"The journal has interesting and thought provoking articles covering a wide range of topics. The articles are written by highly competent participants from the industry that can give a good insight in to its various areas."
Volume 17 (2023-24)
Each volume of Journal of Business Continuity & Emergency Planning consists of four 100-page issues both in print and online. Articles scheduled for Volume 17 are available to view on the 'Forthcoming content' page.
Volume 17 Number 3
-
Editorial
Lyndon Bird, Editor -
Practice Papers
Aligning disaster recovery to company technical direction and objectives
Andrea Houtkin, Houtkin Consulting
One of the many concerns of disaster recovery specialists is how to create disaster recovery scenarios, strategies and related solutions that meet the vision of management while building solutions for the critical business process within budget, with refined technical resources and operational and maintenance processes and procedures similar to those utilised in production. Rather than consider disaster recovery as a separate environment from production, this paper suggests that there are areas where the disaster recovery solution can map more closely to production solutions to better manifest the critical business process, avoiding the decreased sales forecasts and reputational impacts resulting from an outage. There is no magic here — just ideas for designing a solution and enhancements to the disaster recovery programme that may help to meet business expectations. A disaster recovery site based on similar production technical solutions and overall corporate IT vision can provide such benefits as: faster recovery time objective; faster availability of the data while maintaining data integrity; fewer manual procedures during switch/failover; ability to utilise similar resources to work both environments resulting in a smaller training programme; similar operational and maintenance processes and procedures; ability to switchover components rather than declaring disaster recovery; and an environment that supports production by running critical business process while production suffers an outage or requires maintenance. This paper provides readers with ideas to take back to their disaster recovery solution and how it manifests the critical business process during an outage.
Keywords: disaster recovery; business continuity; recovery time objective; recovery point objective; risk assessment; risk mitigation; business impact analysis; disaster recovery scenario; disaster recovery solutions -
Addressing challenges to recovery and building future resilience in the wake of COVID-19
Cheryl Regehr and Nicholas O. Rule, University of Toronto Mississauga
While organisational crisis theory posits a predictable set of stages involving pre-planning and preparation, acute crisis response, adaptation and recovery, the prolonged and cyclical nature of public-health restrictions related to COVID-19 presented new challenges for institutions of higher education and conditioned students, faculty and staff to adopt a crisis mindset as their baseline. Consequently, moving from crisis to recovery posed unique obstacles at both individual (eg anxiety, exhaustion and post-traumatic stress) and organisational levels (eg transition logistics, labour market changes and student preparation). This paper describes an effort at a large, urban, research-intensive university to directly address the evolution from pandemic crisis to recovery and future resilience. The University Resilience Project recruited a team of senior staff charged with identifying and adopting promising practices created during the pandemic and decommissioning or archiving less useful policies, procedures and activities, with a view to strengthening the university’s resilience. Over the course of more than 300 meetings with academic leaders, staff leaders and student leaders, team members created a space to share the experiences of COVID-19, reflect on successes and challenges over the crisis, and identify opportunities to enhance the resilience of the university. This work raised critical insights into the process of adapting to change in an institution of higher learning.
Keywords: emergency planning; higher education; crisis response; resilience -
Case Studies
The City of Penticton’s comprehensive approach to wildfire risk reduction
Miyoko Mckeown and Brittany Seibert
From 2017 to 2023, British Columbians experienced four record-breaking wildfire seasons, resulting in reduced air quality, mass evacuations and the destruction of homes, properties and livelihoods. Wildfire risk reduction is vital to breaking the sequence of disaster that has befallen such communities as Kelowna, BC in 2003, Ft. McMurray, AB in 2016, and Lytton, BC in 2021. As the City of Penticton (‘the City’) is located in a wildfire-prone environment, its Fire Department, FireSmart Team and Emergency Program have worked closely together to facilitate a proactive and comprehensive approach towards reducing the impacts of wildfire on Penticton’s neighbourhoods, businesses and residents through a variety of wildfire mitigation initiatives. This paper discusses the City’s efforts to achieve a holistic wildfire risk management plan through alignment with the seven disciplines of FireSmart and the four pillars of emergency management, namely: the use of education; land use planning and development considerations; vegetation management; emergency planning; and cross training and interagency cooperation. The paper describes the challenges the City has faced, as well its successes, and provides recommendations to help other local authorities reduce the risk of wildfire in their communities.
Keywords: wildfire; FireSmart; wildfire risk reduction; wildfire and emergency management; wildfire and fire services -
Get it together, together: Creating whole community continuity through cross-sector collaboration in Texas
Heather Hernandez, Shelby Hyman, State Office of Risk Management and Stephen Vollbrecht, State Office of Risk Management
Continuity of operations for government is an evolving philosophy, much like exercises and after-action reports. Continuity continues to identify areas for growth and improvement as more people become involved in the conversation. This paper briefly describes the evolution of continuity in the USA and its application in the State of Texas. Moving forward, it discusses the application of the concept of ‘whole community continuity’ as the driving force of the Continuity Council in Texas, which focuses on preparedness at all levels, from individuals to private industry, to all levels of government.
Keywords: continuity of operations; continuity of government; business continuity; whole community continuity; cross-sector collaboration -
RARET’s coalition-based model: Addressing complex life-sustaining transportation during emergencies
Dean Sydnor, Mobility Management, Hopelink Redmond
Emergencies intensify existing vulnerabilities and create new ones for people in their impact areas. In the case of transportation, for example, disasters have the capacity to isolate individuals from the services on which they rely not for only their health and wellbeing, but for their very lives. This paper discusses the Regional Alliance for Resilient and Equitable Transportation (RARET) — a coalition-based model created to address non-life-saving transportation coordination needs during emergencies. RARET focuses on the provision of lifesustaining transportation, serving vulnerable individuals who may require first-responder assistance if their unaddressed needs remain unmet. Using examples from the COVID-19 pandemic as well as seasonal and regional disasters, the paper highlights how leveraging a coalition built to break down the sector and geographical silos leads to better outcomes for the public and bolsters regional resiliency. The paper underlines how the novel nature of RARET delivers ongoing process improvements via a new emergency transportation provider network. Lastly, the paper suggests methods to adapt this model to other jurisdictions.
Keywords: transportation; coalition; emergency; accessibility; mobility; disability -
Did my app just crash? A case study of the Kakao superapp disruption event
Bill Hefley, Steven Haynes, Naveen Jindal School of Management, University of Texas at Dallas and Travis Green, The Town of Fairview
Superapps (ie apps that integrate the features of multiple applications for a more convenient user experience) have become pervasive among Internet users. This case study examines a recent disruption to one such application: KakaoTalk — the most widely used messaging application in South Korea. Specifically, the case study examines a fire incident at the SK C&C data centre, which caused an extended outage for one of South Korea’s leading tech companies — Kakao Corp. The review of this event reveals how ineffective disaster readiness resulted in inadequate fire response, leading to serious ripple effects across the data centre. During the outage, cyber-security threats rose. As a result of these disruptions, Kakao users turned to competitor apps, resulting in changing market dynamics. This case study highlights the unforeseen costs and socio-economic influences caused by such interruptions, highlighting the importance of holistic risk management strategies.
Keywords: service outage; data centre; critical infrastructure; business continuity; risk management; resilience
Volume 17 Number 2
-
Editorial
Lyndon Bird, Editor -
Case study: Catalysts for change: How partnerships and transparency created the Maryland Department of Emergency Management
Anna Sierra, Chief Development Officer for the Maryland Department of Emergency Management
The Maryland Department of Emergency Management was established in October 2021 after decades of reorganisation and relocation within state government. The elevation of the agency from under the Maryland Military Department to a cabinet-level department was a result of years of partnership building with stakeholders as well as two significant external pressures: the COVID-19 response and the interest in improving 911 delivery through the implementation of next-generation 911 technology. This case study examines the history of emergency management organisation in Maryland and highlights lessons learned and best practices for emergency managers seeking to elevate emergency management from a subagency level to a cabinet level or direct report to the highest elected official.
Keywords: emergency management; disaster management; public administration; organisational management; organisational leadership; government -
Case study: Strengthening tsunami maritime response and mitigation through inclusive stakeholder engagement: Lessons learned in Washington State
Elyssa Tappero and Danté Disabatino
Among the most vulnerable facilities to tsunami impacts are ports, harbours and marinas. The ability of maritime infrastructure to withstand a disaster and resume operations quickly plays a major factor in the recovery of the local community and economy in the short and long term. Despite this, little established guidance exists to assist the maritime community with addressing their tsunami risk in an actionable, site-specific manner. To close this gap and improve the resilience of its maritime community, Washington State has begun developing tsunami maritime response and mitigation strategies for major ports, harbours and marinas along its 3,200 miles of coastline. These strategies include detailed information about the location’s specific tsunami risk, recommended guidance for vessel operators in the area, and tsunami mitigation and response recommendations ranked by their implementation feasibility for the maritime entity in question. Most importantly, the strategies are created through close collaboration with local key stakeholders, subject matter experts, local emergency management and state agencies to ensure a final deliverable that is accurate, thorough and, above all, useful to the local maritime entity and its tenants and users. As this paper will discuss, the lessons learned during the planning and delivery of these strategies provide valuable insight for professionals in the maritime, business continuity and emergency management fields, including how to conduct effective and inclusive stakeholder engagement, identify gaps and opportunities in resilience planning, and establish a deeper understanding of tsunami maritime risk and hazards.
Keywords: maritime; emergency management; mitigation; response; stakeholder engagement; tsunami -
Leveraging business continuity management for climate-related financial reporting
Diane Doering, Enterprise Risk Management
This paper discusses how the experience and skill set developed within the field of business continuity management (BCM) provide a strong base from which organisations can leverage value in areas not traditionally considered within the remit of BCM. In particular, the paper examines the topic of climate-related financial disclosure, an important area that is gaining traction with investors and therefore senior executives too. Although, in itself, it is not an incident or event, this new area of focus has the potential to impact a company’s ability to thrive and prosper. This paper will discuss how the recommendations of the Financial Stability Board’s Task Force on Climate-related Financial Disclosure strengthen an organisation’s business continuity programme strategy, as well as sustainability objectives, by enabling executive-level conversations about the organisation’s operational and financial resilience, as well as actions with a positive outcome for the environment that will lead to competitive advantage. This paper argues that by facilitating these discussions, BCM helps to establish organisational priorities and develop specific action plans that can be validated through exercising.
Keywords: BCM; business continuity; enterprise risk; ESG; sustainability; disclosure; financial reporting -
Case study: Building community resilience: The City of Victoria’s approach to climate change adaptation and extreme heat response
Kristie Signer, Summer Formosa and Tanya Seal-Jones, City of Victoria
The Pacific Northwest heat dome of 2021 exposed the need for increased planning and response measures by local governments, and the value of collaboration in preparedness, planning and response to extreme heat events. Recognising that extreme heat is becoming an increasingly significant threat, the City of Victoria has taken steps to improve its response to future events with a focus on developing strategies that provide resources and support to those most vulnerable in the community. The Province of British Columbia and regional health authorities have since provided crucial direction, resources and expertise to municipalities to support response effort for extreme heat events. In recognition of the vital role of community involvement in adaptation planning, the City of Victoria is taking proactive measures to engage its residents in the development of adaptation strategies and disaster risk reduction measures. Building on the lessons learned from the 2021 heat dome and climate change projections for the region, the City is fostering close collaboration with local businesses, nonprofit organisations and community groups to strengthen efforts and ensure that those most at risk are well prepared. The experience in Victoria offers valuable insights and strategies for other municipalities seeking to develop effective disaster risk reduction and climate change adaptation strategies based on best practice for planning and responding to extreme heat events. This paper provides a case study of how the City of Victoria responded to the 2021 heat dome, the lessons learned, the practices that were adopted for future heat seasons and how working alongside the community will strengthen Victoria’s resilience to the changing climate conditions.
Keywords: emergency response; climate change adaptation; disaster risk reduction; community-based adaptation; extreme heat events; heat dome -
The use of shared digital platform solutions to address challenges to multiagency preparedness, response and recovery work within the UK
Laura Drew, Kirklees Council
This paper discusses ResilienceDirect — the UK’s strategic resilience platform for response and information sharing, designed to support the multi-agency aspects of emergency response. The paper will focus on the functionality of the system as well as the related challenges. The paper identifies a set of recommendations for addressing the challenges to improve usability and uptake. The recommendations will consider best practices from other multi-agency response platforms and feedback from ResilienceDirect users.
Keywords: ResilienceDirect; interoperability; emergency response; resilience; JESIP; communications -
Legal considerations when advising on business continuity
Erika Andresen, EaaS Consulting
With the rise of climatic concerns and cybersecurity incidents comes the expectation that investments are made in business continuity measures. This expectation has legal teeth from the perspective of shareholders as well as regulatory bodies, contracting attorneys, vendors and supply chain entities. This paper explores the use of US legal system as a tool for enforcing liability and action from decision makers like the board of directors and C-suite officers, as well as between the parties of contracts. Shareholder derivative lawsuits, which occur predominately in the USA but have, as recently as 2020, started to include foreign-owned businesses, and breach of contract claims are two of the more prominent issues with business continuity tie-ins. This paper intends to arm the business continuity professional with a knowledge base about legal liability for failure to have a business continuity plan, an understanding of how disasters and disruptions will excuse the full performance of a contract and an ability to determine proper courses of action with respect to supply allocation after an incident.
Keywords: business continuity; shareholder derivative; force majeure; fiduciary duty; breach of contract; board of directors; cyber security; preparedness; supply allocation -
Assessing and complying with regulatory oversight on utility performance
Gregory Eddy, Jonathan Pease and Cassandra Johnston, National Grid, New York Emergency Planning, Electric, Gas, and Generation
This paper emphasises the importance of — and the complexity inherent in — the navigation of regulatory oversight and legal requirements in the area of electric utility performance. With a particular focus on utility companies in New York State, it discusses recent measures taken to adapt to the changing demands of regulatory compliance.
Keywords: regulatory compliance; emergency planning; emergency management; electrical utility infrastructure; legal requirements
Volume 17 Number 1
-
Editorial
Lyndon Bird, Editor -
Best practices in supplier relationship management and response when supply is disrupted by cyber attack : An incident response framework
Cyrus Green
This paper explores the growing dependency of organisations on suppliers and the importance of supplier relationship management (SRM) in achieving sustainable competitive advantage. It highlights the various reasons organisations engage with suppliers, including accessing specialised expertise, cost savings, flexibility, risk mitigation and improved quality. The paper emphasises the need for organisations to adopt best practices in SRM to enhance their resilience to disruptions, particularly those caused by cyber attacks. It introduces a threat assessment process for organisations to evaluate the potential impact of supplier disruptions and proposes strategies for improving resilience through collaboration with suppliers. The article also discusses the significance of data sharing between organisations and suppliers, outlining different channels and methods for secure data exchange. It addresses the risks associated with data sharing, such as breaches, intellectual property theft, compliance violations and loss of control. Additionally, the article examines the impacts of supplier disruptions on organisations and emphasises the importance of establishing clear guidelines and policies for data sharing. It concludes by presenting a threat assessment process for supplier disruptions due to cyber attacks, including identifying critical suppliers, conducting risk assessments, analysing findings, developing mitigation strategies, implementing strategies and conducting ongoing monitoring.
Keywords: supplier disruption; supplier relationship management; supplier resilience; extreme disruption; cyber attack -
How exercises help US communities meet the challenge of climate change: The FEMA National Exercise Division’s innovative exercise tools and resources
Nicole Nation, Catherine Welker, Jessica Stolz and Melissa French
The US Federal Emergency Management Agency (FEMA) National Exercise Division (NED) leads the nation in validating the capabilities of the whole community in support of the National Preparedness System. In response to the increased threat of climate change, the NED has developed new resources to help communities increase preparedness for severe weather and natural disasters in the long term. This paper provides an overview of two such resources to help communities identify and prepare for climate-related events: the Long-Term Community Resilience Exercise Resource Guide (ERG) and the Climate Adaptation Exercise Series (CAES). These resources help communities develop and conduct exercises to increase their climate literacy, develop climate adaptation and mitigation plans, and leverage data on future climate conditions to inform decision-making. Exercises provide an opportunity for communities to build resilience by discussing and better understanding climate change and to plan for, adapt to, and mitigate the associated risks and hazards. The ERG provides guidance, tools and resources, and the CAES provides a consistent framework that FEMA regions can tailor to address unique, region-specific climate concerns. The results collected from these exercises, in turn, identify strengths to leverage and areas to improve, informing plans of action for a path forward for the next 20, 30 and 50 years.
Keywords: adaptation; climate change; exercise; preparedness; resilience -
Assessing disaster recovery programme maturity : A practical approach
Kevin Finch
The process of measuring the overall maturity of a disaster recovery programme can be accomplished by measuring the maturity of the individual processes that make up the programme, and then looking at the results in aggregate. For each process, two aspects require particular attention: the maturity of the process itself, and the extent to which the process is utilised through the organisation as a whole. This paper discusses the process of measuring process maturity, and outlines a practical methodology for applying that process to the appraisal of disaster recovery programmes. It discusses the importance of looking at how widespread different disaster recovery processes are in the business, and outlines a practical approach to conducting programme appraisals.
Keywords: disaster recovery; maturity; assessment; metrics; measurement; programme improvement -
Active shooters: History, planning and action to ensure a proper fire and emergency medical service response
Randall W. Hanifen
Given the numerous active shooter and hostile events (ASHE) happening each year, it is important for fire and emergency medical service (EMS) agencies to share the lessons learned from such events. This paper discusses the elements needed for an effective fire and EMS response, beginning with the unified command/collaboration approach with law enforcement that allows for the proper management of such events. The article further defines the command and control elements, as well as the proper staffing and actions needed from fire and EMS to remove, triage, treat and transport victims effectively.
Keywords: active shooter; unified command; rescue taskforces; ASHE; mass casualty -
Lessons from Hurricane Ida: Addressing gaps in emergency preparedness planning to protect residents in independent living facilities
Jeanie Donovan and Meredith Mcinturff
This paper describes how Hurricane Ida exposed gaps in emergency preparedness planning and coordination in New Orleans, particularly related to the health and safety of the residents of multi-storey independent living facilities designated for seniors and persons with disabilities, where at least ten lives were lost due to the power outages and extreme heat that occurred following the storm. As this paper discusses, New Orleans Health Department leaders responded by taking swift policy action, working with the mayor, city council and community stakeholders to ensure better coordination, preparation and accountability for owners and operators of certain independent living facilities. The article recommends that states and localities with individuals living in independent living facilities should consider similar policy interventions as part of their disaster cycle planning activities.
Keywords: emergency preparedness; public health; independent living facilities; access and functional needs -
Using enterprise risk management to strengthen organisational resiliency : One institution’s story
Melanie J. Lucht, Associate Vice President for Enterprise Risk Management and Chief Risk Officer at Carnegie Mellon University
This paper discusses how Carnegie Mellon University launched a cyclical enterprise risk management framework that incorporates both emergency preparedness and response and business continuity into its purview, to deliver greater organisational resiliency. The paper goes on to describe the governance structure that defines roles and responsibilities throughout the organisation, before discussing how faculty, staff and students are engaged and educated to sense risks, and to collaborate with leadership at all levels in prioritising risks for deep-dive assessments and employing feedback loops to support continuous process improvement. As the paper will show, these cyclical practices support organisational resiliency and a greater sense of risk consciousness.
Keywords: enterprise risk management; organisational resiliency; business continuity planning; business impact analysis; three lines of defence; feedback loops; risk consciousness; risk sensing; risk assessment; risk prioritisation; risk profiles -
Building community resiliency and trust: A framework
Dave Brand
This paper outlines the context of emergency management in Canada and identifies some of the key factors that have contributed to public emergency preparedness initiatives reaching a saturation point. Readers will gain insight and actionable suggestions from the proposed Community Resiliency Framework. Readers will learn how emergency management agencies can engage and collaborate authentically with communities and leverage existing preparedness initiatives with new methodologies to increase community resiliency.
Keywords: community; resiliency; trust; engagement; collaboration; empowerment -
Fuel planning for beginners
Elizabeth ‘Eli’ King and Johanna Hanson
As rapid inflation, continuing supply chain disruptions and the war in Ukraine impact petroleum prices worldwide, fuel supply disruptions have become an increasing concern. This paper describes Washington State’s geographical, political and organisational context as it influences fuel disruption planning, as well as the history and philosophy of Washington’s fuel-planning programme. Finally, the paper discusses planning best practices and gives some examples of their real-world use.
Keywords: fuel; disruption; emergency; planning