News

Outsourcing managing the relationship honestly 

'Force majeure' is written into many contracts, but it is a mistake to treat it as a boilerplate clause. It is vital that definition and terms are spelt out clearly.

Like so many things left to chance, the modest clause of "force majeure" is written into the terms of many IT outsourcing, credit card, lease, insurance and financial contracts, and could be a disaster just waiting to happen.

So what is force majeure, and why is it sometimes overlooked for serious consideration when spelling it out could benefit both the supplier and the customer?

Far too many organisations are still failing to plan

Research commissioned by Royal & SunAlliance (R&SA), the UK's second largest commercial insurer, has revealed that British businesses are ill-equipped and unprepared to cope in the event of a major incident occurring.

Despite repeated warning of the impact of not planning properly the survey found 59% of British businesses do not have a formal Business Continuity Plan. Only 14% of British businesses have reviewed their contingency plans in the light of last year's terrorist activity and 35% of British businesses are not insured should their existence be threatened by external events.

In recent years, British businesses have faced a number of external events that threatened their existence, such as foot and mouth disease, adverse weather conditions, petrol shortages, industrial disputes and terrorist activity.

Category Business Continuity Management BCM - Role of Mobile Communications in a disaster - News

GSM association examines role and performance of Mobile Communications in Emergency Situations

A spate of natural disasters and other emergencies during the past two years has prompted new interest in how technology can help enhance our security. This report assesses the impact that the widespread availability of mobile phones has had on the recovery from specific disasters and atrocities, such as the Indian Ocean tsunami, Hurricane Katrina, the summer floods in central Europe, and terrorist attacks in Istanbul and London.

Category Business Continuity Management BCM - Business Recovery - News

IBM has announced an investment of €8.6million in its latest Business Continuity and Recovery Services facility in Ireland.

The official opening of the IBM Business Recovery Facility will provide double the number of recovery seats and significantly increase the number of services available for Irish based clients.

The state-of-the-art Business Recovery Centre, located on the  IBM Campus in Mulhuddart, will provide customers with expert support, ensuring business continuity and recovery in any area of business disruption ranging from minor interruptions like moving office to major interruptions such as a company crisis or electricity blackout. IBM now has three facilities in Ireland, two in Dublin and one in Cork. The Recovery Centre will ensure resilience for IBM clients not just for their technologies but for key processes and day to day business activities.

Industry analysts estimate that disaster recovery services are worth €15 million per annum in Ireland and growing.

According to Tom Walsh, Head of IBM Ireland BCRS "The ability to anticipate and adjust to planned and unplanned forces and events, including market fluctuations, requires a proactive approach that takes into account all of companies assets and vulnerabilities. Business resilience is dependent upon risk management and information security. It incorporates Information Technology recovery, availability and business continuity programmes, regulatory compliance, security and privacy initiatives. All are crucial, and all help set the standard for today's forward-focused organisations."

The official opening ceremony on the 17th November included a series of presentations including a special presentation by the Continuity Forum by Chairman Russell Price.

END 

Category Business Continuity Management - CBR contamination

The planning for business continuity and disaster recovery post CBR chemical biological radiological is often ignored or even potentially worse, incorrectly assessed. This assessment can be assimilated as that of a hazard assessment when the risk manager does not know of combined or symbiotic effects. Post CBR planning may be difficult to assess due to limited knowledge, experience or facts but various information is available on which to assert assumptions. This article attempts to alert the planner to some elements that should be considered.

Geary Stitch discusses Active Analysis and Business Continuity 

Active analysis can be subdivided into three categories of possible threats/occurrences that could befall an organization. Dr. Ian Mitroff refers to the three categories as Natural Accidents, Normal Accidents and Abnormal Accidents.

I have renamed them and to differentiate the three aspects of each. That is, the threat, the actual occurrence and the consequence of the occurrence.

Waht happened with Mobile networks on 7th July

Background

Mobile  phones have been with us since the early 1980s and are now an essential part of everyday life. There are currently more than 60 million subscribers in the UK and in a recent survey, most people stated that they would sooner return home to collect their mobile phone than their wallet or purse. 

Following the explosions on the morning of 7th July, hundreds of thousands of people used their mobile phones to contact their families and work colleagues. Mobile networks are designed to cope with significant peaks in volumes of calls, and a safety margin is also built in so that even major events do not overload the system.

Call volumes on 7th July far exceeded normal levels, and the O2 network alone carried 67% more voice traffic in central London than normal, while text message volumes increased by 20% on the day across the whole country. The O2 network was not damaged by the attacks and we took steps to manage the demand. The large number of calls did mean that there was network congestion in parts of London, but most customers were able to make calls after several attempts. 

Actions taken

Let us consider the equivalent situation on a motorway. Normally the traffic flows freely, and vehicles are able to move at will. Occasionally however, an accident, a breakdown or bad weather cause the traffic to slow down and congestion inevitably follows.

Mostly this is short-lived and the situation recovers quickly, but sometimes the incident is more serious and the congestion lasts much longer. When this happens, the Police have a number of options open to them in order not only to reduce congestion at the point of the incident, but also to keep further traffic from entering the motorway and exacerbating the problem.

In much the same way, mobile network operators have a number of call traffic management options open to them. For example, we can make network changes in the immediate area of the incident which will normally remove localised congestion quite quickly, and we can restrict additional call traffic from entering the system which reduces the load on the network, especially the gateways between the fixed and mobile networks. 

These controls were used on the 7th July by all network operators, with the intention of preserving the integrity of the networks while still allowing as much traffic to flow as possible, but the situation was complicated by having four major incidents confined in a fairly small geographical area. This inevitably resulted in some customers experiencing the busy signal when attempting to make a call.

Those people who were unable to make voice calls turned to text messaging and again, inevitably, the text messaging systems became congested, delaying the time it took for a message to be delivered. 

Industry working together

Co-operation among the fixed and mobile networks is the key to an effective response to a major incident. The telecoms industry runs a tripartite forum consisting of fixed and mobile network operators, the industry regulator Ofcom and various areas of central government which comes together on a conference bridge on such occasions, with the objective of maintaining the integrity of the Critical National Infrastructure. This forum was convened several times during 7th July, and the spirit of co-operation which it encouraged ensured that all operators worked together to minimise the impact on emergency responders as well as the public at large. 

Emergency restrictions

Just before noon, the Police requested that O2 should apply a set of network access restrictions known as Access Overload Control or ACCOLC in a 1 kilometre area around Aldgate. This facility makes the network in the immediate area unavailable to the public at large, but permits a pre-agreed list of emergency responders to use the network in order to save lives and protect the infrastructure. The facility was removed later in the afternoon, but during that time, the O2 network would have been unavailable for all normal calls (with the exception of emergency calls to 112 and 999) within a kilometre or so of Aldgate station. 

Recommendations

Should events be repeated, there are a number of steps which individuals and businesses can take in order to improve the situation.  Encourage staff and individuals who might be in the affected area to call from their mobiles to a fixed line number rather than calling from fixed lines to mobiles   this is less onerous on the networks and relieves congestion.  Keep calls as short as possible: once you have established that an individual is safe, clear the call so that others can do the same.  Arrange a central 0800 number to which members of staff can call which will provide information regarding the incident and advice or instructions to staff. 

We would like to thank David Sutton, Network Continuity & Restoration Manager for O2 (UK) Limited for this piece. 

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.

CIR, the UK business continuity magazine, is once again asking for votes for its prestigious Business Continuity Awards.

The UK Business Continuity Awards will be presented at a gala awards dinner on Thursday 12th May at the Grosvenor House Hotel in London ’s Park Lane.

This year’s categories are:

Business Continuity Manager of the Year
Lifetime Achievement Award
Public Sector Business Continuity Manager of the Year
Voluntary Sector Business Continuity Manager of the Year
Industry Newcomer
Business Continuity Strategy of the Year
Business Continuity Service Provider of the Year
Industry Personality of the Year
Insurance Services Provider of the Year
Most Effective Recovery of the Year
Business Continuity Consultant
Cross-Border and Cross-Sector Continuity and Operational Risk Strategy
Most Innovative Product of the Year
Student of the Year
Data Storage Strategy of the Year.

To vote click on the CIR banner! or visit them directly at www.businesscontinuityawards.com.

Category Business Continuity Event _________________________________

Regional Launch Secure in the Knowledge

Date - 4th October - 08:30 to 12:00 Location - The Council House, College Green, Bristol

Following on from our “Ship Shape & Bristol Fashion" Event in May this year, the Council is pleased to announce that they will be hosting the Regional Launch of "Secure in the Knowledge" Business advice booklet and video.

Produced in partnership by the National Terrorism Security office and London First. The Launch will be hosted in the unique setting of the main conference hall in Bristol City Council House, and will include a Senior Figure from the Security world, along with accredited speakers and experts in the field of Business Continuity and national security.

Bristol is the regional capital of the South West and is home not only to many major businesses but also to over 13,000 small enterprises, providing employment and holding responsibility for many thousands of people.

It is expected that this prestigious event will attract a large audience, offering potential networking with businesses of all sizes in the local area. We urge early registration.

The morning event is offered free of charge to delegates and is aimed at offering businesses in the area unbiased and straightforward advice on Security, Business Continuity Management and Resilience Planning. Delegates are being invited from the Bristol and the SW region, and other interested parties. Please note that registration is required. 

Category Business Continuity Event _________________________________

Pan London Authority Forum 

Date - 29th September 2005 - London Please note this is a PRIVATE Forum delivered through our Public Sector Support programme. Attendees will be representatives of the 33 London Boroughs and/or relevant and connected partners only

THESE SESSIONS WILL BE STRICTLY GOVERNED BY THE CHATHAM HOUSE RULE Creating a Pan London Local Authority community for BCM Introduction The CCA was laid before parliament at the end of July 2005 together with regulations and guidance covering England. By Nov 15 2005 local authorities have to comply with the act, with the exception of the duty to promote BCM to wider community that comes into force on the 15th May 2006.

Resilience is defined as 'as the ability of the community, services, area or infrastructure to withstand the consequences of an incident'.

Business Continuity Seminar and Resilience Exhibition 25th October 2005 - Camberley Theatre - 09.30 - 14.00

Special Insurance Event 

Preference will be given in the first instance to Full Forum members and partners. Please note that this event is strictly hosted under CHATHAM HOUSE RULES.

Location: London Date: 20th September 2005 Special Presentation Event

Security in the workplace 

In recent years an increasing chunk of companies corporate security or business continuity budget has been spent on maintaining back-up sites where data can be stored or from which the business could be run in an emergency. However, security consultants point out that risk management begins at home with measures to safeguard company headquarters, branches, factories and greenfield sites.

For new buildings, once the nature of the risks to the business has been assessed, this means careful planning of the layout and configuration of the site or office and security professionals should be part of the process.  “Security needs to be incorporated at the earliest possible stage,  says Paul Burry, a senior consultant at Control Risks which advises clients on their physical security measures.  “In project teams security should be in there from the start - and it should not be the retro-fit or the bolt on later.  

Reseach finds that UK organisations are sitting ducks as they fail to plan for major disruptions

07 March 2005

UK organisations admit they are failing to protect key assets and the ability to function in the face of major disruptions, according to research published today by the Chartered Management Institute. The 2005 Business Continuity Management Survey uncovered alarming inactivity, with organisations ignoring threats to their business, neglecting the needs of their managers, and not communicating plans with employees.

The research, published in association with the Continuity Forum and VERITAS Software, does, at least, reveal increased levels of awareness about potential dangers to business. More than half (51 per cent) have a business continuity plan (BCP) in place a slight increase on each of the previous three years. However, the study also demonstrates varying attitudes to risk across business sectors and organisation size. Continuity management is most widespread amongst the banking sector and in organisations with a turnover of more than £11 million.

Threats to business Managers were asked to identify the threats most likely to have an impact on their organisation. Almost three-quarters (70 per cent) suggested that loss of IT capability was their top concern. Reflecting the tight labour market, managers also identified loss of skills (56 per cent) and loss of people (55 per cent) as major threats to their business.

It has also become clear that UK businesses are sitting ducks as most plans fail to cater for the disruptions being experienced by organisations. Despite an increase in incidents relating to loss of people (up to 41 from 25 per cent) and skills (up to 28 from 20 per cent) to hit organisations over the last twelve months, only a handful of BCPs cover staff issues.

Mary Chapman, chief executive of the Chartered Management Institute, commented "it is a matter of concern that many organisations still fall short when it comes to implementing thorough business continuity management strategies. However, the rising awareness of corporate governance responsibilities, and in particular the demands of the new Operating and Financial Review regulations should ensure that managers focus on the impact and cost that the loss of staff and services can have"

Demands for continuity management

A significant shift has also occurred over the past year, with external drivers influencing the extent of business continuity management (BCM). Corporate governance is considered the key reason (34 per cent, up from 24 per cent in 2004), followed by demands from insurers (25 per cent), central government (22 per cent) and auditors (20 per cent).

Encouragingly, in 27 per cent of organisations, the Board leads business continuity management. Budgetary control has also shifted into mainstream business operations, with 38 per cent of organisations ensuring BCM budgets are held at director. The research indicates that now only 9 per cent of organisations give financial control of BCM to risk managers and 5 per cent to IT directors, recognising the need to prioritise business continuity.

Dr David J Smith, principal consultant at EMEA BCM Practice at VERITAS Software, says: “When the number of remote workers increases, IT departments are under more pressure to ensure that core systems are always available; or can be recovered quickly should a system failure occur. Whilst UK businesses are making investments in this area, surprisingly few are communicating business continuity plans to staff - even though they recognise the need to do so. Disaster Recovery research in 2004 highlighted that there was a lack of regular rehearsals completed by businesses to ensure that such plans are comprehensive enough and it appears from this survey that there is still a long way to go before this practice becomes standard.

Inadequate preparation Respondents expressed anxiety over the lack of a communication chain about business continuity plans. Of those organisations with a plan in place, only 58 per cent regard their employees as a key audience to share continuity details with. Only 1 in 4 organisations have an awareness programme for all staff and just over half (53 per cent) provide additional training for specific, relevant, employees. The research also indicates that organisations do not rehearse the effectiveness of their BCPs.

In 2005, one-fifth of organisations admitted they never test their plan and, of those with a plan in place, only 52 per cent meet the minimum recommended frequency of rehearsing BCPs once a year.

The finance sector is most likely to ensure plans are robust, and the manufacturing sector comes bottom of this year's BCM rehearsal league table. Worryingly, the research indicates that business continuity management is still not part of UK organisation performance culture.

A total of 86 per cent claimed their rehearsals revealed shortcomings and 13 per cent admitted these problems had not been addressed. Nearly two-thirds (58 per cent) do not even measure BCM performance and 40 per cent of organisations with turnover of less than £10 million do not audit their continuity programme. The Continuity Forum, says: “The evidence suggests a small but consistent growth in business continuity management. Having a plan is not enough! Major steps still need to be taken as too many organisations are scraping by with inadequate and untested plans that expose them to unnecessary risk."

Further information, including case studies, can be obtained from: Chartered Management Institute:Mike Petrook / Gemma Bird Tel: 020 7497 0496 Outside office hours: 07931 302 877 Email: press.office@managers.org.uk Website: www.managers.org.uk

NOTES TO EDITORS As the champion of management, the Chartered Management Institute shapes and supports the managers of tomorrow, helping them deliver results in a dynamic world. The Institute helps set and raise standards in management, encouraging development to improve performance. Moreover, with in-depth research and regular policy surveys of its 74,000 individual members and 480 corporate members, the Institute has a deep understanding of the key issues. The Chartered Management Institute came into being on 1 April 2002, as a result of the Institute of Management being granted a Royal Charter.

The Continuity Forum is a member-focused organisation committed to building the resilience of organisations internationally, regardless of size or sector, through education and the promotion of best practice in Business Continuity Management and its related disciplines. The Forum is dedicated to aiding the growth and the development of the Continuity sector and appropriate standards. More information about Continuity Forum can be found at www.continuityforum.org

About VERITAS Software VERITAS Software, one of the 10 largest software companies in the world, is a leading provider of software to enable utility computing. In a utility computing model IT resources are aligned with business needs, and business applications are delivered with optimal performance and availability on top of shared computing infrastructure, minimizing hardware and labour costs. With 2003 revenues of $1.75 billion, VERITAS delivers products and services for data protection, storage & server management, high availability and application performance management that are used by 99 percent of the Fortune 500. More information about VERITAS Software can be found at www.veritas.com. Copyright © 2004 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS Logo, and Storage Replicator are trademarks or registered trademarks of VERITAS Software Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.