Home

American Automation Building Solutions, Inc. In the News

2004

Colorado Biz Magazine Fastest Growing Business

American Automation Building Solutions, Inc. now becomes American Automation Building Solutions, Inc. Denver Business Journal, Rocky Mountain News

Industry News

Inside Organizational Continuity
(Sources: The Conference Board; Access Control & Security Systems)

“It is one of the most widely overlooked areas of risk management”

Few government or business functions are as capable and prepared to react to emergency and crisis
situations as are the physical security departments and its officer. However, many agencies and
companies that operate security departments do not address the function of operational continuity
– although common sense dictates there is no better place for that responsibility to reside.

A recent study by the Conference Board, “Managing Corporate Security: Patters of Organization”
found that most major companies manage their security responsibilities in a decentralized ways,
usually thought three distinct silos consistent of physical security, IT security, and risk management.
And, if you look at government agencies, with the amount of outsourcing, is it too far removed to
think that this may also apply to them? Given this structure, organizational continuity initiatives requiring
well-coordinated planning and training are difficult—if not impossible – to achieve.

Organizational continuity relates specifically to the continuation and survival of the core function of the
enterprise. It is important that the continuity plan should be a way of doing business or operating,
not just an adjunct. IT departments illustrate the best example of this approach—they cannot lose or
have electronic information in accessible, so they integrate continuity practices as
part of their normal business functions.

An integrated approach to business continuity requires organizations to merge the many standalone efforts
into a cohesive intelligence and event – or response process that blends together strategy,
competitive intelligence, and event – or response driven management. This approach can then
facility the typical “pro-active” planning principles of detection and deterrence. It can also
enhance education and awareness programs, and training and response capabilities.

A truly integrated continuity plan provides value by reducing multiple plans down to a single format
plan that is readily manageable. It provides a consistent framework for operations, whereas separate
plans for disaster recovery, emergency response and crisis management can create confusion,
duplication of effort, depletion of resources, and possibly cause inaction.

An integrated plan provides a consistent response process and framework for operations,
combining strategy and competitive intelligence into business continuity processes.
It will enhance security safeguards against errors and omissions and provide a basis for ensuring
operational resilience through prepared response. Most importantly, an integrated business
continuity plan should enhance clear communications between the continuity facilitation team
and external business partners because these partners will become vital to the organization
during the recovery process.

Case Study

Phased Approach to the Planning Process

Phase--------------------------------------------- Approach

Assessment and Business Impact    -Perform Risk
   Assessment

Analysis    -Assess Existing
   Mitigation Programs

   -Determine Mission
   Critical Processes

   -Determine
   potential impacts

   -Develop Response
   Recovery Procedures

Phase-------------------------------------------- Approach

Strategy    -Define Event
   Response Strategies

Evaluation & Selection    -Compare Response
   Strategies to
   Timeframes and
   resources

   -Perform Cost Benefit
   Analysis

   -Establish Preferred
   Strategy

   -Document Selection
   Rationale

Phase-------------------------------------------- Approach

Business Continuity Plan    -Analyze existing
   plans and procedures

Development & Documentation -Prepare draft
   continuity plan

   -Perform cost
   benefit analysis

   -Establish preferred
   strategy

   -Document selection
   rationale

Phase ------------------------------------------ Approach

Testing/Maintenance    -Design training
   program

   -Design testing
   protocols

   -Develop and
      facilitate simulation
   exercises

   -Develop    maintenance
   procedures

   -Establish audit plan

Ten Action Steps

Reviewing and then implementing the following ten action steps into one’s
own situation can produce positive results for an organization.

1. Make the enterprise an unattractive target
i. Make your business as inconspicuous as you can

2. Revise employee screening processes
i. Ensure you do a in-depth background screening
ii. Include social security number confirmation trace, credit
report, verification activity for the last (7) years
iii. Criminal background history
iv. State driving record and specially designated nationals and
block protection lists

3. Validate business, community, and government contracts
i. Know who your company is doing business with

4. Assess business continuity plans
i. Evaluate your plan to ensure it is integrated with
other facets of the business
ii. Is the plan current and relevant?
iii. When was it last updated?

5. Train and educate the workforce
i. Properly train employees to make the most of your
plan

6. Equip the workforce
i. Provide employees the tools to do their work; ensure
key influencers in your organization are there to help others

7.Review leases and contracts for risk exposure
i. Are lease agreements current?
ii. Know your landlords responsibility—is he
responsible for providing a certain level of security?

8. Assess value-chain exposure to supply disruptions
i. Know your touch points to mitigate interruptions

9. Review insurance policies and conduct cost/benefit
analysis
i. Know your inclusions and exemptions

10. Communicate commitment
i. Show by doing

	AMERICAN AUTOMATION BUILDING SOLUTIONS, INC.

	American Automation Building Solutions, Inc. In the News 2004 Colorado Biz Magazine Fastest Growing Business American Automation Building Solutions, Inc. now becomes American Automation Building Solutions, Inc. Denver Business Journal, Rocky Mountain News Industry News *Inside Organizational Continuity* (Sources: The Conference Board; Access Control & Security Systems) “It is one of the most widely overlooked areas of risk management” Few government or business functions are as capable and prepared to react to emergency and crisis situations as are the physical security departments and its officer. However, many agencies and companies that operate security departments do not address the function of operational continuity – although common sense dictates there is no better place for that responsibility to reside. A recent study by the Conference Board, “Managing Corporate Security: Patters of Organization” found that most major companies manage their security responsibilities in a decentralized ways, usually thought three distinct silos consistent of physical security, IT security, and risk management. And, if you look at government agencies, with the amount of outsourcing, is it too far removed to think that this may also apply to them? Given this structure, organizational continuity initiatives requiring well-coordinated planning and training are difficult—if not impossible – to achieve. Organizational continuity relates specifically to the continuation and survival of the core function of the enterprise. It is important that the continuity plan should be a way of doing business or operating, not just an adjunct. IT departments illustrate the best example of this approach—they cannot lose or have electronic information in accessible, so they integrate continuity practices as part of their normal business functions. An integrated approach to business continuity requires organizations to merge the many standalone efforts into a cohesive intelligence and event – or response process that blends together strategy, competitive intelligence, and event – or response driven management. This approach can then facility the typical “pro-active” planning principles of detection and deterrence. It can also enhance education and awareness programs, and training and response capabilities. A truly integrated continuity plan provides value by reducing multiple plans down to a single format plan that is readily manageable. It provides a consistent framework for operations, whereas separate plans for disaster recovery, emergency response and crisis management can create confusion, duplication of effort, depletion of resources, and possibly cause inaction. An integrated plan provides a consistent response process and framework for operations, combining strategy and competitive intelligence into business continuity processes. It will enhance security safeguards against errors and omissions and provide a basis for ensuring operational resilience through prepared response. Most importantly, an integrated business continuity plan should enhance clear communications between the continuity facilitation team and external business partners because these partners will become vital to the organization during the recovery process. Case Study Phased Approach to the Planning Process Phase--------------------------------------------- Approach Assessment and Business Impact -Perform Risk Assessment Analysis -Assess Existing Mitigation Programs -Determine Mission Critical Processes -Determine potential impacts -Develop Response Recovery Procedures Phase-------------------------------------------- Approach Strategy -Define Event Response Strategies Evaluation & Selection -Compare Response Strategies to Timeframes and resources -Perform Cost Benefit Analysis -Establish Preferred Strategy -Document Selection Rationale Phase-------------------------------------------- Approach Business Continuity Plan -Analyze existing plans and procedures Development & Documentation -Prepare draft continuity plan -Perform cost benefit analysis -Establish preferred strategy -Document selection rationale Phase ------------------------------------------ Approach Testing/Maintenance -Design training program -Design testing protocols -Develop and facilitate simulation exercises -Develop maintenance procedures -Establish audit plan Ten Action Steps Reviewing and then implementing the following ten action steps into one’s own situation can produce positive results for an organization. 1. Make the enterprise an unattractive target i. Make your business as inconspicuous as you can 2. Revise employee screening processes i. Ensure you do a in-depth background screening ii. Include social security number confirmation trace, credit report, verification activity for the last (7) years iii. Criminal background history iv. State driving record and specially designated nationals and block protection lists 3. Validate business, community, and government contracts i. Know who your company is doing business with 4. Assess business continuity plans i. Evaluate your plan to ensure it is integrated with other facets of the business ii. Is the plan current and relevant? iii. When was it last updated? 5. Train and educate the workforce i. Properly train employees to make the most of your plan 6. Equip the workforce i. Provide employees the tools to do their work; ensure key influencers in your organization are there to help others 7.Review leases and contracts for risk exposure i. Are lease agreements current? ii. Know your landlords responsibility—is he responsible for providing a certain level of security? 8. Assess value-chain exposure to supply disruptions i. Know your touch points to mitigate interruptions 9. Review insurance policies and conduct cost/benefit analysis i. Know your inclusions and exemptions 10. Communicate commitment i. Show by doing
	AAI Headquarters Ph. 720-529-0764 Fx. 720-200-2090 info@americasautomation.com