Dangers of poor crisis communication: a plane in the water?

By Jorge García Carnicero

There has been talking a lot in business continuity forums about crisis communication and about how social networks could help to broadcast information to our stakeholders in an easy way, but needless to say that it is always necessary to have some restraint in sending these communications and that the people who should be responsible for these activities should be sufficiently trained to give the right information to meet strictly our needs.

The case that has made up to develop this post in the blog is the fake alarm that took place last Thursday 27th of march, when the canary emergency service 112 (@112canarias), send the following tweet:

«Control Canarias confirma caída al mar de avión a 2 millas costa #GranCanaria a la altura de Jinamar. Se desconoce el número de pasajeros». 

Canarias control comfirms that a plane has fallen into the sea, 2 miles from the #GranCanaria cost, in Jinamar. It's not identified the number of passengers.

Until this moment all activities were in within normal, with the activation information exchange protocol between the airport authorities and the emergency service. But with this communication, validating the visual evidence that were being received from different points, the event went to another dimension. Media around the world assume that the news were true since canary emergency services is suppose to be a reliable source. In fact, the Canary 112 service has one the emergencies twitter profiles with more followers, more than 53,000,

The story was not greater because the 112 service itself gave the lie to the news 9 minutes after:

 Respecto posible accidente avión, SAR, Control Aéreo y helicóptero #GES confirman que se trata de remolcador tirando de una embarcación

About the possible plane accident, SAR, aerial control and helicopter #GES confirms that is a tugboat.

However, the tweet had been resent ad retweeted a lot of times, suffering a major impact and opening the debate of whether social networks are an appropriate communication channel for crisis notifications . In many cases, reaching the demonization of social networks.

Some links to the news

http://www.bbc.com/news/world-europe-26774885

http://www.ciutat.es/portada/sucesos/item/12758-asi-fue-la-pifia-del-accidente-aereo-de-canarias-un-avion-en-el-agua-ni-idea

http://www.abc.es/sociedad/20140328/abci-cronologia-avion-canarias-201403282017.html

Jazztel and the Crisis Communication

By Daniel Blanco Real

Last Wednesday 12th of march Spanish telco company Jazztel suffered a outage on its mobile phone network, both data and voice, since 13:30 to 21:00 approximately. From a Business Continuity point of view, there could be a lot of different analysis, but with the information that has been brought we can not define if it could be a problem in the continuity plan of Jazztel or if the service was activated in the recovery time objective or how the outage affected to the enterprises and what kind of alternative services they activated. What we can do is to analyse the crisis communication plan.

The internal communication plan will be out of the scope of this article, although it will be very interesting to know what kind of strategy would be carried out by Jazztel to this kind of unavailability scenario. Each time that we talk about alert notification, we think on call to mobile phones of persons included in the plan. As interruption was in business hours, it’s easy to assume that the communication was made by internal communication systems, like landline or any media based on IP. But would be highly interesting to study other alternatives in the carrier’s case:

• To have Dual SIM mobile phones, with a SIM of another carrier to carry out the crises communication (However this involves removing the vast majority of managers in Spain from crisis committees. I have still not seen any Iphone dual SIM)
• Communicate to personal phones, if there are not Jazztel phones and assuming that the managers has two mobile phones (something as unusual as the iphone dual SIM).
• Other kind of communications: landline, email (not too much reliable since there are not certainly received by the receptor), searh engines?

About the communications plan that carry out in the media and the users, could be analyse by information published in the news and social media, and also by customers itself.
Adslzone did a follow up of all notifications realized by Jazztel, and also of messages sent by Jazztel users to what they created a foro
The first messages sent during this kind of incidents is essential and must be clear, precise and use the best channels in order that all receivers will be reached in the fastest way.
Jazztel need three hours from the beginning of the outage to send the first official message at 16:15 and used its twitter account and its official blog to send the following message:

“We have an incident in our mobile phone service that affect to a big amount of our customers, not to all. The company is working on restablishing the service as soon as possible. We’ll keep you informed.”

Analysing what happen until the official Jazztell communication, we can realise:

Time until the first message
Three hours. Taken into account that since 13:30 there was a lot of topics in social media, it seems that it would be too much time to send such a short message and with very short information.

The selected media was twitter and the Jazztel official blog 
Is this the best way to communicate to their customers?
It could be yes or not, but is a good way to ensure that the message will reach all the national communications media that are following the social media in the big companies or IBEX35 companies and in this way, advice to the customers.
It’s also a way not to waste time organizing media rooms to deliver an official communication, apart from avoid, obviously, undesirably questions or questions not easily answerable in a moment in which there are a lot of details clearly identifies about what are carrying on.

Call Center
Apart from the official message, the customers calling the call center was informed through an answering machine indicating that there was an incident in the mobile phone service of voice and data, ant that Jazztell was working in recovering the service and tell the customer to call later to know if the incident was solved.

The Message
Both in the call center and in the social media there was no information about what had been the issue that could cause the problem, the estimated resolution time or the scope of the issue and number of customers affected.
There are a lot of factors that are not kwon and perhaps it would be better not to communicate certain issues as, form example, service restoration time, but the extent of the damage, if they knew, should be included. The message was launched trhee hours after the outage and it could be identified customers talking about their problems and located in different places, so it could be quickly identified that the problem was not a local incident but a national problem. This generate untrust about the capacity of Jazztel to solve the problem, the severity of the error that caused the problem and so the time that users are going to be without service (at the end the most important thing)

It took close to five hours to Jazztel since the first official message in deliver another message, at 20:07, in which they say that will compensate the users affected by the incident.

“We’re still working in reestablishing our mobile service as soon as possible and to solve the incident. Jazztell will compensate automatically to all customers affected by this incident without any kind of request by them.
Once the service will be reestablished, the company will contact immediately with all  the customers affected to keep them informed about the resolution."

The message
Although the message begins with a clear statement of intent to fix the problem as soon as possible, still no report on the fault that caused the problem, the approximate time resolution, or what the extent of the damage and the number of clients affected. This time the message focuses on talk of rewards to those affected, without really knowing applications without injury or damage caused in this way and try to mitigate as far as possible the damage ratio and confidence that is causing the incident.

At 22:00 the mobile phone service begins to recover, but is not until the next day when users recevies a SMS at about 11:00 or 12:00 askin

A las 22:00 horas se comienza a recuperar el servicio de telefonía móvil, pero no es hasta el día siguiente cuando los usuarios reciben un mensaje SMS sobre las 11:00 – 12:00 apologizing for the damage and report back to the next bill.

A communication plan should be well prepared in order to facilitate that such communications are carried out effectively and in time with accurate and concise information and allow especially and foremost that the situation is under control. It’s important not to generate more questions than existing ones, mistrust and causing a impact in the image that can immediately affect to the business, short and long term.
Now it’s time for  everyone to judge if whether jazztel communications was performed properly?

Whatsapp service availability.

By Jorge García Carnicero

Whatsapp is the mobile application that has been adopted faster by most messaging users, becoming essential in a short period of time. Beyond the typical messaging functions, sending messages to groups of users has been established as the most common way to communicate between people, specifically when using the telematics platforms to coordinate activities of the real life.

Last February, 22nd, Whatsapp suffered one of the most important outages of its history, or at least it was the outage that affected a greatest number of users. A big amount of users didn't realize the service unavailability until about 7:30 pm., loosing their communications with their virtual environment without having an alternative way. But why?, because there are a lot of alternatives: SMS, Line, Telegram, Skipe and applications that are part of bigger systems, like Facebook Messenger or Google Hangouts. Because not all user though on the same alternative and two parts are required to establish a communication. The easiest solutions for most users was to make a telephone call.

Further than the panic and anxiety attacks suffered by some users, the analysis of the outage of Whatsapp from a business continuity perspective must be done taking into account that Whatsapp is becoming a real communications provider.

There are a lot of self-employed and SME that are using Whatsapp as a communications channel with their customers, making advertising with the green logo of the messaging company. It brings the company a modern branding  and a feeling of beeing close to the clients because the logo has positive emotional connotations: it’s associated with the contact with our most close environment in the mobile, our family and our friends. Without any doubt, it could be a very good decision from a neuromarketing strategies perspective. I wouldn't want to raise the debate of whether this use could be considered as legal, since in the Terms of Service Whatsapp expose clearly that it must be used only for non-commercial purposes. But, Can be Whatsapp be considered as a real corporate communication tool?

Little by little, step by step, people using Whatsapp for communications related with their professional activity are becoming more dependent of its service, but nobody ensures them that the service will be available in the terms they could need. Moreover, in their Terms of Service  Whatsapp avoid any kind of responsibility or damaged that can cause by their unavailability. In combination with the lax requirements defined by the regulatory organism (CNMC in Spain), makes the service should be considered unreliable in terms of business continuity.


In order that this could change, the service should be submitted, at least, to the same regulatory requirements that a telco operator. But it seems that is not going to happen in short terms, at least it's not included in the new Spanish telecommunications law  (ley general de telecomunicaciones) that is being processed during this months. So the recommendation that we have to make from a business continuity perspective is that Whatsapp should not be used as a corporate communication tool (and of course neither should be Line, Telegram, Skipe or whatever under the same circumstances). At least is has not to be used as a main communication channel and if used, their would be always an alternative way to establish the communication with the customer.

Last point of the analysis is the lack of agility of Whatsapp when communicating their problems. Although the services outage was at 7:30 pm the incident was recognized and communicated by the company at 21:16 by twitter in its account @wa_status. Could it be because Whatsapp founder and CEO was in Barcelona, in the MWC, this weekend?

Auditing Providers, Intrusion or need?

By Moises Lopez Soto

During the last years, there has been a diversification in the way the services are being delivered, increasing the number of providers that conform the supply chain and, therefore, the complexity in the control of all components to provide success in the final result. Trends as Outsourcing some time ago and recently Cloud are clear examples.

We find ourself everyday facing the challenge of ensuring business continuity of our organization with a high number of external agents and, in some cases, this external agent could be absolutely essential to the future of our company. That's why we must take action and act proactively to strengthen the links in the whole chain, minimizing risks and cushioning the impact that could suppose to our business the break of a weak link. This is a complex task when we have to control process and resources internally so it's easy to assume that it would be much more complicated with external agents which have full freedom to be independent in their process and way to deliver their services.

SLA is not enough

Establishing Service Level Agreements are completely valid and necessary on areas of service such as capability and availability but when we are talking about continuity it become insufficient. Among other things, this is because we are not referring to both the supplier's ability to give service but to their ability to keep delivering it after suffer a contingency.

The most common solution is diversification is relying on a model of "duplicity" in a provider-service base, with a relation of N to 1 and with a minimum of two, just as if it were a load balancing in a data network. In some cases this is the usual way to deliver the service,  in other scenarios suppose an increase in the resources required for service management with a greater workload for staff but, nevertheless, is NOT a valid solution for all services. For example, it is usually to stablish this kind of countermeasures when we are talking about business critical services like providers of essential services (electricity , water, etc. . ), when the solution is too complex or too expensive, when there is a monopoly or when there is a single infrastructure common to different suppliers, etc. Any way, it seems absolutely clear that a relationship model in which provider and the company has to be strength enough to carry out all contingency scenarios just as if they were the same company.

Audit process, an interesting weapon

It could be close the day in which the ISO 22301 (or similar) would be required to provide some kind of services, just like there is required the ISO 28000, the ISO 9000 or, even, the ISO 20000, but until that day arrives, audit processes becomes an interesting weapon. On the one hand it would bring a very significantly strengthen in the customer-provider relationship and on the other it will help to raise awareness, work and improving business continuity in both companies.
It is true that providers can refuse, just as we can see in the event that was supported by SIA last year, but it must be the customers which would has to assign some weight to the Business Continuity countermeasures that could be included by their provider in the proposals of service delivery.

Providers should consider the audit processes just like turning point in their business continuity activities, or if they have not done anything before a staring point, to provide resilience to their own business, having the opportunity to strengthen and enhance the relationship with their customers and, at the same time, get a business-marketing revenue on their actions in this field. On the other side, customers should approach them in a constructively way, focusing on growth and providing support and advice to the audited provider. Definitively, a Win-Win relation.

Now a days, audit processes are called to be the main element in order to ensure the strength of business continuity management system and so, the resilience of the company, so it seem to be more a need than an intrusion....

BCMS testing, prepared or not…?

By Moises Lopez Soto

Let's talk about testing in a Business Continuity Management System, based on the premise that this is an absolutely crucial element, and not necessary else MANDATORY to consider that we really have a Business Continuity Management System, not vain, They have dedicated a complete phase of the Deming’s cycle (PDCA). Therefore, let's not deep into the need for them, we assume that point passed, and we focus on How we do them or the "preparation" for them?

When the time comes to check that previously planned and done, actually, does its job and that the chosen strategy will cover and give the necessary support to the company in the field of Business Continuity, nervousness often comes to those responsible for have conducted each one of the established schedules, in addition the operational part enters a brewing cycle, normally, excessive.

We want to do a test, we consult to the members of the various existing committees about their availability because there is often some component of the Senior Management whose time is money, (so far, we can be considered a normal planning) further are consulted/agreed with responsible of the different systems/applications of IT that, possibly, will be affected by the test, we head to the users and their responsible to inform them that they will participate in a test, etc. etc. Outcome: hopefully, we will have preserved secretly the day and time of the test.

Just doing a Plan - Do - Check - Act of the test itself, the question is: is it really necessary?

Perhaps the question to be answered when we analyse the performing of a test be to When we want to be fired (being largely exaggerated) during a real contingency or after performing a failed test? Personally, if I would belong to some establishment of senior management and you are assured me Continuity alleging testing, and later, for the reasons that be, it’s must activate the plan and does not work due to the logic NOT preparation of the contingency, heads would roll…

With this, we don’t mean that it is not necessary, especially in the beginning, make some preparation before launching a test, but if that too much preparation invalidate the results we get with the test.

However, if we pass to the other end and we focus on testing without notice we also can find few problems and risks, for example, breaking the maxim: "Let the Business Continuity NO jeopardize the business" and we cause ourselves a contingency of major proportions. Furthermore, it is not good that groups with functions within the business continuity plans are accustomed to receive alerts for plan activation without prior notice as they may fall into the apathy and think "one more test" when treating of a real contingency.

Therefore, the most sensible proposal is the alternation, seen as making of prepared tests and improvised tests (knowledge of it reduced to a minimum number of people) so that knowledge and culture Business Continuity is encouraged in the company while feedback is obtained much more objective.

In any case, one way or another, it is always important to keep in mind when we're going to make a test that we must seek it is the failure, the vulnerability of our plans, the unexpected, obtaining lessons learned to maintain the continuous improvement, except inclement weather, the contingencies do not call the doorbell, knock down the door, and, above all, the test carry the imperative need for further testing inasmuch as the repetition is a proven method of learning and a perfect way to embed automation that will be absolutely necessary when stress atenace reasoning ability. How can we get this?

"A Business Continuity Test should not jeopardize the company, but must take the sure knowledge of your Resilience"