When in Doubt, Speak from Experience

Last week I had the pleasure of being invited to speak at a conference on incident management. This two-conference covered a variety of topics ranging from preparedness, response, and recovery; and while there was a lot of discussion on mass shootings, the conference covered all hazards.  There were a number of great presenters providing interesting insight and information.  Of course one of the most interesting and effective ways of learning, in public safety and other industries, is through lessons learned of actual incidents and events.  We had some detailed reviews of various incidents, including the Dallas shooting, the Aurora theater shooting, and the San Bernardino shooting.  These had extraordinary detail and discussion, driven by presenters who worked those incidents.

There was one presenter, however, who enjoyed telling stories of incidents which he had no involvement in.  Generally, most people who do such a thing have the common sense of keeping it to brief illustrative points based on specific factual information.  If someone is taking a scholarly approach, we would see more detail, but based upon their research and interviews.  This particular presenter, we’ll call him Bart (name changed), took neither approach.  He was a retired Sherriff’s deputy from a county in California.  He clearly had enough credentials to get himself invited to things, but if this was his general pattern of presenting, I’m guessing he rarely gets invited back.

Aside from his presentations not at all addressing the topic, he liked to tell stories, speaking at length about incidents and locations he has never been involved in.  He even admitted to not having any involvement, and instead citing ‘something he read’ as his source.  This would be sketchy on the surface, but it was even more frustrating when he told stories of NYC 9/11 and recent events in the National Capital Region with myself and a colleague seated at the front table… myself having worked a variety of aspects of 9/11 and my colleague who presently works in the National Capital Region.

Bart presented twice, once the first day, and again on the second day.  While we casted a couple of corrections his way on the first day, we were mostly shocked that he would venture into such territory, providing information that was at best 80% fact.  During his presentation the second morning, we were much less forgiving.  His continued anecdotes about these areas and incidents were relentless, and his lack of facts in the telling of these stories was simply unprofessional.  We called him out on it several times and it was clear from body language and general lack of interest that the room fully understood what was going on.

My general rule of thumb is to speak from experience.  Don’t tell someone else’s story.  That’s not to say you can’t speak about an incident or event you weren’t involved in, just make sure you stick to the facts and be respectful that you have ventured into someone else’s territory.  If you were involved in an incident, you may be inclined to be a bit more casual about your manner because you lived it, but if you weren’t at the incident, keep it formal, cite your fact, associate it with your point, and move on.  Don’t be Bart.

Needless to say, I had several conversations with the conference organizer, who had no prior experience with Bart and was rather appalled at his presentations.

When in doubt, speak from experience.  Don’t be Bart.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

An Open Letter to LinkedIn Discussion Group Moderators

For those of you tuning in for your (somewhat) regular fix on emergency management and homeland security commentary, I apologize for this quick detour.  I encourage you, however, to read on and provide your thoughts and feedback on a matter which relates to how you are able to view my posts.  There are a few inconvenient practices out there which I feel a need to address.

While I have a humbling and ever growing number of people who follow my blog directly at www.triecker.wordpress.com, many read my posts through a variety of LinkedIn discussion groups.  Some of these groups were created and simply exist publicly, while others are members-only and diligently maintained by moderators who do great work to keep certain posts out of their group, such as those that are largely irrelevant and those which blatantly serve no other purpose than to market products and services.  As a member of several of these discussion groups, I am greatly appreciative of the time and effort these moderators put in.  I do, however, have some important feedback.

As I have been blogging for a few years now and cross posting to several LinkedIn discussion groups, I’ve encountered some practices with moderators with which I disagree.  Most recently, a discussion thread which originated from one of my blog posts was, inexplicably, shut down and closed to further comment.  The discussion in the thread was lively, with several people contributing to an excellent dialogue.  There didn’t appear to be any nastiness or inappropriate behavior, and all comments were on topic.  The thread was shut down with no notice, publicly or privately.  I’m not aware of there being any automatic limits on replies, but if there are, I don’t see a reason why.  This was an unfortunate occurrence which limited productive dialogue of your members.

Second, there are several of these groups that have an anti-spam feature.  On the surface, this is excellent!  In practice, especially for someone who appreciates active dialogue with those who comment, it’s a royal pain in the ass.  Essentially, after I reach some magic number of replies within a discussion thread, my replies will then go off into the ether, awaiting approval by the moderators before they are posted.  This process severely stalls great dialogue.

Lastly, many of these groups have certain rules which disallow posts which include blatant marketing content.  This is a great rule, as many of us have received notice from open groups with posts which are 100% pure marketing – which is not a reason why most people join these groups.  That said, these rules have been applied a bit too strictly and without common sense.  I’ve had moderators contact me (and some who don’t), refusing to post an article, simply because I include the name of my company and a link to our webpage at the bottom of my blog.  I’ve had others refuse to post an article because I include a sentence or two at the end of my blog about the services my company provides.  Allow me to make a few points with this… 1) The vast majority of my blogs run from 500-800 words.  The inclusion of my company name/web address, or a sentence or two at the end of that post related to the services my company provides does not make my post an advertisement.  I’d like to think there is still plenty of intellectual value to what I’m writing about.  2) This is LinkedIn.  It’s a social media platform for professionals.  That means that a certain amount of professional promotion should be expected.  3) Having given plenty of presentations for trade shows and membership groups, their guidelines regularly allow the ‘soft sell’, which means that while the bulk of your presentation is not directly about marketing your business, they usually allow a minute or two at the end to mention what your company does.  This is a pretty fair courtesy which I think is quite reasonable for discussion groups to apply.

Final words – Moderators, I greatly appreciate the time you put in and what you do.  Seriously.  You help keep a lot of crap and spam away from our inboxes and notifications.  I implore you, however, to remember what the intent of LinkedIn is, and with that in mind apply the rules of your discussion groups to maximize dialogue for the benefit of your members.

  • Thank you.

<no marketing message posted here>

Timothy Riecker, CEDP

Emergency Managers Need to be More Like Engineers and Less Like Shopkeepers

I was inspired by this short (~1 minute) video from TrainingJournal.com.  In the presenter’s brief but pointed message, he describes many trainers as being akin to shopkeepers, providing organizations often times with rote solutions just as a shopkeeper will pull a product off their shelves. He goes on to say that this these solutions are usually effective, but only for a limited duration.  He offers, instead, that trainers need to be more like engineers, examining every facet of a problem and constructing lasting solutions.  As an experienced trainer and proponent of a detailed root cause analysis, I couldn’t agree more, but as I readied myself to write a post about the implications of this on training, my mind carried this metaphor to many of our practices in emergency management.

Consider how often we quickly dismiss identified gaps with an assumed solution.  Write a plan, conduct a training, install a bigger culvert.  Those are usually our solutions to an identified problem.  Are they wrong?  No – we’re correct more often than not.  Are these lasting solutions?  Rarely!  How often does the problem rear its head again within a relatively short span of time?  How do we address the re-occurrence?  As shop keepers we simply pull another solution off the shelf.  Can we do better?

The things we do in emergency management are often based upon best and current practices.  We address problems through the prevalent way of dealing with such things industry-wide.  Emergency management has a great community of practice.  I’ve mentioned in several previous blog posts the spirit of sharing we have and the benefits we see come of that.  It doesn’t seem often, though, that we engage in an industry-wide groupthink to solve various problems.  We use and adapt ideas of individuals and small groups, we see a steady and determined progression of the practices within our progression, but we rarely see ‘game changing’ ideas that revolutionize how prevent, prepare for, respond to, or recover from disasters.  Why is this?

Perhaps we need a greater collective voice locally, where practitioners are dealing with the problems directly?  Our methods of practice in emergency management are generally driven by the federal government (THIRA, NIMS, HSEEP, etc.).  I’m not saying any of these are bad – in fact they are excellent standards that we need to continue to refine and apply, but it’s generally not the federal government that is dealing directly with the constant flow of issues being dealt with at a state, and even more so, a local level.  We need to follow that metaphor of being engineers to apply more permanent solutions to these problems.  We need to create, innovate, and problem solve. Or do we?

Necessity, as they say, is the mother of invention.  We often miss the necessity of improving because we have current, functional solutions – we have things that work.  So why fix it if it’s not broken?  I say we can do better.  The realization of the need for lasting solutions is the necessity we need.  If the solutions we have on the shelf don’t work for us 100%, let’s figure out a better way.

I don’t know what or how, but I’m sure that as a community we can identify needs and prioritize what must be addressed.  Given the right people, time, and maybe a bit of money, we can be innovative and effect some lasting change.

I’d love to hear what others think on this topic.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

www.epsllc.biz

Deliberate Planning – Strategic Planning and Business Continuity

Many organizations put forth extraordinary effort to develop strategic plans to give concerted organization-wide direction to the organization for the coming 3-5 years.  Like many of my readers, I have been part of several strategic planning efforts in different organizations, sometimes helping to lead the way.  There is a great deal of value to strategic planning as it helps not only refine the organization’s vision, but also develops objectives to help it get there while (ideally) bringing the entire organization on board – from finance, to HR, to operations, and facilities – everyone is facing in the same direction and striving to accomplish the same goals.  Just as strategic planning should not be performed in a vacuum, business continuity planning should not either.  Just as strategic planning engaged the whole organization, as should business continuity planning.

If the efforts of strategic planning and business continuity planning have such foundational similarities, why not bring the two together?  As the goals of these two efforts are distinctly different we certainly can’t merge the efforts, but the overlaps provide for easily exploitable opportunities within the organization.  How?

First, make business continuity and resilience a goal of your strategic plan.  What does this do for the organization?  Just like the other goals identified in strategic planning, it provides a documented leadership-driven purpose which will engage the whole organization.  Every business unit in an organization has a stake in business continuity.  Just with other goals within your strategic plan, the specific actions will be identified through objectives – be it a start to your business continuity program or a continuation and improvement thereof.  As mentioned in previous posts, business owners and managers put forth a great deal of effort to build and expand their businesses, but we also need plans to stay in business in the event of a disaster.

Second, once the strategic plan is completed, you now have a group of people from across the organization who now hopefully work well together – engage them!  Turn your strategic planning committee into your business continuity committee.  Good strategic planning provides for someone (ideally the planning group) to monitor the implementation of the strategic plan.  This takes minimal time compared to developing the strategic plan, allowing for this group – who has already worked together for some time and has gone through the group dynamics of forming, storming, norming, and performing – to focus on another task.  Why pull together another group of different people?  It’s a waste of time and the team will lag in performance.  Simply reengage them and change their focus.  This group is a great asset who has already proven they can represent their business units while still having an organization-wide perspective.

Third, mine data from the strategic planning process to support business continuity.  A thorough strategic planning process has examined the organization from many angles and perspective – particularly through a SWOT analysis (strengths, weaknesses, opportunities, and threats).  While a SWOT analysis is performed from a business standpoint, much of the data obtained and derived from this analysis can inform both your hazard analysis and the identification of mission essential functions – these are the things which you MUST DO to stay in business and to minimize the greatest losses.

Lastly, continue the relationship between strategic planning and business continuity.  Both work in a cycle of continuous improvement and those cycles obviously intersect – not just at one point but potentially at multiple junctures; an important consideration of a business continuity program is the impact which disasters may have not only on current business operations but also on planned business initiatives.  This shared knowledge and insight between two planning efforts conducted within one group is invaluable.  As strategic planning continues, new objectives for the business continuity program should be included while resiliency opportunities identified through the business continuity program should inform the strategic plan helping the organization overall to become more resilient and sustainable.

What are your thoughts on the synergy between strategic planning and business continuity?  What other opportunities do you see?

As always, if you need help starting, growing, or rebuilding your business continuity or emergency management program, Emergency Preparedness Solutions, LLC can help.  Contact us through www.epsllc.biz or directly at consultants@epsllc.biz.

© 2014 – Timothy Riecker

Business Continuity in the Food Service Industry

Last year I had the pleasure of working with a number of folks in the food service industry on business continuity.  Just like any industry, they have some very specific mission essential functions which must be maintained or minimally disrupted in the event of a disaster. 

If you’ve watched Bar Rescue or other similar shows (or eaten in a restaurant) you should know that sanitation is a critical issue in the food service industry.  Sanitation is the aspect of food service which is most heavily inspected (not as often as it should be in my opinion) and cited.  It is a critical component of regulation in the food service industry (usually done by local health departments) and failure to comply with sanitation can, will, and should result in being shut down.  Operating in a disaster environment is no exception to this – particularly when people are more susceptible and more exposed to food borne illness during disasters.  Part of sanitation, by the way, also includes the control of vermin. 

In my discussions with food service folks on business continuity, sanitation is the primary mission essential function they must maintain.  Others on the list include receiving and storage (at appropriate temperatures) of food goods and preparation of food (to proper temperatures and maintaining those temperatures until food is served). 

As restaurants examine their hazards they need to know what impacts hazards can have on their operations.  Certainly a loss of power can inhibit their ability to store and prepare food – but does it make it impossible to do so?  Maybe.  Dry ice can help regulate cold storage, but must be carefully monitored.  Food preparation is often done with natural gas or propane stoves, so power may not necessarily be required.  Even refrigeration can be outfitted to be powered by propane or natural gas.  That’s how food trucks and carts do it. 

Other considerations during a disaster are the ability of employees, customers, and suppliers to access your location.  You may have to operate with minimal staff as some of your staff could have been impacted by the disaster.  Assuming access is viable and that you can safety store and prepare food, it is possible for you to make money or at least minimize losses, even with a smaller menu, since those impacted by a disaster may not be able to make their own food and responders and relief workers will be happy to sit down and enjoy a warm meal. 

The best way to minimize your losses during a disaster is to have a business continuity plan.  If you need help building one, call Emergency Preparedness Solutions, LLC.  Reach us at consultants@epsllc.biz or www.epsllc.biz

Business Continuity – Telework Capabilities and Policies

This month’s issue of Homeland Security Today (volume 11, number 3 – April/May 2014) features, along with a variety of other excellent articles, an article titled Virtual Crisis Response by David Smith.  Right up front they provide a thought-provoking factoid… The Congressional Budget Office estimates that the five-year cost of implementing telework throughout the federal government is about $30 million, which is less than the cost of a single day of shutting down federal offices in the DC area due to a snow storm.

SHX1877.TIFFolks, this is 2014.  We have the capability to telework off of nearly any device you could imagine and for a very low-cost.  Like most, I have access to both work and personal email and files from anywhere… from my own laptop, from my smart phone, or from any other internet connected device.  I have this capability as a small business owner using tools that we set up ourselves.  I’ve worked for large corporations and state agencies that also have that capability, and even more with VPN and other tools available.  When speaking with people who work for other companies or government agencies, however, I’m astounded by the lack of interest in allowing telework.  I’m going to refrain from outlining the virtues of telework as a regular operation (don’t get me wrong, there are drawbacks as well), but telework does provide for a means of maintaining continuous business and government operations which many businesses and governments seem to be dismissing.

There are quite a few businesses and governments who maintain remotely accessible email and data as a means of enabling the conduct of business while traveling or working from an alternate site as a normal course of business – thankfully.  Many of these entities, however, due to a lack of trust in their employees, union issues, or simply an inability to adapt do not allow employees to telework.  This may have discouraged employees from even attempting to connect to these services from home, where they may likely be if some event – flood, snow storm, or otherwise – prevented them from going to work.  Maybe you do have the capabilities but generally don’t allow telework.  So how can you be sure that it will work in the event of a disaster?  The answer is simple… you have to test it.

The Homeland Security Today article provides some info on the tech stuff you need to ensure a viable network.  Follow their lead and talk to your tech people – either indigenous or consultants.  I’m not a tech guy, so I won’t even attempt to give that kind of information.  What I will tell you is that you need a business continuity telework policy along with plans and protocols to support it.  These plans need to identify the same critical business functions you identified in your base business continuity plan and address how they can be maintained remotely.  Just like any other plan we put in place, we need to train people to it and test it (exercise it).  How do we exercise it?  For starters, tell everyone (or at least key continuity staff) they don’t have to come into the office on Friday.  No, they don’t get the day off – they have to work from home, but this is a test to make sure it is possible.  Be sure to buy your help desk people something nice that day because they will be busy!  There will be plenty of connection problems.  Properly designed job aids will help facilitate this on the user end, but tech people will be needed to trouble shoot.  Of course before you even get into this you will have to make sure that everyone has the capability to connect from home.  Do they have high-speed internet at home?  Do they have an appropriate device for connecting and working through the day?

Next, once you have everyone on the network, consider how you will communicate.  Teleconference?  Video conference?  Remember that these people don’t have their work desk phones.  What information needs to be exchanged?  What is everyone’s role and can they perform it remotely?  Can they gain access to all the data and files they need?  Test the viability of the network, too… is your server in your office?  What happens if you lose power to your office?  Understand that some employees may experience utility outages during a disaster which may prevent some employees from accessing the network, but the goal is to get as many people on as possible to maintain critical business operations.  Given this, your plan should address how you will maintain critical operations in the absence of some employees – even remotely.

Just like any other exercise, put together an after action report, and not just from the perspective of the IT folks either.  Be sure to solicit input from the employees as well.  What were your lessons learned and what improvements need to be made?  Lastly, don’t just exercise this once.  Do this at least a couple of times each year.  Not only does this give you ongoing feedback of the plan, but it also helps to make sure employees can continue to connect remotely (especially new employees), and also helps to ensure that technology upgrades don’t interfere with remote access.

Do you have telework protocols integrated into your business continuity plan?  Have you exercised them?


© 2014 Timothy Riecker

 

 

Business Continuity Training in the Mohawk Valley

I’m very pleased to be working with the Mohawk Valley Small Business Development Center (SBDC) in Utica, NY to present a seminar for small business owners and others who may be interested in how to prepare their businesses for disaster.  I’ll be providing information and resources on the steps you should take to prepare your business and your employees.  The seminar will be held on Thursday July 10 at the SBDC offices at SUNY IT from 9:00 – 10:30 am.  To register please call 315-792-7547 or email palazzp@sunyit.edu.  The workshop fee is $15.

There will also be a presentation on July 17 on Cyber Security conducted by Mr. James Carroll of Security Management Partners.  Registration and fee information is the same.

I hope to see you there!

MV Business Continuity Flyer

MV Business Continuity Flyer