Keep up or lose out

What changed my mind?

I subscribe to a number of magazines (paper and "e" varieties) and lists. One of the magazines I make time to read is SC Magazine (http://www.scmagazine.com/).

I am not 100% certain to what "SC" equates, perhaps "Secure Computer" since the monthly's content always centers on computer security, everything from laptops and wireless LANs to corporate wire and server farms.

I confess a lot of what passes before my eyes is daunting if not downright overwhelming. It makes me realize that a Business Continuity planner really needs a network of trusted SME friends since there is no way a planner can keep up with everything - networks, processes, facilities, telecom options, and on and on.

July's SC included a one-column piece by Jon Gossels. Gossels is, according to the author info, "president of SystemExperts Corporation (http://www.systemexperts.com/), a provider of network security consulting services."

Gossels writes that "because . . . security is so dynamic, long-term success is dependent on being a life-long learner." He believes people need "rock solid fundamental skills" since, he contends, "most of the changes we see are refinements to, or innovative applications of, prior fundamental technologies."

Maintain, enhance basic skills

Which brings me to my point that Business Continuity planners need to recognize that the people who are in the trenches - be they MIS trenches, financial trenches, facilities trenches, or any of the many other trenches that make up an enterprise - these people need to maintain their skills if the organization hopes to survive today and prosper tomorrow.

After all, prospering tomorrow is Business Continuity's Return on Investment.

And you thought Business Continuity was just insurance against a rainy day!

We - Business Continuity practioners, marketers, and managers who sponsor Business Continuity in our organizations - need to understand Business Continuity is not "just" disaster recovery dressed up in a 21st Century title, nor is it "just" another insurance option.

Business Continuity, done right, is closer to "business analysis" or, as a former manager said, "process re-engineering." Indeed, some major companies classify Business Continuity planners as "business analysts." Recommending that measures be taken to avoid or mitigate natural and manmade risks is Standard Operating Procedure (SOP) for the Business Continuity planner.

Likewise, recommending - based on input from the SME network and the planner's own efforts - means to avoid or mitigate technology risks is part of the planner's function.

Until today, my plans were as good as today's technology. Granted, all my plans include a maintenance philosophy that covers both calendar and "trigger" events, but that failed to explicitly include the normal evolution of technology.

If the organization switched from Operating System "A" to Operating System "L," that was covered (assuming the Business Continuity sponsor was sufficiently candid with the planner to share the organization's short-range business plan).

It's the little things

But the mundane things, moving from wires to wireless and the inherent security concerns - these are things that "just happen." Most of the time there are incremental changes: a wireless router is brought in to "test the feasibility" of the technology.

Unfortunately, unless the people charged with the test system's security are up-to-date and knowledgeable of the potential risks and how to avoid or mitigate them, the feasibility test can create a highway for a hacker. Technology is not limited to IT.

It is most obvious in IT, but technology is pervasive. Manufacturing. Telecommunications. Environmental. All depend on technology and, in turn, the organization depends on technology.

What type education should the planner recommend?

Gossels contends that "in most cases, the night course in the relevant discipline at the local college is a better solution than the two-day seminar." Providing the courses are taught by people who work - not just teach - in the field, as is the case in the night courses I have taken. But if there are no night courses, the two-day seminar becomes more attractive, as do on-line courses - albeit they demand self-discipline not all of us possess. At a minimum, continuing education should include subscriptions to paper and on-line professional journals. (For the Business Continuity planner, these journals should include related (e.g. Emergency Management, Crisis Management) and peripheral fields (Facilities Management, IT, etc.).)

Let it be said here that no matter what the level of technology, an organization's most important resource is its people.

No one can keep up with all technological advances. Even within some disciplines, it is difficult for one person to be on top of everything. Network security is an excellent example.

Business Continuity planners must recognize this and include recommendations in their plans for continuing education of all personnel. It is the only way the organization will be able to stay ahead of the competition, and staying ahead of the competition is the only way the organization will survive.

Which is, in the final analysis, what Business Continuity is all about.

John Glenn, CRP, has been helping Fortune 100 and government organizations avoid disaster since 1994. Comments about this article may be directed to JohnGlennCRP at Yahoo.Com. Other John Glenn articles are found at http://johnglenncrp.0catch.com/.