Archive for January, 2010

« Older Entries

7 Habits of Highly Effective Business Continuity

Friday, January 29th, 2010

1. The Senior Executive actively supports Business Continuity

The CEO\Director\General Manager that believes in and wants a functional Business Continuity program in place is a critical success factor.

To have a senior Executive that is responsible for setting the priorities and vision for the organisation to stand behind BCP and communicate this to the staff is a powerful change motivator. 

2. A Whole of Business Approach

A business continuity program that prioritises the organisation from the Executive’s birdseye perspective as well as analysing business impacts across all business functions in a consistent manner will lead to a better informed business continuity strategy being proposed. It allows the Executive to see the requirements of the business in a single snapshot and make a cost benefit justified decision on the level of continuity required.

3. A Single Point of Business Continuity Management

Someone needs to be responsible for BCP at an organisational level. It needs to be in their job description and a priority for them, otherwise it runs the risk of falling between the cracks. With one person accountable for co-ordinating, aggregating, monitoring the overall Business Continuity program and reporting to the Executive, the program is more likely to stay visible and maintain momentum.

4. Testing, Testing, Testing

Business Continuity should be viewed as an ongoing continuous improvement program. And as such testing is vital. It highlights flaws and validates assumptions in your business continuity plans, giving opportunity to improve them. Testing builds confidence and competence within the business continuity team as it brings home how the strategy would actually work in a variety of scenarios and how the roles will interrelate. An untested Business Continuity Plan cannot be considered viable.

5. Embedding BCP into job descriptions and procedures

The various BCP roles such as BCP Manager, Command Team Leader, Business Unit Leader, etc should be written into position descriptions so that it is very clear that is a part of the responsibilities of the staff members. Procedures for new projects, business changes and IT changes should include provision for ensuring the change has BCP/ IT Disaster Recovery aspects taken into account. All changes should have an impact analysis conducted that includes impact on BCP/IT Disaster Recovery procedures.

6. Starting on the right foot

An induction training package that briefs new employees on the Business Continuity and Emergency Management strategies and plans in place is a great way to start them off on the right foot, highlighting the importance of this to the organisation.

7. Maintenance

The person responsible as BCP Manager should be tasked with ensuring maintenance of the documentation occurs on a regular basis. Outputs from changes and testing sessions all need to be fed into the plans.  Periodically the BIA should be revisited and organisation’s prioritisations and maximum tolerable outages reviewed.

Tags: , , , , , ,
Posted in Business Case, Business Continuity, Business Continuity Maintenance, Business Continuity Plan, Business Continuity Testing, Business Impact Analysis, Disaster Recovery | 1 Comment »

Business Continuity and Disaster Recovery Events Calendar

Monday, January 25th, 2010

OpsCentre have compiled the following list of Au/NZ Business Continuity and IT Disaster Recovery related exhibitions, expos, conferences and other events.

Hope to see you there at one or more of the events.

Feb 23/02/2010 Sydney Continuity Forum CF Experienced User Special Interest Group
Feb 24/02/2010 Wellington Conferenz 5th Annual Business Continuity Conference
March 22/03/10 & 23/03/10 Sydney CEBIT CEBIT – Future Proofing your data centre conference
March 23/03/2010 Sydney Continuity Forum Business Continuity Awareness Week Kick-off event
March 24/03/10 & 25/03/10 Sydney BCI Australasian Business Continuity Summit 2010
March 24-25 March 2010 Sydney Gartner Gartner Infrastructure, Operation and Data Centre Summit
May 5/05/2010 NZ Continuity Forum New Zealand Conference
May 19/05/10 -20/05/10 Canberra IQPC Enterprise Risk Management for Government 2010
May 24 – 26 May 2010 Sydney CEBIT CEBIT 2010
Sep 8/09/2010 Sydney Continuity Forum Continuity Forum Conference and Expo
Nov 10/11/2010 Sydney Continuity Forum BC in Government Conference

Further details canbe found on the websites of the respective companies organizing the events.

Tags: , , , ,
Posted in Business Continuity, Disaster Recovery | No Comments »

Making Sense of Business Continuity Frameworks, Standards & Guidelines

Monday, January 18th, 2010

There are about 50 or more Standards, Codes of Practice and Practice Guidelines for business continuity, risk management and IT disaster recovery around the world. Some are internationally applicable and some are country-specific.  

Below is some information about the various frameworks and standards that may relate to Australian organisations. This is not the complete list of all standards, rather a sampling of the most commonly referred to in Australia.

APRA (Australian Prudential Regulation Authority)
The overall objective of the APRA standard on Business Continuity Management (Prudential Standard APS232) is to ensure that all authorised deposit taking institutions, general insurers and life insurance companies implement a whole of business approach to business continuity.

Australian National Audit Office – Business Continuity Management 
In June 2009 ANAO released an updated version of their guide, titled Business Continuity Management. This guide is focused on building resilience in public sector entities.  It is freely available to download at the ANAO website

Australian Standards Handbooks
AS HB 292, A practitioners guide to business continuity management provides an overview of the best practice Business Continuity Management (BCM) used in Australia, USA and the UK. It can help in implementing and analysing your continuity plans. It also covers what is BCM, establishing and managing a BCM program, assessing risks and developing scenarios, developing BCM strategies, assessing and collating resources, writing the plan, activation and deployment. It also includes useful checklists, templates and tables for use. This is a non-auditable standard.

 AS HB 293, Executive guide to business continuity management, provides senior management with an overview of key concepts and processes to implement and maintain an integrated, robust BCM program. It provides navigation to the comprehensive information in HB 292. This is a non-auditable standard.

British Standards: BS25999  Code of Practice for Business Continuity Management
BS 25999 is a voluntary standard suitable for any organisation, large or small, from any sector. This is an auditable standard.

Part 1, the Code of Practice provides BCM best practice recommendations.
Part 2, the Specification provides the requirements for a Business Continuity Management System (BCMS) based on BCM best practice.

ISO/IEC 27001 Information Security
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The requirement for business continuity planning is an aspect of this system. State Government departments in Australia are required to have certification to this standard.

Business Continuity Institute Good Practice Guidelines: BCI GPG (2007)
Guide to Implementing Global Good Practice in BCM compiled by the peak industry body. This is a best practice guide intended for organisations of all sizes. It is developed and updated in the context of the internationally auditable standards as they develop ie. BS 25999.

The list can go on. There is Sarbanes Oxley (SOX), COBIT, ITIL and many more. They all vary but typically have some fundamental aspects the same. Whatever your Standard, we can help you to develop and maintain business continuity that will comply.

If you’re starting from scratch and don’t know if or which standard or guideline to follow, talk to us. OpsCentre can help to simplify it.

Tags: , , , , , , , , , , , , ,
Posted in Business Continuity Standards | 1 Comment »

« Older Entries