Disaster Recovery Journal

Q&A

An Interview with Brian Gray of the United Nations World Food Programme

GRAY
By JEAN ROWE, MBCI, CBCP, CDCP

After 10 years of being cold, wet and hungry, Brian Gray left the Canadian Army in 1999 to join the United Nations World Food Programme. Since then he has worked in more than 70 countries in logistics, security, administration and programming. His two field postings were Sierra Leone and Iraq. Gray has been central to the development of business continuity in the United Nations. He assumed his current position at the end of 2009, and is responsible for the viability of business continuity planning across the United Nations Secretariat.

ROWE: With the ever-changing environment coupled with the escalating threats from nature and terrorism, how you look to improve and modify your BC/DR program?

GRAY: The United Nations Secretariat has offices spread across the globe and therefore faces a variety of hazards, both natural and man-made, for which we need to prepare so that we can continue to implement programs. To improve our business continuity management program, we are working to more closely integrate all elements of emergency management within the organization – security, crisis management, business continuity, disaster recovery, mass casualty incident response, and victim support – under the rubric of organizational resilience management.

In practical terms this means ensuring that we harmonize risk management and integrate crisis preparedness and response across secretariat departments. This effort includes an integrated and structured maintenance, exercise and review regime, and coordinated planning and response tools.

We are constantly on the lookout for new and innovative ideas that will enhance the business continuity management program, either from within the United Nations system, or by engaging with the private sector and civil society.

ROWE: Any pearls of wisdom in managing an international BC program?

GRAY: First, I am convinced that for a BC program to be successful you must ensure that managers and planners do not just concentrate on producing a physical deliverable – such as a business continuity plan – but establish an organizational structure to maintain and implement the plan and incorporate a strategic, structured program to elicit behavioral change so that staff will know what to do and how to do it during a crisis.

Without a structure to govern the program and a training and exercise regime, you are exposing yourself to huge vulnerability. Second, our experience of implementing business continuity management in United Nations offices across the globe leads us to decentralize responsibility to the various offices supported by a scalable, flexible suite of plan development and implementation tools that resonate with staff in different contexts. These tools were developed by engaging with staff in duty stations in all regions who were the source of significant innovations that made business continuity management simpler and more effective.

This effort also highlighted two key points: one, United Nations staff, who are routinely faced with disruptive events, have a wealth of business continuity and emergency management experience and knowledge; and two, the value of communication and collaboration, either in-person or distributed, with a view to generate constant program innovation and improvement. To this end we encourage the development of business continuity and emergency management knowledge internally, and with external partners, both in person and on social networks, like LinkedIn. With respect to the latter, social media are becoming increasingly important as not only a crisis communications tool, but as a way to support social learning and business continuity awareness at all levels in the organization.

ROWE: What kind of risks do you prepare for?

GRAY: From the outset we have adopted the premise that for business continuity purposes we must plan for Black Swan events. While this approach results in robust plans, it poses some challenges for business continuity risk management. By virtue of their nature, Black Swan events cannot be anticipated, so how can you take substantive action to prevent and mitigate them? We still identify location-specific risks and manage them by deconstructing their cause and effect, identifying preventative and mitigation measures respectively. Simultaneously, to address the Black Swan problem, we implement sound fundamentals, such as the establishment of governance and implementation structures and robust communications.

v

Jean Rowe, MCBI, CBCP, CDCP,;has;been;in;business;continuity;as;both a;practitioner;and;a;consultant;for;more;than;15;years.;She;is;currently;the business;resilience;manager;for;Verisign.