archive

While the likelihood of the complete destruction of a building may be statistically small, the potential for impact on a business is huge. Additionally, it is not always the complete destruction of a facility that can deny access to it. For example, fires in neighbouring buildings, flooding and similar events can severely limit the accessibility of a location.

Therefore, the likelihood and impact are clearly not separate issues, and must be considered carefully as part of the overall risk assessment process.

Facilities present the business with a highly diverse range of risks to assess, which must include all eventualities, from the total loss, through denial of access (for whatever reason) right through to a minimal loss of one vital section of the building.

However, once the building assessment is complete, how can a company most effectively provide adequate and appropriate alternatives, without the cost of the exercise outstripping the likely cost of event? Can self-owned properties ease the burden? Can your staff work effectively (and unsupervised) from home? Are the technology and Telecoms connections effective to enable this? Does your business have generators in place to permit Disaster Recovery solutions to operate from the car park? Can you even access the car park?

This section is aimed as dispelling some of the mystery behind the effective management and planning for the facilities of your business. Once again, we encourage those with direct and relevant experience to share their information, and to assist those just starting to understand that this seemingly complex, time consuming and costly process can be the difference between surviving and thriving, before, during and after the event.

Companies are learning that Brand and Reputation issues can wound companies very quickly indeed. It is sometimes said, “In the modern world information travels at the speed of light, but bad news travels faster!”

Any issue that affects the way in which your organisation is perceived needs to be addressed quickly and decisively; having a plan developed ahead of time is vital to ensure clear communications during what could be very confusing times. Getting your message out quickly and clearly could be the difference between success and failure and certainly is key in mitigating the commercial impact.

Visit the Brand & Reputation forum

In addition to our Terrorism & Business report, the Continuity Forum is also working closely with London Resilience, The Civil Contingencies Secretariat, the Emergency Planning Society and others to assist business to establish workable solutions.

It has been stated that it is a case not of IF a terrorist attack will occur, but WHEN. However, it is equally clear that 30 years of Irish activism means that the UK is well placed to have an already established body of knowledge in how to plan for such attacks, and their impacts. Using this existing information, and building upon it to take recent ‘developments’ in terrorism into account, the Continuity Forum already has its first Forum Development Group well underway, the event took place in London on 4th September. This is being continued online via our Terrorism & CBRN group, where discussions and idea sharing will continue. There will be no time limit on this online section; it will continue as long as our members wish to discuss the topic, with the chairman offering guidance on any new potential topics.

It is a key goal of the Continuity Forum to continue to assist all organisations, of all sizes and regardless of their location, to understand and implement appropriate procedures for terrorist events in their region. By ensuring that open communications can be in place for the blue light services, local and centralised government and ‘experts’ in all the related fields, the Forum aims to assist business to have ready established plans, and hopefully eliminate at least some of the ‘fear factor’ that such events bring. While it is self-evident that in an event, blue light services will have the final say in all cases, business can be of great use to these services by ensuring that their staff and visitors know, in advance, what is likely to be expected of them, and how to ensure that the business is prepared.

In addition, the Continuity Forum is keen to liaise with Civil Authorities to develop the awareness of and preparedness for issues and can support local initiatives with a range of informative material developed to educate Business.

We have also provided a discussion area in the FDG section of this site to enable communication between all parts of industry and Government on the issues and to source advice and help in tackling the problems you face. Click here to visit the Terrorism forum. We are also looking to provide a closed FDG specifically for members of Civil Emergency groups and the Blue Light services, in conjunction with relevant groups. Please mail us if you think you could contribute to or benefit from this proposed group at Emerplanning@Continuityforum.org .

Our expertise is available free of charge to all bodies and we look forward to working with you in the future.

London Resilience

Emergency Planning Society

International Association of Emergency Planners

Without communications, there is no continuity. Communications are vital to the success of business during ‘normal’ working operations, and even more so during an event. Without the ability to communicate with your customers, suppliers and other stakeholders, relatively minor events rapidly become major crises.

However, our research has shown that telecommunications continuity is almost taken for granted; it is assumed that the telephones will work, it is assumed that there will be no issue with direct dial numbers, and it is assumed that the telecommunications companies themselves have plans in place to assist. Yet in most cases very little thought appears to be given to the considerations of Telecommunications infrastructure. In order to manage the continuity and recovery efforts effectively it is vital that the organisation retains the ability to communicate during a crisis or continuity event.

Even in the most focused BC environment, planning for communication resilience can be difficult and confusing. Organisations must consider the carrier and network options, carefully considering the critical flow of traffic and ensuring real dual routing is available and not undermined by common points in the network, which could prove the weak link in the plan!

This vital aspect of your own business must be addressed, in advance, or else it is likely that should you be badly affected by an event your organisation will suffer severely. Without the ability to communicate, it is impossible to let your customers know that you are coping with the event or indeed what they should do next!

Failure to manage communications with clients has consistently shown itself to be a MAJOR component cost of Continuity Events, and in many case studies this single factor has attributed to more than 50% of the total cost of impact to the business. By focusing a little time and effort on building a more resilient communications structure, companies are actually addressing the real issues affecting the cost and revenue impacts, which are broadly speaking communication, information and confidence.

The rapid development of new technology over the past decade has dramatically increased the complexity of the modern business.

For every new step forward in capability, it can be argued there is a new risk. Twenty years ago, the thought of a handheld PC connected via a mobile phone to the corporate network was but a dream. Today, it is a reality, and one that can be exploited by business to enhance all areas of its capabilities.

Unfortunately, these developments also create new threats. With the advent and adoption of mobile computing, and Tele-working along with the Internet, the potential for disruption and consequently serious failure has escalated rapidly.

Yet very few businesses consider these risks until it is too late. Our focus on broad technology developments and research into the effects and consequences of failure or disruption provides a vital insight into how the traditional view of planning needs to incorporate these technical leaps. What is cutting edge today becomes mainstream tomorrow.

Through our work, addressing the issues faced by those at the frontiers of technology, we hope to ensure that continuity considerations are included in these developments. In addition, technology will play a key part in the creation of new solutions, solutions that will hopefully ease the BCM process for a wider audience of users, facilitating access to relevant and viable services solving many of key problems facing BCM planners today.

We will be providing regular bulletins on important technology developments, and will provide advisory services to all organisations and manufacturers keen to build the resilience of their products in the context of the client environment. We have already undertaken extensive research into areas such as high availability, software, and will continue this work over the coming years.

Click here to visit the Technology forum.

Most Small Businesses have no Continuity Plans at all. Indeed, the vast majority have given little or no thought to how they would cope following even a minor Continuity event. This leads inevitably to major problems and hugely increased costs for what is essentially the most vulnerable business community of all.

The issues for small businesses vary hugely and need to be addressed very carefully as there are most often serious limitations concerning budgets and the skills available. These limitations tend to result in a head in the sand (or what we call the ‘Ostrich attitude’) to BCM, but by avoiding the topic the management are condemning their business to higher costs and a far greater chance of business closure following an event.

By working with other business groups, notably the Institute of Directors and the Confederation of British Industry, we are determined to raise the awareness of the issues and committed to providing proactive support to these groups to develop far better focus on Continuity with the small business sector.

To achieve this we are building partnerships with experts and business leaders to create a Small Business Model BCM, which addresses the key issues of Insurance and Key Risk Management. This model will highlight the essential areas of planning that will mean survival rather than closure for what is essentially the largest segment of the UK economy.

In addition we are producing guides for both our members and these other business organisations, which detail best practice advice and other materials that will increase the adoption of BCM within this key sector.

We are also providing support services to local authorities and chambers of commerce, aimed at increasing awareness locally.

And further, we will be hosting regular sessions for these groups around the country, advocating greater thought and commitment to Business Continuity and its related disciplines in the Small Business Sector.

We have already invested considerable time and effort in research into this area over the past two years and we are very well placed with our current levels of data to support both vendors interested in addressing this sectors needs for flexible and adaptive services, or from businesses keen to develop BCM internally.

We would be delighted to hear from organisations who can help us with this work or who wish to gain the support of the Forum for initiatives that support BCM within the Small Business Sector.

Please do mail us at:
Smallbusiness@Continuityforum.org
to find out how we can help you or your group.

UPDATE: Please check out out our latest SME event - details are available form the link below

Click here to visit the BC & SMEs forum.

The Continuity Forum was the first to promote the direct linkage of Insurance and continuity practices. Our Continuity & Recovery 2000 report showed that few companies were able to see these connections, yet appropriate, thorough and company wide Continuity Management practices can clearly demonstrate to Insurers that risk mitigation has been carried out, enabling a lower risk profile.

The facilities required by the modern organisation can be very diverse and range from the crystal palace associated with the modern finance company, through to huge hangar like production facilities. Creating Continuity with such a wide range of needs is always going to be problematic.

The concentration on office based recovery facilities has pretty much been the focus of the industry for the last decade, and available resources vary tremendously in their style, suitability and capability.

In addition, in the context of continuity, facilities should also address the complex issues faced by landlords and buildings with multiple occupancy and extend to cover special facilities such as leisure centres, health clubs and so on, each brining their own unique problems.

The Continuity Forum has a wealth of experience in some of these areas, but needs to develop a broader view that relates to specific industries. In the coming year both through our FDG’s and our independent research, we would like to work with organisations who can provide insight into the challenges they face, and help us create innovative solutions.

Further, we are creating a directory of resources and if there is sufficient industry support, a further register for ‘reciprocal agreements’ among similar organisations for shared arrangements during a major disruption.

According to a recent poll, employees represent the biggest single threat to any company. And while temps have often come in for stick because of the threat more nomadic staff can pose, especially the sales team, with their eye on business critical data, that really needs to be watched - if only for their own sake. With a combined 33.3% Employee caused issues were the biggest threat feared and this was broken down into Employee error (17.2%)and Malicious Employee behaviour (13.1%) - meaning almost a third of respondents fear the activity, whether intentional or not, of their staff.

Spyware was next up, cited by 27.8 per cent of respondents, with viruses being cited by 20.5 per cent, followed by phishing (11.3 per cent) and hacking (10.5 per cent). Separate research from Unisys reveals that 51 per cent of security managers believe negligent or malicious employees are a significant threat to their business.

Mark Thomas, head of security at Logicalis, said: "One of the biggest problems is that everybody comes into a company on day one, signs the email and internet usage policy and that's the last they think about it."

Many companies have made a rod for their own backs by turning a blind eye to many behaviours which are technically in breach of the rules, he added. And he believes the problem is out of control, with a raft of consumer gadgets and portable storage devices travelling in and out of organisations each day and staff making free with email, IM and their internet access and storing illegal copyrighted files on the network. "If you walked out of your office four years ago with a 40Gb hard drive under your arm you would be arrested but that's exactly what people are doing every day." The problem, especially where companies losing track of their data is concerned, isn't helped by the form factor of increasingly scaled down storage devices. "The mediums are almost impossible to control and they will continue to grow in numbers. So companies have to secure their data."

The far and wide distribution of data outside the organisation also creates problems, said Gary Clark, VP EMEA at encryption specialist SafeNet. The more well-travelled data becomes, on phones, laptops, handhelds, over networks, site to site and on portable storage devices, the greater the chance it will be lost or stolen along the way. But before implementing any measures which will change and limit the way employees can interact with data within the organisation, companies need to make sure staff know why they are doing it, said Logicalis' Thomas. "They need to say, we're not doing this because we're being Big Brother. They need to convey the message as to why security is important and they need to get people to buy in to this."

Thomas added that companies could do worse than start with their sales team. Often the sales team will include the biggest gadget fans who act as their own administrator, he said. They are also frequently the ones with most direct access to business critical data which can be compromised either accidentally or maliciously. "It's the sales guys you need to watch, you need to know if they're emailing all your sales lists to their Hotmail accounts."

END

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna or Russell at the Continuity Forum directly on <b>020 8993 1599</b> or <a href="mailto:info@continuityforum.org">info@continuityforum.org</a>

In a new trading update MFI has now revealed the full scale of the problems estimating that an increased level of refunds has reduced customer orders by £30m since the introduction of the new supply chain systems in March. MFI has also taken a hit with a one-off cost of £16m on additional deliveries and call centre and technical costs resulting from the systems issues. An additional incremental investment of £8m per year will also now be pumped into additional supply chain resources, including staff.

As forecast by the Continuity Forum, pressure is mounting on Business to ensure that Business Continuity Plans are at the heart of an organisations planning.

Much of the reason is the fear from the sector that still too few organisations are developing an effective response to the risks facing Business, particularly with regard to major Terror attacks and other events, such as the Blackout in South London last winter and the Telecoms Failure in Manchester this Spring. The industry is also concerned about the effects of the recent weather events which have disrupted businesses across the UK and caused millions of pounds of damage.