recentpopularlog in

jerryking : business-continuity   5

Tornado-Ravaged Hospital Took Storm-Smart Approach During Rebuild - Risk & Compliance Journal.
Aug 30, 2017 | WSJ | By Ben DiPietro.

...................“Preparation for what these events can be–and belief they can actually happen–is important so you make sure you are preparing for them,” ....trying to undertake whatever is your organizational mission in the midst of a tornado or other devastating event is much harder, given the high emotions and stress that manifests itself at such moments.

“Understand the possibilities and pre-planning will make that go a lot better,”

As Hurricane Harvey has shown, extreme weather events can devastate a region’s infrastructure. Hospital operator Mercy had its own experience of this in 2011 when a tornado ripped through Joplin, Mo., killing 161 people and destroying its hospital.

Hospital operator Mercy took the lessons it learned from that tornado experience and incorporated them into the design of the new hospital–and also changed the way it plans and prepares for disasters. The new facility reflects a careful risk assessment, as Mercy took into account not only the physical risk of tornadoes but the risks to power supplies and medical supplies.

“We always prepare, always have drills for emergencies, but you never quite can prepare for losing an entire campus,” ....“Now we are preparing for that…it definitely changed the way we look at emergency management.”

** Protecting What Matters Most **
Mercy took the lessons it learned from that devastating weather event and applied them when it was time to build its latest hospital, which was constructed in a way to better withstand tornadoes while providing more secure systems infrastructure and adding backup systems to ensure operations continued unimpeded, ......Even the way medical supplies were stored was changed; instead of storing supplies in the basement, where they were inaccessible in the immediate aftermath of the tornado, they now are kept on each floor so staff don’t need to go hunting around for things they need during an emergency.....“The first priority is to save lives, the second is to minimize damage to the facility,”

** Focus on the Worst **
many companies worry about low-severity, high-frequency events–those things that happen a lot. They instead need to focus more on high-severity events that can cause a company to impair its resilience. “....identify and work on a worst-case scenario and make sure it is understood and the company is financially prepared for it,”

work with its key vendors and suppliers to know what each will do in the face of a disaster or unexpected disruption. “...large companies [should] know their key vendors prior to any major incidents,” ...“Vendors become partners at that time and you need to know people will do what you need them to do.”

A company needs to assess what is most important to its operations, map who their vendors are in those areas and engage them in various loss scenarios .... It should review its insurance policy language against possible weather events, identify any gaps and either revise policies to fill those holes or to at least make sure executives understand what the risks are of leaving those gaps unattended.
See also :
What to Do Before Disaster Strikes - ☑
September 27, 2005 | WSJ | By GEORGE ANDERS.
start by cataloging what could go wrong. GM, for example, has created "vulnerability maps" that identify more than 100 hazards, ranging from wind damage to embezzlement. Such maps make it easier for managers to focus on areas of greatest risk or gravest peril.
low_probability  disasters  Hurricane_Harvey  extreme_weather_events  hospitals  tornadoes  design  rebuilding  preparation  emergencies  lessons_learned  worst-case  natural_calamities  anticipating  insurance  vulnerabilities  large_companies  redundancies  business-continuity  thinking_tragically  high-risk  risk-management  isolation  compounded  network_risk  black_swan  beforemath  frequency_and_severity  resilience  improbables  George_Anders  hazards  disaster_preparedness  what_really_matters 
september 2017 by jerryking
Cyber Heroes | Ivey Alumni | Ivey Business School
Craig believes that businesses and individuals, even countries, must accept that we live in an “era of compromise.” “You have to understand that somebody already has your sensitive data, likely a former employee,” he says. “Have you rehearsed roles for when that becomes public? Does the CEO know what she needs to say? Does the IT team know what they need to do? Being prepared with an appropriate response to data loss is a leading practice that helps maintain, or even build, an organization’s reputation.”
alumni  business-continuity  CEOs  contingency_planning  cyber_security  data_breaches  insurance  Ivey  rehearsals  risks  vulnerabilities 
march 2017 by jerryking
Bloomberg Outlines $20 Billion Storm Protection Plan -
Published: June 11, 2013
Mayor Michael R. Bloomberg outlined a far-reaching plan on Tuesday to protect New York from the threat of rising sea levels and powerful storm surges by building an extensive network of flood walls, levees and bulkheads to guard much of the city’s 520 miles of coastline.
The cost of fortifying critical infrastructure like the power grid, retrofitting older buildings to withstand powerful storms, and defending the coastline was estimated to be $20 billion, according to a 430-page report outlining the proposals.
New_York_City  Michael_Bloomberg  floods  climate_change  power_grid  infrastructure  vulnerabilities  business-continuity  sea-level_rise 
june 2013 by jerryking
Business continuity: Making it through the storm
Nov 10th 2012 | The Economist |Anonymous.

Hurricane Sandy was another test of how well businesses can keep going when disaster strikes...GOLDMAN SACHS’S latest shrewd investment was in sandbags and back-up electricity generators. As Hurricane Sandy approached New York, the bags were stacked around its headquarters. It was one of the few offices in downtown Manhattan to remain dry and well-illuminated as “Frankenstorm” battered the city.

Meanwhile, a block farther down West Street, the headquarters of Verizon were awash with salty flood water, soaking cables delivering phone and internet services to millions of customers. The firm was able to reroute much of the traffic through other parts of its network, but local service was disrupted....Sandy is the latest catastrophic event to test the readiness of the world’s leading firms to cope with disaster. Most firms have improved “business continuity” preparations over the years. The Y2K scare at the turn of the century moved IT risk high up the list of worries. The attacks of September 11th 2001 warned firms of the danger of putting all their computers (and staff) in the same place (jk: concentration risk; SPOF)....“Firms are increasingly reliant on networks, but often fail to understand the risks that networks bring,” says Don Tapscott, a management guru. Global supply chains, just-in-time and shifting to the “cloud” tend to bind once unrelated activities ever closer together, making them more prone to failing at the same time. The current fad for moving data to the “cloud” may appear to reduce risk because there is so much spare capacity in the web. Yet some firms offering cloud services have more concentrated operations than (jk: concentration risk).

Firms are starting to recognise their vulnerability to cyber-attack, but few have much idea what they would do if it happened. Mr Tapscott thinks boards should have a committee explicitly focused on understanding IT and network risks and ensuring they are properly managed....Dutch Leonard, a risk expert at Harvard Business School, says that the best-prepared firms use a combination of planning for specific events and planning to cope with specific consequences, such as a loss of a building or supplier, regardless of the cause. He also recommends copying an approach used by the armed forces: using a group of insiders to figure out how the firm could be brought down [ jk: white hats]....Firms should make lobbying government to invest heavily in upgrading that infrastructure a core part of their risk-management strategy, argues Irwin Redlener of the National Centre for Disaster Preparedness at Columbia University.

Goldman Sachs has long been a leader in disaster planning because it understands that the situations in which it might not be able to function are exactly the sort of events when very large changes in the value of its investments could occur, says Mr Leonard. Yet too many firms underinvest in planning for disaster because they don’t think it will pay, at least within the short-term timeline by which many now operate, reckons Yossi Sheffi of MIT.
beforemath  boards_&_directors_&_governance  business-continuity  catastrophes  compounded  concentration_risk  crisis  cyberattacks  cyber_security  disasters  disaster_preparedness  Don_Tapscott  Goldman_Sachs  Hurricane_Sandy  isolation  natural_calamities  networks  network_risk  New_York_City  optimism_bias  preparation  readiness  red_teams  resilience  risks  risk-management  short-term  SPOF  step_change  supply_chains  surprises  underinvestments  valuations  vulnerabilities  white_hats 
november 2012 by jerryking
What to Do Before Disaster Strikes -
September 27, 2005 | WSJ | By GEORGE ANDERS.

What's missing is a systematic way of approaching corporate self-defense. Each potential calamity is treated in isolation....Sheffi believes that companies need to start by cataloging what could go wrong. General Motors Corp., for example, has created "vulnerability maps" that identify more than 100 hazards, ranging from wind damage to embezzlement. Such maps make it easier for managers to focus on areas of greatest risk or gravest peril. He implies that normal budgeting -- which matches the cost of doing something against the risk-adjusted cost of doing nothing -- can determine which battles against vulnerability are worth fighting....Mr. Sheffi nods approvingly at some ingenious ways to mobilize for trouble before it arrives. Federal Express Corp., he says, puts two empty planes in the air each night, just so they can swoop into any airport with a grounded plane and take over delivery services as fast as possible. Wall Street firms have recently added similar redundancy with multiple data centers, so that a New York City crisis won't imperil their record-keeping.

Intel Corp. (post-Heathrow) gets a thumbs-up, too, for finding a sly way of outwitting airport thieves. It couldn't control every aspect of security in transit -- but it could change its box design. Rather than boast about "Intel inside," the company switched to drab, unmarked packaging that gave no hint of $6 million cargoes. The name for this approach: "Security through obscurity." (jk: security consciousness)
disaster_preparedness  risk-management  book_reviews  mapping  security_&_intelligence  redundancies  vulnerabilities  rate-limiting_steps  business-continuity  thinking_tragically  obscurity  cost_of_inaction  base_rates  isolated  GM  Fedex  Intel  risk-adjusted  self-defense  Wall_Street  high-risk  budgeting  disasters  beforemath  risks  George_Anders  catastrophes  natural_calamities  systematic_approaches  security_consciousness  record-keeping  hazards 
may 2012 by jerryking

Copy this bookmark:

to read