can see them here and here.

Four Decades of Business Continuity – Have we learned anything?

How important is history when charting the course for the future?  In this video, John Jackson talks about the past few decades, and how they have affected our industry today.  As David Nolan specifically looks back on the 1990s and 2000s, we can see how far technology has come.  When thinking about the way things are now, ask yourself- would I have seen this coming?   Would I have been able to embrace the idea of today’s technologies back then?  Am I able to embrace the technologies of tomorrow right now?  What are the implications for Business Continuity?


Visit our website for more information, and feel free to contact us with any questions!

What mistakes can derail your Business Continuity Program?

There is a long list of mistakes that companies make in Business Continuity and Disaster Recovery. Let’s start with four mistakes that might not be as obvious, but can be equally disabling. Is your company making these mistakes? It may be costing you a great deal in terms of unmet expectations, unnecessary effort, or misguided investment.

1) Investing in a Disaster Recovery or Business Continuity solution BEFORE defining your business requirements. We see companies make multi-million-dollar decisions to select vendor or internal solutions and implement recovery technology without the benefit of a clearly defined Business Continuity and Disaster Recovery strategy. The result can be over-architecting or over-building recovery solutions that do not align with business requirements.

Consider these questions:

  • How much data can you afford to lose? (Probably zero!)
  • How long can you afford to go without access to your IT systems? (It may be significantly less, or more, than you think)

Updating your Business Impact Analysis and Risk Assessment will ensure your recovery and technology solutions will give you the protection you need without over-spending. You may find new ways to save money while optimizing your recovery and continuity capabilities.

2) Allowing your executive team to accept risk without fully appreciating the implications. When executives decide against a comprehensive Business Continuity and Disaster Recovery Program, they accept significant risk, typically without a clear understanding of whether they’ll be able to compensate for the potential loss to the organization.
Enabling good decision making requires the ability to prioritize risk and remediation activities across the myriad of agendas in play within your enterprise, then present an effective business case in terms that executives will embrace, set in the context of your multi-year strategic roadmap aligned to business objectives.

3)    Allowing your Disaster Recovery and Business Continuity capabilities to become outdated. The number one cause of failure we see during a recovery is the divergence between an enterprise production environment and the recovery environment. Disaster Recovery and Business Continuity plans fail when the business has changed and the plans and recovery capabilities have not. We strongly encourage you to test often, test adequately, and keep your plans and solutions current.

4)    Viewing Business Continuity and Disaster Recovery as point-in-time projects rather than an ongoing program. From an executive perspective, it is an unpleasant reality that Disaster Recovery and Business Continuity capabilities require an ongoing program, not occasional quick-fix projects. Businesses are continually changing either incrementally over time or through strategic events such as mergers or acquisitions. By managing Business Continuity and Disaster Recovery as an ongoing program, your company can keep up with the incremental changes, streamline investments, and take the major changes in stride.

In summary, make sure you have a properly executed Business Continuity and Disaster Recovery program. Know that as your program becomes well aligned with your business requirements, provides adequate protection appropriate to your budget constraints, and is quickly evolving into a well-managed set of mature business processes, you will be well prepared should a business-impacting event occur.

If you would like to learn how Fusion Risk Management helps organizations to implement and maintain well-managed programs, you can contact Fusion to discuss these or other related topics with you further.  If you have other mistakes in mind, feel free to add to this list! Leave comments here on the blog, or join the conversation on LinkedIn, Twitter, or Facebook!