- Corporate Security
- Governance, Risk and Compliance
- Information Security
Meet Sam, Cerner’s Business Resilience Manager. Sam’s job at Cerner is to make sure that there are plans and processes in place to ensure that if anything were to happen, the company will recover. This includes recovery plans for Cerner’s data centers – the ones that host clinical data for the thousands of patients and practitioners using Cerner products everyday. In fact, Cerner hosts data for almost 50% of the total hospital beds in the United States. Needless to say, Sam carries a tremendous amount of responsibility on his shoulders.
“I’ve been with Cerner for over 10 years,” Sam says. “We have disaster recovery and business continuity planning on our resilience team. We are responsible for governance, boundaries and direction from a corporate level. We then partner with the organizations we serve and work with their business coordinators to create continuity plans at the business unit level.”
Back in 2011, Sam recognized that communication could be improved within Cerner’s business resilience program; “We needed a tool that would enable us to quickly and efficiently communicate with staff and stakeholders in an emergency”.
As for business continuity, Sam’s team was using Microsoft Word and Excel to house Cerner’s business continuity plans.
“We had all our plans organized in physical binders and in an emergency, we’d pull them out. The biggest challenge was knowing whether the plans were up to date. There was no way to tell unless you pulled them out and checked for yourself.”
When Cerner implemented Resolver, it was done in two phases: mass notifications were rolled out in phase 1, followed by the disaster recovery (DR) and business continuity (BC) plans in phase 2.
“Resolver gives us a way to analyze our DR and BC plans by activating them in real-time. The platform allows people to report issues that come up in the event plan – anything that we might have missed or not considered. With paper-based DR/BC plans, this was virtually impossible. Now we can track those issues across different teams and notify the incident commander so that they can help if necessary.”
“The tool also helps us maintain the life cycle of our business continuity plans. The life cycle essentially identifies a critical process, creating a plan to protect it and then exercising it. Using Resolver, we can run an analysis of our plans to see which ones are compliant with corporate policies and regulations and which ones aren’t.” Sam says this is especially helpful during audits – he can simply pull a report from the platform to show how Cerner is compliant with legislation like HIPAA, which protects an individual’s medical records and other personal health information.
One of the greatest challenges in Sam’s role is simply engaging other teams in the BCP process. His team partners with key stakeholders and divisions across the company to create a continuity plan for every critical business process at Cerner.
Since implementing Resolver, Sam says that this process has improved significantly. “Resolver has the functionality to remind people when their plan is due for review or exercise. That has helped us complete the BCPs much quicker. The team leads reach out and ask us what they need to do for their plan because they were reminded. It really encourages them to engage with us.”
Sam says that using Resolver has also gotten the Cerner executive team more involved in business resilience. “We do an annual tabletop exercise with senior executives, where we activate a plan and each leader is assigned tasks in the plan. Using Resolver, they can track which steps are complete, which are not and who is working on what. We have a Resolver dashboard that shows how many plans we have, how many are completed, up for review, overdue, etc. We use this dashboard to present to the exec team how resilient the company is at any point in time.”
Cerner also uses Resolver in a less obvious way at Cerner Kids, its on-site daycare facility. “Parents check in and register using Resolver’s self-registration portal. They can add people to be notified in an emergency. We also use it in our Security Operations Center to send notifications to managers and officers in the field.”
When asked why he chose Resolver over the seven other vendors that Cerner evaluated, Sam’s answer is pretty straightforward: “For the price and functionality. It met our needs and was within budget.”
There’s no way around it; most disasters simply cannot be predicted. Apart from having a psychic ability to predict the future, the next best thing is to have the plans, people and processes in place to respond and recover when (not if) a disaster strikes.
“Ultimately, I want to leave work every day feeling like I don’t have to be there, feeling confident that the company will know what to do and how to recover if anything were to happen,” says Sam.
This is no easy feat, but using Resolver has made Sam’s job significantly easier and more impactful. “Success to me is getting Cerner to a level of 100% disaster resilience. Resolver is helping us achieve this.”