Resilience Must Be Blind to Catalyst II
NewsThursday January 28
If this is the first time you are reading something from me, let me introduce you to a phrase I coined in the early 2000s: “resilience (and continuity) is blind to the catalyst.” My oft-repeated comment was to present an alternative to the emergency management foundations that were creeping into the continuity lexicon, whereby contingency planning is typically done with a “commensurate with the hazard” or “capabilities-based” approach. Resilience is and must be viewed with a much higher level of consideration…and NOT limited to specific hazards or capabilities. As I most certainly just ruffled feathers of some of my dearest and most deeply respected emergency management professionals, let me explain.
Resilience is not an element or subcomponent of emergency management. For that matter, neither is continuity, security, critical infrastructure, business operations, disaster recovery or a host of other contingency disciplines. In fact, each of them is best seen as a subcomponent of resilience – i.e., if all these elements were combined around a common risk framework, they would make up the entirety of an effective resilience program. (See the following previous article: Rock Around Resilience)
Why does this matter? Because, while each of these disciplines are designed to address certain types of risk, individually they cannot achieve the common sustainment of a company or organization. For example, if you sustain all the critical infrastructures (water, power, HVAC, systems, communications etc.) on which an organization depends but have no personnel available to conduct their functions, your organization is not resilient. You may proudly claim your toilets function, lights turn on, temperature is controlled, the computers and phones work…and maybe have a great emergency management program as well. Compliance nirvana…but you ain’t got bupkus without people. People first. (see Corporate Resilience During a Pandemic Corporate Resilience During a Pandemic)
Let us look rationally…a lot of well-intentioned, ill-informed decision makers do not even distinguish between the aforementioned disciplines, much less integrate them into a cohesive, risk-based program. Organizationally, how many times have we seen the security office charged with continuity and emergency management functions? We completed a market/organizational survey for a client to answer this question and found that the majority of organizations have some sort of combination of these programs under security. Why you ask? My best assessment is that this happens because security organizations have been around a lot longer and are established with a budget and requisite authorities. There are usually not any functional rationales…nor common risk framework. Here is something to muse: Do you want to have your security director running your organization during a continuity event? Or doing triage during an emergency with injuries? Not in my organization. I want my continuity manager to be as high up in an organization as possible to ensure leadership buy-in on what is really important to continue operations. I would not want a narrow-lensed, sub-tiered manager to be setting priorities that do not likely consider the good of the entire corporation/organization. Also, the continuity manager should be as high up in an organization to manage a program across the risk spectrum and necessarily graying the organizational risk solos…or as we say, to level the risk playing field. Surely there are managers that can consider the myriad contingency disciplines smartly and through an integrated risk framework…but those are few and far between. That is why I started my company: to fill that gap with experts across the contingency arena and develop resilient organizations through repeatable, successful methodologies.
We have stated previously if an organization does a quantifiable, repeatable, and qualifiable risk assessment we can almost guarantee it will make its way to the top of the budgetary food fight queue. Evidence that demands resources…evidence that without resources is an accountability paper trail no decision maker wants to ignore. Evidence that would make even the black cap judge remove their cover in trepidation.
This is all outlined to make the following point: there are many disciplines within an integrated resilience program, none of which are resilience. Each contingency discipline relies on the others to holistically succeed in my view. Therefore, resilience planning, preparedness, and program management should not be weighted down by specific catalysts as the cornerstone foundation. Instead, I am, and have been for decades, advocating for risk scoring so disruptive catalysts can be prioritized and considered against an “anticipated and unanticipated” management imperative. Therefore, resilience should be like blind justice: blind to the catalyst when considering the functional priorities…either they are a priority or not…whether the fire was started by an arsonist or an electrical failure. What difference does it make? Your priorities are your priorities regardless.
Curtis Bartell is the President and CEO of Covenant Park Integrated Initiatives, Inc and Majority Partner of Covenant Park Preparedness Systems Integration, LLC.
This post originally appeared on LinkedIn.