News

Survey shows Business disruptions due to power failure have increased more than 350 percent in just a year

Business continuity specialist SunGard Availability Services said an analysis of customer call-outs revealed that power failures had risen dramatically, accounting for 26 percent of disruptions last year. In 2005 the figure was just 7 percent.

The relatively high proportion of power failures in 2006 compared with the year before may be due to the fact that in 2005, more than a third of business disruption incidents (36 percent) were attributed to terrorism, with bombings in London happening in July that year.

Hundreds of actors found themselves hired for an unusual performance earlier this month - faking illness. The actors, part of the USA's largest ever terrorism drill, played people suffering from the effects of a biological agent.

Managing a Digital Crisis

One thing is certain: A new scandal or crisis always seems to be around the next corner. Yet today, very few brands and celebrities know how to fully leverage the Internet when faced with a public relations crisis.

Recent PR nightmares for JetBlue, Turner Broadcasting, Dell Computers and KFC-Taco Bell demonstrate that as the "social Web" evolves, the focus for brands needs to be less on digital marketing and more on digital brand management.

Category Business Continuity Management Briefing BCM - BCM & Risk Management - H5N1

Director of European Centre for Disease Prevention and Control warning

Source FT

Europe needs at least two more years to be prepared adequately for a pandemic flu outbreak in humans, according to the head of the European Union agency in charge of tackling infectious disease.

In an interview with the Financial Times, Zsuzsanna Jakab, director of the European Centre for Disease Prevention and Control, said it would take two to three years to be "much better prepared to respond", even if the current political momentum could be maintained.

Speaking ahead of the launch of a report by her agency analysing pandemic planning across the EU, she warned that countries still needed to do much more to prepare for pressures beyond their health systems and to step up sharply co-operation with each other.

She said countries needed to make their written national plans operational so they worked at the local level; and ensure plans between and within countries worked in a co-ordinated fashion. "There are certain issues that cannot be solved by one country, and they have to work together across borders," she said, stressing she wanted to strengthen collaboration with the EU's close neighbours - including Turkey, Ukraine, Belarus, Moldova and Russia - in an effort to prepare for a pandemic.

Ms Jakab said the UK, France and Germany, as well as Slovenia and the Nordic countries, were better prepared, while EU accession states in central and eastern Europe presented "a bigger challenge". However, no European country had yet published a pandemic plan across all governmentdepartments, with most still focused on the health system, while only 14 nations had undertaken joint work with neighbouring countries.

She warned that while EU and national leaders had helped to provide significant support in recent months, there was a challenge to maintain efforts at a time when avian flu in Europe had been less significant. Just a few outbreaks of H5N1 in birds - notably in the UK and Hungary - have taken place in recent months within the EU, although the infection continues to be endemic in animals in parts of Asia and has killed 167 people and infected 274 worldwide.

A survey of 25 EU states plus Iceland and Norway to be released today analysing pandemic planning up until last October highlighted that just 13 had contingency plans for non-essential health services, and only 15 had conducted an exercise to test plans nationally in the health sector.

Ms Jakab called for increased efforts to tackle seasonal influenza, including greater use of flu vaccines, which would help prepare for a pandemic. Just 18 countries currently have a national pandemic vaccination strategy developed. 

Practical lessons from a user perspective

On August 29, 2005, Hurricane Katrina blew through New Orleans. With the hindsight of 18 months, here are some changes we implemented, and ideas we expanded based on our experience. We hope they help you develop your firm's disaster recovery/business continuity plans.

REVIEW AND UPDATE

It's critical to keep your DR/BC plan current and realistic. An outdated plan, or one that assumes the impossible, won't help you in real life. We now review our plan every six months, which helps us revise it to incorporate new technology or ideas. For example, if a new application is added to your network, someone should ensure that the data it produces is replicated, and that the application itself will be available remotely, and at your "hot site". Should this be overlooked at the time the new application is installed, the periodic review, if done properly, will catch the oversight and make the DR/BC plan accurate again.

DESIGNATE A REMOTE OFFICE

I can't say enough of the value in having a remote office ready to set up shop in after a disaster. Even if that office isn't large enough to accommodate the entire staff, it's a start and is better than nothing at all. After Katrina, our Baton Rouge branch office instantly became our main office.

Other firms that only had an office in New Orleans were still scrambling to find floor space while we were wrapping up our network restore. You can bet during a regional disaster like Katrina, available space will go very quickly. If you have multiple offices, designate one as the expected backup main office, and consider making it a hot site where you can continuously replicate your data. Be sure that the remote office is not so geographically close to your main office that it might be equally hit by calamity.

Alternatively, if your firm doesn't have a secondary office, consider a co-location arrangement with a vendor who has a data center within a few hundred miles of your main office, or close enough to drive to within a few hours. (Again, factor in possible regional events).

You might also consider a "mutual aid" partnership with another firm in a different region, obviously not a direct competitor, in the event of a major regional catastrophe. Don't forget to incorporate remote access tools into your hot site, especially if you think people will be dispersed and not all working at the hot site.

TEST, REVISE AND RE-TEST

Post-Katrina, we now schedule tests of our hot-site systems at least twice a year, tied to the beginning and end of hurricane season. Our goal is to ensure that we can duplicate network operations as closely as possible and according to our established plan.

It is important to realize that a hot site likely won't be an exact twin of your production network. It's important to have critical applications and data current and available; however, from our users' perspective there will be subtle, noncritical differences such as invalid printer names, and invalid shortcuts to programs that are not available. Document these differences well enough and incorporate back into your plan. This will ensure that when a real failover occurs, everyone involved will know what to expect.

Throughout the year, we also continuously perform data integrity tests of our replication software. While we have faith in the reliability of our replication system, and monitor its status, it's very easy to fire up the hot-site databases and perform a quick query to just be sure everything is in sync.

In fact, the software allows us to automate that process completely, all without ever stopping the real-time replication. You don't want to come to discover that your hot-site data is actually six months out of date.

PEOPLE AND COMMUNICATIONS

Do not forget about the most important component of your firm: the people.

The best technology won't be worth a dime without the human resources. After Katrina, many of our staff lost everything and were scattered throughout the region. Those who could make it to our Baton Rouge office did so as quickly as their situation allowed, while others were in other nearby cities.

In preparing your own disaster plan, most specific details regarding human resources can't be ironed out in advance. However, you can develop a protocol about what the firm will expect of employees and what employees can expect of the firm following a disaster, for example, how will the firm contact employees, and vice versa? Keep employee data updated and keep a printed hard copy offsite. Be sure your management team always has a copy. Also remember to include the contact list in any type of disaster "hotbox" you create.

Given the annual threat of hurricane evacuations, we went one step further and asked that employees also provide contact information about where they might evacuate (e.g., friends and family.) We now hold biannual meetings to remind empoyees about emergency procedures.

One specific thing we have done to help maintain communications during and immediately following a disaster is to establish service with a Web-based SMS (text-messaging) service.

Post-Katrina, Gulf Coast residents quickly discovered that though cellular service was nearly nonexistent, text messaging generally worked flawlessly. We will use this to broadcast vital information to employee cell phones via a simple Web interface.

RISKS AND PLAN

Understand your firm's specific threats and plan for those scenarios first. Although our firm is vulnerable to other disasters, being located in New Orleans (and having gone through Katrina) our disaster planning revolves around hurricane scenarios.

I would imagine folks on the West Coast would likely plan for earthquakes and wild fires. But also consider disasters that may only briefly interrupt your operations, such as a defective sprinker system, as well those that can potentially keep you out of your office for extended time, or completely destroy your main site. Each day when you leave your office, stop and think about what you would do if the next morning you discover the main office was completely destroyed.

In addition, it is your job to get a new office running by the end of the day, or sooner. Do you have servers? Do you have tapes? Do you have a disaster plan?

James Zeller is network manager at Chaffe McCall, in New Orleans, and won an honorable mention in the 2006 Law Technology News Awards' IT Director of the Year competition.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

Research suggests organisations could lose revenue & customers

Many mid-sized firms risk losing revenue and alienating customers because they do not have a disaster recovery plan in place for their web sites, according to new research from hosting specialist NetBenefit.

The survey of 100 UK IT directors found that a third did not have a disaster recovery plan in place. Of the firms that did, only 38 percent said they tested their plans more than once a year.

Major power failure would leave gas & electricity companies in jeopardy

Most gas and electricity companies rely on commercial mobile phone networks that would stop working in the event of a major power failure. Public mobile networks have limited battery back-up which, once exhausted, would leave engineers working to restore vital utilities unable to communicate.

The situation is not a result of mismanagement on the part of either energy companies or mobile phone network operators, but exposes the need for a high-level overview of interdependencies in the UK utility sector.

The 2007 Business Continuity Awards Gala Dinner will be held at the Grosvenor House Hotel in London's Park Lane from 7pm on Thursday 10th May 2007.

Nominations are now beingtaken for the following categories:

Business Continuity Manager of the Year

Business Continuity Strategy of the Year

Business Continuity Consultant of the Year

Most Innovative Product of the Year

Business Continuity Management Planning Software of the Year

Industry Newcomer of the Year

Business Continuity Service Provider of the Year

Industry Personality of the Year

Most Effective Recovery of the Year

Public Sector Business Continuity Manager of the Year

Lifetime Achievement

The judges this year are:

ANGELA HOBLEY Senior manager, business continuity, Bank of England
Angela Hobley is a senior manager at the Bank of England with responsibility for overseeing the Bank’s internal business continuity exercising strategies. She is also the Bank’s representative for Tripartite led external exercises. Angela led the planning and logistics and project office for the 2006 financial sector market wide exercise themed on influenza pandemics.

LIZ TAYLOR Director, Public Risk Management
With over 29 years experience in Risk Management, Liz Taylor is a veteran of the industry. A varied career has given her multinational and multi industry hands-on experience at operational and board level specialising in business continuity management and risk management. Liz chaired AIRMIC 1991/2 bringing it to corporate membership and initiated the set up of Pool Re. Previously chief executive of ALARM and then senior vice-president of Marsh, she now runs her own consultancy, Public Risk Management.

LYNDON BIRD Technical services director, the Business Continuity Institute
Lyndon Bird has a First Class Honours Degree in Chemistry and a Masters Degree in Management Sciences from the University of Manchester. He was an elected board member of the BCI for six years including nearly three years as chairman.

MALCOLM BROOKE Director of business continuity, EMEA, Credit Suisse
Malcolm Brooke is a director of Credit Suisse, based in London. He is head of European Business Continuity and is responsibile for the Bank’s business continuity programme in the EMEA region, including crisis management and disaster recovery planning and co-ordination.

MICHAEL BEWS Director, MSTA
Michael is a Member of the Business Continuity Institute and also a Chartered Engineer and corporate Member of the Institution of Engineering and Technology.

RUSSELL HUSBAND Assistant general inspector, John Lewis Partnership
He was shortlisted for CIR Business Continuity Manager of the Year 2004 and was awarded it in 2006. His final task prior to forthcoming retirement is to protect the Partnership’s principal hubs with diverse (third party and in-house) 400 seat work area recovery centres.

Public sector IT systems at risk

By Steve Ranger Public Sector Magazine

Councils are missing chances to establish up-to-date disaster recovery plans for their IT services. Local government user group Socitm has warned its research from recent disasters that have impacted local authority IT services raises "serious concerns" as to whether councils understand the expectations of the Civil Contingencies Act and are sufficiently prepared to cope with threats to business continuity.

The research focuses on six case studies from local authorities that have experienced major disasters, from an arson attack to major flooding and the Buncefield oil storage depot explosion.

New initative pushes value of BCM to SME firms

Research commissioned by the British Insurance Brokers Association (BIBA) has revealed that millions of small and medium-sized enterprises (SMEs) across the UK are failing to protect themselves and their employees against the threat of emergencies such as fire, flood or acts of terrorism.

BIBA has launched a campaign to encourage SMEs to address business continuity issues. Government figures suggest nearly 20% of businesses suffer a major disruption every year.

Category Business Continuity Management Briefing BCM - BCM & Risk Management - Pandemic - H5N1

Experts call for better flu plans

Leading scientists say the UK government is failing to take advantage of scientific developments in the fight to prevent a flu pandemic. A report from the Royal Society and the Academy of Medical Sciences says it is inadequate to stockpile just one anti-viral drug.

Many organisations are dangerously unaware of the risks of not having an IT continuity plan in the event of disaster

Many organisations are operating under the dangerous illusion that they will never suffer a major loss of IT systems, or that such a loss will have a relatively low impact, research from the British Standards Institute has warned.

BSI's Publicly Available Specification (PAS) advisory paper, IT Service Continuity Management Code of Practice (reference 77:2006), paints a grim picture of the potential disaster facing ill-prepared organisations. It cautions that while many firms believe that they have invested in adequate systems resilience, in reality most do not have adequate plans to protect themselves from natural disasters or human error.

As risk of disruption rises hedging against fate is essential

In the past five years, businesses have had to deal with September 11, SARS, port strikes, hurricanes, and a possible pandemic. Though planning for low-probability, high-impact events is low on many executives' task list [only 32% have a plan], not planning isn't a strategy.