Federal Continuity Planning … Keeping Balance in a World of Change
By Richard Broome, Jason Fieger, William Hummel, and Steven Peck

Federal continuity planners face a tough balancing act. They must meet a growing number of requirements for continuity management while also dealing with major organizational realignments, a changing threat picture, and the day-to-day issues created by this volatile environment.

In recent years, the number, scope, and complexity of federal continuity requirements has grown dramatically. This growth reflects a heightened awareness of the risks modern society faces. Recent terrorist events have had a profound effect on everyone’s thinking, but infrastructure and natural disasters, such as the 2003 Northeastern Blackout, the 2004 Southeast Asia Tsunami, and Hurricane Katrina in 2005 also weigh on the minds of continuity planners. The potential of a future influenza pandemic and the growing concern about more extreme weather caused by climate change adds to these concerns.

This raises questions that all federal continuity planners must answer: How do I get the big picture in focus? What is relevant to my Department? How do I prioritize efforts? How do I get ready for the next big event?

The extent to which these questions are driving federal continuity planning is seen in the array of policies, strategies, plans, and guidance that federal planners must understand and implement. Federal Preparedness Circular-65, issued in 1999 and updated in 2004, contains 12 annexes on continuity guidance for planners, covering topics such as alternate facilities, communications, and human capital. In 2005, President Bush issued the National Pandemic Influenza Implementation Plan, identifying more than 300 actions for federal agencies. In September 2007, the White House issued the National Continuity Policy Implementation Plan, directing more than 75 actions. In October, the White House issued Homeland Security Policy Directive (HSPD)-21, directing actions to prepare for catastrophic health events.

As Federal planners try to comply with these requirements, they also must consider the ever-changing missions and structures of their own organizations. For example, under Base Realignment and Closure (BRAC), the Defense Department must move operations at 800 facilities to new locations by September 2011. Designated agencies must continue operating as they move from one site to another while ensuring continuity of essential functions. This requires planners to update existing plans while parts of the agency are moving and then finalize the plans after they are established in their new locations. Completing BRAC without a disruption will be an enormous challenge.

Federal planners must also address a range of other issues. For example, they must develop succession plans to transfer critical skills and knowledge from retiring workers to younger ones; without this knowledge transfer, recovering disrupted business processes could be problematic. To prepare for a potential influenza pandemic, planners must train employees on “social distancing.” They also must maintain business continuity plans, regularly exercise them, and have robust telework capabilities to ensure remote access.

To meet these many challenges, planners must adopt creative, insightful approaches. Some ideas to consider include:

Form a Group of Continuity Advisors: To understand change and deal with it effectively, planners must continually listen, learn and incorporate feedback. Form a group of advisors who will bring fresh ideas to the table, challenge existing thinking, and help you keep things in balance. Ideally, the team should consist of a few members of the core continuity team, other stakeholders within the organization who will speak the truth about your plans, and some outsiders (either government or industry leaders). The primary role of this group is to track emerging requirements and trends (internal and external), assess their significance, identify collaboration opportunities, and provide advice. They also can identify new technologies and best practices and recommend ways to adopt them. Most important, they should be a continual improvement mechanism to prevent continuity programs from becoming stale. Take action: After the next large exercise, invite a few contacts in to discuss your plans and seek their counsel on improvement.

Strive to Create a Resilient Organizational Culture: Encourage employees to understand that continuity planning and preparedness is fundamental to the organization’s business, enabling it to respond to emergencies more effectively. Use their personal experiences to highlight the importance of preparedness. Ensure that continuity programs are supported by a culture of continuous improvement, maintained by well trained people who routinely exercise their skills and develop the ability to make good decisions under stress. Developing individual skills and behaviors at all levels translates into an institutional memory across the organization and significantly reinforces preparedness. Importantly, give credit and celebrate success when the organization deals effectively with real world events, and be willing to admit you need improvement when things go “less than perfect.”

Develop Partnerships to Share Information and Pool Resources: Continuity planners should more aggressively seek and establish partnerships with their counterparts in government and industry. Sharing information and pooling resources can lead to innovative, effective solutions. The Internal Revenue Service’s (IRS) standing agreement with the Federal Emergency Management Agency (FEMA) to field calls from disaster victims is a prime example of this kind of collaboration at the national level. More tactically, a potential area for collaboration is IT disaster recovery planning. To comply with the Federal Information Security Management Act (FISMA), Departments must report on their disaster recovery capabilities for IT systems, including developing and testing IT Contingency Plans. Sharing best practices on disaster recovery planning is an entry point to collaborate on continuity planning in general, as well as security integration across cyber, physical and personnel areas. Another place to gain insights is outside the organization: participate in cross-government programs like HIFLD, the Homeland Infrastructure Foundation Level Working Group, a coalition of federal, state, and local government agencies, Federally Funded Research and Development Centers (FFRDC), and industry partners. Members are involved in Critical Infrastructure Protection (CIP), Crisis and Consequence Management, Intelligence and Threat Analysis, Antiterrorism/Force Protection (AT/FP), Defense Support to Civil Authorities (DSCA), Man-Made and Natural Hazard Modeling, and Government Facilities Management.

In the current environment of continuous change, federal planners must understand that old rules do not necessarily work anymore. They must use bold, innovative ways to assure the resilience of their organizations.

About the Authors

Richard Broome is a Senior Associate at Booz Allen with deep expertise in enterprise resilience and corporate preparedness. He has several years of experience developing business continuity plans for both federal and commercial clients, one of which was successfully used during 9/11. He is also an expert on crisis management and worked on the crisis management systems used at the White House to provide critical information to respond to rapidly changing international events.

William Hummel is a Senior Associate at Booz Allen with expertise in Mission Assurance and IT Enterprise Resilience, specifically risk management, IT architecture, IT security and BC/DR/COOP planning in the federal government, Health, Telecommunications and Financial Services sectors. Prior to joining Booz Allen, Mr. Hummel was an executive at a major U.S. Telecommunications firm where he held positions in IT Data Center and Security Services product development and as the head of IT Operations planning and Disaster Recovery.

Jason Fieger is a Senior Associate with Booz Allen who currently leads the firm's Mission Assurance work in the Defense Market. He also supports Continuity of Operations and Emergency Response Management programs for the Administrative Office of the US Courts and the US Postal Service as well as for several foreign government clients. Mr. Fieger is certified in Business Continuity Management. He has been with Booz Allen for eight years, and prior to that practiced law in the Washington Metropolitan area.

Steven Peck is a Senior Associate at Booz Allen with 15 years of experience supporting federal clients in Business Continuity Planning, Continuity of Operations, Emergency Management, and Information Security. He is a Certified Business Continuity Professional (CBCP) and a member of the Association of Contingency Planners (ACP).