Business Continuity Can't Rely On Twitter


This session will cover best practices in identifying and managing the data that is right for your

When you need to tell the IT team how to respond in an emergency, you need something more powerful than Twitter. Exactly how much more do you need?

Disasters happen. Whether man-made or natural, on any given day something very bad happens to at least a few companies. The IT department will have business continuity plans for making sure information continues to be processed.

Communications with IT team members is also part of that plan. With all the options available for such communication, the question for IT managers is really about how best to get the message across.

It's important to make a distinction, here: We are not talking about how to communicate with the public or with every single employee in the organization in the event of a disaster. While each of those forms of communication are also crucial, such responsibility falls well outside IT's scope.

What we're focusing on here is how you're going to let IT know what is happening, how team members should respond, and how the IT function will continue to operate until the situation is resolved.

Why am I writing this? There are three reasons. First, I've managed IT professionals at more than one company. Next, I've taken (and passed) some of the training I'm going to talk about. Finally, the massacre in the Pulse nightclub in Orlando, Fla., in the early morning hours of June 12 got me thinking about how critical communication is in the first few hours of a crisis.

[Business Continuity isn't only for the enterprise. Read The Importance of a Personal Business Continuity Plan.]

The first and most critical point is that communication with the staff must be someone's job. If the staff is large enough, then it's possible it should be several jobs arranged as a hierarchy. How should that hierarchy be organized?

As it turns out, the good folks at the Federal Emergency Management Agency (FEMA) have spent a lot of time thinking about that very question, and have designed courses within the Emergency Management Institute to help individuals become qualified in a wide variety of subjects.

Many of the courses in the Independent Study portion of the EMI will be of no interest to you, but some could be very useful. The Introduction to Incident Command System, ICS-100 is the place to start, because it lays out the basics of organization and response during an emergency.

You might never work within a public ICS during an emergency, but the model used is very helpful when it comes to making sure that your organization is actively dealing with a crisis, rather than simply running around during one.

Essential concepts within the ICS are that the organization should know:

Defining the process for all of that, along with choosing the individual (or individuals) responsible for making it happen, can go a long way toward minimizing miscommunication in an emergency.

Defining the channels for communication will also go a long way toward making things happen. In any modern emergency, we see messages flying back and forth across Twitter and Facebook. Neither is a reliable first-line communication medium for critical messages. Cellphone voice and text should be first up, followed by Slack, Twitter, Facebook, and other services acting as redundant media or channels for less critical messages.

Once your communication plan is finalized, you have to be willing to test it. Once or twice a year, pester your employees with test messages delivered through your established process and ask the employees to respond. You need to have an idea of who is actually receiving the messages and how long it takes for them to respond before you can begin depending on a particular channel.

There are a lot of steps in a business continuity process (and you can find courses on many of those steps in the EMI) but few of them will be effective if you can't communicate with your team. Check out the courses in the EMI and start making plans.

If any part of your current business continuity plan contains ideas expressed in terms of "I think it's Bob's/Marsha's/the system's job, but I'm not sure..." then it's past time for you to formalize communications and get a real process under way. The organization is depending on it.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    ESG Security Management Solution Showcase

    Download Authored by: Jon Oltsik, Senior Principal Analyst, ESGSponsored by:To be as effective as possible, organizations need a tightly integrated security management architecture that consolidates policy management/enforcement, supports security management automation and orchestration, and unifies threat management visibility.The information submitted is collected by both UBM and our Check Point Software Technologies Ltd.
  • 5300c769af79e

    Galaxy Note 7 Report Finds Batteries Were Either Irregularly Sized or Poorly Made

    On Sunday night, Samsung is going to tell us what a handful of investigations determined was the cause of the Galaxy Note 7 recall.The Wall Street Journal is reporting that Samsung found two issues with batteries used after at least three quality-control and supply-chain analysis firms investigated.
  • 5300c769af79e

    Feds Get Expanded Hacking Powers

    New rules that expand the US government's hacking powers take effect today.), with bipartisan support from fellow lawmakers, made a trio of attempts to prevent the implementation of a federal court procedure known as Rule 41.
  • 5300c769af79e

    LeEco's Phone Future May Lie With DirecTV

    That may change with the company's new DirecTV partnership, announced at the end of November.He demurred when asked if AT&T (DirecTV's owner) would sell the phones directly, though, saying instead that LeEco is expanding distribution and talking to multiple carriers.