Social Media: to Tweet or not to Tweet!?
April 29, 2011
Written by Grant Davis, Lead Consultant, Business Continuity
In a time where society demands instant access to information, the traditional means for organisations to communicate with clients and stakeholders via email or snail mail is no longer sufficient. It’s not enough to communicate urgent information via a media release, which you hope will be picked up on radio or in print media. Gone are the days when it was acceptable for organisations to inform clients of an incident via tomorrow’s papers. Society now requires permanent, continual access to information. We need to be informed in ‘real time’. We don’t like being ‘out of the loop’. A daily flick through the Sydney Morning Herald, to read yesterday’s news is way behind the eight-ball.
In an era where internet-ready devices appear permanently attached to ones palm, social media sites like Facebook and Twitter are now the go-to places for information and conversation. Few people, especially among generation X and Y, do not have a Facebook account. In fact, over half a billion people around the world now admit to accessing Facebook almost daily. The 150 million Twitter uses around the world are also growing at a rate of more than 370,000 per day! And the number of organisations and businesses now actively participating in social media is rapidly increasing.
Numerous organisations around the world are now using social media sites like Facebook and Twitter for marketing and advertising purposes. Some organisations are even dedicating entire teams to it. Now it’s almost hard to NOT find and follow your favourite brand on Facebook or Twitter. In fact, my latest friend on Facebook also happens to be the same retail outlet I bought my last pair of jeans! But companies advertising on social media, or proactively participating in social media for marketing purposes is not new. What is new, however, is the apparent advantages (or disadvantages) of organisations by participating or not participating in social media. If managed properly, social media can be a very quick and effective tool for organisations to communicate very important information and messages. Instant communication to your network of stakeholders is only a Tweet away!
Recent events from around the world have shown how sites like Facebook and Twitter are widely used in times of crisis. Think of the first thing you heard about the Christchurch earthquake or the first images of the Japanese tsunami. Chances are that information or visuals were sourced directly from Twitter users who ‘posted’ their experiences within minutes of it happening.
Following the recent Christchurch earthquake, some Twitter users posted information about the event and pictures of the devastation within four minutes of the tremors. Eight minutes later, media outlets published their first stories. Such is the pace and accessibility to real-time information.
So how do organisations best utilise this pace and accessibility? Many organisations around the world are using social media during crisis events to great effect. When incidents like an earthquake or tsunami occur, more often than not telecommunications and power is cut. Traditional communication via landline or email may not be possible. Most people, however, seem to retain the use of their mobile phones, and even though some networks may be down, ‘Tweeting’ your experiences or ‘updating’ your status always seems possible.
It might be a little early to comment on how different organisations used social media during recent natural disasters, however looking a little further back, most would remember the Icelandic volcano early last year, which caused an massive ash cloud and led to the biggest European air travel disruption since World War II.
Huge quantities of ash and rock spewed into the skies above most of Europe. It was even reported to have reached as far away as the Middle East. This forced the closure of almost all the airspace and airports across Europe.
Two similar organisations whose customers and operations were directly affected by the crisis were airlines KLM and Air France. These organisations perfectly represent the example of how TO and how NOT TO use social media in times of crisis.
Case A)
KLM
In the lead up to and during the European ‘Ash Cloud Crisis’, KLM worked tirelessly to ensure their social media monitoring and management activities were up to date. In fact, KLM dedicated an entire PR and communications team to work a 24/7 roster to constantly maintain their official Facebook and Twitter sites. They provided regular updates on travel activities and restrictions and spoke with concerned customers using social media. KLM actively participated in blogs created by others and didn’t delete any negative comments. They were dedicated to providing a constant stream of information.
During and following the ‘Ash Cloud Crisis’ the net effect to KLM from all this activity was obvious. Almost no negative press or damaging social media activity regarding KLM was recorded, customers were relatively happy and informed and there was little to no brand or reputational damage. KLM came out of the crisis with a glossy, professional appearance that set the organisation up to retain loyal customers and increase their market share.
On the other hand……..
Case B)
Air France
Air France took a very different social media approach during the ‘Ash Cloud Crisis’. The official Facebook and Twitter accounts of Air France across Europe were barely updated during the crisis. Both platforms registered almost no activity in the six months leading up to the crisis. In fact, during the crisis the only official activity from Air France on their sites were from individuals within the organisation without direct responsibility for managing the sites who were tasked with deleting any negative comments posted by users – the biggest no-no in social media management. Today if customers cannot communicate with organisations via the phone or their website, they will typically head online and investigate social media sites like Twitter and Facebook for an update of what’s going on. If these ‘official’ sites have had no updates or communication offered to their ‘friends/followers’ people begin to feel they are not being given the information they require, especially when it comes to things like travel arrangements. In Air France’s case, no updates were posted on any of their official sites, leaving customers with no information.
Obviously this did not bode well for Air France. Uninformed customers are not happy customers, especially during uncertain times. Needless to say, Air France received some very negative and damaging publicity – the exact thing executives were obviously trying to avoid by not posting comments or updates on social media sites. Hundreds of social media users reported changing their flight plans with Air France, many of which moved to the very accommodating KLM! “Never flying Air France again” was not an uncommon status update following the disruption. Air France has now reported a decrease in market share and revenue following the crisis, while other similar organisations (KLM for example) have reported no significant losses or changes to revenue predictions.
Given the amount of attention paid to social media, not just day-to-day, but during a crisis, it makes sense for organisations to actively participate. But organisations must have clear parameters and policies in place.
Clearly there are risks that the ‘publically displayed’ information on these sites can be damaging. One well-worded negative Tweet can have huge reputational impacts. Whether it’s a negative comment posted by a disgruntled customer, or a misguided/unendorsed posting by an oblivious employee, there are reputation risks. However, it is much better to be in a position to participate and respond to negativity posted on the web, rather than have it blindly snowballing behind your back. Organisations who decide to proactively participate in the use of social media for marketing or crisis communication purposes should first ensure boundaries.
That is:
- A policy should be developed that is endorsed by the Board and educated to staff to highlight the organisation-wide ‘Do’s and Don’ts’ of social media participation.
- Involvement should be restricted to a dedicated person or team.
- Those involved should be given the appropriate training in media communications and public relations.
- Any statements, Tweets, status updates, blogs etc should be approved at the appropriate level before release.
- Organisations should respond to, and most importantly, not delete any negative comments posted by users.
- Organisations should increase/expand their participation in social media monitoring and communication during times of crisis.
- Organisations that do decide to utilise social media should do so with the same amount of precaution they would dedicate to any external communication. Consideration should be given to incorporating social media participation and communication into the organisations operational risk management activities.
- Organisations should consider social media when developing and reviewing plans for crisis communication. Business Continuity plans should provide clear instructions and strategies for the use of sites like Facebook and Twitter. Although they may not be the primary means of communication, they can be a very effective secondary source of communication to an organisations networks and stakeholders.
Many organisations around the world have made the strategic decision to endorse social media primarily for marketing and promotional opportunities, and increasingly as an additional means to communicate to their networks. Given a recent report that suggested the current number one fear of C level executives is brand and reputational damage from negative social media publicity, it is imperative that its use is supported by a set of clear and internally promoted policies – all of which have been endorsed at Board level.
Like any business activity, if effectively managed, social media can be a huge opportunity for any organisation. Tread carefully and the rewards can be great.
Changes to Emergency Management Training
April 29, 2011
Written by Kara Smith, Lead Consultant, Emergency Management
The January 2011 issue of Risk eNewsletter included an article on the key changes to the Australian Standard 3745, “Planning for Emergencies in Facilities”, and the impact this might have on your organisation. Greater emphasis is placed on emergency management training as a result of these changes. During an emergency, the smooth operation of the emergency guidelines outlined in AS 3745-2010 is only achieved if all wardens and other occupants know what is expected of them. Therefore it is necessary to educate, train and develop periodic exercises to test the organisation on the procedures and evaluate staff responses.
The new standard details the training requirements for all persons involved in the emergency management program, as well as facility occupants. According to the new Standard, training is required:
- For at least one member of the Emergency Planning Committee (EPC), to enable the EPC to competently execute their obligations
- For the Emergency Control Organisation (ECO)
- For facility occupants
Emergency planning committee (EPC)
The EPC usually consists of members from the OHS Committee, which are responsible for overseeing on an on-going basis:
- The effectiveness and accuracy of the Emergency Management Plan
- The procedures and relevant emergency documentation
- The appointment of any available personnel to coordinate an emergency response in the first instance
- Staff training in emergency preparedness
Members of the EPC are required to undergo training to ensure they can competently execute their obligations. Specialised EPC training includes the following:
- Developing, managing and maintaining an emergency plan
- The duties of the EPC and ECO
- The duties of the Emergency Response Team (if applicable)
- The conduct of site-specific emergency identification and analysis
- Establishing and managing an ECO
- The management of appropriate documentation
- The management and development of assessment activities
- The development and implementation of training activities including emergency exercise management
- Emergency mitigation, emergency preparedness and emergency prevention
- The installed fire safety systems (e.g. sprinkler systems, fire doors, emergency communications)
- Liaison with Emergency Services
Emergency control organisation (ECO)
The ECO must give top priority to the safety of all occupants and visitors of the facility during an emergency. ECO members require specialised training to develop the skills and knowledge necessary to undertake the duties set out in the emergency response procedures.
This training addresses the:
- Duties of the ECO
- Procedures for the specific emergencies
- Responding to alarms and reports of emergencies
- Reporting emergencies and initiating the installed emergency warning equipment
- Communication during emergencies
- Pre-emergency, emergency and post-emergency activities
- Occupants and visitors with disabilities
- Human behaviour during emergencies
- The use of installed emergency response equipment (e.g. WIP phones)
- The performance of the building and its installations during a fire or other emergency (e.g. fire doors, emergency lights)
- Chief wardens, deputy chief wardens & communications officers
In addition to the general training for all ECO members, those appointed Chief Warden, Deputy Chief Warden and Communications Officer must undergo additional training due to the inherent nature and responsibilities of these roles. This training focuses on:
- Their roles and responsibilities
- Duties of the EPC
- Decision-making, command and control
- Record keeping
- Actions for the specific emergencies
- Coordination of communication(s) during emergencies, including use of any installed specialised communications equipment
- Liaison with Emergency Services
- Coordination of evacuation activities
- Implementation of post-emergency activities
First-attack firefighting
First-attack Firefighting is designed to train personnel to control small, uncomplicated fires using a fire extinguisher, hose-reel or a fire blanket. Where first-attack firefighting by specific occupants is included in the emergency procedures, these occupants shall be trained to enable them to competently execute their duties.
The training for first-attack firefighting shall address the following:
- The duties of the ECO, and ERT, where it exists
- Preparing for site-specific fires
- Reporting fires
- Evacuating from endangered areas
- Identifying, reporting and correcting unsafe conditions
- Responding to fire emergencies
- Identifying the classes of fire
- Selecting the correct first-attack equipment
- Safe operating procedures for first-attack equipment
- Determining if it is safe and appropriate to use first-attack equipment
- Procedures to be followed after first-attack equipment has been used
- Post evacuation activities
Skill retention training should be conducted no more than 6 months apart to ensure the ECO can competently execute their duties. While the concept and frequency is not new, the training content and adequacy requirements are greatly expanded. In addition to the delivery of training for the ECO, it is important to incorporate exercises and assessments to allow participants to apply their knowledge and skills in practice.
Emergency response exercises
Section 7 of AS 3745-2010 expands on Clause 3.5 of AS 3745-2002, including new wording that permits exercises to be conducted that are relevant to emergencies on the site. The clause also details the roles of observers and the need to keep a record the actions taken.
The concept of an emergency happening during an emergency response exercise is mentioned within the revised standard. The tragic situation where a real emergency is not treated properly when it occurs during an exercise can be avoided by using a code word. The standard suggests ‘No duff’ as the code word.
Occupants and visitors
All occupants working at a facility must be trained to ensure they act in accordance with the emergency response procedures, including:
- Occupant responsibilities within the facility emergency response procedures.
- The types of emergencies contained in the emergency plan.
- How to report emergencies including activation of alarm systems, if installed.
- Recognising and reporting unsafe conditions, and correcting unsafe conditions when appropriate.
- The authorities, roles, responsibilities and identification of ECO members.
- Reacting safely to emergencies and alarms.
- Evacuation procedures.
- The location of internal and external staging and assembly areas, as contained in the emergency plan.
- The location of egress routes.
- Post-emergency protocols.
- Procedures for specific emergencies.
Visitors at the facility should be provided with appropriate information on the emergency response procedures, as determined by the EPC.
What does this mean for organisations?
These changes mean that to comply with the latest best practice guidelines, building owners / managers /employers will need to:
- Establish the EPC & ECO
- Develop an Emergency Response Plan (ERP), or update their ERP with all the new requirements
- Train the EPC and have them agree to details recommended for the Emergency Plan such as schedules of training, emergency response procedures, scope and validity period of the document, recruitment and maintenance of the ECO
- Ensure the ECO training content is aligned with the requirement of the new standard.
- Ensure the program of emergency response exercises is appropriate.
Once enacted, building owners, managers, employers, employees and visitors will have a better understanding of what to do if an emergency situation occurs.
‘Black Swans’ and your Supply Chain
April 29, 2011
Written by RiskLogic’s Business Continuity Team
In today’s globalised world, the supply chain of national and international companies is more complex than ever. Ultimately the goal of an efficient supply chain network is to reduce inventory and receive the best inputs at the lowest costs. While companies have a wide selection of suppliers from all over the world to choose from, organisations have never been more dependent on products, information and finances provided from external parties. This dependency exposes the company’s bottom line to an extra layer of risk.
The financial impact of the global financial crisis and the multitude of recent natural disasters highlight just how unpredictable the availability of supplies can be. Experts in the field of Risk Management will have heard of the so called ‘Black Swan’ * events which are rare but can have a devastating impact on your business.
Few would have predicted that a major earthquake and a tsunami would hit Japan within a few hours in March this year – a prevalent example of a ‘Black Swan’ event. Japan’s 8.9 magnitude quake and tsunami caused widespread damage and closed down key ports across the country. While some airports shut in the immediate aftermath have reopened, transport and manufacturing infrastructure has been significantly damaged, affecting the production and distribution of many of the world’s products. Supply chain issues continue to worsen as companies are forced to reduce operations within, and outside of, Japan, with factories and manufacturing plants either closed for business or operating at significantly reduced capacity. As reported in the media, the impacts on production and distribution outlets outside of Japan, for companies such as Fuji, Honda and Toyota have been significant. With electronic goods and motor vehicle production outputs reduced by up to 60% from Japan, distributors around the world are experiencing major shortages of supplies and products as a result. This has a major flow on effect to the viability of distribution outlets around the world, with organisations experiencing loss of customers, loss of market share and significant financial and reputational challenges.
Planning for supply chain disruptions
Generally, a supply chain is a network of organisations, people, technology, information and resources that contribute to the creation of a particular product or service from a supplier to a customer. If this network is disrupted, a company can face a variety of strategic, reputational and operational impacts, which threaten the long-term viability of the organisation. This is where Risk Management and particularly Business Continuity Management are crucial.
Supply Chain Risk Management involves, according to David Honour, editor of Continuity Central, ‘mapping the entire supply chain and its dependencies, identifying, assessing and understanding the various threats and risks, identifying single points of failure’ and subsequently, developing and implementing strategies to mitigate these issues. The aim is to limit the impact to a business if a disruption to the supply chain occurs. It is a continual process where awareness and oversight controls, including the incorporation of Risk Management standards in the supplier contract, are of fundamental importance.
Accordingly, when drafting supply chain business continuity strategies, considering all internal and external links in the supply chain is of fundamental importance. As is assessing those products (and hence supplies) that are critical to retaining market share as well as revenue. Understanding both supply vulnerabilities and production priorities will enable the development of appropriate continuity strategies. Planning for continuity ultimately involves working collaboratively with suppliers and other key business partners. Below are just a few considerations when developing supply chain business continuity strategies;
- Diversification of transportation systems. Businesses should consider the utilisation of multiple carriers and forms of supply and distribution. Transport infrastructure is often the first to be impacted in a major disruption.
- Development of reciprocal agreements for storage space. Warehousing of inventory can be a logistical nightmare for organisations when facilities are inaccessible. Shared agreements, established prior to a disruption, with suppliers, transport providers, customers or competitors can assist.
- Relocation of production. Organisations with multiple facilities may be able to relocate production to other sites to ensure continued supply. However, capacity levels must be carefully considered and other product lines may need to be scaled down to accommodate the increase at the alternate facility. Additional production costs, transport costs and lead times will also need to be considered.
- Sourcing alternate or substitute products or components. This is not always feasible if specialised components are required or limited suppliers exist, but in many cases a review of critical products/components and alternative supplier options will make a significant difference in your ability to continue production should your main source of supply be unavailable. Lead times are often critical, so establishing pre-existing relationships are recommended prior to a disruption.
- Building redundancy for your ERP/inventory management systems. Ensuring access to critical software tools is essential no matter how small or large the disruption. Availability of redundant IT infrastructure, on and offsite data backup and access to databases within business critical timeframes is essential. When the appropriate level of IT redundancy is not available, organisations must consider alternative or manual process workarounds to ensure business continues.
- Interruption Insurance. Ensuring the organisation is covered for loss of revenue in the event of a disruption provides a high level of comfort to internal stakeholders. Whilst this does not directly manage the other damaging consequences of a disruption, it does enable an organisation to focus on the strategic response to the disruption without significant short term financial concerns.
- Staff management and succession plans. Despite the use of technology, businesses heavily rely on suitably qualified staff to manage all aspects of operations. A significantly traumatic event or disruption can render critical staff unavailable for long periods of time. Ensuring critical roles have been identified and suitable back-up personnel or resources are available is imperative to ensure continued operations. This could include multi-skilling existing staff, use of offsite resources in another location and outsourcing roles, to name a few. On the other hand, not all roles may be critical in the first few days of a significant disruption. It is just as important to know who to send home and who to keep on.
- Review of supplier business continuity preparations. Asking to review or receive evidence of a supplier’s business continuity plan will provide a higher degree of confidence that supply will or won’t continue in a disruption. Often as not this will also act as a strong motivator for suppliers to further enhance their preparations. Many large organisations are now insisting on a minimum level of business continuity planning before they will enter into a commercial relationship with potential suppliers.
On the whole, business continuity requires planning for alternatives in every aspect of the supply chain including backups for key staff, IT disaster recovery and critical suppliers. Business continuity demands innovative problem solving and a thorough analysis of all the components of a supply chain. A silo approach should be avoided at all cost.
When a disruption occurs an effective Business Continuity Plan will protect an organisation and its stakeholders, minimising downtime and preventing significant reputational, operational, legal and financial costs. While the plan should cover a wide range of contingencies, the problem lies in unforeseen disruptions – plans are often based on past experiences. Few predicted the ‘Black Swan’ events of the terrorist attacks in 2001 and the 2004 Boxing Day Tsunami. Therefore, it is important to collaborate with industry experts, internal stakeholders and supply partners to share knowledge and experiences so you can create a robust Supply Chain Business Continuity Program.
How resilient is your Supply Chain? Inevitably, the risk grows as our world constantly changes and becomes more complex. While businesses become more interconnected the risk of supply chain failure rises. ‘Black Swans’ occur more frequent than we think. Therefore, an active and successful Supply Chain Risk Management and Business Continuity program is no longer a nice to have, but a commercial necessity.
*The ‘Black Swan’ Theory was developed by Nassin Nicholas Taleb and refers to unexpected events of large magnitude and consequence
2012: The End of The World? Probably Not… A look at Solar Flares
April 29, 2011
Written by Alistair Thom, Lead Consultant, Incident Management
The ancient Mayan calendar has been incorrectly interpreted as foreshadowing the end of the world sometime next year. Hollywood has capitalised on this theory but it has largely been dismissed.
But before it’s dismissed entirely, there is a small element of truth to the theory. The earth could be hit with a catastrophic event sometime in the future and the culprit is our sun and its solar flares.
Solar flares occur when a burst of magnetic energy is released from the surface of the sun. Coronal mass ejections or CME’s, on the other hand, are large-scale eruptions of plasma and magnetic energy from the sun.
The occurrence and behaviour of CME’s is less understood than solar flares. For a CME to have the greatest affect on Earth, it has to occur near the centre of the sun on a trajectory towards Earth, be fast and massive with a large amount of kinetic energy and have a strong magnetic field whose polarity is opposite to that of Earth’s. That’s a lot of factors.
Solar flares, CME’s and plasma might sound like something from a science fiction film but these galactic events can have a major impact on the Earth’s weather and directly affect technology, such as the internet and mobile phones, which every business relies on.
Both solar flares and CME’s fall into the category of “space weather”. The Earth’s proximity to the sun means its space weather is dominated by the sun.
Like the Earth, the sun’s currents crisscross its surface, only rather than consisting of water of different temperatures, these currents consist of varying magnetic energy caused by superheated and super charged gases.
Over the course of 40 to 50 years these currents have accelerated and magnetic activity is predicted to increase.
The largest solar flares/CME’s from our sun are estimated to have the energy of 100 million atomic blasts but, given our distance from the sun and the natural dispersal outwards of energy, life on earth is quite safe. At least for the next few billion years or so.
Additionally, scientists tell us that there is no evidence that any of the mass extinction events that have occurred on Earth were due to solar activity.
While we might be safe, millions of atomic blasts going off at the same time and then heading our way can still cause us some problems mainly through magnetic storms.
Magnetic storms affect the Earth in a number of ways. The most spectacular is when the magnetic energy form the sun collides with our defence shield, Earths’ own magnetosphere. This causes intense activity, especially in our polar regions and creates the Aurora Borealis and Aurora Australis, otherwise known as the Northern and Southern Lights respectively. During the Carrington Event – the largest CME event ever recorded, named after the witnessing astronomer – the auroras where seen all the way to the tropics.
Abnormal electrical currents, caused by the activity of the magnetic fields, can also affect the Earth. The Carrington Event caused numerous nonsensical messages arrived at telegraph stations around the globe. It was also reported that not only were some wireless operators able to operate their equipment with out having to generate their own power, some were even electrocuted by the strength of the magnetically induced currents.
How badly can these magnetic storms impact your business? The answer to this depends on a number of things.
Firstly, there is no model available to predict the volume of solar flares and CME’s with any accuracy other than to say there are going to be more of them with greater energy in the next two to three years than there has been in recent history.
With that in mind, it’s important to understand what the effects are. Magnetic storms can cause a spike in radio noise (or activity), which can interrupt communication on those wavelengths.
This can result in a complete radio blackout of various wavelengths. In 2005, numerous flights had to be diverted from polar flight paths due to the interference caused by a solar flare, which resulted in increased fuel consumption and delayed arrivals.
As briefly mentioned above, the other significant effect is the production of magnetically induced electrical currents. The first to feel these effects are satellites in space, which can have their functionality disrupted.
It’s hard to define how much functionality would be lost and the duration of this loss but common consensus suggests there would be substantial functionality loss (if not total) across the majority of exposed satellites. This could last for the duration of the event and would interrupt services such as mobile phones, GPS, television etc.
Two telecommunication satellites were affected by a solar storm in 1994. One recovered in a matter of hours while the other took over six months and more than $50 million to be rehabilitated. In 2003, a GPS system used by the US’ Federal Aviation Authority was disabled for 30 hours, resulting in a major disruption to air traffic.
Closer to home, magnetically induced currents are going to affect all our electronics at home or in the office, unless they are fully switched off (and not just in hibernation mode). This means your computer, your mobile, your landline, your TV, your fridge etc could all be disabled temporarily or even permanently.
On a slightly larger scale, the power grids that criss-cross the globe are highly susceptible to these currents. The longer the power line – the greater the risk. These power lines are likely to conduct the magnetically induced current to their transformers where the current can melt a crucial component made of copper, bringing the grid down and causing wide spread blackouts.
This occurred in Quebec’s hydro-electric grid in 1989 where it shut down completely in a matter of minutes of the event occurring and took 9 hours to be brought back on line. Obviously there are severe implications if the power grid was to shut down completely, not just in terms of business functionality, but from a society point of view. Without power; petrol pumps can’t function, trains can’t run and traffic lights won’t work.
Imagine potentially dealing with a scenario with no landlines or mobile phones working! If you track the power supply far enough down the line you can get to a point where your toilet won’t work due to a loss of pressure as the pumping stations lose power at one end and water is incrementally used at the other end.
The worst case scenario is the impact of a large solar flare/CME could disable our electrical systems and their power supply with obviously severe implications. So what can we do?
The first thing to do is to monitor this website, http://www.swpc.noaa.gov/. This is the website of the US National Weather Service’s Space Weather Prediction Centre. This website continually feeds information from satellites monitoring the sun and is likely to be the source of the earliest warning available. It is already used by many airlines to divert their airplanes away from affected areas should a solar flare occur.
Once you have advance warning, the most current advice for those of us in the “impact zone” is to initiate a pre-emptive and preventative electrical shutdown. By ensuring servers, computers and phones are powered down during the event it protects them so that they can be used as soon as the power supply is restored. This might seem a little over the top but a five hour shut down compared to the total loss of your computers and servers, along with all your data back-ups appears to be a price most would pay.
However, even if we do a pre-emptive shutdown and protect our systems, you can still be affected by those devices that were unable to achieve either a full or even partial shutdown. This might result in your supply chain, income stream or our delivery mechanisms being disrupted among many other possibilities with obvious threats to the sustainability of your business.
We need to minimise the impact on your business for the potential outcomes of a large solar flare/CME event ranging from the short term effects of a widespread planned shutdown to the longer term effects from an incomplete or ineffective shut down. To minimise these impacts, you should consider business continuity strategies.
This should involve the development of a Business Impact Analysis (BIA). A BIA looks at all the critical elements that make up a business and looks at the dependencies those criticalities have. Once this has been done, a Threat Assessment is conducted against these critical functions to see how susceptible to disruption or failure they are and what the effect of their collapse would be on the business.
Once our critical business elements have been identified and analysed, the next step is to develop contingency plans to enhance the recovery of the functionalities should they fail.
These may include alternate processes or workarounds to lessen the dependency on IT and communications infrastructure should they fail, and alternative communication strategies to ensure appropriate management of stakeholder expectations. Suffice to say, this will be no easy task given today’s reliance on technology.
There are two time frames that should be considered when developing contingency plans.
The first time frame is the Recovery Time Objective (RTO). An RTO is a measure of time for how long you would take to recover that particular functionality in ideal circumstances and this is the time frame that should be aimed at when developing contingency plans.
The second time frame is the Maximum Tolerable Outage (MTO). An MTO is the maximum time your business can survive with the loss of functionality without severe consequences and is the measure of when that functionality has to be back on-line. While all this may seem like an onerous task, you can imagine how successful trying to develop contingency plans could be after the power has been cut off when the computers and server don’t work and your mobile phone is for decorative purposes only.
At some time in the future a powerful solar flare/CME event is likely to happen, which could envelope the earth in a powerful magnetic storm. This storm would have a considerable effect on our electrical systems and transmission technologies, only we don’t know where, or even when, this will happen.
The best case scenario is we will have 18 hours warning, at worst we will have virtually none. To minimise the effects of a solar flare/CME event on your business, it’s important to prepare for a temporary shut down while the magnetic storm occurs and develop contingency plans for the damage it might cause to your business.
