This week for National Preparedness Month I would like to focus on one aspect of family preparedness that I’ve had to deal with personally – home evacuation.  In the previous two years my home area in Colorado had to deal with back-to-back record setting wildfires, the Waldo Canyon Fire and the Black Forest Fire.  Before you think “I don’t have to worry about evacuations because I don’t live in a forest,” let me say I don’t live in the forest either.  I’m basically in a developed area mixed with a good amount of trees.  The majority of the homes lost in these fires were in traditional subdivisions.  Even if your wildfire risk is low, floods, chemical spills, aircraft accidents, hurricanes, and many other hazardous situations may require you to evacuate your home.  From my personal & professional experience, I would like to share a few tips to help you better prepare your family.

Don’t Assume Anything!  I have to admit that although I teach classes regarding preparedness for work and home and have completed quite a few actions to prepare my family, I hadn’t gotten around to some things I knew I should have before the first fire.  We had emergency supplies, a family checklist, and a plan of where to go all figured out.  I even had our (very tiny) camper all prepped and ready.  Collecting and scanning our critical paperwork - well, that’s my personal shortfall.  I assumed it was all in the fire-proof box and file cabinet.  Over time those documents are needed for other purposes and many don’t find their way back.  When we received the pre-evacuation warning during the Waldo Canyon fire, it became obvious that assuming those important documents were exactly where they should be was not correct.

A little over a year ago in my first blog post I discussed the business risks from protests and civil unrest from a continuity planning perspective, inspired by my cousin who owns a business very near to the events of that time.   (Post is here if you’d like to catch up:  http://accinctus.com/index.php/news/item/3-civil-unrest-is-a-business-threat)  A year later we see similar issues as the non-stop news stories so I’d like to revisit that idea as a reminder.

In that article, I recommended businesses take three steps:

1. Assess the threats and understand the risks to your business, employees, and customers and look for alternatives.
2. Have a solid communication process in place so you can easily communicate with your employees during an incident.
3. Document your response and recovery processes in your business continuity plan (BCP).

I still firmly believe that any business of any size (even micro-businesses with less than 10 employees) will benefit from applying these steps to their business scaled to their needs.  A risk assessment, communication plan, and business continuity plan will be very different in both size and level of detail comparing a small business and a global enterprise company, but the basic steps and the purpose are very similar. 

By now almost everyone has heard about the water crisis in Toledo the last few days, either as a legitimate news story or an internet joke.  I grew up on Rudy’s and Packo’s, the Mudhens, Max Klinger, the Jeep plant and “Glass City” so I know the “take the lake for granted” mentality of the area.  Even as the smallest Great Lake, Lake Erie is immense and you just can’t imagine more than 500,000 people told “don’t drink the water” over three days in the first days of August due to a little microscopic plant that just happens to have a nasty by product that is rather hazardous to people.  I’ll leave the science class aside, although I am definitely interested to see what happens from here.  Instead I would like to address the incident from my professional perspective.  

Today marks the one year anniversary of Accinctus.  A good friend of mine who is also a successful business owner told me when I started – the first year is a game of 52.  52 weeks in the year and 52 cards in a deck – week by week keep going to make it through the deck (looking forward to your book on the topic Bill).  Many days I feel it’s a game of 52 pickup with all the cards tossed in the air and I have to pluck just the right one out of the air at the right moment before they all fall. Might seem like magic but I’ve found there is no magic to any of this – just hard work with a good dose of stubbornness (which I have in spades).   

I’ve been thinking about what I’ve learned this year and would like to share my thoughts on what I think are the top 7 lessons.  Those who have far more experience running a business will perhaps enjoy a reminiscent chuckle and those like me trying to build a new business or thinking about starting a business will hopefully find some value in these to perhaps feel they’re not crazy.  

Lesson 1:  Starting a company is the hardest thing I’ve ever done. 
I am constantly challenged to learn about so many new things that a business owner needs to know.  Every time I think I’m starting to understand one thing, 50 more jump out at me and I do not know when that will slow down.  Some days it feels a lot like basic training with a string of rough minutes, hours, and days strung together.  Tenacity of purpose and thick skin are required to wear the title of “business owner!”

I was emailed Jeffrey Gitomer's Caffeine Jolt newsletter yesterday with an article titled Help! My Main Contact Left and I’m Panicked! Unlike the person who emailed the newsletter to me (thanks Mom), brushing my teeth with a brillo pad is more exciting than talking about sales and marketing to me.  I prefer dealing with disasters, disruptions, response plans and the related processes as a business continuity (BC) professional.  I bet a few marketing and sales professionals who read that think I’m certifiably nuts and would choose the brillo tooth brush instead of having to deal with workplace violence, mud slides, or power outages.  Each to our own passion.

However, there is an idea in the article I would like to address from my BC perspective rather than a sales perspective (sorry if that disappoints you sales and marketing gurus).  The specific question involved the loss of a key contact in customer organizations.  Loss of key personnel is certainly one threat I deal with but for this discussion it could also be a disruption that shuts down your production for a few days, an incident that harms your corporate reputation, or a disaster that damages your office or injures your employees.  The basic idea is that something bad unexpectedly happens which you are not prepared for resulting in a terrible impact to your business.  Putting that into a formula looks like this:

Threat + Lack of Awareness + Lack of Preparedness = Negative Business Impact

Yesterday, April 30, 2014, was the first National Day of Action – America’s PrepareAthon! sponsored by FEMA. 

Did you notice?  Did you care? 

I’m not asking to be rude.  I actually want to take this opportunity to address a major issue within my profession and get your thoughts and help.  But first, let me give you a bit of background on the event.  You can check out FEMA’s link here for more information:   http://www.community.fema.gov/connect.ti/AmericasPrepareathon. 

According to the FEMA website “America’s PrepareAthon! is a nationwide, community-based campaign for action to increase emergency preparedness and resilience through hazard-specific drills, group discussions and exercises conducted at the national level every fall and spring.”  I registered for the event and although I didn’t conduct any training or exercises yesterday I did pass on a few tweets and other information to contacts and reviewed some items for my family emergency kit.  According to the website there were 5,091,940 registered participants; with more than 317 million people in the US that comes out to about 1%.  Not a good participation rate in my opinion.  So I will go back to my initial questions – did you know and do you care? 

Is your company passionate about preparedness, logical about continuity, or are you walking around thinking everything is great, oblivious to potential doom right around the corner? 

Last week I published 5 information papers for global Business Continuity Awareness Week that addressed key thoughts regarding business preparedness. 

• What is business continuity and the reason you need to do it

• What is the cost of being unprepared

• What are the laws and standards you need to be aware of

• What are the benefits of a business continuity program

• What action you can take to prepare your business

Rather than rehash the papers, you can find all five here if you need to catch up:  http://www.accinctus.com/index.php/downloads/item/31-business-continuity-awareness-week

Logical reasons, costs, laws, benefits, and steps to take action – all important, valid topics but in many cases they may not be very exciting because they focus on the “Mr. Spock” approach. 

In speaking to different business owners and leaders, sometimes I find it is difficult for people to understand these ideas related to risk, costs, and the need to be proactive.  Deciding to do anything to prepare their business can be even more difficult.  Inaction is easy to justify because people feel that doing something costs lots of money or time, or isn’t needed because they think insurance will cover it all, or because they just don’t think anything bad will happen.  As Spock would say, “Those justifications are highly illogical.” 

To prepare for the spring and summer severe weather season across the country, NOAA and FEMA are sponsoring the National Severe Weather Preparedness Week from March 2-8, 2014.  This year’s theme is “Be A Force of Nature” and is intended to make people across the country more aware of natural weather threats.  From NOAA National Climatic Data Center:  “In 2013, there were 7 weather and climate disaster events with losses exceeding $1 billion each across the United States. These events included five severe weather and tornado events, a major flood event, and the western drought / heat wave. Overall, these events killed 109 people and had significant economic effects on the areas impacted.”

I was talking to a group of business owners at a networking event and I was informally describing what business continuity is.  My description was for them to think of the 2-3 “what if” scenarios that if they happened, could significantly impact their businesses or shut it down.  I told them I help businesses turn those nightmare scenarios into less serious events through training, assessments, and proper planning.  I’d like to share a couple of observations from those conversations. 

A recent article in The Gazette (Fire, flooding take a big bite out of 2013 hotel business in Colorado Springs area, by Wayne Heilman) discussed the impacts of recent fires and floods on the Colorado Springs area in the last two years, particularly on the hospitality industry.  During this time the region has faced more national headline grabbing disasters (Waldo Canyon & Black Forest Fires & the Manitou floods) than we’d like.  The long term impact on tourism and related industries is still being felt and it may be years before we can calculate the loss.  Add this to the businesses that were directly impacted by these events and the number grows significantly to something truly catastrophic. 

But what about the businesses that had suffered no damage from these events, were there negative impacts from these incidents even though not burned out or flooded?  From a business continuity standpoint I absolutely believe the answer is yes.  Three areas I think businesses are impacted in this way are geographic association, employee confidence, and company reputation. 

Are you a business owner, manager, CEO, president, safety manager, or someone in authority in your company?  If so, you should know the answer to the two questions in the title – what is an EAP and do you need one?  The short answer is an EAP is an Emergency Action Plan (EAP) and the answer is YES, you need one.  Now let me ask one more question – does your company have an EAP?  Let’s get back to that question in a moment.

An Emergency Action Plan is a written document REQUIRED by OSHA standard 29 CFR 1910.38 that defines your employees’ actions during an emergency.  An EAP is direction for your employees, it is not a Business Continuity Plan (BCP) or Disaster Recovery (DR) Plan to recovery your business or IT operations.  The standard has minimum elements you must address including emergency reporting procedures, evacuation processes, employee accountability and also other recommended elements.  From my experience in developing EAPs for different organizations and training their personnel on those procedures, I have a list of additional topics to address that will increase the value of your EAP rather than just meeting the minimums. 

“Cold enough for you?” Whether you’ve read the line in a book, heard it in a movie, or started a conversation in real life with the phrase, it’s a funny question that isn’t quite as humorous right now.  This week while most of our country is trying to figure out what a “polar vortex” is and how long this bitter cold will last, the focus has been on closed schools, snow accumulation totals, and family members across the country bragging who’s suffering the coldest temperatures.  But for a moment, I’d like to bring the focus of this crazy winter weather on the impact on business. 

Friday the 13^th – the day of bad luck, ill omens, and the risk of terrible events.  The day that has inspired bad movies, practical jokes, and spooky ghost stories.  So, did anything bad happen to you today?  Did you stub your toe, break your arm, or get an audit letter from the IRS?  No – that’s good.  What about at work, at your business, anything frightening or catastrophic happen there today?  No again, well great – you’re safe until the next Friday the 13^th because everyone knows that bad things ONLY happen on Friday the 13^th.  Right?

With the holidays fast approaching businesses are entering that stretch of time when large numbers of employees are out for family activities or just trying to use up those vacation days before the end of the year.  It’s very likely that key members of your staff will be out of the office.  It’s always good when we can get out of the office and recharge our batteries a bit and spend precious time with our family and friends, but from a continuity perspective, this can be an increased risk if you don’t take the proper precautions. 

I love this time of year.  One of the reasons is that we’re smack dab in the middle of football season.  Not only because I enjoy football, but because I can “mostly” get away with using a football analogy in relation to continuity without having to dodge too many low flying objects aimed at me.  I know that sports analogies are the most overused cliché in business, but since it is football season I’ll give it a shot.

At this point, I’d like to address one topic, one that is very important to me because I feel that it is one of the most critical parts of a good continuity program – TRAINING.   The fact is, if you don’t train your employees and team members on what they should do when your business is faced with a disruption or disaster, how can you expect them to be ready to actually execute what they need to do. 

Have you ever felt the earth move beneath you?  I’m not asking if you’ve metaphorically felt the earth move by falling in love, I’m referring to an actual movement of the earth beneath you – AKA an earthquake.  If you’ve been through an earthquake you know that strange feeling of having everything under you moving when it shouldn’t be.  We’re so used to having the earth be a solid and safe surface that when the forces of our dynamic world decide to let loose a bit, we’re normally caught unaware and unprepared.

On October 17^th all across the country states, cities, businesses, schools, and other organizations will participate in the “Great ShakeOut” drills and education programs.  This program is to highlight the threat of earthquakes across the country.  Although most people associate earthquakes with the West Coast of the US, earthquakes are possible in all 50 states. 

“You can be the Hero” is the slogan for this year’s 10^th annual National Preparedness Month.   If you’re reading that first sentence and asking what National Preparedness Month is or just simply going “so what?” you’re certainly not alone.  Since 2004, our government and preparedness partners have encouraged Americans to prepare themselves, their families, and communities to be prepared for disasters.  A herculean effort for 10 years that has resulted in – well let me be totally honest – a big disappointment to me. 

Now, before you get too far ahead and start assuming anything, let me explain.  I’m not disappointed with the Ready Campaign or anyone who has worked on any activities for National Preparedness Month (NPM), far from it.  I appreciate their efforts and I think they’ve made a difference in many people’s lives.  My disappointment is with one word in this year’s theme, but I’ll get back to that in a moment.

Yesterday was the 12^th anniversary of the terrorist attack on September 11^th, 2001 and every September 11^th is a significant day of remembrance for our Nation.  The pain, the loss, the sadness, and the anger have faded over time for some and are still felt sharply every day by others, especially those who lost family and friends that day. I personally was working 2 blocks from the Pentagon that morning and I will never forget watching the ash from the burning building float by the window like large snowflakes and wondering if my friends who worked down the street were alive or dead. 

As a member of the business continuity profession, as someone who spends a great deal of time talking to both businesses and individuals about preparedness, I have noted a few lessons from those events that I’d like to briefly share for your consideration. 

I was notified by a friend of mine in southern Maryland to a rather precarious situation that I thought was interesting.  The water utility company had to repair a 54” main water line supplying the very populated area of portions of Prince George’s County and was warning more than 100,000 residents and local businesses they would be without water for three to five days during a hot July week.  Needless to say, I bet you can’t find a bottle or jug of water in any store anywhere near there right now.  In thinking about this situation, I see several areas of concern. 

First of all, in the 90 degree heat of July there, dehydration can set in quickly depending on age, size, and activity levels.  The increased strain on emergency services I would imagine would be significant.  Some articles mentioned they planned on handing out emergency water but in these cases there just never is enough.  The health impact of an outage is significant.  When speaking with groups about home or personal preparedness I always emphasize the need for water, and even in my own family preparedness actions I find that having enough water is always a great challenge.  I think it’s a solid assumption that most people in that area do not have any emergency water supply and thus would be reliant on the provided emergency water. 

Looking at this from a business continuity perspective, I see many challenges to businesses that would need to be planned for and considered.  For starters, does your business rely on a good water supply for sanitation or other purposes (e.g. restaurants, healthcare, barbers and hair salons, etc.)?  If so, can your business function without water just to run your critical functions - probably not.  Even if you are not in that situation, what business with employees can function without water for restrooms and hand washing for 3-5 days?  I can’t think of any.  Not to mention the non-life threatening discomforts of employees hygiene or (gasp) the utter lack of coffee.  Even with a few days’ notice, how could businesses in the area properly prepare, especially small businesses that rely on day to day customers to survive?  And closing any business for 3-5 days can be significant to catastrophic depending on the business.  Now consider if there was no advanced notice?

Put your business in this situation – would you be ready to deal with this?  Would you have plans in place to have employees work from alternate locations or telework?  Does your business have alternatives to just closing shop while you wait for the water to be restored?  What would you do if the main broke in the middle of a Monday night and you were told water would be out for an entire week?  Looking at these concerns makes you realize that what is usually assumed to be a minor problem (such as water line repairs) can become a significant business disruption very quickly.  The good news is if you have a strong business continuity plan and a good communication system with your employees you may still be able to treat this kind of a situation as an annoyance rather than a catastrophe. 

In the last few months we’ve seen protests both peaceful and not peaceful.  Regardless of your personal opinions of the various causes and reasons, businesses have to think about how they should prepare and respond during a civil disturbance.  There are various possible impacts on businesses during protests and they range from minor inconveniences like increased road traffic to major business damage to your physical facilities.  In the worst case, it could include direct risk to employee safety.  There are many variables to consider in your planning for a civil disturbance, but here are a couple of issues that are critical to consider.

First of all, as a responsible employer you need to consider the safety of your employees.  Is your workplace safe?  Can employees get to and from work safely without crossing protest boundaries?  Are customers, suppliers, or other visitors to your business safe?  If the answer is no to any of these questions, you have some planning to do.  Some people would automatically suggest “just close the office” but this isn’t always a good business decision either.  Can you have your employees telework or work from an alternate office?  Do you need to hire extra security?  Can you use alternate work schedules to have employees come in at off hours when it may be safer?  What alternatives do you have to deliver service to your customers if your office is not accessible or they don’t feel comfortable coming to your office?

Another important issue to consider is your communication with employees.  You may need to provide instructions in off business hours so how will you do that as a manager or business owner?  If you don’t have a good communication process in place before you need it, you will quickly realize that you really wished you had.  The good news is if you establish a good communication process it is multi-purpose and beneficial during any kind of incident. 

One more issue I’ll mention is your response and recovery plans.  Do you know what you will do if something happens?  Your response and recovery processes (for civil disturbances and all other disruptive incidents) should be well documented in your business continuity plan. 

Civil unrest, protests, and riots are one of many threats businesses need to plan for.  It doesn’t matter if you’re in a big city that has to deal with massive political protests or in a small college town that could suffer from a local college “victory party” riot because your local team won a bit title, your business needs to have a plan in place of what you will do should it happen.