Business Continuity Plans (BCPs) are funny things.
At their most basic, BCPs are the real-world response to the old “Hope for the best, Plan for the worst” adage. It’s honest recognition that being stuck between a rock and hard place is better with a hammer, albeit with no guarantee that the hammer is big or small enough to be helpful.
Nonetheless, a well-conceived BCP provides peace of mind, like insurance does, with the added satisfaction that only authorship (or ownership?) brings. The rub, of course, is that every BCP is, at the end of the day, still just a plan. As boxer, actor, felon, playwright and corporate strategist ’Iron‘ Mike Tyson once famously said, “Everyone has a plan until they get punched in the mouth.”
Indeed. Because sometimes pipes break in the 2nd floor ceiling of your office and leak antifreeze everywhere. And because, other times, there’s COVID-19.
The benefit of having a BCP plan in place to manage either situation is that, well, there is at least a plan. And despite what Kid Dynamite says, the real truth is that any company with a plan retains, at the very least, a fighting chance to get back up after they’ve been hit.
For Lowers Risk Group, like many others, COVID hit our industry, our business – our people. We were fortunate, though: our Business Continuity Plan was 5 years in the making. It didn’t matter, until it did.
Back in 2015, CTO David Lowers, Chief Security Officer Joe Labrozzi and Director of IT and Security Chris Sosnoski recognized the need for our growing staff to have partially, if not fully, remote capabilities. What was initially driven by space concerns evolved with the access to and the ability of new technology to support fully secure, remote work that reduced cost, increased efficiency and enabled greater flexibility that could support new business opportunities within Lowers Risk Group. With this foundation in place, Lowers, Sosnoski and Labrozzi were able to take the organization’s global footprint of over 550 people (spread over 3 continents) to fully remote in less than 2 weeks with zero business interruption when COVID hit.
And though Facilities might disagree, being fully remote due to COVID made the impact of that leaky pipe one less headache to manage when stress levels are already elevated.
We asked Labrozzi and Sosnoski to tell #OurStory of transition to a fully remote work environment. We asked them what made it possible and to share a few insights that could help other organizations with the creation and implementation of their own BCPs to author their future resilience. Below is a transcript of our conversation.
On behalf of the entire organization – thank you both for your efforts and keeping the organization on its feet as COVID hit. How did your teams manage this transition?
Our ability to go remote during COVID was strategic and began 5 years go. Wholesale Screening Solutions, our largest division at Lowers Risk Group, was beginning to test our space limitations. At that time, the VA HQ had about 400 people on-site. Additionally, the Wholesale team recognized a need that they had to hire in different areas, not just in VA HQ. We were tasked with how to support that, and it was clear we had to embrace the cloud. Buy-in from David and other executive leadership there was the first step.
What really drove the process was what was happening in Wholesale’s Georgia office, our first off-site campus. We needed a base to get our people into the courts to do research. That organically began to create resiliency in our operations – rather than rent out trailers, for example, in the event of something happening, our second location offered redundancies as technology matured. As we gained more experience managing this remote location in GA from our VA HQ, we saw it was possible to have and manage a remote workforce while still doing secure work. We then built a series of processes around this concept that laid the foundation for more remote work, and we’ve been working at that ever since.
Right before COVID hit, for example, we launched phase 1 a Unified Communications as a Service (UCaaS) initiative with plans to roll-out Phases 2 and 3 in the coming months. What would have been a much more measured roll-out was accelerated by COVID. But, had we not been building towards that – not just with the UCaaS launch, but all the work leading up to the launch – it would not have been as easy or seamless. However, we had our BCP in place and were able to activate it,. Our teams stepped up and, again, the full support of leadership helped make it happen.
What were the steps you were taking to build that initial foundation over 5 years?
The goal was always to keep the working experience as secure and as available as possible, so it was about taking small bites at the apple. Exploring, testing, and implementing remote training, for example. Cloud-based email. Our UCaaS environment. We were able to leverage cloud resources like Microsoft, Adobe, Salesforce, AWS and Zscaler to achieve this.
The complicating factor was the cost associated with it – we had to be willing and able to spend monthly on subscription services. For a while, that was a barrier, but we continued to make the business case while moving from a hybrid environment to a cloud environment. Transitioning the phone system to UCaaS, for example, was a two-and-a-half-year effort to make happen and now our teams are loving the flexibility it offers. Our teams can do remote assessments and maintain contact with each other and clients easily.
How did you each manage the workload during the COVID transition to remote work?
Teamwork. At VA HQ, Chris and I have sat next to each other for years, so we have a great working relationship – that’s part of the culture at LRG, which is probably also a reason the transition was smooth. But it’s about the quality of who you work with. Chris’ IT team knows what needs to get done – they’re reliable and fast. I focused on the human capital element, making sure that we were dealing effectively with any productivity concerns, making sure teams were staying connected. We all operate from a leadership mindset and depend on each other to play our parts.
The real risk in remote work is not technology, it’s management process. My team trusts each other to get things done. When COVID hit, we found a useful strategy was to use quick, daily stand-up meetings. For the most part, these types of meetings continue in some capacity across all departments; I know upper management remains committed to finding one-on-one time for their direct reports. Process is super important in all this, but equally so is everyone’s ability to do their job.
Any key takeaways to offer other organizations from your experience?
Sosnoski – I think there’s really three that worked for us:
- We started planning early and had already explored the risk environment, developed the processes that would provide us a path of least resistance to continuity and had leadership buy-in.
- We identified the right digital tools and had assessed, budgeted for and tested them as part of the plan strategically; having to do this during COVID would have been very difficult.
- We were all aligned on the work that had to be done to achieve the vision; for us that was finding a secure, scalable and available environment to perform our risk mitigation work.
Lowers Risk Group provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly regulated environments and organizations that value risk mitigation. Our human capital and specialized industry enterprise risk management solutions protect people, brands, and profits from avoidable loss and harm. With Lowers Risk Group you can expect a strategic, focused approach to risk assessment, compliance, and mitigation to help drive your organization forward with confidence. Contact us.