This is the second part of an article that is the basis of my presentation for WCDM 2013. [The first part was ‘What’s wrong with contingency planning?] They expand on thoughts I expressed in “Linking emergency- & business continuity management in resilience” in 2008, “Is the BCM profession a dead-end?” in 2010, “BCI-DRJ alliance: this is ‘thought leadership?’” in 2011 and in “Why traditional approaches aren’t working”, my presentation to the Australian National Security College in 2012.

I haven’t tried to develop a list of skills that resilience professionals ought to have, but I know the ones we have now aren’t enough. I’m happy to look for your comments on the WCDM blog; I’ll be ready to defend myself in June in Toronto.

Here’s Why I attend WCDM; I hope you will, too.

In 2012 the Australian Commonwealth Attorney General’s Department commissioned a report, CEO Perspectives on Organisational Resilience, as part of its Critical Infrastructure Resilience Strategy. To prepare that report, WCDM presenter Dr. Robert Kay and Dr. Chris Goldspink of InceptLabs conducted face-to-face interviews with fifty (50) CEOs of large Australian enterprises, the kinds of companies that could be expected to have some understanding organizational resilience.  Read more... (4723 words, 1 image, estimated 18:54 mins reading time)

The group-grope that constitutes U.S. airport ‘security’ has been around so long that I’d forgotten how much simpler air travel in America used to be. But over the December holidays I was able to use the TSA Pre-Check program for the first time at both LAX and MSP, and I was overcome with nostalgia.

TSA Pre-Check is an expedited security screening program now available now at major U.S. airports for departing trusted American domestic travellers. Here’s a list of the airports where it’s available (scroll down) and here’s a map. Availability apparently depends in part on what airline you’re flying, but American, Delta, United, US Air and Alaska all participate.

If you’re registered in U.S. Customs & Border Protection’s Global Entry (GE) trusted traveller program, you automatically qualify for TSA Pre-Check. I received an email last year about using Global Entry for domestic U.S. travel. I entered my GE PassID into my United Airlines record at the time I made the reservation. My expectations were low. I’d never used my Global Entry card for U.S. travel, and was sure there would be some gotcha that would prevent me from using Pre-Check. CBP warns you that you may be randomly selected for full screening anyway.  Read more... (939 words, 6 images, estimated 3:45 mins reading time)

Author’s note: This is the first part of a longer article that will become my presentation of the same title for WCDM 2013. It incorporates thoughts expressed in my articles “Is the BCM profession a dead-end?” in 2010, “BCI-DRJ alliance: this is ‘thought leadership?’” in 2011 and in “Why traditional approaches aren’t working”, my 2012 presentation to the Australian National Security College.

It is not yet fully developed, months before WCDM. In particular, I’m wondering if my analysis really does or not apply to both emergency management (EM) in the public sector and business continuity management (BCM) in the private sector. Your comments will help me refine my thinking. I’m happy to engage in a dialogue here or on the WCDM blog; I’ll be ready to defend myself in June in Toronto. Be sure to bring an ample supply of rotten tomatoes to my presentation…

Here’s Why I attend WCDM; I hope you will, too. This article is also available on the WCDM blog.

What’s wrong with contingency planning?

If your CEO asked you – a private-sector business continuity manager (BCM) – to list the major, long-term risks to your company, what risks would be on your list?

Or if an elected official asked you as a public-sector emergency manager (EM) to list the major long-term risks to your community, what risks would be on that list?  Read more... (2267 words, 0 images, estimated 9:04 mins reading time)

A human resources manager in Singapore told me during an exercise she planned to notify next-of-kin of  injured or deceased employees by text message (SMS). I was stunned. If there were a worse way to receive sensitive, painful information, I can’t imagine what it could be.

The rules for ‘breaking bad news’ are:
1. in person: never by phone, email or text
2. in time: anxious relatives want news – good or bad – as quickly as possible
3. in pairs whenever possible: a man and a woman are the best combination
4. in plain language: the facts, frankly and clearly
5. with compassion: as you would want your doctor would tell you.

Here is a page of tips for breaking bad news from Counsellor Suzanne Anderson MSW at SACAC in Singapore. You can learn more about death notification and practice doing it in Suzanne’s Crisis Communications & Crisis Intervention course in March 2013 in Singapore.

Resilient Business NZ is one of many Sisyphean efforts to engage small businesses in contingency planning. A project by Welfare & Recovery Manager Jane Lodge of the Auckland (NZ) Council, Resilient Business NZ has simple menus, engaging photographs and international-standard BCM advice. But its initial self-evaluation questions include, ‘Does your business understand the Maximum Tolerable Period of Disruption?’ Gee, I hardly understand MTPD myself…

Memories of two destructive earthquakes in New Zealand in the last two years may be enough to motivate owners of grocery stores, dry cleaners and coffee shops to prepare for disasters, but I doubt it. I hope Resilient Business NZ results in a measurable increase in preparation, because it’s a good idea, but it is basically another entreaty – like Canada’s B-Ready Now and the Singapore Business Federation’s National BCM Programme for SMEs – to small business owners to spend time and money they don’t have. A business owner isn’t looking for ways to spend money; she is looking for ways to make money (and aren’t we all?).

Small business BCM challenges the paradox of preparation: there is no return-on-investment in preparedness unless asteroids hit the planet or some other Extraordinarily Unlikely Event occurs. Resilient Business NZ tells business what they should do, but people don’t always do what they should do, or what their well-intentioned governments exhort them to do. They shouldn’t smoke, drink or eat supersized French fries, but they do anyway.  Read more... (1159 words, 1 image, estimated 4:38 mins reading time)

Former National Security Advisor Richard Clarke is caught off guard in this video (08:30 minutes) from American comedian Stephen Colbert’s The Colbert Report TV show dramataiizing a threat from zoo animals with tablet devices. Clarke thinks he’s being asked about people; he’s actually being asked about orang-utans. I wrote about Clarke’s riveting keynote presentation at the 2011 World Conference on Disaster Management.

In teaching cardiopulmonary resuscitation (CPR), it’s hard to strike a balance between proven but multi-step rescue techniquesused by emergency professionals, and simpler techniques that non-professional bystanders might actually remember in an emergency.

Sarver Heart Center at University of Arizona (USA) College of Medicine now teaches just one technique: Chest Compression Only CPR (CCO CPR). No rescue breaths, no pulse check, nothing but hands-only chest compressions. The American Red Cross approves the CCO CPF method “in certain situations.”

Dr. Gorden Ewy and Dr. Karl Karn first advocated CCO CPR in 2003, but a 2010 Sarver  study showed survival rates for out-of-hospital cardiac arrest using CCO CPR (13.3%) were 5% higher than using “full CPR” (7.8%) that included mouth-to-mouth breathing.

How fast should you press? Think disco, baby: the Bee Gee’s “Stayin’ Alive” is 100 beats per minute, the correct rate. It’s hard work.

Most people are scared to try to help, even to save someone’s life. The Sarver study showed only 40% of Arizona bystanders “become involved” in cardiac arrest rescues in 2009, up from 28% in 2004.

I was told during my CPR training in 2011 that if you collapse in cardiac arrest in Singapore, there’s an 80% chance that no bystander will try to resuscitate you. The survival rate for an out-of-hospital cardiac arrest in Singapore is 2-3%. I’ve never seen anyone performing mouth-to-mouth resuscitation in Asia, not even professional rescuers. In First Aid training last year, I got this plastic mask to carry with me to use in an emergency.  Read more... (270 words, 1 image, estimated 1:05 mins reading time)

The biggest obstacle in Asia to use of automated emergency/mass notification systems (EMNS) is that most vendors are in Europe (RapidReach®, FACT24) or in North America (all thirteen leading vendors in this March 2012 report from Gartner, Inc). An alert within Singapore, for example, from Shenton Way to Orchard Road – about three (3) kilometres – travels 30,000 kilometers round-trip through a switch in the USA. It’s no wonder very few companies in Asia use an EMNS, but there are signs of change. Gartner’s report said the American EMNS market is less than 50% penetrated. If that’s true, penetration in Southeast Asia can’t be more than 20%.  Read more... (279 words, 1 image, estimated 1:07 mins reading time)

• One of those U.S. companies, SendWordNow, just hired IAEM member and Certified Emergency Manager® Anel Capili CEM® as its Asia representative, based in Manila.
• I received an announcement last month about Advanced Call Tree Mobile Extension (ACT.ME) from Enfosmith Co. Ltd in Bangkok, Thailand. It’s a web-based call tree “para-app” for iOS and Android that “provides the convenience of an on-screen App…without the need to download or update the App “ The English on the web site is a bit rough, and I’m trying to understand how you’d scan a personal QR code from your own phone screen, but it sounds clever.  And Bangkok is only one time zone away.

Why do so many email scams still originate in Nigeria? Why not Bangladesh or Brazil or some Third World country? Doesn’t everybody know that email from Nigeria is probably a 419 scam? Microsoft’s Cormac Herley argues in this paper (14 pages) that mentioning Nigeria may increase the odds of finding the few suckers who will send money, by eliminating “false positives” (folks who recognize an email hoax). You may see “Nigeria” and press “Delete”; the gullible one or two who do not delete the message thereby become statistically more likely to send back their bank account numbers. Even scammers have to consider their productivity, after all. From Bruce Schneier’s Crypto-Gram newsletter (which you ought to read regularly).

A heart-warming story like this one about a hotel’s effort to return a child’s lost stuffed animal confirms my belief in the inestimable, long-term resilience value of customer service.

Business impact doesn’t necessarily have to be negative.  Ritz Carlton Hotels’ good customer service had very positive impact:  they made a loyal, vocal customer; they got priceless word-of-mouth publicity; they can charge (a lot) more for their rooms.  That makes them more competitive, and therefore more resilient in good times and bad.

In June, I stayed at The Varden Hotel, a boutique gem rated #1 (of 48) on TripAdvisor in Long Beach, California.  A package arrived for me after I’d returned to Singapore. The hotel staff contacted me by email, asked where I’d like it sent, shipped it at their own expense, and wouldn’t accept any reimbursement. There’s a reason they’re rated #1, I guess.

That contrasts with my experience at the Radisson Hotel LAX, which had no water in the shower, the sink or the toilet from midnight to 05:30 a.m. the night I stayed in June. I couldn’t flush, shower, shave or brush my teeth before flying the next day. At checkout I wasn’t asked, ‘How was your stay?’, but I expressed my unhappiness anyway. The desk clerk responded, “You can talk to my director, if you like.” He seemed to have been specifically instructed to pretend there wasn’t a water problem.  Read more... (516 words, 2 images, estimated 2:04 mins reading time)