I’ve had the pleasure of not working with Ed Eaton on two occasions.
Allow me to explain.
Ed is an MBCI – a member of The Business Continuity Institute – and Principal of related firm Warner Gudlaugsson LLC. (Ask him about the firm’s name if you get the chance – it’s a good backstory.)
Twice now, Ed and I were supposed to combine talents on assignments for two different organizations. The first project lost its funding. The second got postponed. You can’t win ‘em all.
Fortunately, Ed and I kept in touch and I’ve really appreciated his perspectives. We’re looking to join forces officially on an assignment soon. When we do it’ll be like a Dynamic Duo of business continuity and crisis/reputation management. Pow! Biff!
Until that super moment materializes, Ed graciously agreed to participate here to answer Three Tough Q’s:
Q1: Do impediments exist between integrated business continuity management and reputation management?
Yes. Language is one of the first impediments. Different disciplines use different terms and concepts to articulate different views of the world.
Overlapping areas of responsibility can be another. Reputation Management typically begins looking at brand value and stakeholders. Business Continuity Management begins looking at functions that must continue to operate in order to eliminate, mitigate or prepare for events that could disrupt business. Sometimes, there is overlap in which function “drives” the response, specific to the kind of problem the organization is experiencing. This could confuse how response teams are notified and activated, unless a unified all-hazards response system is prepared to address any type of problem.
A more critical impediment may lie within different time horizons between the two disciplines. Reputation Management is focused on immediate response to negative publicity and impacts on the reputation of the company. Although Reputation Management actions may play out over a longer period of time, its focus of attention during the activation period is on drivers of reputation in the marketplace, internal audiences and other stakeholders. On the other hand, integrated Business Continuity focuses significant attention activating and managing teams to address the nuts and bolts of a company’s delivery of goods and services. This is a narrower time window to achieve success.
Q2: How has the rise of social media (and empowered publics) changed your thinking on time-phased analysis of potential crises?
First let me define time-phased analysis. In response to a serious situation, leaders must come to terms with what the situation means. They must assess the impact on the company. One component of the problem and response assessment is time. It is useful to analyze the time available to apply adequate resources to manage critical events.
Now let me address social media. Many use the axiom that “speed kills.” It is true enough. During a crisis, time and space is needed for leaders to understand scope and implications of a problem and identify strategies to address it. In some sense, social media minimizes the available time before the media crush begins. Social media may also create significant demands to address rumor control, monitoring, determining facts and identifying issues to counter or leverage. However, it also provides a method to address issues quickly as long as organizations are plugged into the system.
Now, in a time-phased analysis you define horizons that have implications for the organization when responding to a situation. Issues that emerge from social media are part of the information sphere, which could streamline the receipt of potentially helpful information, or could distract attention from more important activities, such as business operations, or caring efforts. Understanding what is needed at critical times is the crucial focus for various disciplines of a company (e.g., human resources, communications, or operations) and for the strategic leaders.
Q3: A recent blog post here shared a lament of some BCP experts who feel that the scope of BCP has become too limited to IT and physical disasters, and perhaps too rote on systems and certifications rather than the ability to manage incidents. Your thoughts?
There have been a number of initiatives over the years that focused attention on preparing for business crises or public-sector disasters. A number of them have generated government regulations requiring organizations to establish plans and teams and to exercise them to prepare for the most recent disaster. My experience working in industries affected by such regulations and in unaffected industries leads me to believe that most organizations do not understand the need for preparing. If required to meet a regulation, most organizations will develop teams and plans and exercise them. However, there is a difference between those organizations that work to attain the regulatory standard and those that work to be prepared based on their own comfort level. Organizations that pursue excellence in preparedness often pursue excellence in other areas.
I have had the great fortune of working with a number of companies and universities that are dedicated to excellence in preparedness. They have empowered top-quality people to develop internal capabilities. Their leaders have embraced the challenge of being prepared. They ask their people to think broadly, consider the risk environment and take action to be prepared.
Sadly these examples are not in the majority. In my experience, those that excel were not driven by regulations.
Recent efforts to encourage corporate adoption of preparedness standards are trying to raise the tide of preparedness, so to speak. These efforts have brought more and more organizations into the preparedness discussion. The standards are being promoted through NFPA, ASIS, BSI, other standards organizations and most recently by Department of Homeland Security (DHS) through the NPREP program. (ed. – see also DHS’ June 15 announcement on PS-Prep.) Perhaps the practitioners you quote are reacting to these most recent efforts. The functional corporate contacts (e.g., IT, Corporate Security) are promoting these efforts, which haven’t been fully embraced by corporate leaders. It will take some time to figure out. Given political leaders’ lack of understanding of the free-market system, I would not expect their involvement to provide much help.
If you have any questions or would like to leave me or Ed a note, please use the comments section below.