Disaster Recovery & Business Continuity: Empyrean’s Resiliency Program

Disaster Recovery & Business Continuity: Empyrean’s Resiliency Program

As the risk of disruptions to business operations mounts in the face of severe weather, cybersecurity breaches, global pandemics, terrorism, and even war, many organizations have found themselves struggling to protect themselves from evolving threats.

Unfortunately, it is often not until businesses find themselves at immediate risk that they take action to prepare for the worst. As natural and human-made disasters continue to rise in both volume and severity, a proactive, formalized, and well-practiced approach to business continuity and disaster recovery has become even more critical.

At Empyrean, we’ve seen first-hand how crucial thoughtfully designed disaster recovery and business continuity programs are for corporate resiliency. Our headquarters is located in Houston, Texas, which has a climate prone to extreme weather events. Over the last few years, the Houston area has experienced severe natural disasters that have included hurricanes, flooding, extreme heat, power outages, and even freeze events.

But even through these states of emergency, we have had little to no disruption to our regular business operations. The redundancies, controls, technologies, and training we have provided to our teams have made us well-positioned to weather any type of storm – be it a hurricane, power crisis, or even a global pandemic.

Corporate Resiliency at Empyrean

Empyrean’s resiliency program is a framework of policies, procedures, and controls that are designed to protect our organization from a large range of threats, including those of natural, technological, biological, adversarial, incidental, or human-caused origin. 

Our commitment to corporate resiliency is a year-round, ongoing effort that allows us to comprehensively avoid or reduce the impact of these potential threats by predicting, preparing for, and practicing our response to crises.

Our standards and guidelines apply not only to Empyrean team members, but to contractors, sub-contractors, and their respective facilities supporting Empyrean business operations, wherever Empyrean data is stored or processed, including any third-party contracted by Empyrean to handle, process, transmit, store, or dispose of Empyrean data.

The strict framework we follow maintains Empyrean’s compliance with our SOC1, SOC2, and ISO 27001 requirements, and helps to ensure the integrity and availability of our critical systems. This type of protection and oversight is essential for maintaining the trust of our stakeholders, partners, and (most importantly) our clients and their employees.

Here are some of the key features of our own resiliency framework, which includes best practice standards that are key pillars for any business continuity and disaster recovery roadmap.

Business Impact Analysis (BIA)

A business impact analysis (BIA) predicts the consequences of a disruption to your business and gathers information needed to develop recovery strategies. Through this systematic process, organizations can evaluate the potential effects of an interruption to critical business operations resulting from a disaster or other emergency and explore vulnerabilities and potential threats.  

Our business impact analysis (BIA) is the core of our resiliency program and contains the key information and data we use to make decisions that pertain to our continuity, response, and recovery. Through this annual detailed analysis, we take action to guard against any identified vulnerabilities and develop plans to reduce any risks tied to the potential threat. Our BIAs also allow us to proactively prioritize all critical function areas based on their potential impact and likelihood of occurrence and implement or identify existing controls to mitigate downtime.

Some of the plans that we’ve built through our BIA include our Business Continuity, Disaster Recovery, Application Recovery, Technical Recovery, and Crisis Management Plans.

Training & Plan Execution

A plan is only as good as a team member’s ability to understand their role and respond in the event of a crisis. Our standard operating procedures (SOPs) provide detailed, step-by-step guidance to execute our response plans in a detailed, systematic, and effective manner.

Responding to a disaster or emergency event requires the involvement of multiple stakeholders and careful coordination to ensure the confidentiality, integrity, and availability of sensitive company information. We carefully train our teams responsible for implementing controls, providing clear instructions, guidance, and training materials to ensure each team member understands how to execute a response plan should the need arise.

To do this, our SOPs include clearly defined roles, responsibilities, and redundancies. In addition to weekly meetings of our Resiliency and Crisis Management Teams, we conduct regular drills and practice exercises on an ongoing basis.

We also conduct an annual resiliency program review to assess the current state of our BIA and associated plans to ensure we consistently re-evaluate potential issues that could threaten Empyrean’s ongoing operations while addressing gaps and lessons learned from our ongoing exercises and/or actual real-life events.

Resiliency training is offered both as part of our annual compliance training and our ongoing quarterly response simulations. Through these training events, our team practices executing our SOPs, using our Mass / Emergency Notification System (M/ENS), and utilizing other tools incorporated into our disaster response programs. These drills also give us the opportunity to monitor controls to ensure they are functioning as intended.

Through this training, we provide our employees with valuable experience to ensure that any real-life events can be executed thoughtfully and in accordance with our resiliency planning. These exercises also help identify and evaluate potential gaps in our plans so that we can take the necessary steps to begin resolving and mitigating additional risks.

Internal Auditing & Corrective and Preventative Actions

In addition to our practical training programs, we also maintain strict processes for identifying and addressing nonconformities and areas for improvement identified through internal audits, management reviews, and other monitoring activities. These practices ensure that nonconformities are quickly corrected and that preventive actions are taken to prevent their recurrence.

These internal audits include the quarterly assessment of any changes to our business environment, shifts in tools and technologies used throughout the business, changes to regulations and standards, incidents and near-misses, and feedback from our key stakeholders.

If any nonconformities are identified through our team’s audits, we conduct a root cause analysis to identify the underlying cause(s), take swift correct actions based on our findings, put preventative actions in place to ensure the issue does not arise again, and then conduct careful monitoring to verify the effectiveness of measures taken.

Third-Party Auditing and Reviews

While we conduct internal audits on an ongoing basis, we also rely on annual third-party audits to review the overall effectiveness of our processes and related controls. Through these ongoing reviews, our third-party partners can identify potential areas for improvement and ensure that Empyrean remains compliant with or exceeds all required standards.

We also participate in annual third-party audits to maintain compliance with our SOC1/SOC2 and ISO 27001 certifications. Our annual SOC1/SOC2 audits and ISO 27001 surveillance review include an extensive examination of functions across a wide range of criteria to identify any gaps or non-conformance.

Empyrean also undergoes an intensive IS 270001 recertification audit every three years.

Continuous Improvement

Threats evolve at a rapid pace, so we maintain a process of continuous improvement to ensure all of our business continuity and disaster recovery programs remain effective and aligned with our strategic goals.

To do this, we maintain a strict schedule that includes:

  • Identifying opportunities for improvement that may include changes in the organization’s context, new or updated regulatory requirements, or changes in technology.
  • Evaluating (and re-evaluating) best practice standards, includingexternal benchmarking, industry standards, or guidance from professional associations.
  • Adopting new technologies in alignment with industry standards and our resiliency posture.
  • Implementing changes to procedures, tools, and ownership, including updating SOPs, controls, and any policies as needed.
  • Ongoing internal and external monitoring of the effectiveness of changes made as part of Empyrean’s continuous improvement process.

A strong corporate resiliency posture is critical in today’s business environment. While it may feel daunting to shift to a proactive approach, a thoughtful and well-tested business continuity and disaster recovery program will provide your organization’s stakeholders with the peace of mind and protection necessary to be successful.

Trust us, we’ve seen it firsthand.

We’re not Just Surviving, We’re Thriving. 


ABOUT RICK MILLER

Rick Miller is Empyrean’s Vice President, Information Technology and has been with Empyrean since 2010. Rick has overseen Empyrean infrastructure, security practice, and business continuity and disaster growth since joining the company. Rick continues to lead the organization’s security, BCP/DR, audit, and procurement practices.

Why Your People Experience Matters More Today than Ever Before

Why Your People Experience Matters More Today than Ever Before

A Connected and Personalized People Experience Can Help You Overcome 2023’s Top Employer Challenges 

The past few years have presented challenge after challenge for employers, making it harder than ever for HR teams to support their people and reach their goals. Workforces are more dispersed than ever, turnover is high, engagement is low, and it continues to be a candidate’s job market.   

But regardless of these challenges, organizations committed to creating connected, personalized people experiences have been able to strengthen their employer brand, and with it, raise their levels of engagement, retention, and the overall well-being of their people.

What is a People Experience?

Organizations are made up of people; individuals working towards a common goal but each with their own unique perspectives, backgrounds, experiences, and motivators.  

The way your teams experience and connect to your company culture and benefit programs influence everything from engagement to retention to performance – each of which has a tremendous impact on HR and organizational success.    

A strong, strategically executed people experience and benefits strategy should be leveraged by HR and benefits leaders to advance all people-related goals. The key to leveraging benefits success to advance your broader HR goals is delivering these life-enriching benefits through a personalized, connected people experience.  

Today’s Top Employer Challenges  

Here are some of the top challenges employers are facing today that can be improved by offering a strong people and benefits experience.  

Talent Attraction

Even through today’s economic uncertainties and highly publicized layoffs, the January 2023 jobs report showed that the unemployment rate continues to hover around 3.4 percent.  

Even before they apply for a position, your potential new hires begin to engage with your employer brand. A strong candidate experience drives your ability to attract talent, and your Talent Acquisition teams need reliable tools to leverage your company culture and benefits programs to compete in today’s competitive market.  

Engagement & Retention

A recent study conducted by Monster.com found that a staggering 96 percent of U.S. workers will be looking for a new job in 2023. Forty percent of those surveyed say they need to find a higher-paying position due to inflation and rising costs of living.  

Employees often overlook the value of their total rewards package and other workplace benefits like a strong culture, flexible work arrangements, and opportunities for professional development and advancement.  

To engage and retain talent, it is critical that you deliver positive, personalized experiences that make each person within your organization feel valued and supported as the individuals they are – or your talent will look elsewhere without hesitation.  

It can be hard for people to recognize the value you bring as their employer. A rich benefits program has been traditionally a disconnected one, experienced through different carrier apps, your intranet, and even corporate email.  

A connected and centralized people experience brings together all that you offer as an employer – better demonstrating to your teams just how you’re supporting them in both work and in life in a way that is tailored to their unique situation, lifestyle, and life stage.  

Increased Benefit Expectations 

Today’s consumers have nearly unlimited choices when it comes to purchasing items they need and want.  

Benefits and healthcare are no different, putting employers and the entire health system under more pressure than ever to transform the consumer experience and provide transparent, easy-to-navigate health and wellness experiences.  

A positive benefits experience not only drives well-being for your people, but also demonstrates the value of the benefits you offer as their employer. Connecting benefits into one experience empowers your team to choose and use the best benefits for them while optimizing their value.  

Benefit Education Gaps   

Even as people demand more from their benefits programs, benefits education gaps persist. According to a recent Aflac study, nearly 3 in 5 employees spend less than 30 minutes researching their benefits, with 24% of those surveyed reporting spending less than five minutes.  

Your employees need year-round guidance on choosing and using the best benefits available for their unique situations and circumstances. Creating personalized messages and experiences guides your people towards better benefit enrollment, adoption, and utilization decisions, improving the wellbeing of both your people and their loved ones.  

Centralizing benefit experiences and communication points also increases levels of benefit engagement while offering more opportunities to educate your people about how to find and use the best resources available to them in ways that improve overall benefits and workplace satisfaction.  

Diversity, Equity, Inclusion & Belonging 

The positive influence of diverse and inclusive workplaces on organizational success has been well documented. Diverse and inclusive workplaces are tied to:  

  • Higher revenue growth 
  • Greater readiness to innovate  
  • Increased ability to recruit a diverse talent pool  
  • 5.4 times higher rates of employee retention  

No matter how rich your benefits program is, you may be delivering it in an inequitable, non-inclusive way. Your people need to understand how the benefits you offer specifically support them today in their current situation while setting them up for success tomorrow.  

Unless benefits are delivered in a way that feels personalized for each member of your population at any life stage or circumstance, no one will feel like they belong.  

Dispersed Workforces 

Whether you have an in-office, hybrid, or remote-first workplace, or if you have a high population of front-line and deskless workers, today’s workforce is more geographically dispersed than ever before.  

Employers that are strategic and thoughtful about how to engage workforces scattered across different locations by creating one centralized, accessible communication channel will find the most success in connecting their people to their culture.  

Lack of Financial Security Impacting Employees  

U.S. workplaces lose an estimated $500 billion dollars each year due to lost productivity tied to personal financial stressors plaguing their employees.  

Due to the rising cost of consumer goods, more than a third of all American workers report that they made a difficult healthcare decision in the past year, including having to choose between paying for a prescription or medical treatment and other household bills.  

More than 84 percent of employers report increased retention as a result of their financial wellness benefit offerings. As your people navigate rising expenses and other financial insecurity, they are relying on you to help them make informed and educated financial wellness decisions that are right for them today and in the future. Employees value this type of support and guidance, and a connected people experience can help them optimize the financial wellness programs you offer.  

Are you ready to change the way you think about your people experience?

If you’re ready to change the way you think about your people experience, we can help.  

+YOU is a single entry point that connects your people to your company culture and all the benefits and resources you’ve invested in to support them – from one centralized place.  

Learn how NexTier leveraged +YOU to connect its dispersed, deskless workforce amidst 41% headcount growth.

LET'S TALK