image

Better Informed Business Continuity Management

XBRM offers Business Continuity Management (BCM) and Continuity of Operations (COOP) Planning that includes: Business Continuity Planning, Disaster Recovery Planning, Emergency Operations Planning, Audits and Assessments, Training & Education, Testing and expert Response and BrainRecovery Support during an incident, event or emergency.

Our services are distinguished from others because:

  • Our team includes trained behavioral experts who understand how people will react and perform during response and recovery, a key component which  will impact your ability to sustain or resume business operations;
  • We use our first-hand inside experience as responders to assure that the plans we develop are informed by that experience;
  • Our team provides assistance during a response and recovery as a member of your team resuming business operations.

XBRM services include expert assistance to address threats of violence in the workplace including threats to individuals or the organization.  

Click here for more information on: Workplace/Campus Violence Prevention

Mitigation and Preparedness

Preparedness efforts result in the development of business continuity, disaster recovery and emergency operations plans.  The business continuity plan’s (BCP) focus is on the business processes/functions that need to be resumed or recovered.  The disaster recovery plan focuses on telecommunications and information technology (systems) that are required to support the business.  The emergency operations plan focuses on command and control, and includes elements that help assure people, customers and employees are safe and receive cared if required.

Business Continuity Planning

The BCP starts with a Risk Assessment (RA) and Business Impact Analysis (BIA) to help ensure alignment between potential threats, resumption plans, the priority and value of the business function.  The RA is designed to help you understand specific threats conditional to your organization’s current infrastructure, controls and location.  The BIA is designed to help you understand the effect and potential cost of different types of disasters on your organization and the customers you serve.  The BIAs we develop cover the infrastructure and operations, as do others, however, XBRM also explores the impact various disasters can have on your people, the ones you count on during response and recovery.

A successful plan addresses issues raised in the BIA.  A traditional BIA will focus on two key areas for Disaster Recovery (DR): Technology Infrastructure and Business Operations.  Additionally, XBRM addresses the Human Factor in Business Continuity Planning.  Adding this Human Factors sensibility to your BCP plans allows you to more effectively assess how the people that are required to restore service in an emergency will react and operate in a variety of challenging circumstances.  It is an even more vital element if the response and recovery involves customers.

Disaster Recovery

The Disaster Recovery plan is also informed by the BIA.  The plan identifies the systems that business functions rely on and develops a plan for recovering those systems.  The primary elements of the plan include: review of the current technology operating environment, backup and recovery procedures and resources (network, hardware, software and people) and assesses any dependencies.  Recovery analysis is performed in order to identify the options available to achieve the recovery time and recovery point objectives of the applications and systems that those business functions rely on.

Just as the Hazard and Vulnerability Assessment is important input to the Emergency Operations Plan, so is assessing the threat to systems by performing a system security and vulnerability assessment.  Security and Vulnerability assessments include an evaluation of the system and telecommunications infrastructure design, including a review of existing security devices and monitors, and a penetration test.  The penetration test scans the network and computers to search for vulnerabilities.  The plan’s outcome is a list of recommended action steps prioritized by severity.

Our team’s first-hand expertise planning, building and operating disaster recovery sites distinguishes us from other firms and enables us to create better informed plans.  We also offer delivery (design, build and deployment) of DR capabilities for our customers and can host and manage your DR systems.

Emergency Operations Planning

The key component of the Risk Assessment and critical tool for informing the emergency operations plan (EOP) is a hazard and vulnerability assessment.   A Hazard Vulnerability Assessment (HVA) is a comprehensive process that helps to identify people, property, and resources that are at risk of injury, damage, or loss from hazardous incidents or natural hazards. This information is important to help determine and prioritize the precautionary measures that can make an organization more disaster-resilient. The HVA provides an analysis of the types of natural and man-caused hazards to which the organization is vulnerable.  Additionally, the HVA evaluates the comparative probability and assigns a simple level of risk (low, medium, high) to each.

Audits and Assessments

You may have plans and processes in place to manage and maintain your plans.  We can help improve your preparedness through our audits and reviews of your existing plans.  We offer the following audits to help review and assess the effectiveness of your plans and level of preparedness:

  • Human Impact Audit
  • Homeland Security Vulnerability Assessment
  • Hazard Vulnerability Assessment

The Human Impact Audits and Homeland Security Vulnerability Assessments are consistent with the Red Cell Analytic model supported by the U.S. Department of Homeland Security.  Our Human Impact Audit gauges your organizational preparedness and ascertains if your plans have reasonable behavioral assumptions.  In conjunction with and audit, our team can work with your organization to perform testing of your plans.

Click here to learn more about: Audits and Assessments

Testing of Business Continuity, Disaster Recovery and Emergency Operations Plans

Practice does not make perfect—perfect practice makes perfect! Organizations that rehearse disaster and emergency response activities that are not behaviorally realistic often find that during real time events, unanticipated reactions of key employees as well as the general workforce can create obstacles to effective response and can complicate recovery.  Our team’s first-responder expertise and behavioral skills make us an exceptional choice to support testing of your plans.  We provide exercise support services to aid in realistic exercise design; SME input for teams during exercise day; exercise observation and evaluation; and post-exercise reports and recommendations.

We work with your team to perform a tabletop or functional exercise.  The Tabletop Exercise is designed for examination of operational plans, problem identification, and in-depth problem solving.  The Functional Exercise is a fully simulated interactive exercise that tests the capability of an organization to respond to a simulated event.  This exercise focuses on the coordination of multiple functions or organizations and takes place in an Emergency Operations Center.  The Functional Exercise strives for realism, short of actual deployment of equipment and personnel.

Business Response and Recovery Services

XBRM offers subject matter expertise on-site and by phone to support an organization’s efforts to manage or respond and recover from an event, emergency or disaster.  Two examples of how we have helped others are outlined below.

Case Study 1:

A large bio-medical services provider in the Northeast experienced a minor disruption of laboratory operations when a ventilation system failed, flooding a work area with fumes from chemicals used in processing medical specimens.  The company anticipated the physical response to the event accurately (i.e., approach to evacuating and decontaminating the lab environment), but did not anticipate the behavioral response of employees who refused to return to their work areas when they experienced high levels of fear and anxiety, as wells as somatic reactions to their perceived exposure to  hazardous  fumes.  Communication between employees on different shifts resulted in high rates of absenteeism in the following days, the loss of irreplaceable biological samples (i.e., biopsies, blood samples, etc.) and a loss of confidence among their clients (i.e. doctors, hospital and other labs) awaiting results from important tests.  To help stabilize this incident and resume normal business operations XBRM provided:

  • Subject matter expertise in the organization’s war room
  • Guidance to the Corporate Communication team in messaging
  • Technical/Behavioral support to the Medical/Nursing team
  • Psychological support to affected employees and their families
  • Active stress management support to Emergency Response Teams

Within one week of initiating XBRM’s services, staff levels and business operations had returned to normal.  The organization lived through a dangerous and disruptive event, learning the importance of integrating behavioral factors into emergency operations plans, procedures and exercises.

Case Study 2:

Managers within a division of large multi-national corporation based in the U.S became increasing concerned about a long-time employee who began to express paranoid thoughts that his employer and specific supervisors were having him followed.  He claimed to see agents of the company at the train station, on the streets and near his home.  He repeatedly warned his supervisor that the company should stop having him followed or he would have to take matters into his own hands.  He also hinted that he had recently purchased a firearm to protect himself from the perceived treat.

Being appropriately concern, the company’s HR department engaged XBRM to assess the severity of the circumstances and assist in facilitating a rapid and effective response. To help address this situation, XBRM provided:

  • Consultation and support to management by phone and onsite
  • Onsite, Tier 1 evaluation of the individual of concern
  • Participation in developing a dignified and defensible organizational response
  • Facilitation of off-site, Tier 2 psychiatric emergency evaluation
  • Development of a sound return to work strategy for the affected employee

The employee in questioned was assessed to be functionally psychotic.  He was able to perform his job-related tasks at the expected level of performance, but was experiencing significant paranoid delusions and was planning to take pre-emptive actions to eliminate the perceived threat from his supervisor and other company executives.  Timely assessment and intervention prevented a tragedy, moved the employee to receive the necessary mental health services needed and ultimately resulted in a safe and respectful return to work for a valued employee.

XBRM’s ability to apply our inside-out experience as a first-responder to business continuity and emergency management and our proficiency in behavioral science allows us to create plans that accurately reflect the behavioral elements of an event and create the tipping point between plans and effective plans.  Contact us for more information about how we can help your organization by clicking here to go to our Contact Page, email us at info@XBRM.com or call us at 212.366.8200.