Do as I say…

Posted on 22-November-2011 by Robert

A phone message to all staff went out from the regional Vice President – this coming year we will have a laser focus on safety.  Over the most recent twelve months, the message explains, the rate of injury has increased and is the highest in the company.  The call asks employees to think carefully about their actions and to ensure that safe work practices are followed.  “Throughout the coming year we’ll check our progress.  Together we can decrease our rate of injury.” the message ends.

Recently initiatives for the coming year were posted at this company.  Three key focus areas were outlined for the coming year – increase productivity, improve processes, streamline the supply chain.  No place was left in the key focus areas for that laser focus on safety mentioned in the executive voice mail.  Even though the business is growing and sales are on the rise additional data gathering on potential safety issues and a review work practices around the plant were skipped.  The culture of “do as I say, not as I do” is alive and well.

Do as I say, not as I do

Credit - purpleslog on Flickr

Continue reading

Posted in Safety | Tagged , , , , | Leave a comment

Causes of Business Disasters

Posted on 22-July-2011 by Robert

The headline reads “Local Disaster Impacts Businesses”. This statement conjures up images of mass business failures in the aftermath of a flood, fire or other catastrophic incident. While it is true floods, fires, tornadoes and other disasters impact businesses and local communities, it’s not always the flood or fire that causes the worst impacts.  Here are 3 alternative causes of business disaster to consider.

etrepum on Flickr

Continue reading

Posted in Business Continuity, Risk Management | Tagged , , , , , , , | Leave a comment

Tornadoes in Joplin MO

Posted on 23-May-2011 by Robert

Joplin, Missouri is not a town that I will likely forget soon.  I went out of town on vacation last week for some camping and hiking.  My wife and I stayed in Joplin for easy access to the Ozarks and the historic sites in Southwestern Missouri and Eastern Kansas.  While out of town we were aware that a severe weather risk existed and we monitored closely storms as they moved across Kansas toward Missouri. It was a crazy coincidence that we chose to depart Joplin on Saturday rather than stay through the full weekend, or we might have been right in the middle of the tornado that ripped through town on Sunday.  In the aftermath of the storms we feel strangely connected to the people we met and places we visited.

Here are a few things that we saw and did while in Joplin.  Take a look at the images of how these places look today:

Continue reading

Posted in Emergency Preparedness, Risk Management | Tagged , , , , , , , | Leave a comment

500-Year Flood?

Posted on 5-May-2011 by Robert

The news today has announced that flooding along the Mississippi River is no longer a “100-year flood” is has now reached the level of a “500-year flood”.  I hate the terms “100-year flood” or “500-year flood” .  These are misleading at best and suggest that once a “100-year flood” occurs it is unlikely to occur again for a century.  If this assessment of a 100-year potential were true we would not have the “Great Flood of 1927” followed by “Great Flood of 1951” and the “Great Flood of 1993”.  Instead of labeling the flood a 100-year or 500-year flood, we could rely on probabilities – saying this flood is a 1% flood or a .02% flood, but even that might not be realistic.  So what is the right way to think about the serious flooding currently unfolding along the Mississippi River?

Mississippi River Flooding

Credit kevindooley on Flickr

Continue reading

Posted in Loss Control | Tagged , , , , , , , , | Leave a comment

Personal Resilience – Lessons Learned from Spring Tornadoes and Floods

Posted on 3-May-2011 by Robert

The month of April has not been a good one for residents of the southern US.  So far the Storm Prediction Center, America’s central forecast office for severe weather, has received more than 1000 reports of tornados in the month of April.  More than 300 deaths and thousands of injuries are blamed on tornados across Texas, Louisiana, Alabama, Mississippi, Oklahoma, Arkansas, Tennessee, Georgia and the Carolinas.  In Alabama, one of the hardest hit states, the cities of Tuscaloosa and Birmingham suffered catastrophic damage when a reported EF-5 tornado struck leveling entire neighborhoods.

For all the tornado drama that played out in the national media, the emergency is not yet over.  The aftermath of April’s storms has left saturated ground and swollen rivers which is resulting in flooding along the Mississippi, Ohio, Arkansas, Little Red and White rivers.  Over the past 4 days firefighters in Memphis, and many other towns, have completed many water rescues – pulling motorists and home owners stranded in high water to safety.  In an emergency message about the flooding directed to residents of Memphis the message was clear, “This is the time to gather all necessary and important items and be ready and be ready to leave your property.”  In Cairo, Illinois along the Ohio River the entire town was evacuated out of concern that river levees were being undermined by the high water dumped from April’s storms.  Down river, the US Army Corps of Engineers is struggling with the possibility of using explosives to purposely breach levees and flood thousands of acres of farm land to prevent catastrophic flooding in more populated areas.  Without doubt, the consequences of April’s storms are still being felt across the midwest and southern United States.

Water Rescue

Credit - simminch on Flickr

Continue reading

Posted in Emergency Preparedness | Tagged , , , , , , , , , , , | Leave a comment

Another Week Another Data Breach

Posted on 25-April-2011 by Robert

A month ago, RSA announced a catastrophic data breach of their systems resulting in the release of proprietary information that could “reduce the effectiveness” of RSA two-factor authentication tokens.  This breach garnered much media attention and concern from government and industry security professionals.  As with many companies that disclose a data breach, RSA’s response revealed little about the data compromised and down played the seriousness of the incident.  Unfortunately data breaches are frequent and down playing the risks associated with a breach sidesteps the serious consequences companies and government agencies can face when their proprietary data escapes.

Data Breach in Progress

Credit - s_w_ellis on Flickr

Continue reading

Posted in Information Security, Risk Management | Tagged , , , , , , , | Leave a comment

Incident Command System for Information Security Incidents?

Posted on 6-April-2011 by Robert

As a risk manager, but also a firefighter, I have long been an advocate of the Incident Command System (ICS) when handling incidents.  Fires, motor vehicle collisions, data center disasters and other emergencies benefit from the clearly defined roles and responsibilities outlined in ICS.  Recently I was speaking with a CSO friend of mine about information security response and suggested implementing ICS might be a great way to enhance coordination.  In reply, my friend remarked that ICS was not appropriate for information security incidents because their focus was on confinement not about recovery.  After the discussion this left me wondering, is ICS applicable to only to disaster recovery?

Incident Command System at Work

Credit - Lee Cannon on Flickr

Continue reading

Posted in Crisis Management, Information Security | Tagged , , , , , , , | Leave a comment

Maintaining Security after the RSA Security Breach

Posted on 31-March-2011 by Robert

On Thursday 17-Mar RSA’s Chairman Art Coviello announced company servers containing proprietary information about RSA’s SecurID product had been breached.  The security incident and subsequent data loss compromised the effectiveness of the two-factor authentication product used by government and industry alike to provide end point security for networks and systems.  Although RSA states the breach does not “enable a successful direct attack” the lack of detail from the company around what was compromised leaves more questions than answers.  Given this RSA wardrobe malfunction, how should security leaders respond?

Information Security

Credit - judsond on Flickr

Continue reading

Posted in Information Security | Tagged , , , , , , , , , | Leave a comment

More Safety Questions About the Fukushima Daiichi Nuclear Plant

Posted on 29-March-2011 by Robert

It has been a little more than two weeks since a catastrophic earthquake and tsunami impacted Tokyo Electric Power’s Fukushima Daiichi Nuclear Plant.  The news from Japan continues to be grim.  With news stories highlighting radiation “100,000 times” normal and “new record radiation levels” you might think that the the incident in Fukushima prefecture is the worst nuclear incident ever to occur.  While these headlines are quick to capture attention and draw in readers, an objective analysis of the situation does not point to an escalating incident with an imminent safety threat.

Measured Radiation in Tokyo

Credit - Rama Hoetzlein UCSB

Continue reading

Posted in Safety | Tagged , , , , , , , , | Leave a comment

Disaster Recovery Plans Built for Catastrophe

Posted on 28-March-2011 by Robert

The news out of Japan in the past two weeks has been stunning.  Japan is struggling with the aftermath of an earthquake, tsunami and nuclear disaster on Honshu island north of Tokyo.  Stop for a minute and think about the likelihood of this type of disaster. The probability of such an incident is low, but yet it occurred.  A week before the disaster, what if someone asked you to develop a business continuity or disaster recovery plan that accounted for a simultaneous earthquake and tsunami followed by a nuclear melt down? Would you have laughed, and suggested it was impossible?

Is your data center in this building?

Credit - shino on Flickr

Continue reading

Posted in Business Continuity | Tagged , , , , , | Leave a comment