Tom Crane, Certification Program Manager, Everbridge
As critical events increase in frequency and magnitude, organizations need to ensure that building and maintaining operational resilience is incorporated into their long-term strategy. Operational resilience is more than just having a plan to respond to critical events as they happen; it’s a critical step built into every strategy to ensure that businesses are prepared to face the unexpected.
Very few people know this better than Everbridge enterprise resilience expert Tom Crane, who helps lead the Best in Enterprise Resilience (BER) program. Tom knows what it means to demonstrate comprehensive resilience. He recently addressed some key questions about how top enterprises are building operational resilience differently than others.
Q: Why are you passionate about keeping enterprises resilient and running?
Tom Crane: Since I was a child, I’ve aspired to have a career that helps and serves others in need, and there’s no greater time of need than during a crisis or a disaster. I started my career in public safety, and after witnessing the impact that world events like natural disasters and terrorism can have, I was inspired to do more and strive for a broader impact. I’ve had the fortunate experience to work with homeland security, emergency management teams, and business continuity teams, and it’s gratifying to be able to help people and serve those who are in times of their greatest need.
Q: What does Everbridge mean when we say enterprise resilience?
Tom Crane: When Everbridge talks about enterprise resilience, we’re talking about a comprehensive approach for organizations to work together across departments and divisions to manage critical events of all shapes and sizes, whether it’s an IT incident, cyber threat, a life safety event, something affecting their brand or revenue, reputation, or their overall operations. Organizations want to future-proof themselves from any major impacts and enterprise resilience takes a comprehensive approach to work with the entire ecosystem of an organization to manage and resolve incidents. Ultimately, resilience is about being able to withstand events and prosper. If you can adapt and overcome, of course that’s great, but you want to be able to prosper during adverse situations. That’s what enterprise resilience is really focused on.
Q: What are some key steps that all businesses can take when looking to create a resilient organization?
Tom Crane: There are three key things all organizations should look to when it comes to resilience. The first thing they should know is where they stand today. Can they prosper in the face of adversity? Often, that means understanding the risks they face with a high level of impact; is it an event that’s likely to happen, or a Black Swan type of event that you don’t see coming? Second, an organization needs to know where improvements are needed. It’s one thing to know where you stand today; but the next thing to do is really know where you need to make improvements. Every organization I’ve ever worked with has a long list of things that they can improve upon. The third thing is prioritizing that list of improvements and beginning to build your capabilities and your capacity to mitigate, prevent, respond, and recover from those risks that are most devastating and disrupting to your organization.
Q: Your job entails assessing organizations to identify their level of readiness and resilience. What are top tier resilient organizations doing differently than others?
Tom Crane: I’m fortunate to work with top tier organizations, such as Fortune 50, Fortune 500 organizations, to understand how they’re managing critical events and I see common themes in organizations that are top tier resilient. Top tier organizations are applying technologies and policies and procedures to automate processes, to do things efficiently, to assess risks, to locate and identify the impact to their organization. Organizations that have assets across the entire globe, different offices, supply chain partners, and warehouses, have a big footprint to manage and they need to oversee the safety, security, and resilience of those assets. Being able to centralize and gather situational awareness about the threats and risks posed to different facilities, assets, or operations is a big part of what truly resilient organizations are doing today. Additionally, they are automating and simplifying the management of event resolution, and communications throughout the process. They have the technologies, people, and processes in place and they’re training and exercising to make sure that they’re proficient and always improving. There’s always room to grow; and we see that top tier organizations are always making improvements to be better prepared and more resilient.
Q: How do businesses ensure their resilient strategy is scalable as their business grows or changes?
Tom Crane: Many of the organizations we work with are growing and changing all the time, whether they’re expanding their products and services, or growing their footprint through company acquisition or growing internal teams. If there’s one thing that’s constant, it is change, and because of that there’s not just one single way to ensure the enterprise is resilient.
In terms of people resilience, a big piece of the puzzle is making sure that partners, vendors, and even the community you serve is considered when folding new people into your company security blanket. Integrating new people into a critical event management (CEM) platform, for example, ensures that those people can be protected and accounted for and communicated with during major incidents. We see technology being enabled and centralized in a way that supports the entire enterprise.
Q: How do businesses foster operational resilience within their organization?
Tom Crane: Businesses foster operational resilience within their organization by being collaborative. Reaching across the different departments and divisions, coming together, talking about risk and mitigation strategies and how to respond and recover creates a strong and collaborative planning process. Leadership from the top down is also critical to be able to institute policies that really support effective and efficient management of critical events. Bringing people together and providing lanes of responsibility, so people clearly know what they are responsible for and building certain targets that into your work plan, helps motivate people and makes sure that resilience stays a priority. Few individuals within an organization are assigned resilience as their only focus. It’s about teamwork and bringing people together who are doing so many different things and empowering them to support resilience across the organization by simply doing their piece.
Q: You’ve been working on an Everbridge program that launched last year called Best In Enterprise Resilience. Can you tell us a little bit about what the program is and what it represents for the organizations that are part of it?
Tom Crane: The BER program celebrates top tier resilient organizations that have gone through a rigorous assessment based on a set of best practices. Organizations are assessed, certified, and provided with a snapshot of where they are in their resilience journey. In today’s world, we celebrate so many things; resilience is not normally one of them. Resilience should be celebrated. Organizations that are earning this designation are proud of it because it demonstrates to their organization, their customers, and the public that they are dependable, trustworthy, and the type of place a person wants to work for.
Q: Can you provide a little bit of color about the mindset of today’s CSO? What are some of the challenges they’re facing and how can digital transformation and more specifically critical event management help them fulfill their obligations to an organization?
Tom Crane: The role of a Chief Security Officer has changed so much over the past couple decades. It used to be guns, gates, and guards, and now it’s digital transformation and automating processes and integrating and modernizing technologies. A CEM platform provides the common operating environment where a CSO can be assured that their organization is efficiently monitoring risks and communicating with their staff and their employees. It really simplifies the role and helps accomplish the mission of a chief security officer in a way that frankly needs to be done.
Q: What are a few thing businesses can do today to start their enterprise resilience journey?
Tom Crane: If an organization wants to start their resilience journey and aspires to be resilient across the entire enterprise, I suggest looking at the top tier organizations that have earned Best in Enterprise Resilience certification. These organizations excel across four competency areas: data and analytics, smart process automation, digital transformation, and communication and collaboration. Organizations that excel with data and analytics can track threats and risks to their people, places, and operations and have situational awareness in real time. When we talk about smart process automation, top tier organizations are automating processes to save time and things more efficiently, especially by monitoring information and identifying threats to your business or your organization. They have templates prepared for different events that include the right information, to be delivered in the right way, and sending it to the right people based on the circumstance. It’s also collaborating with people in efficient ways, whether it’s instantly launching a conference call when a critical event occurs, communicating in multiple methods, not just standard email or a phone call, but text message, email, phone call, mobile app, desktop alerts.