The unprecedented scope of the Blackout of 2003 is a perfect example of an event that caught businesses not unprepared, but under-prepared.
The concept of a power outage is nothing new in this country. In many cities and localities, power outages occur frequently. They tend to be rather brief and specific in terms of geographic scope. Many businesses have made plans appropriate to the type of disruption represented by power outages, but not in the correct measure.
The Blackout of 2003 demonstrated clearly that advanced planning must involve more than simply purchasing generators and uninterruptible power sources. A significant degree of planning must be in place to be able to respond effectively to a power outage of this magnitude, geographic scope and duration.
The type of planning a corporate entity can do in advance of a power outage is fundamentally similar to the types of planning that can be done in advance of many other significant negative events.
Executives should keep in mind that critical interdependencies with suppliers can seriously affect the success of a continuity plan. For instance, the ice and snowstorm plan at a manufacturing operation in Tennessee provided for clearing the parking lot and surface streets to get employees into the facility. When a tremendous amount of snow fell very quickly in 1993, they implemented the plan and it worked perfectly -- plenty of employees were able to park in the parking lot and go to work. However, about an hour and a half later, the plant shut down because suppliers could not get through the snow to deliver the raw materials the just-in-time inventory system required.
After the power has been out for more than a few hours, the secondary effects start to come into play. These often are overlooked in planning for disruptions. Battery backup is not always enough. What happens when the batteries run down? When a power outage lasts two days, being prepared for a two-hour outage is like not being prepared at all. The whole environment of the business needs to be examined; a good, thorough look at the critical functions and processes that the business performs should be conducted; and that look should include the interdependencies upon which the business depends.
Businesses can better plan for risks by networking with other businesses that might already have experienced some disruptions and can offer advice on the risks for which a particular business is planning. Information is also available on the Web, such as at the FEMA and Institute for Business and Home Safety sites.
Ultimately, it comes down to initiative taken on the part of the company to say, “We’re going to get a handle on this, and we’re going to dedicate resources within the company to make certain that we get the information, that we understand our individual risk profile, that we’ve identified the key risks, that we’ve done the assessment specific to our business.”
Once you have that information, you take it to the next step to say, “We need to do specific plans for our business; we need to look at what we would do in the event of an emergency. If we have a fire, an explosion, a natural disaster or a security breach at one of our locations, what do we do? What resources are we going to need to address a situation like that? How are we going to work with public first-responders?”
I also advocate conducting a business impact analysis (BIA) to examine critical business functions.
Businesses should take a good hard look at what happened in the Blackout of 2003 and use it as a learning experience. If nothing else, they should see it as a wake-up call: executives should examine how well-prepared their companies are, not just for a significant power outage, but also for negative events in general. How prepared are you?
John B. Copenhaver, CBCP, is president and CEO of the Disaster Recovery Institute International (DRI) and president of the Global Partnership for Preparedness Board of Directors. Contact him at (703) 538-1792 or [email protected]. Certified business continuity professional (CBCP) is a recognized professional designation of the Disaster Recovery Institute International (www.drii.org).