“Learn from your mistakes” is a good motto and business continuity plans are no exception. In the previous post, “Disaster Recovery Plan – the Map is Not the Territory”, we described how ASCDI (Association of Service and Computer Dealers International) found out that in a hurricane its disaster recovery plan was less than perfect. The experience is described by Joseph Marion on the ASCDI website as “humbling”. However, it’s also thanks to honest accounts like this that BC planning continues to develop and that other organisations get the chance to avoid similar pitfalls. Some of the practical lessons learned by ASCDI are below.
Posts Tagged ‘Business Continuity Plan’
Business Continuity Plans and Lessons Learned
Monday, January 23rd, 2012How Often Should A Business Continuity Plan Be Tested?
Monday, January 16th, 2012How often should you test or ‘exercise’ your business continuity plan? How long is a piece of string? The answer to both questions is of course – it depends. It depends on the nature of your business, the rate of change in your activity and your industry sector and whether or not you’ve had to put your business continuity plan into action in the recent past. It’s interesting to see different recommendations come to light: “once a year”; “once every six months”; “once every three years”, and so on. Yet for many companies, there’s an even more basic question to be answered.
Morphing DR Plans Into BC plans
Tuesday, December 20th, 2011Disaster recovery plans are like car insurance. It’s not because you’ve insured your car that you’re obliged to have an accident; similarly, it’s not because you have a great disaster recovery plan, that you’re obliged to have a disaster. Although reactive disaster recovery will always be a counterpart to proactive business continuity, better driving will also mean fewer accidents, so to speak. The more you can do in business continuity and the less you have to do in disaster recovery, the better.
Innovation in business continuity plans
Friday, November 11th, 2011Innovation in business continuity doesn’t always have to be technological, as one award-winning approach to a business continuity plan has shown. Sometimes the real innovation is simply in the point of view – the “how” of business continuity, instead of the “what”. That was what the New South Wales Police Force revolutionized to win the Australian Business Award for Innovation in 2008, winning organisations being “those that display exceptional leadership in their industry, and are role models for other organisations seeking business and product excellence”. A BC framework is essential to a police force as an emergency service; what is unique about the one used by the NSW Police Force is that instead of being driven by incidents, it is determined by consequences. (more…)
Business continuity plan best practice – best for whom?
Tuesday, October 11th, 2011Even businesses that compete in the same market may be very different in structure and operations. For a generic approach, business continuity best practice is available in any number of books or training courses, but best practice for the detail of what goes into your plan may be harder to come by.
Business Continuity and Common Risks for Small Businesses
Wednesday, September 28th, 2011What makes small businesses different to bigger ones when it comes to business continuity? Common risks for small businesses are linked to their operations being confined to one specific sector and one geographical location. They don’t have the possibilities of mitigation available to larger, more diverse, distributed companies. Disaster can strike all of their resources at once. Accordingly, larger customers often scrutinise their small company suppliers to see whether they have an effective business continuity strategy in place. (more…)
Sydney Round Table Event – Testing Business Continuity Plans
Thursday, May 26th, 2011OpsCentre’s Managing Director, Rod Crowder, will be facilitating a round table event on behalf of Continuity Forum, to be held 29th Jun 2011. The topic is Business Continuity Testing/Exercising.
For more information and registration details please go to the Continuity Forum website here.
We hope to see you there.
Have you outgrown your paper-based business continuity and disaster recovery plans?
Monday, February 22nd, 2010Your organisation has changed and you are finding that the current “paper-based” planning methodology no longer is fit for purpose.
If you recognise any of the following items familiar, it may be time to invest in a business continuity software planning solution:
1. Are your plans hard to maintain and have numerous areas for updates?
2. Would the volume of updates and changes be better suited to the functionality of a relational database?
3. Does your organisation have numerous Business Continuity and Disaster Recovery stakeholders that are required to provide input and updates to the plans?
4. Is the import of your Business Impact Analysis (BIA) information a manual process taking significant time and effort to complete?
5. Is it difficult to provide granular reporting to Senior Management and auditors?
6. Is additional plan security required?
7. Are some sections of the plans “off limits” to certain groups or business units?
8. Is Business Continuity/Disaster Recovery exercising and training difficult to organise and complete?
9. Does your current plan require greater geographical coverage for your branch offices?
10. Are updates completed in a scheduled manner (or 1 week prior to an audit or test)?
If you answered “Yes” to any of these questions, odds are that a more sophisticated Business Continuity/Disaster Recovery planning tool may be of use to the maintenance and health of your management program.
The best part is that this is not a “throw the baby out with the bathwater” scenario. Some of the better planning tools allow for the import of completed planning data directly into the software tool, retaining all of your previously completed hard work .
Time spent evaluating a Business Continuity / Disaster Recovery software planning tool may benefit your constantly changing and evolving plans and be of great value to your organisation.
Top 5 things to look for in a Business Continuity Consulting provider
Wednesday, February 3rd, 2010The linked article here by Richard Jones of Burton Group in the US whilst written in 2008 is worth revisiting because it describes some useful tips on how to get the right staff for Business Continuity Planning. The article describes what you need in an internal BCP leader and how to find the right BCP consulting firm.
To summarise, the top 5 tips for finding the right Business Continuity Planning Consultants are:
- They should be able to produce a reference list of nearly all of their clients.
- They should clearly state their billing structure so there are no nasty surprises or sub-standard deliverables.
- They should be able to service all of your business locations.
- They should have experience in your type of business or at least a wide variety of industries rather than just specialising in just one vertical market.
- They should provide training, mentoring and tools to empower the organisation to continue the process internally.
So how do we stack up? OpsCentre is confident that we can tick all of those boxes.
Point 5 is something we feel really passionate about. At OpsCentre we don’t want to leave you with a set of documentation that gathers dust on the shelf. We want to help embed business continuity into the organisational culture so that there is a continual improvement cycle and evolution towards maturity of business continuity within that organization.
Read the full article here.
OpsCentre offers Recession Buster ‘Quick Start’ Business Continuity Planning
Thursday, December 31st, 2009This program is ideal for the small to medium enterprise. It is a fixed fee, fixed scope project that provides a complete solution in the fastest possible timeframe. It can usually be completed within a 1-2 week period.
We utilize our consulting experience and best-practice materials to adapt a business continuity strategy to suit your business.
We can offer these services for business continuity and also IT disaster recovery or pandemic planning.
More details in the service overview download section of our website. PDF’s available to download under Quick Start.
What is the difference between disaster recovery and business continuity planning?
Tuesday, December 29th, 2009Persons new to recovery planning often find it difficult to differentiate between Business Continuity and Disaster Recovery. In its simplest form, Business Continuity differs from Disaster Recovery in that its focus is on people and the continuation of business processes and objectives rather than the availability of IT systems and infrastructure.
Business Continuity Planning deals with taking pro-active measures to ensure continuity of business as well as plans to manage the response and recovery from a business interruption. The Business Continuity Plan would include a plan for the Command Team who will co-ordinate and oversee the response as well as sub-plans for the business units.
The IT Disaster Recovery Plan supports the recovery effort by detailing the IT system recovery priorities and time constraints, plans and strategies for recovery as well as detailed restoration procedures. The priorities and time constraints need to be driven from the business continuity requirements identified in the business impact analysis.
Of vital importance is getting Business Continuity Plans and IT Disaster Recovery Plans to dovetail in and work together to support one another in a recovery effort.
Need help integrating the pieces of the puzzle? Disaster Recovery and Business Continuity Consulting
Business Continuity Software Benefits
Wednesday, December 23rd, 2009Many organisations utilise software to create, support, maintain, distribute and test their Business Continuity Plans and ensure business survival in any emergency. Regardless of size, most companies can benefit greatly from the use of Business Continuity software and many options exist for its implementation and plan maintenance strategies. Some of the direct benefits that Business Continuity software can provide an organisation are as follows:
• Conducting and automating the business impact analysis (BIA) process
• Applying relational database architectures to manage plan updates quickly and efficiently, keep documentation “alive” and synchronize it with interfacing applications (e.g. automatically updating plan emergency contact lists with employees’ latest contact information when the corporate employee database changes).
• Distributing Business Continuity Plans to each business unit for training, testing and other implementation events
• Providing document-format questionnaires to ensure thorough analysis and response planning.
• Prompt notification to employees of emergency actions to take, according to corporate protocol.
Business continuity software can provide for risk and business impact assessment tools, plan-building tools, databases and collaborative planning tools, emergency notification and incident management tools. A number of vendors offer integrated modules from which to choose. A company’s BCP project may require only one or all types, depending on its current level of BC maturity and the features and scope of its proposed plan. By using such tools, even first-timers can take advantage of the planning methodologies of experienced business continuity planners.
‘Tis the season to get a Pandemic Plan in place
Thursday, December 17th, 2009If you didn’t add a Pandemic Plan section to your Business Continuity Plan last time around, now is a great time to get one in place, in the downtime between flu seasons.
Now that the Southern Hemisphere has weathered the flu season during the Swine Flu H1N1 pandemic of 2009 it seems like the worse is behind us, although many talk of a second wave of more virulent flu next year.
Either way, having some basic pandemic plans in place in your organization is prudent risk management and some of the counter-measures make sense for business-as-usual times as well to reduce spreading of any contagious illnesses and thus employee downtime year round.
One thing is for certain, pandemic planning will stay on the radar for risk and audit, to ensure that organizations are more pro-actively prepared for next time.
Influenza pandemics have occurred at irregular intervals throughout history with three occurrences within the last century: 1918 (‘Spanish flu’), 1957 (‘Asian’ flu) and 1968 (‘Hong Kong’ flu). The 1918/19 pandemic is estimated to have caused over 20 million deaths world-wide.
A key reason that Pandemic Planning stands out from normal Business Continuity Planning is rather than a single ‘trigger event’ like a disaster incident occurring and then invocation of your action plan, for a pandemic there is a staged ramp up. There should be several action plans in place for the organization, one for business as usual times, and further to be activated when key indicators are triggered in your organization, geographic area or by the Government altering their official ‘alert’ level.
Creating a pandemic plan for your organization doesn’t need to be a massive undertaking. Previous work you have done on business continuity can be leveraged, as can the previous work that OpsCentre has done in creating such plans for other clients.
Now that we all have the experience of how things progressed with the 2009 pandemic, we can use OpsCentre’s pandemic planning framework to create action plans that draw upon this experience and balance the realistic risk with level of response required.
Now is the time, when we aren’t all in the midst of a crisis to get those pandemic plans added to your business continuity management program.
Business Impact Analysis
Thursday, December 3rd, 2009A Business Impact Analysis (BIA) allows an organisation to identify the criticality of processes, interdependencies with other business units and third party suppliers, critical system requirements (e.g. systems and applications), vital files, network drives and hardware, describe manual work arounds and prioritise business functions during a recovery situation. The BIA forms the basis for the Business Continuity Plans.
A business impact analysis should take into account tangible financial impacts (opportunity cost, increased cost of working expenses, revenue reduction, uninsured asset replacement, capital value and financial viability) as well as intangible, non-financial impacts (reputation, brand and presence, legal and contractual liabilities, quality of product and services, stakeholder confidence and support, staff morale and well being, operational and management control and environmental damage).
A clear understanding of these impacts will help form the justification for the level of business continuity\IT disaster recovery investment required.
The business continuity plan is not just for major catastrophes
Tuesday, December 1st, 2009Many organisations have business continuity plans designed to cater for major catastrophes but often don’t consider some of the less dramatic but more common causes of business interruption such as extended power or IT failures. Consider whether your BCP has the flexibility to respond to the wide variety of incidents that may occur.