Business continuity management might be defined as “doing things right” in business continuity. Leadership on the other hand is doing the right things. In a world where businesses and threats to businesses change rapidly, management in a general sense isn’t sufficient. Unless someone carries the torch of leadership, any organisation is ultimately doomed because it won’t adapt. And as they say, adapt or die. Leadership in business continuity is no exception. In fact, for several reasons, it’s even more important. (more…)
Posts Tagged ‘Business Continuity Management’
Business Continuity Management or Leadership?
Wednesday, January 4th, 2012Business Continuity Management indicators – leading or lagging?
Thursday, November 24th, 2011In business continuity management, you need to know how well you’re doing. In fact both BCM and disaster recovery need their indicators, just like the rest of the management sectors, whether for finance, production, logistics or any other domain. In a world where KPI (Key Performance Indicator) is a watchword, and the accepted rule is “what gets measured, gets managed”, it’s clear that the right measurements can help in effective management. However, if BCM is designed to keep things running, whereas DR is destined to be applied when they stop running, do they necessarily need the same type of indicators? (more…)
How do you get the organisation to recognise the importance of Business Continuity?
Friday, September 16th, 2011The road to hell is paved with good intentions. Sure, people in an organisation want business to go on successfully. Their jobs, families and futures depend on it. If you ask them what would happen if systems suddenly crashed, if access to their workspace was blocked, they’ll probably agree it would be a disaster.
Getting real with CBCP – Certified Business Continuity Professional
Tuesday, July 12th, 2011The real power of information is when it’s applied. When theory turns into practice, or to use another expression, where the rubber meets the road. Business continuity is no exception. An organisation looking for someone with the right capabilities for a business continuity management role will want two things: in-depth understanding of the principles of BC and the trends in the industry; and demonstrable experience. However, whereas you can show how much you understand by answering questions or taking exams, how can you prove that you’re also a seasoned professional who has the practice as well as the theory under control?
That’s where the CBCP comes in – the Certified Business Continuity Professional. It’s a qualification originating from DRI International and it tackles the tricky question of certifying practical experience. This makes it of interest to, among others, professionals who have already applied their knowledge and skills in the BC industry for good results, and who now merit the recognition that certification like this brings. CBCP qualification uses references to confirm the performance of a professional in selected domains pertaining to business continuity management. While there is a exam to be passed as part of the process, what sets the CBCP qualification apart is the condition specifying a minimum of two years practical experience, which must also have been gained within the last ten years.
BC professionals who don’t yet have two years experience have other options for qualification. A number of well thought out certifications exist to encourage professionals to build a strong theoretical base, which they can then apply to gain valuable practical experience. With that experience and by keeping up to date in the field of business continuity management, CBCP is then a natural next level to aim for. CBCP is also reasonably flexible about the number of references, allowing you to put forward two references who can vouch for you across the board, or more than two if you have different references for different BC subject matters.
OpsCentre is running the Business Continuity Planning course with the CBCP exam in Melbourne from 18-22nd July. A Sydney course will be held in Sept and Canberra in November.
Contact us to express interest in joining us for one of our CBCP courses.
SunGard Business Continuity Software Named Most Widely Used Software Tool in Independent Survey
Tuesday, March 29th, 2011BC Management’s 9th Annual BCM Study received over 2,644 study participants, the weekly BCM Research Data Point is: What percent of organizations utilize a software tool for their business continuity management program? Which software tools are the primary providers?
According to the study results, 50.5% of organizations utilize a software tool. The study results highlight the following primary providers:
- LDRPS (SunGard) – 62.01%
- BIA Professional (SunGard) – 37.73%
- E-Team (NC4) – 10.55%
- Web EOC Professional 7.0 (ESi) – 8.44%
For the full survey results, see http://www.bcmanagement.com/1/post/2011/01/weekly-bcm-research-data-point18.html
CIOs warned to prioritise governance and business continuity
Thursday, March 24th, 2011Recent natural disasters have spurred warnings to forgo a reactive approach to governance.
In this Computerworld article, HopgoodGanim’s IT lawyers are reminded of the importance of prioritising ICT governance and business continuity to minimise risk to the business, in the wake of the recent natural disasters plaguing the nation and indeed the world.
Business Continuity Management, Legislation, Regulations & Standards
Wednesday, February 9th, 2011There are many guidelines, good practices, regulations and auditable standards relating to Business Continuity Management available internationally and specific to Australia.
The BCI has release a document that aims to be the most comprehensive list available outlining all of the different business continuity management standards etc available. It is divided up by country and classifies them as to whether they are a standard, good practice guide or regulation.
If you would like to view this free document, you can access a link to it here.
Embedding Business Continuity Management into your organisation’s culture
Thursday, November 25th, 2010Your business continuity and IT disaster recovery plans are living documents that need to continually evolve otherwise they will stagnate. If you maintain and exercise your plan it will evolve along with your organisation, helping you to be prepared should a business interruption strike.
Here are OpsCentre’s top 5 tips on how to keep the Business Continuity Plan alive in your organisation.
- Business Continuity needs a senior sponsor that has the authority and influence to establish the priority of BCP for the organisation. Get BCP on the agenda for Road Shows and Strategic Planning sessions that the Executive presents.
- Ensure that impacts upon Business Continuity Strategy are considered when assessing the business case for all new projects. Not just IT projects but business ones as well such as implementing new products, services or business locations. Ensure that any changes required to the business continuity strategy, for example extra seats at a recovery site, are included when you cost out the new project. You can also include reviewing the BIA and updating the recovery procedures for the affected business units as activities in the project. Update your business case templates and change request templates to prompt for these considerations up front.
- Include a BCP awareness package in the induction training for all new staff.
- Include business continuity ‘roles’ in position descriptions, workplans and KPI’s.
- Exercise and Test your plan every year at a minimum. Testing is not a pass or fail exercise, it helps to refine your plan and provides an excellent opportunity for staff to gain familiarity with their business continuity roles and the continuity strategies. It doesn’t have to be boring, business continuity can be an interesting, fun, team building event.
Don’t have time for Business Continuity Management? Then why not outsource it!
Wednesday, October 13th, 2010Ensuring continuity of your business functions, processes and critical IT systems and applications, along with the decision making in a time of crisis cannot be completely outsourced; there will always be responsibilities owned by the board, executive team and operational staff members. However, a great deal of the co-ordination and maintenance can be outsourced for considerably less cost than hiring a full-time Business Continuity Manager. A commitment to ongoing maintenance of your business continuity plan not only ensures that it is current and usable, but also assists with meeting regulatory and audit obligations.
OpsCentre tailors a Business Continuity Managed Service to meet suit any level of requirements and budget and can include activities such as:
1. Conducting regular reviews and updates of all business continuity and IT disaster recovery documentation to ensure it is current
2. Ensuring ongoing IT and business change management and project implementations consider Business Continuity implications and that the plans and strategy are kept in alignment with an evolving organisation.
3. Co-ordinating periodic refreshes of the business impact analysis and risk assessments
4. Scheduling regular desktop exercises and live tests of the business continuity plan
5. Providing induction training for new staff, maintaining training materials and training your trainers
6. Providing ongoing mentoring and training for key staff in their business continuity roles
7. Chairing a periodic Business Continuity Steering Committee and tracking progress of resulting action items.
8. Crisis support in the case of a business interruption incident
9. Providing co-ordination and facilitation assistance during actual disaster events or major incidents.
We cater to all levels of client needs: from basic quarterly maintenance tasks to 24×7 standby support; helping co-ordinate an incident response whenever it may happen day or night. Using our skilled and experienced team means you also gain access to the latest methodologies, industry research and continuity planning standards that we continually work with.
Talk with OpsCentre’s Director, Rod Crowder today to discuss your needs and we can build a business case to show how you can achieve more and save money compared to hiring an in-house resource.
OpsCentre Round Table Event – Operational Risk – the convergence of People, Processes & Technology
Thursday, July 1st, 2010Operational Risk emerges from various sources; sometimes lying undetected for years, or more often, unexpectedly, catching executives off-guard. Join us for this roundtable discussion to share your ideas and find out how your peers mitigate operational risk and ensure protection of their organisation’.
The discussion is relevant to Chief Executives, Chief Financial Officers, Managing Directors, Business Continuity Managers, Risk and Compliance Managers, and all senior executives looking to assess and mitigate risks during 2010/11.
Rod Crowder, Managing Director of OpsCentre, will facilitate an open and unbiased discussion between participants; providing an opportunity to comment and discuss individual perspectives and share related issues and experiences with each other. He will outline a number of action areas where senior executives can gain rapid traction on this important challenge.
Operational Risk is one of many categories of risk managed by all organisations, others include; strategic, compliance, reporting, market, credit, legal, political and insurance risks. Whilst some types relate to generation of strategic advantage or profitability, operational risk is inherent to the imperfections or errors of its people, processes and technology assets. Organisations must assess the likelihood and impact to generate an overall rating, against which mitigation strategies can be implemented or accept a level of ‘residual risk’.
Our round table discussion topics include:
What are the major categories of operational risk?
How are organisations assessing qualitative and quantitative operational risks?
How does ‘risk appetite and tolerance’ vary across different organisations?
What strategies, methods and tools are organisations using for risk mitigation?
What operational risk management standards or ‘good practice guides’ are relevant?
What experiences do people have in responding to incidents?
We look forward to sharing your views and perspectives at our Roundtable.
When?
Thursday July 08, 2010, 4:00PM to 6:00PM
Where?
OpsCentre - Level 18, 323 Castlereagh Street, Sydney 2000 Australia
Or
Online: https://www1.gotomeeting.com/join/672734064
Audio: +612 6108 4655, Access Code: 672-734-064
Audio PIN: Shown after joining the meeting
Meeting ID: 672-734-064
Contact Rod Crowder ASAP to register your attendance.
About your Facilitator
Rod Crowder is Managing Director of OpsCentre, a boutique provider of risk, business continuity and disaster recovery consulting, software and training solutions. He has worked in the Management Consulting sector for 17 years in a variety of management, training, facilitation, project management and consulting roles.
Rod has project managed and consulted on projects for organisations including Telstra, Lend Lease, Nestle, Hewlett Packard, Fujitsu Australia, DCA Group, Thomson Legal and Regulatory, Omnilab Media Group, Ambience Entertainment, Amity Group, Amnesty International, Integral Energy, Coates Hire, Westlink M7, Hills M2 Motorway, Franklins Foods and several Federal and NSW Government Agencies, and local councils.
He has undertaken extensive overseas consulting assignments in Hong Kong, Singapore, Japan, New Zealand, USA and Europe. He holds a Higher National Diploma in Computer Studies from Brighton University in the UK.
Be ready for everything and anything
Friday, June 25th, 2010Being ready for everything and anything is important. One of the problems we consistently come across is businesses facing major delays because they do not have a best practice approach to business continuity management. Increasing, many have poorly devised methodologies, lack value in their data quality management, are unable to meet deadlines and have poorly trained resources. When people think of business continuity they tend to think of huge catastrophic events war, floods, terrorism, the global financial crisis and so forth.
Organisations need not continue focusing on disasters of such severe nature but rather on small incidents which through adequate planning can be prevented. It is no longer adequate to place the spotlight on what one can do after an incident but rather to put attention on what happens prior, during and after. Much awareness has been placed on recovery. If adequate controls are put in place, then revival need not be an option.
Business Continuity helps your company save money every day of the year. Small mundane operations, if overlooked, can cause operational bottlenecks, becoming single points of failure. Decisions should be made through comprehensive planning as opposed to being managed ‘on the fly.’
People often believe that continuity planning requires a large capital outlay. No two companies are the same, each one having different processes and procedures. A flexible methodology should be malleable to organisations of all types. A business continuity plan drives down the extent of the impacts and operational losses. The aforementioned cannot operate without adequate communication and decisive project management skills.
For maintenance of organisational resilience, senior management need to press home the interests to staff, customers and those who are dependent on the organisation. Whilst companies are often quick to look at financial losses which accumulate as the result of an interruption, they rarely consider brand and reputation. Most people have the attitude that a disaster will never happen, however minor interruptions occur on a daily basis and often they are outside of an organisations control.
Higher degrees of competence are called for. Business Continuity needs to be looked at as an investment not a cost.
Introduction to Business Continuity Management
Wednesday, April 21st, 2010OpsCentre is pleased to launch our YouTube Channel which contains concise, informative videos relating to Business Continuity, Crisis Management and IT Disaster Recovery.
Here is the link to our first video..
Sydney’s F3 Traffic Debacle has lessons for us in Business Continuity Management
Thursday, April 15th, 2010This week, motorists were stranded for up to 9 hours on Sydney’s F3 Motorway due to a traffic incident. Emergency plans to implement ‘contra-flow’ arrangements to get the traffic moving again were not implemented until many hours into this incident whilst people endured hours waiting in their cars with no water being distrubuted to them and no way out.
While the facts of the matter are yet to fully emerge and the reasons behind this failure to successfully execute the traffic emergency plan are not yet published, we can consider how this type of scenario can happen to any organization, even if they have business continuity plans in place if they are not thoroughly tested.
Often an organization will have a plan outlined on paper about how a given scenario will be handled. The reality, with all of the real life complications and human factors, is often quite different. This is why we exercise and test the plans.
Real life complexities are difficult to capture in your paper plans because you cannot always envisage the multiple factors that may impact on your recovery processes.
Consider factors that may affect how your recovery plan is executed and how your organization would handle it:
1. An evolving status report
Initially you are told that the incident is not too severe and will be rectified within the hour but then as time progresses it worsens in severity and time frame estimates keep gradually creeping out.
Do you know what your ‘drop dead point’ is, how long can elapse before invoking your plan?
What is your ‘maximum tolerable outage’? How long can the ‘estimated incident recovery time’ be before it is worthwhile to invoke.
Are you getting your updates from a well informed primary source? Do they understand the need for an accurate estimate?
2. Delegation of authority
What if the CEO or appointed Business Continuity Command Team is un-contactable during this incident?
Is there a backup person nominated who is definitely going to be available in their place?
Does the backup person have the complete authority to make decisions which may involve the major ramifications and expenditure?
Has this backup person been trained in how to co-ordinate the communication and oversight of recovery from an incident?
3. Communication Protocols
Imagine the chaos created if various staff members were contacted by different media outlets. Because they have not been given clear guidelines that only the ‘Communications Manager’ may issue any statements to any external parties these well meaning staff members offer their understanding of where the current situation is at. Conflicting or incorrect information is then released to the public.
How will staff react in an incident if they have not had their expectations set about who will communicate what to them?
In a state of confusion people will try and contact their supervisor, their co-workers, whomever they can get a hold of to find out what they should be doing. Just like Chinese Whispers, various accounts of what is going on and what should be done are spreading throughout the organization.
Consider the alternative. All staff have been trained in your business continuity protocols and understand how communication will occur in an incident. There are clear roles for who will co-ordinate recovery efforts and known backup persons should the nominated person be unavailable.
All staff know that there is a communication tree whereby the status updates and requirements will be communicated to them by their business continuity team leader. They know there is a hotline number and an intranet site they can log onto where the ‘Communication Manager’ will post regular updates of information that staff need to know.
Testing your plans thrashes out the finer details, highlights shortcomings and also gets all of the parties involved familiar with the plan and their role.
It is during this process that chain of communication and authority issues can be uncovered and resolved before the plan needs to be enacted in real life.
Business Continuity Planning for Small to Medium Enterprise
Wednesday, March 17th, 2010Consider the scenario of losing your primary premises due to fire. Can you answer these questions?
- How much revenue would you lose being out of action for a day, a week or a month?
- Have you got an alternate location to operate your business from?
- Is your data regularly sent off site and ready to be restored into backup systems?
- What are your critical paper records and how do you continue to operate if they were destroyed?
Every business, regardless of its size, should be confident in the answers to these questions and should be making an informed choice about the cost of implementing business continuity strategies and IT disaster recovery solutions versus the risk\cost of not doing anything.
Small to Medium Enterprise (SME) often don’t have the budget or resources to spend months implementing a business continuity project. But SME’s still have a need for BCP, just as much as bigger organisations. Quite often all of the physical resources, especially IT equipment are concentrated in the one location which can increase the risk. Sometimes without dedicated IT staff, the backup and restoration practices may not be sufficient to help them recover from a loss of premises type incident.
At OpsCentre we’ve refined the art of the ‘Quick Start’ BCP and can deliver a business continuity plan for suitable small to medium enterprises within 1-2 weeks. If your organization needs assistance with getting a business continuity plan in place we can help. Contact us and let us know what you need.
Compliance Management
Saturday, March 6th, 2010Compliance is an outcome of an organization meeting its obligations. Policies and procedures to achieve compliance must be integrated into all aspects of how the organization operates. Compliance should not be seen as a standalone activity, but should be aligned with the organization’s overall strategic objectives. An effective compliance program will support these objectives.
While maintaining independence, compliance should be integrated with the organization’s financial, risk, quality, environmental and health and safety management systems and its operational requirements and procedures.
Compliance programs should be shaped by an organization’s core values and generally accepted corporate governance, ethical and community standards.
An effective organization-wide compliance program results in being able to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes, organizational standards as well as standards of good corporate governance, ethics and community expectations.
Based on AS3806 (Compliance Processes), AS4360 (Risk) and ISO9001 (Quality), OpsCentre provides a number of compliance management services, including:
• Health checks and reviews of existing compliance systems
• Facilitation of development of compliance programs
• Identification of an organization’s compliance obligations: legal, regulatory and organizational.
• Assisting with documentation of necessary compliance processes and procedures
• Facilitation of development of compliance programs
• Compliance training and awareness programs
• Facilitation of executive compliance management