Tag Archive for business continuity

Week 2 – Pro Football Crisis Management Award

Football teams put a lot of time and effort into preparing for game day.  It all starts before the first practice when coaches put together the team playbook – often a compilation of years and years of experience.  Then, the players work all year long on conditioning and preparing themselves for the season.  The first practices focus on the fundamentals of the game – blocking and tackling and walking through the basic plays.  And then they teams practice and practice and practice, leading up to scrimmages that simulate game conditions.  They watch film, go over situational plays and do everything they possibly can to prepare for the upcoming game.

Businesses should be doing the same things with their emergency response and crisis management programs.  But, too often, they skip over steps in the process.  Many businesses have prepared their business continuity playbook, but they fail to practice and scrimmage to learn the plays.  If the first time football players studied the playbook was when the game was already underway, they couldn’t possibly be prepared.  Other businesses go right to the scrimmage and do simulated disasters before they have worked on the fundamentals of blocking and tackling.  This leads to frustration and failed exercises.

In the world of crisis management, game day is the day the disaster strikes.  Like football teams, if you have not gone through the entire process of preparing your team for this event, you are less likely to be successful on game day.  Safe Harbor Consulting can help your organization in any or all of these phases of the preparation lifecycle.

End commercial – now let’s look at Week 2 of the NFL.


The first two weeks of the 2013/14 NFL season has resulted in a relatively large number of one score – even, one point – games.  Many of the games have gone down to the wire with both teams having an opportunity to pull out the win in the end.  In Week 2, this resulted in very few teams having large leads.  The lead, in many games, went back and forth throughout the contest – making for exciting football all around, but very few large deficits to overcome.

In Week 2, 11 of the winning teams trailed at one point in the game, but no winning team ever trailed by any more than 8 points.  Of the 5 teams that never trailed in the game, all five were home teams.  Dallas, the only team to never trail in week 1, lost to Kansas City in week 2, meaning every team in the NFL has been on the wrong side of the scoreboard at one time or another this season – and we are only two weeks into it.

Week 1 saw 5 teams overcome deficits of 9 points or more.  In Week 2 – there were none.  So, the Week 2 Safe Harbor Consulting Crisis Management Football Award is to be shared by the 3 teams that trailed by 8 points in their game before pulling out a victory.  Those teams are; Buffalo, Houston and Arizona.


CAR BUFAlthough Buffalo was the first team to score, on a Dan Carpenter 55 yard field goal in the 2nd quarter, the Bills were struggling to stay in this game throughout.  Carolina lead the contest 7 – 3 at halftime and took their 8 point lead, 14 – 6, at the 6:52 mark in the 3rd quarter following a 40 yard touchdown pass from Cam Newton to Ted Ginn.  Eight points, however, is still just a one score lead and the Bills knotted up the score at 14 when they were successful on the 2 point conversion following a Fred Jackson 4 yard touchdown run later in the 3rd quarter.

In the 4th quarter, Carolina would convert on 3 field goals to Buffalo’s one and would have the lead at 23 -17, kicking off with just 1:38 left in the game.

In their no huddle, hurry up, two-minute offense, passing on every play, Buffalo marched the ball down field.  Aided by a pass interference penalty negating a Colin Jones Interception, and following an EJ Manual scramble for 9 yards on 3rd and 6, Buffalo scored the game-tying touchdown on a two yard pass from Manual to Stevie Johnson with just two seconds left on the clock.  The extra point sealed the comeback and last second victory for the Bills.  Not a huge come-from-behind win, but a spectacular last second finish to an exciting game.



As the Week 1 winner of the Safe Harbor Consulting Pro Football Crisis Management Award, Houston is making a habit at winning games in which they trailed.  Last week, the Texans had to overcome a 21 point deficit for their victory over the San Diego Chargers; this week their comeback was from a pedestrian 8 points.

Houston took an early lead, scoring on the first possession of the game aided by a 60 yard Ben Tate gallop around left end and culminating with a Matt Schaub to Garrett Graham 1 yard touchdown pass.

Not to be outdone, Tennessee struck right back on their first possession ending it with a Jake Locker to Kendall Wright 6 yard touchdown pass.

After such an exciting start to the game, both teams’ offenses stalled the remainder of the 1st half until Tennessee connected on a Rob Bironas 47 yard field goal at the end of the half for a 10 – 7 lead.

Houston would take the lead back in the 3rd quarter on a Schaub to Owen Daniels, 12 yard touchdown pass.

As the 4th quarter started, Houston challenged a ruling on the spot of the ball following a Tennessee rushing attempt from their own 1 yard line and the ruling was reversed resulting in a Tennessee safety and a 16 – 10 lead for the Texans.

When the Titans next got the ball back, they went on a 9 play, 94 yard drive, scoring a touchdown on a Locker to Delanie Walker 10 yard pass.  The extra point put the Titans up by 1 at 17 – 16.

When, on their next possession, Matt Schaub was intercepted by Alterraun Verner who returned it for a 23 yard touchdown, Houston found itself trailing by 8 points with just under 5 minutes left in the game.  But, as noted before, 8 points is just a one score deficit.

A couple of possessions later Houston scored on an Arian Foster 1 yard plunge and lined up for the possible, game-tying two point conversion.  Handing the ball off to Foster once again, the Texans were successful on the attempt and the score was tied at 24 with 1:53 left in regulation.

After holding the Titans to a three and out, the Texans got the ball back with 57 ticks left on the clock and moved to within field goal range.  The 46 yard Randy Bullock field goal attempt bounced off of the left upright and the teams were headed to overtime.

Houston received the overtime kickoff and marched down field to a game winning 3 yard Schaub to DeAndre Hopkins touchdown pass to secure their second in a row, Safe Harbor Consulting Pro Football Crisis Management Award.



After feeling each other out in the first quarter, Arizona was the first team to put points on the scoreboard with a 47 yard field goal by Jay Feely early in the 2nd quarter.

That lead, however, was short lived as Detroit came right back with a quick strike, 72 yard touchdown pass from Matthew Stafford to Calvin Johnson on the pursuing possession.

The Cardinals would then take the lead right back on their own, long touchdown pass of 36 yards from Carson Palmer to Andre Ellington.

The see-saw scoring would continue on Detroit’s next possession, but this time it was the result of a sustained drive ending with another Palmer to Johnson touchdown strike from 3 yards out.

The two teams then got off the see-saw and entered halftime with Detroit leading 14 – 10.

Early in the 3rd quarter, Detroit gave Arizona a gift when Stafford fumbled and Arizona’s Calais Campbell recovered at the Detroit 7 yard line.  Arizona could not punch the ball in, however, and had to settle for a Jay Feely 23 yard field goal.

On Arizona’s next possession, they returned the favor and gave Detroit a gift of their own – this one an interception by DeAndre Levy returned for a 66 yard touchdown and an 8 point Lion’s lead at 21 – 13.

Arizona started whittling away at that lead with a 43 yard Jay Feely field goal followed by a 33 yarder early in the 4th quarter to bring the Cardinals to within 2 at 21 – 19.

The Cardinals blocked a Detroit field goal attempt to stay within 2 and then scored on a 1 yard Rashard Mendenhall run to take the lead at the two minute warning mark.

Detroit failed to mount a drive on their last possession, throwing an incomplete pass on 4th and 4 and the Cardinal had secured the victory, coming back from 8 points down, to share the Week 2 Safe Harbor Consulting Pro Football Crisis Management Award.


To learn more about how Safe Harbor Consulting can help you prepare for your greatest comeback, please visit our website at www.safeharborconsulting.biz; visit us on facebook at https://www.facebook.com/pages/Safe-Harbor-Consulting/204353729604053; or, call us at (253) 509-0233.

Week 1 – Winner

Houston coming from 21 behind to beat San Diego 31 -28.  (To read the Week 1 article, click here.)


SHC Announces its Crisis Management Football Awards Series

Safe Harbor Consulting, LLC (SHC) is happy to announce the upcoming 1st Annual, Crisis Management Football Awards Series.  Each week SHC will identify the College (FBS teams) and NFL Football team(s) that came back from the largest in-game deficits to win that week’s game.

Visit the SHC blog (http://safeharborconsulting.biz/blog2/) each week to learn about the previous week’s largest comebacks in games played by FBS College Football Teams and NFL Pro Football Teams.

“We will highlight how those teams were able to overcome that week’s largest deficit to win their respective football game”, says SHC’s CEO Joe Flach.  “We are looking forward to discovering how college and pro football teams manage the crisis of falling behind in football games and rallying for a win before time runs out.  This should be a fun and exciting way to enjoy the football season while also highlighting crisis management issues.”

Safe Harbor Consulting is a management consulting firm that specializes in crisis management, business continuity and disaster recovery for large, medium and small corporations.  “We suspect that the ability to come from behind in football games is a direct result of the preparations and practices that the teams go through prior to and throughout the season”, states Flach.  “At Safe Harbor Consulting, we help companies and other organizations prepare and exercise their crisis management programs enabling them to recover from business interruption events and technology disasters – and rally from behind before they experience serious financial and reputational losses.  We had the idea of combining our love and passion for business continuity planning with our love and passion for college and pro football and have instituted this year’s SHC Weekly Crisis Management Football Awards.  We hope that other football fans enjoy this feature in our blog as much as we are sure to.”

For more information about Safe Harbor Consulting and how we can help you plan for and/or exercise your business interruption game plans, please visit our website at www.safeharborconsulting.biz or visit us on facebook at https://www.facebook.com/pages/Safe-Harbor-Consulting/204353729604053.

And now, are you ready for some football?

R U O K?

Many business continuity, disaster recovery, emergency response and crisis management programs currently utilize some sort of automated notification tool to alert employees of an incident and/or to call them to action following a disaster.  I have written past blogs about being careful with what you say in the recorded message being used for this notification because you can never be quite sure who is listening to the message – but, now, I want to know if you are making sure you also use this tool to ask, “Are you okay?”

I often hear business continuity and disaster recovery planners remind employees that job one is to ensure the health and welfare of employees and job two is to recover business operations and the tools to support them.  I think it is important to practice what we preach and to construct our emergency messages in the same vain.  I think it would be nice to first put in some information on how the company can help the employee, if they need, prior to asking the employee to help the company by engaging their recovery plans.

And, this does not just apply to messages being recorded (or typed) for the automated notification systems.  If your program still relies on phone call trees, I think it is a good idea to include this verbiage in a suggested script to be used for these calls.

Furthermore, I think it is important to keep the “Are you okay?” mantra going throughout the recovery effort.  I think it is important to do more than just make sure that employees know how to contact the Employee Assistance Program (EAP), but to also make that ask throughout the effort.  Not only should you help keep the employee okay by enforcing shift limits and making sure no one over does it in their anxiety to help the company through a tough time – but you need to make the ask.  Ask them if they are okay before they show signs that indicate otherwise.

And, finally, that same ask should be made after the incident is over.  There are many emergency response programs that require a mental health recovery period following participation in an incident.  You may want to consider a similar policy for certain members of your emergency response, crisis management, business continuity and/or disaster recovery teams.

Making sure the employees are okay during and throughout an emergency may require more than what your EAP has to offer.  There are companies out there that provide at time of disaster mental health assistance that can be on-site to help identify problems and help resolve issues when they arise.  You should consider including these types of companies in your program directories.  One such company, Empathia, is included in the My Links section of this blog page – but there are others, as well.

Just a thought.  And, I hope this blog finds you OK!

Is “The Cloud” Clouding Our Judgment?

The cloud does not only happen in a cloud. The cloud is simply a nebulous way of depicting the magic that happens between geographically distanced technology interacting over a network. Clouds have been long used as a way to pictorially represent a network connection between two end-points without trying to depict or represent the hardware, technology and software that resides inside. Clouds have been around for a long time in technical schematics but the term “cloud computing” has only recently come in vogue as an answer to everyone’s technology prayer. It is, in a manner of speaking, a cute little marketing gimmick.

As far as business continuity and disaster recovery planning is concerned, we should not think of the cloud as the savior to all our recovery challenges. In fact, the only thing that is really new is the term. Technology continuity programs have utilized networks to distance end users from the technology they use; to allow flexible access to other resources to meet increased demand or adjust to unexpected problems; and, to back up data to off-site locations for a long time. Before the term “the cloud” became a cool thing to say, we simply called it remote computing.

But the fact remains, there is still hardware and software at each end of and within the cloud itself that can break and require redundancies, quick fixes or alternate modes of operation depending upon the timeliness you need that functionality back in play. In other words – we still need disaster recovery plans.

Furthermore, the cloud represents some additional risks and threats itself. Just as the cloud is used to avoid depicting what happens inside, it also hides who might be inside there with you. Networks can be compromised. You may not know who else is inside that cloud looking at, duplicating and/or changing your data. In addition, much of the cloud concept now includes having solutions where data and applications are warehoused on technology that houses other organization’s data and applications as well. All of this opens up risks of compromise, sabotage and cyber terrorism. In fact now, some endpoints that do not have adequate backup solutions in place can take down numerous companies with one incident. There are several industries that utilize the cloud to access a monopoly-like third party service provider to help them function. If that organization experiences a failure without adequate backup systems in place – an entire industry could be jeopardized. One example that immediately comes to mind is the airlines industry. There are few service providers that provide flight control data necessary to board planes, perform crew scheduling, and manage operations. If one of those entities experiences a prolonged outage – many airlines may be non-operational until the systems can be brought back up on-line.

Like almost everything else in life, the cloud provides many benefits but it also has potential risks and downfalls. I simply suggest that business continuity and disaster recovery planners do not let the hype of “the cloud” to cloud our judgments on what is needed in our continuity programs. In many cases, the use of the cloud simply relocates single-points-of-failure or moves risks and threats from internal assets to vendor supported assets, but the risks and threats are still there and the impacts of failure still remain.

Out with the Old In with the New

Well, we are now several weeks into the new year and, as crisis management and business continuity professionals, we are happy to see 2012 in our rear view mirrors.  Maybe it is just the relative recentness of Hurricane Sandy, or the fact that she devastated such a wide and highly populated area in the United States, but 2012 seemed to have been a very busy year for business continuity planners.  And, this is not just in terms of responses to a number of disasters, but also in terms of preparing for high-risk events such as the London Olympics, the US Presidential Party Conventions and several Political Summits throughout the region.

I guess some of the reasons we were so busy are good reasons.  I am witnessing a much higher level of awareness for the potential of business interruptions occurring from mass gathering events.  I have been somewhat impressed with the levels of preparedness from both the public and private domain for events such as the Olympics and the Conventions.  It seems people are starting to realize the benefits of the private and public sectors working together in preparation for these events.  Coordinating work schedules and being aware of commuting challenges and potential mass gatherings, coupled with work from home solutions and proactive strategies for shifting work-flows and employees away from the congestion during the most active event times, seem to all have helped businesses and communities cope with the challenges of hosting such events.

And, I think, by planning for these kind of scheduled interruptions, our programs have been strengthened and improved, allowing us to better respond to the unscheduled interruptions that seem to be happening at an alarmingly more frequent rate with a much wider footprint.

This article from Huffington Post does a pretty good job in summarizing the challenges we experienced in 2012 caused by disaster.  Even though there are a number of “disasters” associated with wildfires in the US this past year, there are enough other events that support my statement that 2012 was a busy year.

The one quote that stands out to me in the Huffington Post article is from the acting director of the U.S. National Weather Service, Laura Furgione, who states, “The normal has changed, I guess. The normal is extreme.”  Well, if extreme is our new normal, it is up to all of us to make sure that “prepared” is our new posture.

Whereas, I am glad to put 2012 behind us, I am also anxious to make sure that we, as planners, have grown and applied the lessons learned from these events in our 2013 and beyond plans.  Do not fall into the trap of believing what we learned from Hurricane Sandy only prepares us for the next Hurricane.  Focus on the impacts.  Some of the lessons learned from Sandy are applicable for any event that immobilizes a large portion of our workforce, or forces closure of a number of our key facilities, or results in widespread power outages, and on and on.

The German writer, artist, politician Johann Wolfgang van Goethe once said, “The greatest tragedy in all of life is to experience the pain but miss the lesson.”   I hope that the pain experienced in 2012 was not for nothing.

Now, bring on 2013.  I can’t wait to see what she has in store for us.

An Update on Pandemic Planning

Well, it is flu season again in the United States and in Corporate America that means it is Pandemic Flu Preparedness Planning Season again.  However, please do not confuse the Seasonal Flu with a Pandemic Flu.  This website from Flu.gov includes a terrific table at the bottom of its page, defining the difference between the two.

Over the past few months, Safe Harbor Consulting has been active with a number of clients in updating their Pandemic Plans and conducting Pandemic Response Simulated Exercises.  One common opportunity for improvements in these programs is with regards to the inclusion of Threat Level Tables within their Plans.

The World Health Organization (WHO) has created a Pandemic Flu Threat Level Description Table detailing 8 Pandemic Phases.  Because the last two phases of this schematic are not numbered, they are often left off of the Tables included in the plans we review.  The WHO Threat Levels consist of 6 Pandemic Phases, numbered 1 – 6, and a Post Peak Phase and Post Pandemic Phase, which are not numbered.  The chart included on this website, shows the most up-to-date Table.  It is recommended that Business Plans written specifically for Pandemic Response, ensure that they include the two Post Peak and Post Pandemic phases in their strategies.

Furthermore, the WHO Program addresses world-wide threats.  Many US-based plans we have reviewed uses the WHO’s elevation of a Pandemic Threat Level as a “trigger” to engage in response and/or prevention actions.  In reality however, your response would be significantly different if the virus in question had a presence in the United States.  For example, raising the Pandemic Threat Level to a phase 3 or 4 with a virus known to be present in the Unites States should cause plans to be engaged, whereas, a Phase 4 or 5 with no evidence of the virus in North America may still have you simply on Alert.

Some mature plans we have reviewed understand this issue and as a result have included a revised Threat Level Table published by the U.S Federal Government.  Our warning concerning this situation is that the US policy is to amend the WHO Threat Levels on a case by case basis every time the WHO declares a Pandemic Alert (Phase 4 or higher).  The table being used in many plans is based off of the last time the US Department of Health and Human Services (DHHS) published a table, which is now obsolete.

The DHHS states:

“In the United States, pandemic phases will be defined based on the global phase and determined by the Secretary of Health and Human Services. During the pandemic phase, additional subdivisions may be defined based on the extent of disease. In actual practice, the distinction between the various phases of pandemic influenza may be blurred or occur in a matter of hours, again underscoring the need for flexibility.”

Therefore, we warn people to not be too confident that those are the same definitions used for the next pandemic to hit the United States.

All in all, most of the plans we review are in pretty good shape, otherwise.  And, it is great to see that this issue is not being forgotten about given the media has lost some momentum on this topic and the attention pandemics were getting a few years back is not as prevalent.

Pandemics are a reality that should (must?) be planned for.  Many of the issues we plan for are common for any incident that results in a depleted or immobilized workforce.

If you have additional information on Pandemics or wish to correct anything we may have stated in error, we would love your feedback.  In the meantime, stay healthy and stay prepared.

Businesses Driving Businesses to Plan: The Planning Impetus

One of the greatest challenges, I think, with getting companies (and by this, I mean the BOD of companies) to pay more attention to and invest more capital in business continuity and disaster recovery plans is that there is no real “pain” in not having a plan unless a disaster occurs.

I mean, what pain does a company really realize by not having a viable business continuity plan?

There are no fines; no penalties; no lost revenue; no competitive disadvantage to really speak of.  Sure, us BCP/DR professionals will try to convince you this is not entirely true … but, come on, what pain does the Executive Suite really feel?  Be honest.  Any fines or penalties for not having a plan will only be levied when this fact is discovered FOLLOWING your inadequate response to a disaster.

The BCP Planners complain?  So what … it’s their job to complain.

Failed audits?  Big deal – pretend to fix the issues – just don’t spend too much money doing so.

Me, personally, I don’t think the government will or necessarily should audit plans and levy fines or penalties.  No, the impetus for getting BCP/DR planning really rolling in Corporate America (or World-wide) is when the big guys finally get so concerned with interruptions that might occur with their vendors and suppliers that they start making having viable, certified plans in place a condition for doing business with them.

This is when the pain will be felt.  Having your customers demanding you have plans in place in order to win or maintain their business will impact your bottom line.  Not having plans will be a competitive disadvantage.  And, you can bet your bottom dollar, the Executive Suite will ensure that this business requirement is fulfilled to their biggest customers’ satisfaction.

In my mind, when the big fish start to worry about the plans of their suppliers, BCP and DR planning will become a much more important strategic concern for all the smaller fish.  And, I think that time is coming.  Until then, good luck trying to find the pain points that work in your organization.

The Job of the Business Continuity Planner

Many professionals that I talk to seem to think that the Business Continuity Planner’s job is to ensure their company can recover from business interruption events.  Now, this may just be an argument in semantics or me simply splitting hairs, but I don’t quite see it that way.

In my way of thinking, the Business Continuity Planner’s job is to make sure that management is informed of risks, potential impacts resulting from those risks and the costs/benefits of options available to mitigate or respond to those risks, so that management can make informed and intelligent decisions about what mitigation and recovery strategies to invest in.  And, when those decisions are made, the Business Continuity Planner is responsible for helping manage and coordinate the implementation and testing of those solutions.  But, it is senior management’s job to ensure that the company can recover from business interruption events.

In my mind, the worst thing that can happen to a Business Continuity Planner is not that the company cannot recover from an incident, but that senior management is justified in saying, “But no one told me that this risk existed and these implications could occur”.  If the Business Continuity Planner can show that the risks were identified, the impacts clear and viable solutions presented that management chose not to invest in, then the Business Continuity Planner had done his/her job.

We cannot force management to invest in business continuity or disaster recovery solutions, but we can let them know, with no uncertainty, what is potentially at risk should they not invest in, or under-invest in, business continuity and disaster recovery solutions.  Our jobs are to ensure that there are no surprises about what might occur and what the impacts might be should a business interruption event occur.

Prior to management making decisions to invest in solutions, the Business Continuity Planner’s job is to gather information, research risks and solutions, perform cost/benefits analysis and communicate our findings to the proper decision makers.  We are often research analysts and salespeople.  And, it is a difficult sale to make – asking management to invest capital from a limited available cache in our programs as opposed to other programs being pitched by other department managers.

Part of the risks we must inform management about, goes beyond the risk of disasters, but also includes the risk of being out of compliance with laws, contracts and industry standards.  And, we must be brutally honest about our abilities to respond and recover.  We do this by realistically conducting exercises and tests and reporting back the findings without a bias towards success.

Our jobs are to set expectations consistent with the risk environment and solutions in place today.  It is senior management’s job to decide what risks are acceptable and how much to invest in improving our solutions.  If they do not have all of the right information to make that decision, it is then that we have failed in our jobs.

Having Plans Even If You Don’t Plan to Recover

I once had my lead sales and marketing guy pull in a favor and get me a meeting with the president of a small specialty, food processing company to discuss business continuity planning and the potential of us helping in the development of a program for this firm.

As soon as I walked into the conference room, this gentleman announced, “Joe, I really don’t know what there is for us to discuss, the fact of the matter is, we have this one location with a lot of expensive and unique equipment.  If a disaster takes us down, we simply go out of business.  There is no way, short of building a whole new factory for us to get up and running again.  And, quite frankly, that would just be too expensive and not practical.”

Now, of course, I talked to him about the value of having data backup and recovery plans for all of his computer resident data and infrastructure, but, he felt he had all of that in place and was confident with his IT recovery solutions.

So, instead of trying to convince him that he should have some sort of business continuity plans, I told him that even with the strategy of “shutting down and going out of business”, you want to make sure that you do that right – and, that that strategy also requires pre-planning, pre-provisioning, and exercising.

For example, there are things you need to do to go out of business properly:

  • You may still have accounts receivables to be collected.
  • You probably have accounts payables that need to be met.
  • You probably still owe your employees their last paychecks.
  • You have bank accounts and other financial matters that must be closed.
  • You might have salvaged equipment to be sold.
  • You might have legal obligations that need to be addressed.
  • For customers with unfulfilled orders, you might want to help them find another company that could help them.
  • And more.

You don’t just simply stop functioning as a business; there are things that must be done to dissolve the entity.  And, these things will require some people to be active and some tasks to be performed.

Your plan should include strategies for:

  • Getting your trusted advisors together;
  • For communicating with employees, suppliers and customers;
  • For addressing financial and legal matters;
  • And others

I think we were both surprised that by the end of our meeting, we were shaking hands on a project to team up and document his business continuity – or, should I say – business cessation plans – which we now know as his Crisis Management Plan.

The moral of the story is, even if your strategy is not to invest in recovery solutions, which, in some cases might be the most prudent strategy, your firm still needs a Crisis Management Plan to see that strategy properly employed.

At the end of the day, we had another satisfied client.

Business Continuity Planning in 140 Characters or Less

As I have mentioned in some recent blogs, I am now immersed in the world of Twitter.  The challenge of tweeting is trying to get a message across in 140 characters or less.  This is especially difficult when much of your audience does not know your jargon and you need to spell out many of the words to make a coherent point.

At first, I tried to find famous quotes from others about planning or disasters or emergencies and response.  I found a few, many of which I had posted earlier in this article on “planning”.  But, after a while, I had to challenge myself to come up with some business continuity, emergency response, crisis management, and disaster recovery related tweets of my own.

In this blog, I am simply going to share those tweets that I have come up with so far – and, if I must say so myself, I think a few of them are pretty good for 140 characters or less, but I will let you be the judge of that.  I tweet a lot about current events and other topics; this blog only includes general quotes about the field in which we practice.  I hope you find one or two you like.

And, if you do like them – re-tweet them.  And, please feel free to follow me on Twitter, @jpflach

Joe Flach Tweets from Past Weeks:

Planning ahead is important; practicing ahead is vital. A script w/out rehearsals doesn’t prepare you for opening night.

Knowing how to respond before the disaster strikes saves precious time in figuring out how to respond after it strikes.

Disasters happen. Recoveries have to be orchestrated.

I believe in the power of prayer – except when it comes to business continuity, then I believe in the power of planning.

How you respond to a crisis may adversely impact your company more than the crisis itself. Add Communications & PR teams to your plans.

The disaster that impacts your company may also impact employee’s homes – make sure continuity plans include alternate workforce options.

There r heroes who rush into burning buildings to save ppl and heroes who improve fire prevention and evacuation plans. The latter is easier

If you are not worried about the impacts of a disaster on your company, then who in your company is?

The fear of failing a business continuity test results in masking many a program’s weakness and promoting a false sense of security

It takes 1 to plan, many to be prepared. Train, educate and exercise your programs.

There is no one right way to prepare for a disaster – but, not preparing for one is clearly the wrong way!

There is a thin line between being unprepared for a disaster and being negligent. Don’t put it to the test: be prepared.

When the fire alarm sounds, people do not reach for the “Fire Alarm Response Manual”. Same should be true when you “Declare” a disaster.

If disasters strike when least expected, then make sure you always expect one.

Risk mitigation programs do allow for calculated risks. That is why most cars have only 1 spare tire instead of 4.

Business Continuity Planning is not about preventing any loss following disaster; it is about limiting losses to a defined, acceptable level

The only “failed” emergency response test is one in which you do not discover ways to improve your program

The best way to handle a disaster is to stop it from happening. Create Disaster Prevention and Risk Mitigation Plans.

“The good Lord willing and the creek don’t rise” is a fun colloquial saying and does not a good business continuity plan make.

Continuity Plans are like backup parachutes – hardly ever needed but you don’t want to operate without one.

Many people experiencing a crisis simply freeze because they have not been conditioned how to respond. Break the ice and conduct training.

Incidents become disasters for those who are not prepared.

The only thing worse than having no emergency response plan is thinking you have one when you don’t. Be honest: don’t promote false security


There are more, but I think that is enough for now.  Did you find one you like?