Innovation in business continuity doesn’t always have to be technological, as one award-winning approach to a business continuity plan has shown. Sometimes the real innovation is simply in the point of view – the “how” of business continuity, instead of the “what”. That was what the New South Wales Police Force revolutionized to win the Australian Business Award for Innovation in 2008, winning organisations being “those that display exceptional leadership in their industry, and are role models for other organisations seeking business and product excellence”. A BC framework is essential to a police force as an emergency service; what is unique about the one used by the NSW Police Force is that instead of being driven by incidents, it is determined by consequences. (more…)
Archive for the ‘Business Continuity Plan’ Category
Innovation in business continuity plans
Friday, November 11th, 2011Moving towards a business case for business continuity
Tuesday, October 25th, 2011Making the business case for business continuity is an area that companies struggle with. Whereas fires and explosions can have people’s imaginations working feverishly, when a little time goes by and they don’t happen, they get relegated to a “to do” list that might get done by the IT department, but not by others. (more…)
Business continuity plan best practice – best for whom?
Tuesday, October 11th, 2011Even businesses that compete in the same market may be very different in structure and operations. For a generic approach, business continuity best practice is available in any number of books or training courses, but best practice for the detail of what goes into your plan may be harder to come by.
Business Continuity and Common Risks for Small Businesses
Wednesday, September 28th, 2011What makes small businesses different to bigger ones when it comes to business continuity? Common risks for small businesses are linked to their operations being confined to one specific sector and one geographical location. They don’t have the possibilities of mitigation available to larger, more diverse, distributed companies. Disaster can strike all of their resources at once. Accordingly, larger customers often scrutinise their small company suppliers to see whether they have an effective business continuity strategy in place. (more…)
Preparing for an exceptional event that happens every year
Monday, September 19th, 2011If the city where your business runs is hosting the Olympic Games or similar, then you’ll be facing a one-off exceptional event. As such, you may need to take exceptional measures in order to ensure business continuity. For events of this magnitude, organisers or municipal agencies often produce continuity guidelines to help avoid the worst and maintain business continuity. (more…)
How do you get the organisation to recognise the importance of Business Continuity?
Friday, September 16th, 2011The road to hell is paved with good intentions. Sure, people in an organisation want business to go on successfully. Their jobs, families and futures depend on it. If you ask them what would happen if systems suddenly crashed, if access to their workspace was blocked, they’ll probably agree it would be a disaster.
CIOs warned to prioritise governance and business continuity
Thursday, March 24th, 2011Recent natural disasters have spurred warnings to forgo a reactive approach to governance.
In this Computerworld article, HopgoodGanim’s IT lawyers are reminded of the importance of prioritising ICT governance and business continuity to minimise risk to the business, in the wake of the recent natural disasters plaguing the nation and indeed the world.
Business Continuity Planning – More Than Just Disaster Recovery
Monday, February 14th, 2011The disasters in Queensland, Victoria and Western Australia have put BCP into sharp focus.
In this article, Allan Davies provides advice he gleaned the hard way from working through numerous disasters, and suggests that CIO’s need to think in broader terms than just IT disaster recovery. He outlines nine valuable lessons that should be incorporated into everyones disaster recovery plan.
Key Supplier Resilience as part of Business Continuity Management
Wednesday, March 24th, 2010It is not enough just to look at the resilience strategies for within your organization, the entire supply chain needs to be considered for your critical business functions.
Are you reliant on a single supplier for any key products or services?
If you have alternate suppliers, are they geographically separate or in other ways diverse from your primary supplier? If your primary supplier was affected by a problem, how likely is it this backup supplier would be too?
Can you build the requirement for these suppliers to have robust and verified business continuity in place for themselves into your supply agreements?
What are your workarounds and strategies if supply of these products or services were cut-off?
All of these questions should be examined as part of a robust business impact analysis of your critical business functions. Having a BCP is more than just a tick in the box for your audit report. It is about having confidence in your organization’s resilience. What a great selling feature for your clients, if you can confidently state you’ve got a mature and resilient organization that will stay in operation when others may fail!
Business Continuity Planning for Small to Medium Enterprise
Wednesday, March 17th, 2010Consider the scenario of losing your primary premises due to fire. Can you answer these questions?
- How much revenue would you lose being out of action for a day, a week or a month?
- Have you got an alternate location to operate your business from?
- Is your data regularly sent off site and ready to be restored into backup systems?
- What are your critical paper records and how do you continue to operate if they were destroyed?
Every business, regardless of its size, should be confident in the answers to these questions and should be making an informed choice about the cost of implementing business continuity strategies and IT disaster recovery solutions versus the risk\cost of not doing anything.
Small to Medium Enterprise (SME) often don’t have the budget or resources to spend months implementing a business continuity project. But SME’s still have a need for BCP, just as much as bigger organisations. Quite often all of the physical resources, especially IT equipment are concentrated in the one location which can increase the risk. Sometimes without dedicated IT staff, the backup and restoration practices may not be sufficient to help them recover from a loss of premises type incident.
At OpsCentre we’ve refined the art of the ‘Quick Start’ BCP and can deliver a business continuity plan for suitable small to medium enterprises within 1-2 weeks. If your organization needs assistance with getting a business continuity plan in place we can help. Contact us and let us know what you need.
Business Continuity – Is your business ‘Recovery Ready’?
Wednesday, March 3rd, 2010Do you know the answers to these questions for your organisation?
1. How would we continue to function in an extended building evacuation such as a power outage or flood in the basement?
2. Who are our most critical customers and how would we contact them?
3. What is our current IT Disaster Recovery capability? How long would it take to restore our most critical systems, applications and data?
4. Do we outsource critical business functions to third party organisations services? What if they were to fail.
5. Do our staff know how to get out of our building safely, where to go, and how do we account for them?
6. In the event of a disaster, would we need to implement manual workarounds to cater for reduced staff numbers, loss of IT systems, or denial of access to our building?
OpsCentre recommends undertaking a Readiness Assessment to identify where you are exposed and the possible impacts. If you would like assistance with evaluating the health of your business continuity program, we would be happy to assist. Don’t forget we are offering a complimentary initial consultation from which you will receive an ‘actionable’ health check report.
Click here for more information about the OpsCentre complimentary consultation.
Have you outgrown your paper-based business continuity and disaster recovery plans?
Monday, February 22nd, 2010Your organisation has changed and you are finding that the current “paper-based” planning methodology no longer is fit for purpose.
If you recognise any of the following items familiar, it may be time to invest in a business continuity software planning solution:
1. Are your plans hard to maintain and have numerous areas for updates?
2. Would the volume of updates and changes be better suited to the functionality of a relational database?
3. Does your organisation have numerous Business Continuity and Disaster Recovery stakeholders that are required to provide input and updates to the plans?
4. Is the import of your Business Impact Analysis (BIA) information a manual process taking significant time and effort to complete?
5. Is it difficult to provide granular reporting to Senior Management and auditors?
6. Is additional plan security required?
7. Are some sections of the plans “off limits” to certain groups or business units?
8. Is Business Continuity/Disaster Recovery exercising and training difficult to organise and complete?
9. Does your current plan require greater geographical coverage for your branch offices?
10. Are updates completed in a scheduled manner (or 1 week prior to an audit or test)?
If you answered “Yes” to any of these questions, odds are that a more sophisticated Business Continuity/Disaster Recovery planning tool may be of use to the maintenance and health of your management program.
The best part is that this is not a “throw the baby out with the bathwater” scenario. Some of the better planning tools allow for the import of completed planning data directly into the software tool, retaining all of your previously completed hard work .
Time spent evaluating a Business Continuity / Disaster Recovery software planning tool may benefit your constantly changing and evolving plans and be of great value to your organisation.
7 Habits of Highly Effective Business Continuity
Friday, January 29th, 20101. The Senior Executive actively supports Business Continuity
The CEO\Director\General Manager that believes in and wants a functional Business Continuity program in place is a critical success factor.
To have a senior Executive that is responsible for setting the priorities and vision for the organisation to stand behind BCP and communicate this to the staff is a powerful change motivator.
2. A Whole of Business Approach
A business continuity program that prioritises the organisation from the Executive’s birdseye perspective as well as analysing business impacts across all business functions in a consistent manner will lead to a better informed business continuity strategy being proposed. It allows the Executive to see the requirements of the business in a single snapshot and make a cost benefit justified decision on the level of continuity required.
3. A Single Point of Business Continuity Management
Someone needs to be responsible for BCP at an organisational level. It needs to be in their job description and a priority for them, otherwise it runs the risk of falling between the cracks. With one person accountable for co-ordinating, aggregating, monitoring the overall Business Continuity program and reporting to the Executive, the program is more likely to stay visible and maintain momentum.
4. Testing, Testing, Testing
Business Continuity should be viewed as an ongoing continuous improvement program. And as such testing is vital. It highlights flaws and validates assumptions in your business continuity plans, giving opportunity to improve them. Testing builds confidence and competence within the business continuity team as it brings home how the strategy would actually work in a variety of scenarios and how the roles will interrelate. An untested Business Continuity Plan cannot be considered viable.
5. Embedding BCP into job descriptions and procedures
The various BCP roles such as BCP Manager, Command Team Leader, Business Unit Leader, etc should be written into position descriptions so that it is very clear that is a part of the responsibilities of the staff members. Procedures for new projects, business changes and IT changes should include provision for ensuring the change has BCP/ IT Disaster Recovery aspects taken into account. All changes should have an impact analysis conducted that includes impact on BCP/IT Disaster Recovery procedures.
6. Starting on the right foot
An induction training package that briefs new employees on the Business Continuity and Emergency Management strategies and plans in place is a great way to start them off on the right foot, highlighting the importance of this to the organisation.
7. Maintenance
The person responsible as BCP Manager should be tasked with ensuring maintenance of the documentation occurs on a regular basis. Outputs from changes and testing sessions all need to be fed into the plans. Periodically the BIA should be revisited and organisation’s prioritisations and maximum tolerable outages reviewed.
Are your service providers the weak link in your business continuity strategy?
Wednesday, January 6th, 2010Business functions, systems or processes to be outsourced locally or internationally should comply with the organisation’s Business Continuity Management Policy and Outsourcing Policy. It is the responsibility of business owners, in conjunction with the sourcing department, to conduct adequate due diligence on the business recovery capability of the outsourced partner, however the relevant Business Continuity Managers need to ensure that all operational aspects of the functions outsourced are captured and reflected in the contractual documents.
Are your outsourced service and other third party providers are considered in your business impact analysis and business continuity strategy?
Business Continuity Terminology – What’s the difference between MTO, RTO and RPO?
Sunday, January 3rd, 2010A common query that we come across in business continuity consulting is, ‘what is the difference between MTO, RTO and RPO?’
MTO is the Maximum Tolerable Outage
The Maximum Tolerable Outage for a critical business process represents the maximum amount of time that an organization can survive without the business process in any form (manual or automated). Defining the MTO for a process gives you the deadline for when this process must be up and running in some form or another.
The BCI describes MTO as ‘At what point in time do you need to either recover your business process, or invoke contingency procedures to prevent you from meeting your business objectives\targets.’
RTO is Recovery Time Objective
Recovery Time Objective is essentially the timeframe requirement for how long it should take to recover from the time of declaring the disaster (not the time of the actual incident) to when the critical process or system is available to users.
RPO is the Recovery Point Objective
The Recovery Point Objective describes the age of the data you want to restore in the event of a disaster. For example if your RPO is 6 hours, you want to restore systems back to the state they were in no longer than 6 hours ago. This dictates your backup requirements, in this example you must be making data backups at least every 6 hours. Any data created up to the 6 hour RPO will be lost and will need to be recreated during your recovery process (if possible).