Archive for March, 2010

Business Continuity Test Scenarios

Monday, March 29th, 2010

Testing BC and DR planning is an essential component of any “healthy” continuity management program and as such, should be undertaken on a regular basis.  While this is generally “good practice,” organisations are often under internal and external compliance and governance pressures to complete additional and more complex or mature testing regimes.

There is a broad range of testing options across the spectrum depending upon the maturity of the organisation’s planning.  If this is the first time that a test has been undertaken – (“green fields”) planning can start with a plan walk through (Table Top or White Board) test.  These are paper based scenario workshops with business and/or technical personnel attending.  The test is generally a few hours long and should question the information and logical sequence of priorities contained in the planning documentation.

At OpsCentre, we often are engaged by a client to assist with an upcoming test and use our experience to add complexity and interest to the activity.  The client organisation has successfully completed tested (often the same test) on a number of occasions and would like us to provide more in-depth rigor around the process in general.

Other than experiencing a full blown disaster (which by the way is the best form of test – although not recommended on an annual basis) we have orchestrated testing workshops to assist our clients as detailed below:

1. Applications Functional Testing

  • Technical failover of applications or services from the primary production facility to the alternate recovery site
  • Insure that the test is isolated from production and that no “cheating” occurs whereby test attendees liaise with production resources or documentation that would not be available in a disaster

2. BC and DR End to end process flow testing

  • Complete testing of the recovery facilities by business and technical units including up and downstream application restoration in the disaster recovery environment
  • This can be an expensive and resource intensive exercise. The results are extensive and recommended to establish detailed baselines for all aspects of BC/DR planning

3. Denial of Access Testing

  • Business site-wide tests for recovery personnel to perform a normal day’s work from their alternate recovery sites with applications/systems pointed to normal production services
  • Try this test at 3:00AM – convening disaster personnel and timing their response.  Disasters can occur at any time and if not possible to physically attempt this type of test, logically the process flow should include “out of hours” scenarios.

4. Facility Power Downs

  • During essential mechanical and electrical maintenance activities at key facilities.  Contingency plans are executed/tested concurrently
  • If the production infrastructure is going to be off-line due to maintenance that is predetermined, use this opportunity to test your planning and response mechanisms to their fullest.

Completing any of the scenarios illustrated will take a fair amount of project planning and management buy-in.  Considerations should be thought out well in advance of the test/audit/governance/compliance schedule so that the test exercises run as smooth as possible and the best results are achieved.

Tags: , ,
Posted in Business Continuity Testing | 2 Comments »

Key Supplier Resilience as part of Business Continuity Management

Wednesday, March 24th, 2010

It is not enough just to look at the resilience strategies for within your organization, the entire supply chain needs to be considered for your critical business functions.

Are you reliant on a single supplier for any key products or services?

If you have alternate suppliers, are they geographically separate or in other ways diverse from your primary supplier? If your primary supplier was affected by a problem, how likely is it this backup supplier would be too?

Can you build the requirement for these suppliers to have robust and verified business continuity in place for themselves into your supply agreements?

What are your workarounds and strategies if supply of these products or services were cut-off?

All of these questions should be examined as part of a robust business impact analysis of your critical business functions. Having a BCP is more than just a tick in the box for your audit report. It is about having confidence in your organization’s resilience.  What a great selling feature for your clients, if you can confidently state you’ve got a mature and resilient organization that will stay in operation when others may fail!

Tags: , , , , ,
Posted in Business Continuity, Business Continuity Plan, Business Impact Analysis | 1 Comment »

Business Continuity Planning for Small to Medium Enterprise

Wednesday, March 17th, 2010

Consider the scenario of losing your primary premises due to fire. Can you answer these questions?

- How much revenue would you lose being out of action for a day, a week or a month?
- Have you got an alternate location to operate your business from?
- Is your data regularly sent off site and ready to be restored into backup systems?
- What are your critical paper records and how do you continue to operate if they were destroyed?

Every business, regardless of its size, should be confident in the answers to these questions and should be making an informed choice about the cost of implementing business continuity strategies and IT disaster recovery solutions versus the risk\cost of not doing anything.

Small to Medium Enterprise (SME) often don’t have the budget or resources to spend months implementing a business continuity project. But SME’s still have a need for BCP, just as much as bigger organisations. Quite often all of the physical resources, especially IT equipment are concentrated in the one location which can increase the risk. Sometimes without dedicated IT staff, the backup and restoration practices may not be sufficient to help them recover from a loss of premises type incident.

At OpsCentre we’ve refined the art of the ‘Quick Start’ BCP and can deliver a business continuity plan for suitable small to medium enterprises within 1-2 weeks. If your organization needs assistance with getting a business continuity plan in place we can help. Contact us and let us know what you need.

Tags: , , , , , , , ,
Posted in Business Continuity, Business Continuity Plan, Disaster Recovery | No Comments »

Compliance Management

Saturday, March 6th, 2010

Compliance is an outcome of an organization meeting its obligations. Policies and procedures to achieve compliance must be integrated into all aspects of how the organization operates. Compliance should not be seen as a standalone activity, but should be aligned with the organization’s overall strategic objectives. An effective compliance program will support these objectives.

While maintaining independence, compliance should be integrated with the organization’s financial, risk, quality, environmental and health and safety management systems and its operational requirements and procedures.

Compliance programs should be shaped by an organization’s core values and generally accepted corporate governance, ethical and community standards.

An effective organization-wide compliance program results in being able to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes, organizational standards as well as standards of good corporate governance, ethics and community expectations.

Based on AS3806 (Compliance Processes), AS4360 (Risk) and ISO9001 (Quality), OpsCentre provides a number of compliance management services, including:

• Health checks and reviews of existing compliance systems
• Facilitation of development of compliance programs
• Identification of an organization’s compliance obligations: legal, regulatory and organizational.
• Assisting with documentation of necessary compliance processes and procedures
• Facilitation of development of compliance programs
• Compliance training and awareness programs
• Facilitation of executive compliance management

Tags: , , , , , , , , ,
Posted in Business Continuity, Risk Evaluation | No Comments »

Business Continuity – Is your business ‘Recovery Ready’?

Wednesday, March 3rd, 2010

Do you know the answers to these questions for your organisation?

1. How would we continue to function in an extended building evacuation such as a power outage or flood in the basement?

2. Who are our most critical customers and how would we contact them?

3. What is our current IT Disaster Recovery capability? How long would it take to restore our most critical systems, applications and data?

4. Do we outsource critical business functions to third party organisations services? What if they were to fail.

5. Do our staff know how to get out of our building safely, where to go, and how do we account for them?

6. In the event of a disaster, would we need to implement manual workarounds to cater for reduced staff numbers, loss of IT systems, or denial of access to our building?

OpsCentre recommends undertaking a Readiness Assessment to identify where you are exposed and the possible impacts.  If you would like assistance with evaluating the health of your business continuity program, we would be happy to assist. Don’t forget we are offering a complimentary initial consultation from which you will receive an ‘actionable’ health check report.

Click here for more information about the OpsCentre complimentary consultation.

 

Tags: , , , , , ,
Posted in Business Continuity, Business Continuity Plan, Business Resilience, Disaster Recovery | No Comments »