Testing
This is a test.
posted by MaxedOutMama at 11:04 PM
0 comments
Thursday, October 02, 2008
Sunday, October 16, 2005
Who, What, Why
WHO:
The primary author of this blog is a systems analyst working in banking systems and compliance. As part of my job duties, I help banks perform risk assessments and develop business continuity plans, a..k.a. disaster plans. Banks are required to develop and maintain these plans by law and regulation. Regulatory agencies audit banks to make sure they have adequate plans in place.
WHAT is a "business continuity plan"?
The purpose of a business continuity plan is to ensure that a particular business can keep running when a disaster or significant adverse event happens. There is a recognized methodology to developing adequate business continuity plans, which includes several basic steps:
WHY I am bothering to publish this blog:
Since the banks who are my clients pay for my assistance, I feel a duty to them to keep them apprised of upcoming risks. Because of this, I began to monitor the bird flu (H5N1) situation in the spring of 2005. I soon noticed that there was puzzling discrepancy between WHO's and ProMed's description of what was happening in Asia and the actual news reports.
This caused me to research the situation more thoroughly. In May of 2005 I discovered that some human to human transmission of H5N1 appeared to be already occurring in Asia, so I decided that the possibility of H5N1 spreading by extended chains of transmission between human beings was a foreseeable risk of the type for which my banking clients should plan. Unfortunately, there were no published protocols or best practice recommendations, which engendered further research conducted by a grumpy yet dedicated systems analyst with little medical knowledge.
After completing the first phase of the research this summer, I found myself in a puzzling situation. Different medical authorities seemed to have very different assessments of the likely risks, and the government/UN assessments seemed to represent far less risk than those of many private researchers and some of the Asian governments. Now the essence of business continuity planning is to accurately assess risk in order to allocate time, effort and money to mitigation attempts by intensity of risk. I could not figure out how to assess the degree of risk this situation presented.
In some perplexity, I made up a differential chart, logged the various predictions between various camps, and watched for several months to see which predictions came true. In the meantime I developed some numerical prediction models and played with them so that I would be prepared when I finally got some trustworthy assumptions about the degree of risk. The numerical models were extremely alarming given the worst case predictions, but I soon realized that the dominant variables for continuity of business operations was rate of spread and attack rate (how many in the population become infected) plus the extent of economic disruption.
In the last month, the more dire predictions from private researchers have come true, and the governmental/UN assessments are now moving over to their camp. I found this surprising, since I had been expecting more of a blend. I now had enough data to prepare a reasonable plan with reasonable assumptions, but in the meantime I had come to a few conclusions:
Most of my template plan is applicable to all sorts of businesses and the infection prevention steps have to be implemented by individuals to make a difference. Therefore the best way to address this risk is to distribute the information widely. It appears unlikely that governmental organizations can do more than have a marginal effect if a pandemic situation develops, but individuals, businesses and communities can probably at least halve the effect of any sort of viral epidemic by practicing anti-infection measures.
I will continue to update and correct assumptions based on new developments, which are at this time coming at a very fast pace.
The primary author of this blog is a systems analyst working in banking systems and compliance. As part of my job duties, I help banks perform risk assessments and develop business continuity plans, a..k.a. disaster plans. Banks are required to develop and maintain these plans by law and regulation. Regulatory agencies audit banks to make sure they have adequate plans in place.
WHAT is a "business continuity plan"?
The purpose of a business continuity plan is to ensure that a particular business can keep running when a disaster or significant adverse event happens. There is a recognized methodology to developing adequate business continuity plans, which includes several basic steps:
- Identify all reasonably foreseeable internal and external risks,
- If the risk can be eliminated, develop a plan to eliminate it,
- If the risk cannot be eliminated, predict the consequences and develop a plan to mitigate (lessen) the consequences so that the business can continue operations,
- If the risk can neither be eliminated or mitigated, develop a plan to survive it and restore operations.
WHY I am bothering to publish this blog:
Since the banks who are my clients pay for my assistance, I feel a duty to them to keep them apprised of upcoming risks. Because of this, I began to monitor the bird flu (H5N1) situation in the spring of 2005. I soon noticed that there was puzzling discrepancy between WHO's and ProMed's description of what was happening in Asia and the actual news reports.
This caused me to research the situation more thoroughly. In May of 2005 I discovered that some human to human transmission of H5N1 appeared to be already occurring in Asia, so I decided that the possibility of H5N1 spreading by extended chains of transmission between human beings was a foreseeable risk of the type for which my banking clients should plan. Unfortunately, there were no published protocols or best practice recommendations, which engendered further research conducted by a grumpy yet dedicated systems analyst with little medical knowledge.
After completing the first phase of the research this summer, I found myself in a puzzling situation. Different medical authorities seemed to have very different assessments of the likely risks, and the government/UN assessments seemed to represent far less risk than those of many private researchers and some of the Asian governments. Now the essence of business continuity planning is to accurately assess risk in order to allocate time, effort and money to mitigation attempts by intensity of risk. I could not figure out how to assess the degree of risk this situation presented.
In some perplexity, I made up a differential chart, logged the various predictions between various camps, and watched for several months to see which predictions came true. In the meantime I developed some numerical prediction models and played with them so that I would be prepared when I finally got some trustworthy assumptions about the degree of risk. The numerical models were extremely alarming given the worst case predictions, but I soon realized that the dominant variables for continuity of business operations was rate of spread and attack rate (how many in the population become infected) plus the extent of economic disruption.
In the last month, the more dire predictions from private researchers have come true, and the governmental/UN assessments are now moving over to their camp. I found this surprising, since I had been expecting more of a blend. I now had enough data to prepare a reasonable plan with reasonable assumptions, but in the meantime I had come to a few conclusions:
- The risk to the human population was potentially very severe,
- The risk of economic disruption was more like a certainty if a true pandemic situation developed,
- The political furor dominating the discussion was intense and was likely to remain so,
- There would be no treatment mitigation within the next three to four years, but
- There was a prevention mitigation available, inexpensive and deployable, and
- The prevention mitigation strategy was likely to be highly successful, but it had to be planned for, implemented at the individual and business level, and some supplies and training were needed before a pandemic developed.
Most of my template plan is applicable to all sorts of businesses and the infection prevention steps have to be implemented by individuals to make a difference. Therefore the best way to address this risk is to distribute the information widely. It appears unlikely that governmental organizations can do more than have a marginal effect if a pandemic situation develops, but individuals, businesses and communities can probably at least halve the effect of any sort of viral epidemic by practicing anti-infection measures.
I will continue to update and correct assumptions based on new developments, which are at this time coming at a very fast pace.
posted by MaxedOutMama at 2:32 PM
0 comments
Confused? Start Here
Outline Of Contents
Resource Links
Previous Posts
Archives
