System WB00678_.gif (615 bytes) Transformation
The Knowledge Center for Information Management

Home Page

Knowledge Center Topics:
Transformation Articles ] Transformation Methodology ] Contingency Planning ] Transformation Solutions ]

Command Center
Business Continuity Contingency Planning Crisis Management Disaster Planning National Contingency Six Crisis Steps Time Runs Out Command Center

 

Topic: Contingency Planning --
Articles

Making Your Y2K Center a Success

By Steven C. Davis, President, DavisLogic, LLC

We now understand that we are all at risk from some level of Y2K disruptions. Despite massive investments in Y2K remediation, most organizations now recognize that they cannot locate and fix all the "bugs" lurking within their internal systems, much less correct those residing in sys-tems of their suppliers, distributors, service providers and overseas partners. As a result, by early 1998, many organizations had begun Y2K Contingency Planning designed to help them cope with potential failures. By late 1998, some organizations had even conducted exercises to test their readiness. After helping with one of the nation's first full-scale Y2K exercises (in Mont-gomery County, MD) I realized that Y2K contingency management was going to require a ro-bust approach to information management. After researching this issue, I'm convinced that effective Y2K Command Centers, supported by sound information management systems, hold the key to successfully managing potential problems associated with the Y2K rollover.

Y2K exercises and simulations have underlined the fact that most organizations remain both vul-nerable to multiple, concurrent disruptions of their primary operations; and liable to lawsuits (from suppliers, business partners, and investors) and/or serious damage to their public image. Managing all of the information coming into and going out of a Y2K Command Center will be a big job… and one that needs to be done right. While the concept of using Command Centers has become widely accepted, implementation guidelines remain frightfully vague.

The Final Phase of the Y2K Continuity Challenge

As zero hour approaches, industry and government leaders recognize that Y2K disruptions - both major and minor - are likely to crop up for months... and perhaps even years. Organizations that do not rise to the Y2K contingency management challenge are at risk of production disrup-tions and systemic failures that will significantly affect their ability to achieve their goals. For business and industry, that may mean lost revenues. For government, it may mean disruption of public services.

On the brighter side, organizations that do succeed in managing Y2K contingencies will find that the effort expended on this particular problem will provide substantial benefits far into the future by enhancing their ability to cope with all types of natural, technological, and terrorist incidents. So what must an organization - your organization - do to successfully address Y2K hazards and other future threats? In addition to contingency, continuity and consequence management, you must "stand up" a Y2K Command Center (or series of Command Centers) equipped to manage all of your Y2K plans, information, and resources.

Organizations everywhere are rushing to do exactly that. Over 90 percent of Fortune 500 compa-nies are now in the process of setting up Y2K Command Centers. On January 8, 1999, it was re-ported that the Clinton administration was enlisting federal and state emergency Command Centers in the fight against the Year 2000 computer problem. Now, other firms and local gov-ernments across the nation and around the world are working to establish Y2K Command Cen-ters.

But what, exactly, goes into the creation of a Y2K Command Center? What should it do? What is the key to making it successful?

Understanding the Y2K Command Center's Mission

The Y2K Command Center's mission can be best understood in terms of three vital tasks:

Inform and Alert. The Command Center must both give and receive information. It is critical to inform everyone both within the organization's system as well as through-out the entire supply chain about Y2K preparations and threats. It is equally important to undertake around-the-clock intelligence gathering to identify potential Y2K threats and provide prompt notification to crisis managers, employees, governments and the public.
Command and Control. The Command Center must provide the command and control functions necessary to put multiple contingency plans into action - triggering them as needed, providing the triage structure required to allocate resources and personnel, and assuring effective direction of the response operations.
Verification and Documentation. The Command Center must create a mechanism to verify the steps taken to respond to a threat and preserve a record of those actions to pro-tect employees, infrastructure, and shareholder value... as well as demonstrate adherence to "best practices" by documenting all information received and steps taken.

wpe1.jpg (43559 bytes)

Information Management is the Key

The Y2K Command Center is ultimately a center for information management and decision-making. Its primary purpose is to gather and process all of the information required to plan for and respond - quickly and effectively - to potential Y2K incidents. Within the Y2K Command Center, incoming messages must be gathered, categorized, processed, and displayed in order to optimize decision-making. As messages arrive, the information flows to analysts - both information technology specialists and business managers - who make the initial assessment as to whether the information that has arrived is indeed a Y2K incident. If and when they determine that a disruption must be treated as a Y2K incident, then the incident must be posted to an Operations Log. With the incident established in the Operations Log, your incident response gets underway with triage that determines the priority and type of response. You must select the contin-gency plan most appropriate to that incident. In the event that no contingency plan for that incident or lo-cation has been prepared, a plan with similar types of response activities can be activated and modified. This contingency plan should provide the guidance you'll need to apply appropriate response personnel and resources.

A companion to the contingency plan is a checklist that can be activated, modified as necessary, and used throughout the incident to follow the previously established best practices for responding to this type of an event. As contingency plan checklist items are completed, information must flow back from the checklist to the Operations Log so that those who are following the incident in the log can see which checklist items have been completed. It is this Log that becomes the central repository for all actions taken and resources utilized in responding to the incident. The Log is critically important both as a man-agement tool throughout an incident as well as following the incident to establish the procedures that were followed, those that were modified, and the results of all such actions.

Throughout the entire response operation, all activities and resource utilizations are tracked against the contingency plan and the operating procedure checklist. Each performance tracking and movement to-wards completion of the task is, once again, provided as feedback into the incident being managed and the Operations Log. These tasks will be tracked from their initiation through their completion and the ulti-mate closure of the entire incident.

Verifying and Communicating What Has Happened

During and after the incident itself, you need a way to verify what has happened. Your Operations Log should be the critical and complete resource for a comprehensive understanding of what has been done and what needs to be done in order to bring the incident to a successful conclusion. Inside the Command Center, people are monitoring the management of the incident continually. Outside the Command Center, there are several groups who need to be informed of the status of an ongoing incident. These groups should be briefed periodically by a trained communicator who will be tasked to work with the Command Center to provide an effective, appropriate message to the outside world.

There are two main audiences for these briefings: the organizations executive group and the organizations public relations team. Working together, the executive group and public relations will craft the final mes-sages that will leave the organization to be provided to the general public as well as stakeholders or shareholders in the organization. This last, inside-to-outside, information flow is instrumental in estab-lishing and maintaining the credibility of the organization to manage the Y2K event. Timely, accurate information will go a long way toward reassuring public officials and others interested in the success of the organization's mission that it will indeed be able to assure continuity throughout the Y2K transition.

To manage all of the contingency management processes described above, your organization will defi-nitely need a state-of-the-art information system.

Selecting the Right Information System

The best-prepared Y2K Command Centers will be ones that have implemented an enterprise-wide infor-mation system designed specifically for contingency management. It must be robust and flexible enough to perform numerous critical functions yet easy enough to use during a crisis. Here is an outline of how each task should be approached and the functionality that such a system must have to serve your Com-mand Center's needs. Whether you already have a Command Center system or are considering imple-menting one, you should make sure that it is ready to meet all of these performance criteria.

Inform and Alert

The first goal of your Command Center should be to establish a communications network across your enterprise and beyond that allows you to gather frontline information from all quarters and proactively broadcast messages to all concerned. You should begin with an orientation and training program for em-ployees and partners advising them of your Y2K plans and how they are to submit incident reports and rollover checklists. The ideal information system would turn every desktop in the organization - as well as across related organizations - into an intelligence-gathering station. This system makes it easy for indi-viduals from every department to quickly and accurately reports on their progress in the "rollover" using agreed upon checklists or issue early warnings when they see indications of trouble. Their automated re-ports should be forwarded directly into your Y2K Command Center where they can be analyzed and, if necessary, entered into an incident log for tracking.

You may also want to use this information system to provide a daily Y2K preparedness message directly to every desktop keeping Y2K on the minds of employees and keeping them up-to-date on your efforts. Employees will become attuned to potential Y2K idiosyncrasies and become better able to distinguish minor problems from catastrophes.

Your contingency information management system must be able to provide:

Two-way communications… a structured mechanism for receiving and sending information. Stan-dard categorizations will be needed to route trouble reports to the appropriate specialist in the Com-mand Center. The system should provide a means for employees, customers, and partners to notify the Command Center of any potential Y2K problems. Emergency managers should be able to cen-trally receive and evaluate this Y2K event information from both inside and outside the enterprise. The system should help manage this information in real-time and keep records of events as they unfold.
Automated rollover and contingency checklists... for all of their major functions to ensure that the rollover is complete and without incident. The key is to put an automated checklist in the hands of the right person anywhere and everywhere in the organization. Make it easy for them to send the check-list results as data and make it easy for managers to see the progress in executive reports.
Alert notifications… with a sophisticated message sorting and distribution capability so managers can track and log multiple and varied notifications and ensure that the right information gets to the right individual. They should also be able to easily relay alerts to the Command Center from outside suppliers or distributors using an Internet-based Y2K monitoring system.

Command and Control

Your Y2K contingency management system should help widely distributed incident managers triage problems and track the deployment of resources, teams of experts, and other response capabilities ac-cording to plan to resolve any incidents arising from a Y2K failure. Once an incident has been identified as Y2K, the Command Center must be ready to receive alerts of further developments and additional in-cidents across the enterprise and the supply chain. You will want to be able to review these alerts with a combination of information technology (IT) analysts and Y2K crisis managers. Once validated, the inci-dents should be posted to a log or journal of all events and early signals of failures.

Next, your Command Center team will want the ability to triage the event and activate contingency plans or standard operating procedures in order to respond. This will require that they be able to communicate in real-time with your response SWAT teams to deploy personnel, software, analysis devices, other hard-ware and then be able to track tasking and performance of response teams and alternative supply alloca-tions. The system should be able to summarize this tracking information for real-time briefings to either executives or the press concerning the organization's progress on response and recovery.

No part of this information flow can be left out. It is critical that the system you choose be comprehensive enough to gather all of the data you need and rapidly analyze it. Good information will enable you to as-sess the problem and appropriately assign resources. Establishing contingency plans and operating check-lists in advance and having them available through that same information system will allow you to respond faster and more efficiently. Even if all of your plans and checklists are not pre-entered into the system, your Command Center will be able to manage the flow of new, dynamic, spontaneous informa-tion more effectively with the right information system.

Your information management system should be able to provide:

Rollover checklists... display an automated checklist for standard operating procedures to track im-plementation and completion of rollover procedures.
Triage management... send and receive incident messages among all units and capture, store, assign, sort, and track them in a way that ensures they get to the right person, i.e. the one responsible for ini-tial triage and response. Managers should be able to review message lists as they come in and go out of the Command Center.
Contingency plan tracking and monitoring... store, implement, and track contingency plans. Man-agers will need to quickly determine which plan to implement and then have a checklist to use to track the progress and completion of the plan. You will also want to be able to document the steps taken to implement the plan. The system should be able to store this data to facilitate reportResource tracking... track personnel and other resources so that you know where they are deployed at any time. The system should provide an easy means of checking for availability of resources and as well as provide for rapid deployment. The deployments must be tracked and logged as they are de-ployed and re-deployed across the enterprise.
Public Information and Executive Briefings… quick, vivid summaries, aggregating incident infor-mation into easy-to-understand reports. Regular updates to the public of your status and response ac-tions will be essential.
Redundant communications systems... a must for Y2K Command Centers - especially given the uncertainties that Y2K presents. You will want a system that can use a number of communication al-ternatives including telephones (wire, cellular or satellite), pagers, Internet/Intranet, LAN/WAN, packet radio, satellite communications, and video. In the event of communications failures you will need the ability to switch to alternative means (such as packet radio and satellite phones) while con-tinuing to receive and send information.
Management of diverse data elements… including threat assessments, status reports, event alerts, compliance statements, contingency plans, response plans, damage assessments, supplies, personnel and personnel certifications, phone numbers, recovery plans, event logs… to note just a few.

Verification and Documentation

Due diligence in Y2K preparedness will require the completion and successful implementation of contin-gency and recovery plans for all critical systems. Due diligence in Y2K event management will require excellent documentation of all of the information received and the steps taken in response to disruptions. Documentation of such things as incident logs, triage decisions, contingency plans, response actions, use of resources, and the timeline of activities could be crucial in court. It is critically important to be able to document the preparation and training of these plans as well as their execution.

You will also want to be able to provide up-to-date reports to managers, the media, and your stakeholders. There will be a lot going on; having good reports will be a must.
The information management system must be able to provide:

Automated logging... documenting all early warnings, alerts, and the response to events. Automated contingency plans that provide a step-by-step process can produce a permanent record of the plan's implementation. Event logs should track the who, what, where, and why of the incident. Automate as much of this as possible using standard categorizations, picklists, and time stamps.
Debriefing reports... should include executive reports for supervisors, media presentations and per-sonnel changing shifts at the Command Center. The ability to automatically generate these reports will be invaluable in terms of saved time and be very valuable in a crisis atmosphere.
Documentation... a complete audit-able trail for all steps in the response process. And don't forget, document the documentation.

Conclusion: The Opportunity

This is clearly a big job but, with the right management approach and tools, your Command Center can do it successfully - saving your organization time, money and aggravation every step of the way.

Being well prepared for Y2K should make your organization better prepared for any potential disruption to the continuity of your operations. Whether caused by an employee strike, a snowstorm, a supply short-age, or dozens of other potential incidents that can cause disruptions like Y2K, the contingency informa-tion management principles and procedures described above are absolutely essential to the well being of your organization.

Y2K is a tremendous opportunity for Contingency Management to seize the day. If Y2K ends up having only a small impact on your organization, you will nonetheless have put responsible contingency man-agement on the perceptual map for employees, management, executives and shareholders. The lessons you learn and steps that you take right now will pay long term benefits by helping you avoid the negative effects of everything from a minor workplace accident to a major fire or other emergency. And if Y2K does result in major consequences, your organization will have protected itself, its employees, and its shareholders from harm by assuring continuity of your enterprise. In either case, your organization's ex-perience in dealing with Y2K represents a unique opportunity to improve the way you manage all kinds of potential continuity threats far into the 21st Century.

Excerpted from 'Making Your Y2K Command Center a Success: A Guide to Contingency Information Management' by Steven C. Davis. You can get a free copy of the full 12-page report from y2kcommandcenter.com or by contacting Steve Davis at Steve@DavisLogic.com or by calling (410) 730-5677. Steve is President of DavisLogic, LLC and co-author of "Y2K Risk Management". More information may be found at www.davislogic.com (All rights reserved © 1999, Steven C. Davis) You may reprint this article if you include this statement.

Y2K Readiness Disclosure: The information presented in this document is believed to be accurate and of practical value in reducing the possible impact of the Y2K problem, but no guarantee can be given that the information herein will provide protection. Liability for any losses that may occur as a result of applying the information contained in this document is specifically disclaimed by Steven C. Davis, DavisLogic, LLC, and any consultants, clients, or advisors involved in producing or reviewing material for this document.

 

Send mail to webmaster@systemtransformation.com with questions or comments about this web site.
Copyright © 1999, 2000 Tactical Strategy Group, Inc.
Last modified: March 8, 2000