Tag Archive for business continuity

Marketplace Empathy

Safe Harbor Consulting has been successful in assisting a number of organizations with their Table Top Exercise Programs for business continuity, disaster recovery and crisis management solutions.  One of the first challenges we face in the exercise planning process is to settle on the right scenario for the exercise.

Of course, the first thing we do is to get our client to forget about the scenario for a moment and list those things within your programs that you want emphasized in the exercise.  For example, we ask questions like:

Do you want the scenario to include death and injury of employees and guests?  Or, keep the focus on business interruption?

Do you want to address damage assessment procedures or just have the scenario result in the loss of access to facilities?

Do you want the scenario to result in a long term outage (weeks or months)?  Or, a short term loss (hours or days)?

Do you want the scenario to be an immediate impact and obvious disaster?  Or, an escalating problem that “rolls” into a disaster?

Knowing the answer to these questions will help us land on the proper scenario.

But, this scenario discussion also leads us to talk about another interesting phenomena in business continuity planning that I am not sure I have heard anyone else talk about.  Many times, I find myself trying to talk the client down from those “spectacular” disaster scenarios to scenarios that are more likely to occur and, believe it or not, more likely to offer a greater challenge to your organization.

The phenomena I speak of is a concept I call “Marketplace Empathy”.

One of the factors that will measure your success in responding to and recovering from a business interruption event is how well do you meet the outside world’s expectations?  In those newsworthy, high impact, catastrophic events that impact you, your costumers and your competitors alike, you are not necessarily expected to be up and running the next day, or even weeks or longer.  The marketplace, as a whole, can empathize with your dilemma and will allow you the luxury of time to get back to business as usual.

This will not be the case when your business interruption event is caused by a less newsworthy, low impact event that only impacts you.  If your Call Center is down because of a fire in your telecom office that takes your PBX down you are not going to be granted that same level of forgiveness as when a tornado wipes out the entire town where your Call Center happens to be located.

Marketplace Empathy.

With it, RTEs (Recovery Time Expectations) will expand.  Without it, RTEs will shrink.

With it, the news will center on the event.  Without it, the news will center on your inability to deliver.

I do not believe Marketplace Empathy is a concept that should influence your planning process, but it is something you should consider when planning for and/or executing your Table Top Exercises.

The fact is, RTOs (Recovery Time Objectives) and MADs (Maximum Acceptable Downtimes) are planning targets based on BIAs and other informational input, but the RTEs will be influenced by the scenario you are impacted by and responding to.  When you go with the Tom Clancy-esque type of scenarios in your Table Top Exercise you risk having your participants focusing on the event itself and you allow people to challenge the real need to recover the business when the impact is so great and so many people are affected.

Marketplace Empathy.  Just something to consider when planning your next exercise.

The 12 Steps of Business Continuity Planning

So, I am writing a complete Business Continuity Planning Governance Guide and Standards manual for one of my clients and it dawned on me that this process really is a neat little building block methodology that might best be simply explained through a “Twelve Days of Christmas”-like presentation.

This is NOT part of the manual I am creating, but, I thought I might share it with you.  So … here goes …

THE TWELVE STEPS OF BUSINESS CONTINUITY PLANNING

The first step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Defining business processes performed by my company.

The second step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Identifying potential impacts from a disaster
To the business processes performed by my company.

The third step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Assigning Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The fourth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Inventorying recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The fifth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
All of these things
Inventorying recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The sixth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Researching recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The seventh step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Selecting the best recovery strategies
From the researched recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The eighth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Implementing the recovery capability
For the selected recovery strategies
From the researched recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The ninth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Documenting the recovery process to
Employ the recovery capability
For the selected recovery strategies
From the researched recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The tenth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Simulating a recovery effort using the
Documented recovery process to
Employ the recovery capability
For the selected recovery strategies
From the researched recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The eleventh step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Improving the recovery program based on findings from
Simulating a recovery effort using the
Documented recovery process to
Employ the recovery capability
For the selected recovery strategies
From the researched recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

The twelfth step in Business Continuity Planning that Safe Harbor Consulting taught to me is
Ensure everyone knows what we did to
Improve the recovery program based on findings from
Simulating a recovery effort using the
Documented recovery process to
Employ the recovery capability
For the selected recovery strategies
From the researched recovery options to achieve
All of these things
Providing the recovery requirements
Needed to achieve the Recovery Time Objectives
Based on potential impacts from a disaster
To the business processes performed by my company.

Planning versus Being Prepared

Many organizations engage in business continuity and disaster recovery planning; few organizations are prepared for a business interruption event or a disaster.  There is a difference.

My wife is a terrific party planner.  We just threw a birthday party for our youngest son who turned eleven years old this past Sunday.  My wife “planned” his party weeks in advance, but, until we got the invitations sent, the supplies purchased, the house cleaned, the balloons and decorations put up, the gifts wrapped and the cake baked, we were not “prepared” for the party.

The Allied Forces “planned” the D-Day Invasion months in advance; but, until they recruited for, trained, transported the forces and equipment to where they were needed, ran simulations, drills and practices, monitored the weather, performed reconnaissance, set up Command Centers and established communications channels and protocol, they were not “prepared” for the invasion.

Simply going through the motions of creating Business Continuity and Disaster Recovery Plans does not necessarily mean your organization is prepared to respond to, operate through or recover from a business interruption event or disaster.  There are many organizations who have followed the standard and accepted business continuity planning methodology, resulting in numerous, well-documented plans, that are NOT prepared for a disaster.  How can this be?  Here are some contributing factors that can result in that kind of dichotomy:

Invalid Planning Assumptions.  Almost every plan written includes a list of planning assumptions in the Introduction or Overview sections.  Many times these “assumptions” are really planning requirements, caveats or downright erroneous assumptions that invalidate the plans and continuity strategies in place.

For example:

  • A plan might include the assumption that employees are trained and have copies of the plans in their homes. This should not be a plan assumption; this should be a program requirement.  This requirement is auditable and should be tracked.  Your plan should not “assume” this to be true; your program should “ensure” that this is true.
  • A plan that utilizes a work from home solution might include the assumption that employees routinely take their laptops home with them every night. Again this is an example of a program requirement, not a plan assumption.  If your business continuity solution relies on corporate assets, such as laptops, being available in certain employee’s homes at time of a disaster, you need to ensure that these assets are there when needed.
  • Sometimes, plans “assume” that the disaster impacts only the facility that the plan is written for. In cases when the continuity or recovery strategies rely on alternate sites (or employees working from home) that share a common footprint of known risks and threats in the area; that may not be a plausible assumption.  In these cases, it is important that management know “what” they are prepared for.  For example, management might be told that you are prepared for a building outage but not a wide-area outage caused by an earthquake or flood or hurricane.  This could be important information to know if you are in an earthquake, flood or hurricane zone.
  • Many plans include the “assumption” that the strategies and technologies the plan relies upon are available, functional and usable at time of need. Many times, management reads this “assumption” as a “given” when, in fact, these solutions are yet to be implemented, contracted for or proven reliable.

When assessing an organization’s level of preparedness, plan assumptions should not be glossed over nor should they be accepted as being “givens” or truths.  If the viability of your plan is dependent on these assumptions being true, you must have policies and procedures in place to ensure these conditions exists and protocols in place to measure the level to which they are being met.

Dependencies That Can’t Be Depended Upon.  In a related situation, some plans include a list of dependencies that the plan’s execution relies upon.  Sometimes, the reliability of these dependencies are also listed in the plan’s assumptions.

For example:

  • The successful execution of the strategies outlined in the plan might be dependent upon external, single-source suppliers (of services, information or raw material) remaining operational. If these organizations are also at risk of being impacted by the same business interruption event, this might not be a reliable requirement.  You should include the examination of these organizations’ recovery plans in your programs’ activities or eliminate this dependency as a single point of failure within your environment.
  • Plans are often dependent on certain individuals or subject matter experts being available to participate in the recovery effort. “People” are often overlooked as single-points-of-failure.  If the successful execution of your recovery solutions rely on one or more particular individuals being available to execute the plan, you are at risk of failure during events that impact the availability of your work-force.  Many companies that have this dependency also state that their plans could be used during a Pandemic event – this is just one type of scenario that puts that dependency at grave risk.
  • Many plans are also dependent on certain technologies and/or applications being accessible at time of an event.  Sometimes, the recovery or continuity of these technologies and applications are within the scope of your plans and sometimes, they are not.  In either case, whether or not this dependency can be relied upon is something that can and should be proven.

Failure to Socialize the Plans.  Even companies with spectacular plans and solutions in place can be unprepared for the events they have planned for due to the lack of training and education of the people who must execute the plans.  Well written plans and fully enabled solutions can fail to protect the organization from devastation if the people relied upon to execute those plans or utilize the solutions have not been trained in and practiced their roles for time of implementation.

None of Shakespeare’s plays would be successful if the actors were reading the scripts for the first time on the night of the opening performance.  Documented plans should be treated like scripts; the lines should be memorized and rehearsed well before they are needed.  If your organization is dependent on the documented plans at time of a disaster, then it is quite possible that you are not “prepared” to respond and recover.

Unreliable Testing Practices.  And then there are companies that do routinely practice and rehearse for the event, but are still not “prepared” because of some unreliable testing practices that are commonly used.

Most business continuity and disaster recovery plans are designed to allow an organization to respond to and recover from an incident that occurs without warning demanding immediate response, yet, it takes them months to plan for a test.

If the advanced planning for a test is more than an exercise in scheduling resources, your organization may not be prepared for the real deal.  Too often, the time needed to prepare for a test is used to create special back-ups; install or provision equipment; order supplies; coordinate resource availability; or a number of other logistical activities that require time to complete – none of which you will be able to do at time of a disaster that hits without warning.

If your organization plans its tests weeks or months in advanced, you need to scrutinize the actions being taken to prepare for the test and question whether or not that activity would be required at time of a real event.

And, too often, organizations execute these tests or rehearsals utilizing a small set of understudies and not the people who will engage at time of the real event (thus, not achieving the socialization mentioned above).  This, too, is something that can be audited and tracked.  Your program should identify anyone who has the potential of being engaged at time of an emergency response, continuity and/or recovery event and ensure that they are trained and routinely participate in recovery tests and exercises.

CONCLUSION

So, yes, there are many companies that “plan” for a business interruption event but are far from being “prepared” for a business interruption event.  The ultimate goal is being “prepared”; do not allow yourself to be lulled into a false sense of security just because you have a “plan”.

2015 Program Review

Safe Harbor Consulting

Business Continuity / Disaster Recovery / Crisis Management

Program Review and Planning

As the years change on the calendar and we begin to initiate our 2015 projects, improvements and advancements, it is a good time to stop, measure and assess where our programs stand today.

Safe Harbor Consulting can provide an experienced and professional program review of your Business Continuity, Disaster Recovery and/or Crisis Management programs to:

  • Inventory all Program Components and assess their state of completeness and accuracy
  • Identify program strengths and opportunities for improvement
  • Compare your program components against industry standards and accepted best practices
  • Review the current Program’s Organizational Structure to ensure the right fit within your organization with the proper management oversight and controls
  • Assess your organization’s current state of readiness and identify risks that may impact your ability to adequately respond to a business interruption event
  • Propose an Action Plan Roadmap based on management priorities and expectations

In conducting this Program Review, Safe Harbor Consulting will:

  • Interview key corporate assets responsible for the development, maintenance and implementation of these programs within your organization
  • Review all program related documentation, including:
    • Program related policies, procedures, mission statements, goals and objectives
    • Plans, manuals and supporting program databases
    • Audit findings and related reports
    • Test plans and results
    • Training materials and presentations
    • Other material that may exist in your environment
  • Review all company and industry standards related to BCP/DR/CM for your particular industry
  • Compile our findings in a Management Report
  • Offer recommendations for short term tactical and long term strategic improvements for your programs including potential re-organization of the reporting structure and program oversight
  • Present an Action Plan for implementing all program recommendations

The deliverables that you receive at the end of Safe Harbor Consulting’s review will include:

  • A Program Assessment Findings Report
  • An action-oriented recommended Project Plan to achieve short-term and long-term program improvement goals
  • An Executive Summary Report
  • A Management Presentation of Findings and Recommendations

Your Safe Harbor Consulting Program Review will be based on years of experience in the fields of business continuity, disaster recovery and crisis management across multiple industries and organizations utilizing a variety of technologies and infrastructure in support of mission critical business processes; and, supported by lessons learned through the live implementation of such plans following serious corporate disasters and business outages.

Safe Harbor Consulting prides itself on being practical and pragmatic in our approach, to ensure that the resulting programs are consistent with management expectations and are actionable at time of an event.  We will not only review the program material, but will assess your organization’s state of readiness to respond to an incident and, adequately put your plans into action.

Don’t let another year go by lacking the confidence that you and your organization are prepared to respond to a serious business interruption event – call Safe Harbor Consulting today to schedule a meeting to prepare our proposal for conducting your Program Review.

SHC-Logo1.jpg

253-509-0233

www.safeharborconsulting.biz

 

 

Another BCP Acronym

Yes, I realize that the last thing we need in Business Continuity Planning practices is another acronym, but, hey, what’s the fun in writing a blog if you can’t cause trouble?  So here goes – another BCP acronym …

I have been stating for a while now, that the BCP Methodology needs to be revisited.  I think that the tried and true practice of conducting BIAs is a bit flawed.  In practice, I think, the methodology attacks middle management and department level areas in the organization without first establishing corporate-wide and senior level objectives for business during a crisis.  When we ask people to establish RTOs and RPOs (more of those lovely acronyms – see the chart below) what are they basing their answers on?  When we ask for impacts of being down, to set those recovery objectives, what business objectives are they being designed to meet?

I think that the BCP Methodology needs to add a step in the beginning of our analyses in which we establish – are you ready for it, here it comes, the new acronym, in three, two, one – our ABOs, Adjusted Business Objectives.  I think part of the fallacy in our current process is that RTOs (or MADs if you prefer that acronym) are set with the assumption that the company is still aiming to hit its established business objectives for the year.  And, I think that is wrong.  During times of crisis, I think management’s expectations of what the company should achieve are adjusted.  During times of crisis, we may not have the same Income Targets, Profit Targets, Sales Targets, Margin Targets, Production Targets, etc.

Every company establishes business objectives for the year – assuming we operate in a normal business environment.  Once that “normal” environment is compromised due to a disaster, I think those business objectives get adjusted.  And, I think it is important to relay that information to the management team that is responding to our BIA questions.  We should be asking what the critical timeframes are for conducting business functions given we need to meet these Adjusted Business Objectives or ABOs.

Department objectives are, I hope, based on meeting the overall corporate objectives.  Once we know our ABOs we can translate that down to the department level and establish more meaningful RTOs, RPOs, MADs and what have yous.

The real challenge here is, however, getting senior management involved enough in the process to establish these ABOs.  One reason I think we don’t do that today is because it is much easier beginning the process with middle management.  The savvy manager, however, I think, is the one that asks, “During a time of crisis, what are my department’s objectives?  What is senior management expecting us to get done throughout the crisis period?”

So, there it is, a new BCP acronym – ABOs – just what we needed … NOT!

ACRONYMS USED IN THIS ARTICLE – FOR THE UNINITIATED

BCP – Business Continuity Planning

BIA – Business Impact Analysis

RTO – Recovery Time Objectives

RPO – Recovery Point Objectives

MAD – Maximum Acceptable Downtime

 

Your Plandemic – The Plan to Plan Plan

Now that the Ebola virus has made its way to the United States and we enter the traditional US Flu season, companies are beginning to revisit and/or develop Pandemic Plans to address this scare.  But, Pandemic Planning is a little bit different than your standard business continuity plan development process.  I have often chastised organizations for saying they have business continuity or disaster recovery “plans” when all they really have are plans to create plans, but, in the case of pandemic planning, I think, that is actually the right approach to take.

The reason why it is so important to have well developed and relatively detailed business continuity plans, strategies and solutions in place today is that most disasters occur without warning and do not provide the luxury of time to figure out what to do after the incident occurs.  Pandemics represent an evolving threat that comes in various shapes and sizes and does afford us a luxury (if that word really applies here) to construct a response plan based on the particular pandemic that poses the threat.

The “Pandemic Influenza Risk Management / WHO Interim Guidance” published by the World Health Organization in 2013 (click here to read this document) states:

“Member States had prepared for a pandemic of high severity and appeared unable to adapt their national and subnational responses adequately to a more moderate event.”

And recommends,

“a risk-based approach to pandemic influenza risk management and encourages Member States to develop flexible plans, based on national risk assessment, taking account of the global risk assessment”

I think this applies to individual company plans, as well.  The Pandemic Plans that now sit on the shelves of most companies today include the best practices recommended for addressing the Avian Flu or Swine Flu or H1N1 – whichever scare was prevalent at the time they wrote their plan.  Although these plans may still contain lots of terrific practices for any epidemic or pandemic, it will probably need to be adjusted to address whatever pandemic actually occurs in their area.  It is for this reason that I believe the best approach to pandemic planning is to establish an environment in which you “plan to plan” for whatever pandemic might present itself.

The recommended, new WHO Pandemic Model has been simplified to include only 4 Pandemic Phases:

“Interpandemic phase: This is the period between influenza pandemics.

Alert phase: This is the phase when influenza caused by a new subtype has been identified in humans. Increased vigilance and careful risk assessment, at local, national and global levels, are characteristic of this phase. If the risk assessments indicate that the new virus is not developing into a pandemic strain, a de-escalation of activities towards those in the interpandemic phase may occur.

Pandemic phase: This is the period of global spread of human influenza caused by a new subtype. Movement between the interpandemic, alert and pandemic phases may occur quickly or gradually as indicated by the global risk assessment, principally based on virological, epidemiological and clinical data.

Transition phase: As the assessed global risk reduces, de-escalation of global actions may occur, and reduction in response activities or movement towards recovery actions by countries may be appropriate, according to their own risk assessments.”

I recommend that your Pandemic Program establish actions to take during each of these phases.

During the Interpandemic Phase, your Business Continuity Department (or Human Resources or Health Department, perhaps) should monitor WHO, CDC and local Health Agencies tracking of developing health risks and threats.

Should a situation occur where the Pandemic Level is raised to the Alert Phase, you should begin to develop more specific Prevention, Response and Contention strategies based on the health organization’s recommendations for the particular health risk that causes the alert.  You will likely be able to leverage many of the solutions developed in your previous pandemic plan, but your final plan will be geared towards this particular threat.

Should this threat result in either a regional epidemic or world-wide pandemic, you then put that plan into action.

Once the threat has been normalized and we enter the Transition Phase, your course of action should be to remain poised for a second wave of this particular pandemic while also documenting lessons learned to be considered should another threat develop.  You then “shelve” this particular plan and return to your tracking and monitoring position in the Interpandemic phase.

So, in effect, your Pandemic Program provides the basis for you to wait for a threat to develop and then jump into action developing the “plan” for this particular threat – in other words, you plan to plan.

Now, of course, there is also that part of the plan in which you must consider continuity of operations given that your work force is depleted or immobilized and/or given that key senior management have been impacted (ill or even died).  This is where you would deploy contingencies you have in place for such impacts.  (See the “Scenario Based vs Impact Based Planning” blog for more discussion on contingency planning.)

This approach will not work for other common business interruption risks and threats, but, I think, is the appropriate approach for addressing Pandemic Planning.

Meanwhile, promote day-to-day health and sanitation practices in your work environment – always a good way to combat any seasonal flu or more serious health risks.

Good luck, and stay healthy.

Scenario Based vs Impact Based Planning

I have participated in a number of conversations where people argue what the basis for business continuity plans should be.  Some people say you should have plans designed for specific threats inherent in your environment and others say that “what” happens is not important; plans should be based on the impacts of what happened and not the event itself.  I say, they are both right, in a way.

Business continuity planning, I think, has evolved over time and has expanded in scope of what it tries to achieve.  I’m not sure why we have gotten away from the term “contingency plans”, but I think Business Continuity Planning today includes both emergency response components and contingency planning components.

Considering these two components of the overall program, I think the Emergency Response part, that part that addresses how an organization responds to an incident should, in fact, have scenario specific components for the known risks and threats in the area where you do business.  If you have facilities in hurricane regions, you absolutely should have Hurricane Preparedness Plans.  Same goes for if you have facilities on fault lines; in flood plains; near active volcanoes; near nuclear power plants; etc.  When specific threats arise, like pandemics, for example, your organization should develop a scenario specific plan for prevention and contention techniques for that exact threat.

But, on the contingency side of things, the focus should be on the impact.  Contingency plans should be developed based on impacts, such as: loss of access to the building; loss of access to technology tools, applications and data; interruptions in workflow; depleted or immobilized work force; etc.

Then the entire program should allow a cross mapping of the two plan components.  The threats, for which you have specific plans, could result in any or all of the impacts for which you have contingencies.  Take Pandemic Plans for example.  Many companies attack this issue as if it is an entirely new challenge and try to develop Pandemic Plans as holistic, stand-alone, programs.  Once you realize that the impacts of a Pandemic might be a depleted or immobilized work force and interruptions to critical workflows, you realize that you should be able to leverage those contingency plans already developed and focus on the health and safety of your work force and work environment for the particular pandemic that poses the threat.  The pandemic response might be unique to this threat, but the contingencies could be leveraged for any event that impacts your work force availability, such as; transit strikes; civil unrest in the area; etc.

So, if you are responsible for developing plans that address both response and contingency components of the overall program, I suggest that you will be doing both – developing scenario specific and impact based policies, procedures, strategies and solutions.  Then, you may even create a matrix that identifies which contingencies might come into play under each specific scenario.  I do, however, think you still need that generic response plan to handle those scenarios for which specific response plans have not been created.  These plans should focus on the logistics for getting decision makers together to address the challenges of an unplanned for interruption in an effective and efficient manner and adequately communicating decisions and instructions to the impacted parties.

Good luck.  No one said this job was going to be easy.

The Business Continuity Planning Objective (Hint: It’s not to implement the BCP Methodology)

So, I was recently helping a colleague prepare a management presentation to discuss her plans for advancing the business continuity program in her company.  Maybe it’s just a matter of semantics, but we had a lengthy discussion over “objectives”, “goals” and “tasks”.

If you have read any of my recent blogs you might recognize a pattern in which I think business continuity planners have become victims of our own methodology.  This discussion helped me to emphasize that point.  When I suggested to my colleague that she should first succinctly define her objective, she merely listed the steps of the methodology.  I strongly disagree.

A business continuity planner’s objective is not to complete the BCP methodology.  The methodology is simply a recipe towards achieving an end.  What is that “end” you hope to achieve?  That “end” is your ultimate objective.

So, we started with: “To provide the company a means in which they can recover from (or continue operations through) any business interruption event that impacts their operations, facilities, employees or workflow.”  I am sure you can improve on this sentence, but, it is a good start – and, it helps set the right mind frame.  Regardless of what any auditor thinks or what any other professional has led you to believe (especially those with a vested interest in having you follow a given methodology), the business continuity planner’s job is not to execute the BCP methodology; your job is to prepare your organization to successfully respond to, continue critical operations through, and recover from a business interruption event.

Now, it just so happens that one of the best ways to achieve that objective is to follow the standard methodology, but, with this understanding of our ultimate objective we can better assess what components of the methodology are needed for our situation and determine what, if any, adjustments to the methodology we need to make to achieve this objective for our particular company.  We simply need to ask ourselves – about each component in the methodology – is this needed and how is it best used to achieve our objective?

With this thought in mind, I like to reorganize the standard methodology a bit and divide the components of the methodology into the Strategic Planning Components and the Tactical Planning Components.  Strategic Planning Components of the methodology help us define “what” our program should accomplish and the Tactical Planning Components help us describe “how” we accomplish these strategic goals.  The diagram here depicts this re-organization of the methodology.  (Click on the diagram for a better view.)

Methodology

If you think about the BCP methodology as a recipe for baking a cake, the Strategic Planning Components are needed to decide what kind of cake we should bake, how big it should be, what ingredients are needed to bake it and how long it should take to bake it.  The Tactical Planning Components are needed to ensure we have access to everything we need when the time comes to bake the cake, and, have the instructions for actually baking the cake when it is required.  The methodology also suggests we practice baking this cake a time or two before having to serve it for real – a good idea if you have never baked a cake before – and, making whatever adjustments are needed to constantly improve the cake and the baking process.

Now we get to a question that is becoming a topic of conversation for many business continuity planners: if the Strategic Planning Components of the methodology help us define what kind and how much cake we should bake, are they necessary if this is told to us by our management team?

This is where I think we often fall victim to our methodology.  I think we must ask ourselves – who is our customer?  Who are we designing business continuity programs for?  The methodology is not our customer.  The auditors are not our customers.  The CEO and/or Board of Directors are our customers.  In my mind, the key phrase in every BCP/Disaster Recovery/Emergency Response regulatory requirement is the one that states these plans/programs must be consistent with management expectations and approved by the Board of Directors.

I think that if Senior Management dictates the strategy to the business continuity planner and then approves the solutions put in place to achieve those strategic objectives, it is less important that you can tick off having performed every task within the BCP Methodology – even if not being able to do so upsets the auditors.  Furthermore, the business continuity planner who follows every step of the methodology to the letter and implements a solution that is not consistent with management’s expectations – has not done their job.

At the end of the day, the business continuity planner must ensure that their organization is in position to effectively and efficiently respond to and recover from any business interruption that impacts their organization.  I say, if you can achieve that – you have done your job, with or without having completed the entire BCP methodology.  Now, some will challenge and say that short of actually experiencing a disaster, the only real way to ensure that you have achieved this objective is to complete every step of the methodology.  I believe that the real proof is in the design and execution of the exercises and tests you perform.  That, to me, is the real challenge – good, complete and verifiable exercises.

But, my real objective for writing this blog is not to convince anyone that they shouldn’t follow the BCP methodology.  I think, in almost every case, even following my theory here, you will eventually determine that the standard BCP methodology is the best means for getting your job done.  I just wish to get business continuity planners to understand what their ultimate objective is and not to simply follow the methodology because they think they have to but to understand why they are following the methodology and help ensure that everything they do – every step they follow in the methodology – can be tied back to achieving this ultimate objective.  In this way, I believe, you can design your implementation of the methodology in a way that does not waste anyone’s time and effort in gathering information or conducting analyses that do not contribute to the final objective.

I think my colleague got the point and her management presentation was well received.  So, I think, I can count at least one practitioner that now sees my point.

Week 13 – Pro Football Crisis Management Award Winners

Week 13 in the NFL included a full slate of 16 games with three games on Thursday (Thanksgiving), twelve on Sunday and one Monday night.  Sixteen games gives us more of a chance for come-from-behind victories and, hopefully, a good game to write about.  In Week 13, we actually had four of them!

WEEK 13 RECAP

Of the 16 games played in the NFL Week 13, 10 games were won by teams that trailed at one point or another in the game.  Of those 10 games 6 were won by teams that found themselves down by 10 or more points at one time during the game.  Of those 6 teams that overcame double-digit deficits, 4 of them were visiting teams.

For the third time this year and the first time since Week 8, there were multiple teams tied for the Safe Harbor Consulting Pro Football Crisis Management Award.  Four teams overcame a deficit of 14 points in Week 13 to win the award.  If you have 4 winners do you really have a winner?  Well, for this award – yes.  You have four winners.

OAKLAND VS DALLAS

OAK DALIn the traditional Thanksgiving Day football game in Dallas, the 6 – 5 Cowboys were hosting the 4 – 7 Oakland Raiders.  The Cowboys were looking to keep pace with the Philadelphia Eagles in the NFC East while the Raiders were trying to keep their slim AFC playoff hopes alive.  With the smell of turkey looming in the house, I sat down to watch this traditional game thankful for my wide-screen TV (and many other, less materialistic, blessings in my life).

This game got off to a wild start as Dallas fumbled the opening kickoff and the Oakland Raiders’ Greg Jenkins scooped the ball up and ran in for a 23 yard touchdown return.  Near the end of the first quarter, the Raiders returned the favor to Dallas and fumbled the ball on their own 2 yard line.  DeMarco Murray then ran in from 2 yards out to tie the score at 7 – 7.

In the second quarter, Oakland put up two long scoring drives, each ending with a 1 yard Rashad Jennings touchdown run to go up by 14 at 21 – 7.  With under 2:00 to play in the half, the Cowboys put together a successful 2 minute drive and cut the lead in half on a DeMarco Murray 4 yard run up the middle.

The Cowboys tied things up in the third quarter on a 4 yard touchdown pass from Tony Romo to Dez Bryant and the teams entered the 4th quarter at 21 – 21 with the Cowboys moving the ball deep into Raiders’ territory and my wife yelling at me from the kitchen to come carve the turkey.

Two plays into the 4th quarter, the Cowboys finished off that drive with Murray’s third rushing touchdown on the day, from 7 yards out.  Having scored 21 unanswered points, the Cowboys were now on top by a score of 28 – 21.  Right at the 2 minute warning mark, the Cowboys’ Dan Bailey connected on a 19 yard field goal to put Dallas up by 10.  Sabastian Janikowski kicked a 45 yard field goal to bring the Raiders to within a touchdown with 35 seconds left in the game, but a failed onside kick attempt sealed their fate as the Cowboys won, 31 -24, after trailing by 14 earlier in the contest.

ATLANTA VS BUFFALO

ATL BUFThe Atlanta / Buffalo game featured two teams going nowhere fast in 2013 but playing for pride and roster spots in 2014.

The Bills raced out to a 14 – 0 lead by scoring touchdowns on their first two possessions of the game.  The first touchdown came on an EJ Manual 1 yard quarterback run around right end and the second one was a 4 yard Fred Jackson burst up the middle.  The Falcons cut the lead in half before the end of the 1st quarter on a Steven Jackson 27 yard run through a hole over left guard.

The Bills went back up by 10 in the 2nd quarter on a 29 yard field goal by Dan Carpenter, but the Falcons came back to tie things up at halftime 17 – 17.  The Falcons’ scores came on a 38 yard touchdown run my Antone Smith and a 49 yard Matt Bryant field goal as time ran out.

The Falcons took their first lead of the game in the third quarter on an 11 yard touchdown pass from Matt Ryan to Tony Gonzalez.  But, the Bills tied it back up at 24 – 24 on a 21 yard pass from Manual to Fred Jackson.

The Bills scored first in the 4th quarter on a C.J. Spiller 36 yard touchdown run, but the Falcons knotted it at 31 – 31 on a Steven Jackson 1 yard run to send the game into overtime.

The Bills got the ball first in overtime, but threw an interception on the second play from scrimmage.  Five plays later, Matt Bryant hit the game winning field goal from 36 yards out to give the Falcons the win after trailing 14 – 0 in the first quarter.

DENVER VS KANSAS CITY

DEN KCLast week, Denver was on the wrong side of the Safe Harbor Consulting Pro Football Crisis Management Award after blowing a 24 point lead against the pesky New England Patriots.  This week, the Broncos were visiting the Kansas City Chiefs in a battle for 1st place in the AFC West.

Each team’s first possession of the game ended with an interception by the other team.  Kansas City converted their turnover into a touchdown when Alex Smith hit Junior Hemmingway on a 17 yard touchdown pass.

Eric Decker’s 41 yard touchdown pass from Peyton Manning, early in the 2nd quarter, tied the score at 7 – 7.  It wouldn’t remain tied for long, however, as the Chief’s Knile Davis returned the pursuing kickoff back 108 yards for a touchdown.  After picking off Peyton Manning for the second time on the day, the Chief’s scored again on a Smith to Anthony Fasano 12 yard touchdown pass to go up by 14.  Of course, Peyton Manning is not one to let two interceptions get in his way and he got one touchdown back before the end of the half on a 3 yard touchdown pass to Knowshon Moreno.  The teams went into half time with the Chiefs on top 21 – 14.

The 3rd quarter belonged to the Broncos.  On the first possession of the half, Manning connected on another long touchdown pass to Eric Decker (this one, 37 yards) to tie the game up at 21.  After forcing the Chiefs to punt, Manning and Decker connected again from 15 yards out to put the Broncos up 28 – 21.

And, on the second play of the 4th quarter, the Manning to Decker combo struck for their 4th touchdown of the day on a 1 yard pass to put the Broncos on top by a score of 35 – 21, completing the Broncos run of 28 unanswered points.

Kansas City got back to within a touchdown on a late 4th quarter touchdown of their own – a Jamaal Charles 1 yard touchdown run – but, their last drive of the game, trying to tie the game up, stalled out on the Denver 13 after a 4th and 4 pass attempt fell incomplete.

One week after blowing a 24 point lead to New England, Denver found themselves winning a game in which they came from 14 points down to secure the victory.

NEW YORK GIANTS VS WASHINGTON

NYG WASThe last game of our four-way tie games for the Safe Harbor Consulting Pro Football Crisis Management Award featured the other Manning brother quarterback in another game of two teams simply fighting for some respectability in a frustrating 2013 campaign.  Capping off a long day of NFL Football, the 3 – 8 Washington Redskins were hosting the 4 – 7 New York Giants in a battle to stay out of last place in the NFC East.

The Redskins got the game started with a long, sustained, time consuming drive that resulted in a 1 yard Alfred Morris touchdown run and a 7 – 0 Redskins’ lead.  Early in the 2nd quarter, the Redskins added another touchdown on a Robert Griffin III 19 yard touchdown pass to Logan Paulsen to put Washington up by a score of 14 – 0.

The Giants, however, were able to tie the game at 14 – 14 before the end of the first half.  The first Giants’ touchdown came on Andre Brown 23 yard scamper around right end and the second touchdown was by way of an Eli Manning to Brandon Meyers 22 yard pass.

The only scoring in the 3rd quarter was on a 33 yard field goal by Kai Forbath that gave the Redskins a 17 – 14 lead.  But, the 4th quarter belonged to the Giants.  The Giants scored a go-ahead touchdown early in the 4th quarter on an Andre Brown 1 yard touchdown run and took a 7 point lead on a Josh Brown 39 yard field goal.  The Giants’ defense help the Redskins scoreless throughout the quarter and the Giants were able to avoid dropping into last place in the NFC East and win a share of the Week 14 Safe Harbor Consulting Pro Football Crisis Management Award by a score of 24 – 17.

SAFE HARBOR CONSULTING

To learn more about how Safe Harbor Consulting can help you prepare for your greatest comeback, please visit our website at www.safeharborconsulting.biz; visit us on facebook at https://www.facebook.com/pages/Safe-Harbor-Consulting/204353729604053; or, call us at (253) 509-0233.

Week 12 – Winner  (To read the Week 12 article, click here.)

New England coming from 24 behind to beat Denver, 34 – 31.

 

Week 11 – Winner  (To read the Week 11 article, click here.)

Indianapolis coming from 14 behind to beat Tennessee, 30 – 27.

 

Week 10 – Winner  (To read the Week 10 article, click here.)

Minnesota coming from 13 behind to beat Washington, 34 – 27.

 

Week 9 – Winner  (To read the Week 9 article, click here.)

Seattle coming from 21 behind to beat Tampa Bay, 27 – 24.

 

Week 8 – Winners  (To read the Week 8 article, click here.)

New England coming from 14 behind to beat Miami, 27 – 17.

Denver coming from 14 behind to beat Washington, 45 – 21.

 

Week 7 – Winner  (To read the Week 7 article, click here)

New York Jets coming from 11 behind to beat New England, 30 – 27.

 

Week 6 – Winner  (To read the Week 6 article, click here.)

Detroit coming from 10 behind to beat Cleveland, 31 – 17.

 

Week 5 – Winner  (To read the Week 5 article, click here.)

Denver coming from 14 behind to beat Dallas, 51 – 48.

 

Week 4 – Winner  (To read the Week 4 article, click here.)

Seattle coming from 17 behind to beat Houston, 23 – 20.

 

Week 3 – Winner  (To read the Week 3 article, click here.)

Cincinnati coming from 16 behind to beat Green Bay, 34 – 30.

 

Week 2 – Winners  (To read the Week 2 article, click here.)

Buffalo coming from 8 behind to beat Carolina, 24 – 23.

Houston coming from 8 behind to beat Tennessee, 30 – 24.

Arizona coming from 8 behind to beat Detroit, 25 -21.

 

Week 1 – Winner  (To read the Week 1 article, click here.)

Houston coming from 21 behind to beat San Diego, 31 -28.

WEEK 14 – College Football Crisis Management Award Winner

College Football’s Rivalry Week lived up to all the fun and excitement it was hyped to be.  We had close games; gutsy calls; and historical finishes that will be talked about for years to come.  We had unbeaten teams take their first loss; winless teams get their first victory; a major shake-up in the BCS standings; and, our largest come-from-behind victory of the year.  Yes sir, the college football world is abuzz and is likely to stay so throughout Championship Week and into the Bowl Season.  Gosh, I love college football.

We entered Rivalry Week with 5 undefeated teams in FBS football; we leave Rivalry Week with 3 still standing – and some of those on wobbly legs.  Fresno State entered Week 14 at 10 – 0, having had one game (against Colorado) cancelled due to flooding in the area, and, although they scored 52 points and led by 6 points on several occasions in the game, lost by 10 to San Jose State sending their chances at a BCS game down the tubes.  By easily handling Western Michigan on Tuesday night, 33 – 14, Northern Illinois stays standing as the lone BCS buster for 2013.  The Huskies have one more challenge to hurdle, a MAC Championship Game against Bowling Green on Friday night, to finish 13 – 0 and land themselves in a BCS Bowl Game.

Florida State faced off against rival Florida and easily kept their unbeaten season going at 12 – 0 with a convincing, 37 – 7 victory in a game in which they never trailed.  Florida State’s last challenge to remain undefeated and land a spot in the National Championship Game is the ACC Championship Game against the surprising Duke Blue Devils on Saturday Night.

Ohio State survived a huge scare from rival Michigan in a game that included one of the more gutsy calls of the year.  Having scored a potential game-tying touchdown with just 32 seconds left in regulation, Michigan’s Brady Hoke opted to try to a game-winning 2-point-conversion to put an end to the Ohio State two year winning streak.  In rivalry games like this, when you have nothing to lose and can possibly ruin the whole year for your rival, this is the kind of calls you get.  In this case, the Wolverines were unsuccessful on the conversion and the Buckeyes live to play another week as an undefeated team vying for a spot in the National Championship Game.  The Buckeye’s remain challenge is against another team from “up north”, the Michigan State Spartans in the Big Ten Championship Game on Saturday.

And, in what just might be the Game-of-the-Year with what just might be the Ending-Play-of-the-Century, the two-time defending National Champions, Alabama Crimson Tide had their perfect season come to an end on a missed field goal returned for a touchdown in the last second of regulation by the Auburn Tigers.  I could hear screams of joy and shouts of agony emanating from Alabama all the way up here in the state of Washington as I watched the play unfold in amazed disbelief.  What a great Rivalry Week!

The list of undefeated teams has now been whittled down to the following 3 teams:

UNDEFEATED FBS TEAMS

  • Florida State (defeated Idaho, 80 – 14)
  • Northern Illinois (defeated Western Michigan, 33 – 14)
  • Ohio State (defeated Michigan, 42 – 41)

And, we are happy to report, as the season comes to a close for many a team that do not have a 2013 Bowl Game in their future, two teams managed to end an otherwise trying year on a winning note.  After coming so close on numerous occasions throughout the year, only to fall short 11 games in a row, the Hawaii Warriors end their 2013 campaign with a win against the Black Knights of Army.  And, the Golden Eagles from Southern Mississippi got off the two-year snide with a rather convincing 62 – 27 thrashing of UAB to end the nation’s longest losing streak.

Unfortunately, the other two winless teams did not fare so well and ended their years with the same number of wins as they started the year – 0.  Georgia State’s 12th loss came by way of a 38 – 17 beat down by South Alabama and Miami of Ohio’s 12th loss of the year was administered by Ball State, 55 – 14.  Neither winless team ever held a lead in either game.

The two FBS teams that end the 2013 year without a victory are:

WINLESS FBS TEAMS

  • Georgia State (lost to South Alabama, 38 – 17)
  • Miami, OH (lost to Ball State, 55 – 14)

WEEK 14 RECAP

Week 14 of the College Season coincided with Thanksgiving Week this year and consists of numerous end-of-the-year rivalry games that always makes for lots of fun and lots of angst.  Of the 59 FBS games played throughout the week, 27 teams were thankful for a victory in which they never trailed.  Of the 32 games in which the winning team trailed at one point or another in the game, 5 were won by teams that came back from deficits of more than 7 points.  Four teams had to overcome deficits of 14 or more points including two teams that came back from 20 or more points down!

And, on this, the last full season of FBS college football games, the Safe Harbor Consulting College Football Crisis Management Award winner overcame a 24 point deficit – the largest come-from-behind victory of the year!

Iowa State Helmet

IOWA STATE

Iowa StateRivalry games are great.  But, with the changing conference landscape of late and teams going from one conference to another, some rivalries have become distant memories and other rivalries are starting to form.  When the West Virginia Mountaineers moved into the Big 12 Conference they left behind one of the more storied rivalries, the Backyard Brawl, against the University of Pittsburgh, and are looking to find a new rivalry amongst their geographically distanced conference foes.  Perhaps, after the way this game played out, they may have found one.

On paper, this game looked like two teams just playing out the season and waiting to pack it in.  But, in college football, last games of the season are last games of careers for many a senior football player and, nobody playing the last game they may ever play in a sport they have loved for years, just mails it in.  Despite a 2 – 9 Iowa State playing a 4 -7 West Virginia; despite the fact neither team has a chance to earn a Bowl Game birth; despite this not really being a rivalry game between these two, relatively new combatants; this was a game both teams wanted to win – for their pride and for their seniors.  And, this was a game the two teams would play to the end – an end that included 3 overtime periods.  And, this was a game that the victor would overcome the largest deficit faced by an FBS team prior to winning the contest.

The home-standing Mountaineers started this game with a flurry and rushed out to a 1st quarter 17 – 0 lead on a Josh Lambert 49 yard field goal; a Charles Sims 7 yard touchdown run; and, a 38 yard fumble return for a touchdown by Karl Joseph.

The shocked Cyclones did manage to score before the end of the 1st quarter on a 54 yard Grant Rohach touchdown run, but West Virginia added to their lead early in the 2nd quarter.  After a Clint Trickett to Kevin White 17 yard touchdown pass and a Sims long, 76 yard touchdown run, the Mountaineers were on top 31 – 7 and looked to be running away with a season ending victory.  Even with a Rohach to Quenton Bundrage 10 yard touchdown pass making it 31 – 14 at half, it was looking like a long afternoon for the Cyclones.

The 3rd quarter consisted of a few long, time-consuming drives that ended with a blocked field goal and a fumble at the 1 yard line, but no points.  So, Iowa State entered the last quarter of their 2013 football season still trailing the Mountaineers by 17.

Early in the 4th quarter, Iowa State scored on Shontrelle Johnson 3 yard touchdown run to pull within 10, but the Mountaineers responded right back with a 1 play, 76 yard touchdown drive on a pass from Trickett to Mario Alford to push the lead back to 17.  The Cyclones got it back down to 10 on a long touchdown pass of their own from Rohach to Bundrage for 62 yards to make the score 38 – 28.

After recovering a Mountaineer fumble at the West Virginia 38 yard line, Cole Netten connected on a 31 yard field goal to pull the Cyclones within 7 with 4:21 left on the clock and in their season.  When Jacques Washington intercepted a Trickett pass at the West Virginia 33, Iowa State was only 33 yards away from a tying touchdown with 2:46 left to score.  Turns out they only needed 1:46 as Rohach hit Justin Coleman on a 19 yard touchdown pass to, amazingly enough, tie the game in which they once trailed by 24 points.  West Virginia had enough time to move the ball close enough for a last second, hail-Mary shot at the end zone, but Jacques Washington of Iowa State once again came up with the interception and the two teams would extend their last game of the season into overtime.

In the first overtime, both teams connected on field goals: Iowa State’s Netten was good from 41 yards out; and, West Virginia’s Lambert connected from 40 yards out.  In the second overtime period, each team’s offense moved the ball closer to a touchdown, but both settled for 26 yard field goals to keep the game tied.

On the first play of the first possession in the third overtime, Iowa State’s Rohach hit Justin Coleman on a 25 yard touchdown pass and made good on the mandatory 2-point-conversion with a pass from Rohach to E.J. Bibbs.

West Virginia moved the ball down to a first and goal from the 3 yard line, but could not cross the goal line in 4 tries.  And, after trailing by 24 in the 2nd quarter and still down by 17 to start the 4th quarter, the Iowa State Cyclones end their 2013 football season with the largest come-from-behind victory of the year by any FBS team to win the Week 14 Safe Harbor Consulting College Football Crisis Management Award.  Boy, what a game!  Boy, what a week!  Boy, what a year!

Certificate - Week 14 - Iowa State

SAFE HARBOR CONSULTING

Businesses, just like college football teams, can experience huge deficits from business interruption events in which they must rally from behind to stay in the game.  In the area of Crisis Management, game day is the arrival of the tornado; the coming floods; the day the hurricane strikes; a fire; a regional pandemic; technology failures; or any of a variety of risks and threats that can interrupt your business processes and/or the technologies that support them.  And, just like college football teams, your ability to overcome these deficits is directly related to the time and effort you put into planning your strategies and practicing your emergency response, business continuity and disaster recovery plays.

Safe Harbor Consulting has assisted companies and organizations, large and small, in preparing and exercising their crisis management and business continuity playbooks.  To learn more about how Safe Harbor Consulting can help you prepare for your greatest comeback, please visit our website at www.safeharborconsulting.biz; visit us on facebook at https://www.facebook.com/pages/Safe-Harbor-Consulting/204353729604053; or, call us at (253) 509-0233.

Congratulations once again to the Iowa State Cyclones for overcoming adversity and rallying back from the largest deficit faced by a winning team during Week 14 of the 2013 college football season.

There is still some football left to be played with the Week 15 Conference Championship Games and a few leftover contests for teams from conferences without a Championship Game; the Army Navy game in two weeks; and Bowl Games, BCS Bowl Games and the National Championship game in weeks to come.  For those teams whose seasons are done – thanks for the effort.  For teams who still have games to be played … man, I can’t wait to see what you have in store for us next.

Week 14 – Honorable Mention

Georgia coming from 20 behind to beat Georgia Tech, 41 – 34.

 

Week 13 – Winner  (To read the Week 13 article, click here.)

Connecticut coming from 21 behind to beat Temple, 28 – 21.

 

Week 12 – Winner  (To read the Week 12 article, click here.)

Baylor coming from 14 behind to beat Texas Tech, 63 – 34

 

Week 11 – Winners  (To read the Week 11 article, click here.)

Old Dominion coming from 14 behind to beat Idaho, 59 – 38.

San Diego State coming from 14 behind to beat San Jose State, 34 – 30.

 

Week 10 – Winner  (To read the Week 10 article, click here.)

Louisiana-Lafayette coming from 21 behind to beat New Mexico State, 49 – 35)

 

Week 9 – Winner  (To read the Week 9 article, click here.)

SMU coming from 21 behind to beat Temple, 59 – 49.

 

Week 8 – Winner  (To read the Week 8 article, click here.)

Duke coming from 22 behind to beat Virginia, 35 – 22.

 

Week 7 – Winner  (To read the Week 7 article, click here.)

San Diego State coming from 14 behind to beat Air Force, 27 – 20.

 

Week 6 – Winner  (To read the Week 6 article, click here.)

San Jose State coming from 11 behind to beat Hawaii, 37 – 27.

 

Week 5 – Winner  (To read the Week 5 article, click here.)

San Diego State coming from 16 behind to beat New Mexico State, 26 -16.

 

Week 4 – Winner  (To read the Week 4 article, click here.)

Northern Illinois coming from 20 behind to beat Eastern Illinois, 43 – 39

 

Week 3 – Winner (To read the Week 3 article, click here.)

UNLV coming from 21 behind to beat Central Michigan, 31 – 21

 

Week 2 – Winner (To read the Week 2 article, click here.)

SMU coming from 17 behind to beat Montana State, 31 – 30

 

Week 1 – Winners (To read the Week 1 article, click here.)

North Dakota State coming from 14 behind to beat Kansas State, 24 -21

Troy coming from 14 behind to beat UAB, 34 – 31