The popular yellow cover Dummies Guides from Wiley adds a new title to the series today focusing on Business Continuity. The Dummies Guide to Business Continuity has been published with support from the Cabinet Office especially to help support the 4.5 million small and medium sized enterprises in the UK understand, quickly apply and gain the benefits of good Business Continuity practices.
SMEs matter and are vital in supporting their local communities cope with disasters and that’s why the government ensured that the Strategic Defence and Security Review (SDSR) committed to help SMEs improve their resilience to civil emergencies. In partnership with the private sector, including the Continuity Forum and with sponsorship from the BCI and EPS, this new Dummies Guide aims to provide easy access to expert advice to help them prepare and cope with disruption of all kinds.
Global Continuity has signed agreements with Fusion Insurance Services and Oliva Underwriting Management to deliver Global Assist, GC's Business Continuity and Disaster Recovery Solution to the SME Sector and reduces potential costs for all parties.
In August 2009 the Council for Administration (CfA), actively supported by the Continuity Forum started work on the development of National Occupational Standards (NOS) in Business Continuity to support administrators, middle and senior management in SMEs when developing a Business Continuity Plan for their organisation. Throughout the project there has been an strong interest and extensive engagement from key stakeholders with a professional background in BCM as well as from non BCM experts who are involved in a supporting capacity.
After a lot of work and many consultations we are now able to present the first draft of a suite containing ten NOS describing the functions that are needed when working at operational (supporting roles) and strategic levels. Following long discussions we were able to incorporate the majority of recommendations made by our key stakeholders. The BCM NOS suite contains four NOS at operational level (admin support and one middle management level) and six NOS at strategic level. In time we are hoping to expand on the suite by adding new NOS as and when demand emerges.
Who is responsible for business continuity management?
BCM has grown out of the need to provide IT disaster recovery. While this has focused on IT systems and networks, business continuity management is broader in its scope and encompasses crisis management combined with business, as well as IT resumption. Drilling down from this top-level it will involve identifying key business functions and revenue sources as well as the need to maintain the reputation of the organization as whole.
Together, these factors make business continuity management the shared responsibility of an organization’s entire senior management, from the chief executive through to the line-of business managers who are responsible for crucial business processes. Although IT remains central to the business continuity process, IT management alone cannot determine which processes are critical to the business and how much the company should pay to protect those resources.
It is important that business continuity management has the full support of an organization’s most senior committee to ensure the initiative does not stall. One member of this committee should be made the overall sponsor with responsibility for initiating BCM across the entire organization. With this top level support it should be possible for the undoubted difficulties that will be faced in putting together the plan to be overcome.
An overall BCM co-ordinator should then be appointed to report directly to the senior committee member responsible. This person is ideally someone who understands the business structures and people. They require good programme management, communication and interpersonal skills and need to be a good team leader. In addition a budget must be allocated for the initial stages of the process. For larger organizations matrix team management is the best method to approach business continuity management. The team will be drawn from existing managers within key divisions and or locations.
It is expected that they will not be full time members of the team but will need to dedicate appropriate time to the BCM process.
Business Continuity Management principles
The Business Continuity Institute recommends that the following principles are utilized when devising and implementing a BCM plan:
· BCM is an integral part of corporate governance
· BCM activities must match, focus upon and directly support the business strategy and goals of the organization
· BCM must provide organizational resilience to optimize product and service availability
· BCM must optimize cost efficiencies
· BCM is a business management process that is undertaken because it adds value rather than because of governance or regulatory considerations * All BCM strategies, plans and solutions must be business owned and driven
Bearing these in mind it becomes easier to develop your BCM plan.
Overview of the BCM life-cycle
There are five steps that should be followed when developing a business continuity management plan:
1. Analyze your business
2. Assess the risks
3. Develop your strategy
4. Develop your plan
5. Rehearse the plan
Due to the rapidly changing nature of business conditions the process is not static, but cyclical.
Once you have worked through and completed step 5 it is necessary to go back to step 1 and review the whole process again to ensure that any external or internal changes have not made elements of the plan redundant.
Analyze your business
This is the first stage of the business continuity management life-cycle as it is necessary to understand at the outset exactly where your business is vulnerable. You will need the fullest possible understanding of the important processes inside your organization and between you and your customers and suppliers.
This stage of the process will also help to gain the involvement and understanding of other people and departments and will also help identify if any parts of the organization already have plans or procedures in-place to deal with an unplanned event.
Assess the risks
There are two aspects to every risk to your organization:
1. How likely is the risk to happen?
2. What effect will it have on your organization?
Business continuity management will provide a framework for assessing the impact of each one. Many organizations usually define their assessment in terms of cost. For example:
· How much could you afford to lose if an emergency prevented you from doing business for days, weeks or months?
· How would suppliers, customers and potential customers react if your business received adverse publicity because you were unprepared for an incident?
There are three ways to work with the information you have gathered to provide an assessment of the risks.
1. Ask ‘what if?’ questions.
2. Ask what the worst-case scenario is.
3. Ask what functions and people are essential, and when.
New consultancy and hosting service allows SMBs to protect vital applications from unplanned downtime
LONDON, 7th August 2008: STAR, the UK’s largest independent business ISP, is today launching its Critical Switch re-direction service to enable vital business applications to continue to function in the event of an unplanned server outage.
The terrorist attacks of September 11th should have been a wake call for the business community in Britain and across the world. However, nearly four years on, national surveys show nearly 49% of all UK businesses lack plans to keep the wheels turning if the unthinkable happens. Astonishingly, that number has only improved by 5% since the 9/11 attacks. Where there are plans – mostly among the larger and more regulated businesses – one fifth have never been tested.
Why has business been so slow to get its act together?
We watched as the 9/11 attacks unfurled, we watched the Madrid Bombings, we watched, as there were targeted attacks on business overseas. But an attitude of “it could never happen to us” permeated the wider business community.
Bombs, hurricanes, power cuts. What does it take to get small and medium-sized enterprises to prepare for the worst with a business continuity plan? The London Chamber of Commerce, whose members have suffered all of the above in the last 20 years, often on multiple occasions, believes that as many as 44 per cent of SMEs in the capital have no contingency plans.
Compliance pressures have forced large companies to put disaster recovery and business continuity plans in place, and now these companies are looking at their supply chains and have identified small and mid-sized suppliers as a source of risk, according to Simon Mingay, research vice president at analyst group Gartner.
Tighter integration of the supply chains means that companies have an increased dependency on the availability of their partners' IT systems, and so big companies are insisting that smaller suppliers get their houses in order if they want to do business.
National Audit Office lauches Self Assessment tools for Local Authorities
The Civil Contingencies Act supports the promotion of greater resilience among public agencies and the wider local community.
The Act makes now an appropriate time for authorities to review current arrangements. It promotes business continuity as well as emergency planning, recognising that preparedness is an issue for the whole local authority and the businesses within the area. There is no preferred structure for delivering the services covered by the bill. Much will depend on local issues (for example local hazards such as the number of COMAH sites; the internal arrangements of the local authority regarding risk management and links between emergency planning, risk and business continuity arrangements.)
As forecast by the Continuity Forum, pressure is mounting on Business to ensure that Business Continuity Plans are at the heart of an organisations planning.
Much of the reason is the fear from the sector that still too few organisations are developing an effective response to the risks facing Business, particularly with regard to major Terror attacks and other events, such as the Blackout in South London last winter and the Telecoms Failure in Manchester this Spring. The industry is also concerned about the effects of the recent weather events which have disrupted businesses across the UK and caused millions of pounds of damage.