archive

HP buying Synstar Plc

Consolidation of the UK BC & Services Sector continues

August 9th, 2004

Today the announcement was made to the Stock Exchange that HP intends to purchase Synstar Plc confirming rumours in the weekend press.

This purchase, valued at over £150m, will further increase the investment made by HP over the past two years and rivals the acquisitions of SG-RS by IBM earlier this year and SunGards purchase of Comdisco last year.

Up until a few years there was quite a choice of recovery centres available to business, but over the past few years we have seen Guardian, Comdisco and now Synstar being integrated within the far larger Multi-national, Multi-service vendors. This process of integration seems to be an essential part of the changing landscape of the BCM sector as it becomes not just an important issue, but a business critical one.

Currently the UK and European markets are changing rapidly and we believe these acquisitions are closely associated with the growth potential available in Europe as both Regulatory, Compliance and commercial issues highlight the need for far more organisations to invest in Best Practice Business Continuity Management.

While most of the UK Corporate markets do have some form of BCM planning in place, often these plans are relatively ‘compact’ in relation to the overall business, with the planners frequently having to compromise on the level of planning possible due to budgetary constraints. From research undertaken earlier this year we believe that there is still huge growth potential within the BC sector, with as much as 100%+ growth possible in some segments of the market. The opportunity for growth does not stop there as the Middle Tier of Enterprise companies are still predominantly operating with little more than basic DR planning in place. These plans, focused on only a limited number of business critical systems, will undoubtedly be expected to mature into more effective and acceptable BCM programmes as time passes and more ‘senior’ Corporate Partners increase the pressure on Supply Chain Partners to ‘upgrade’ their planning and general commitment to BCM.

In addition, further sector specific growth is anticipated next year (2005) as the UK Civil Contingency Bill (CCB) will be coming into effect and will be likely to focus the efforts of the Public Sector on a Local and National level and both support and broaden the BCM message to many more organisations of all types and sizes around the UK.

Our Market Trends surveys are continuing to indicate that growth in the SME sector is continuing at pace and this is being driven by middle tier organisations, with the huge potential for the BCM growth in the SME sector still remaining largely untapped by most service providers as they struggle to come to terms with appropriate offerings. With this in mind, it looks like HP has found the ideal acquisition to drive further revenue growth and increase Service Capability in Synstar Plc, who are particularly strong in both Regional and Middle Tier services, with an excellent reputation for Customer Loyalty and Service Performance.

With this acquisition of Synstar HP will undoubtedly increase its ability to compete in the UK market across all sectors, as well as extending the total number of Recovery Sites and facilities available around the country to HP clients.

If you have any questions please contact Sara Mckenna or Russell Price at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Manchester Tunnel Fire, March 2004, UK

Communications failure causes widespread disruption

Manchester’s communications infrastructure was thrown into chaos at the end of March with a widespread telecoms failure affecting over 130,000 lines.

The cause was a tunnel fire in the early hours of Monday 29th March in an underground tunnel many meters below surface level. Access difficulties and safety concerns for Fire Fighters added to the difficulties in bringing the blaze under control.

The UK is not alone in facing in facing a new age in terrorist threat, the risks around the world are greater than ever before and it is our responsibility to directly address the real dangers posed

Business and residential customers across a wide area of the North West of England suffered the complete loss of both voice and data capability, in most cases for over a week, and a cascade effect was seen with data hosting and call centres located within the affected area extending the effects across Britain and other countries.

Some disruption was also caused to mobile networks and Emergency Services Radio Networks. Estimates for the losses caused by this event are already ranging from £4.5 - £8 million a day, although once the full effects have been calculated we expect to see a total impact in the region of £50-60million. BT has commented saying that ‘an investigation is underway and once the facts have been established they will consider the issue of Compensation’.

However, from experience of previous disruptions of this we expect levels of compensation to be very low, typically some £50 per day affected for businesses and much less for residential customers. Some of those affected may be able to claim for business interruption through their insurance policies, but again previous experience points to difficulties in claiming and long settlement times for those ultimately successful.

The broader issues raised by this event are extensive and through our recent Telecoms & Resilience group activities we have highlighted the vulnerability of organisations of ALL types to serious disruption caused by Telecoms failure.

Last November at our Telecoms and Resilience event, the Continuity Forum, Home Office and OFCOM urged business to urgently take greater steps to ensure Telecoms Resilience throughout their operations. Continuity Forum research has shown that in most businesses, even those with BC plans, very little provision is made for Telecoms Continuity. Service Providers were also urged to increase their abilities to work with Planners and increase both the access to, and accuracy of, information needed to identify single points of failure.

Critically a number of organisations have contacted the Continuity Forum highlighting the effect of NOT having access to this data. They had all implemented a dual supply policy for much of their critical communications, only to discover through this event that the routing taken by suppliers was common resulting in complete failure. Needless to say these organisations are very disturbed by this experience and want suppliers to work together to avoid a repeat instance of this event and they are also intending to vigorously pursue legal action should ‘significant and substantial compensation’ not be forthcoming in the very near future.

The cascade effect also extended the reach of this event to international companies in the US and beyond, even reaching Afghanistan! Web servers located in the region were affected and this caused serious disruption to many smaller businesses using the services of ISP’s to host and manage Web sites and email. Speaking to one of the affected companies in Surrey the Forum was told that they had lost revenue amounting to approximately £10,000 per day and they had had great difficulties in contacting their ISP to resolve matters. The Continuity Forum has commenced the Case Study process and will report back to members on the effects of this event and the lessons that can be learned from it.

If you have any information on the effects on your organisation we would be delighted to hear from you, as always, in the strictest confidence. Contact the Forum directly on 020 8993 1599 or info@continuityforum.org

Check out the Downloads in the FORUM area!

The Continuity Forum provides information and support directly to our members and you can contact us via Phone or Email with any questions you may have related to Business Continuity. In addition to this unique level of service, we provide a constantly growing and diverse range of materials in the Download and Discussion Forum (accessed through the FORUM link on the top bar).

We are keen to develop this further and would urge you to register with with us through this Website, which is required before access can be granted. You'll then be able to both download materials that interest you and upload materials that you have found useful for other professionals to view and us.

Registration is easy and FREE and should only take 30 seconds to complete.

Registration will also facilitate 'Early Bird' Notification for our seminars and workshops giving you priority access to our highly regarded events and enabling you to meet Leading Experts from all areas of our professions disciplines.

You can contact us directly on info@Continuityforum.org

If you have any questions or queries please contact the Continuity Forum on 020 8993 1599 or via email on info@Continuityforum.org

We would also like to encourage you to send in any White Papers, research, template plans or any other material you have developed enabling the content to be shared with a far wider audience.

If you want to get more involved with the Forum and our work, why not join in our active Forum and events schedule or even the Workshops, which are soon to be greatly extended and which provides you with a great way to keep up to date on current issues and develop your professional skill and awareness

You can contact us directly on info@Continuityforum.org

If you have any questions or queries please contact the Continuity Forum on 020 8993 1599 or via email on info@Continuityforum.org

Self Assessment Toolkit for the Public Sector National Audit Office lauches Self Assessment tools for Local Authorities

The Civil Contingencies Bill supports the promotion of greater resilience among public agencies and the wider local community.

The bill makes now an appropriate time for authorities to review current arrangements. It promotes business continuity as well as emergency planning, recognising that preparedness is an issue for the whole local authority and the businesses within the area.

There is no preferred structure for delivering the services covered by the bill. Much will depend on local issues (for example local hazards such as the number of COMAH sites; the internal arrangements of the local authority regarding risk management and links between emergency planning, risk and business continuity arrangements.) Authorities also need to contribute to local multi-agency strategic work and to the development of regional and national agendas. Business/service continuity arrangements are an issue for all services.

In areas of joint arrangements many specific emergency planning responsibilities lie with the responsible or contracted authority. However, all authorities need clarity about who would be responsible for responding to an internal or external emergency on behalf of the authority; effective arrangements for contacting those people, including out of hours; and a clear system for control and communication during emergencies.

Individuals who may form any emergency response team are likely to benefit from appropriate training. The effectiveness of arrangements can only be reviewed and validated through regular exercises. Reviews and learning based on those exercises and on actual incidents in an authority, or in other authorities, can then feed into improvements. In June 2004 the Forum started to provided Local Authorities and other groups with the resources and expertise to run and manage a variety of Business Continuity events around the whole of the UK designed to boost awareness and connect with local businesses.

Russell Price, Chairman of the Continuity Forum, commenting on this announcement from the NAO says: “The importance of effective Emergency Planning and BCM within our local Authorities is clear and the current CCB proposals are for the first time placing responsibilities on the public sector to ensure that both their own BCM plans are effective and that local business are encouraged to adopt BCM to boost local resilience to disruption events. We are commited to support Local Authorities with this work and have already supported a nuimber of initiatives around the UK. ANY Regional or Local group needing support, assistance or guidance can contact us and we'll help develop Materials, Guidance and even local Events to promote BC both internally and externally.”

The Continuity Forum is providing an extensive range of free support services to assist UK authoroities develop the awareness and proactive planning and management in a wider range of businesses across the UK.

Our Guidance has been developed in conjunction with a number of Local Authorities and is completely NON commercial in nature, thereby fully meeting the needs of the PUBLIC Sector whilst not compromising on the either the quality or content of the advice and support. The Bill makes it clear that there is a duty on Local Authorities to engage with Business for the promotion of Business Continuity Planning and recognises the role that indepedent groups can offer in this space.

The Continuity forum is once again leading the way by bringing information and knowledge on the issues to a new audience enabling a greater level of National awareness and importantly, support for both the Local Businesses and the Authorities. The programme has already started with a very succesful event, held in conjunction with the Corporation of London during June, and will now rollout to other parts of the UK.

All feedback recieved has been excellent and we are now confident that with the Local Authority sector and the Continuity Forum working in Union we can bring the benefits of BCM many more organisations across the country and improve the quality of both planning and local liaison.

For more information or to join the programme please contact the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org If you have any questions please do contact us at the Continuity Forum, you can either mail us on events@continuityforum.org or call us on 020 8993 1599.

To visit this new section, click Here

As part of the overall provision of UK civil protection Local Authorities, Emergency Services and parts of the NHS (Category 1 responders) in England and Wales are now required by law to have established effective business continuity management. They must ensure they can continue to perform their functions in the event of an emergency.

This relates to all the functions of a Category 1 responder, not just its civil protection functions. In order to help others in the event of an emergency, they first need to be able to keep their own crisis response capabilities going.

Business must plan for the worst and hope for the best 

By Jo Valentine Chief Executive London First (supported by the Continuity Forum)

The terrorist attacks of September 11th should have been a wake call for the business community in Britain and across the world. However, nearly four years on, national surveys show nearly 49% of all UK businesses lack plans to keep the wheels turning if the unthinkable happens. Astonishingly, that number has only improved by 5% since the 9/11 attacks. Where there are plans – mostly among the larger and more regulated businesses – one fifth have never been tested.

After a terrible series of events, the spirit of the capital remains unbowed, but there will still be lessons to learn.

The widespread disruption caused travel chaos in Central London with many resorting to walking for many hours to get home.

Schools were open late to allow parents time to get home resulting in many Shops and Offices closing for the day. Travel is likely to continue to be affected during the day as people assess and reflect on the day’s events, but London is well on the way to resuming Business as Usual.

Shares in drugs company Phytopharm fell sharply after animal rights activists scared off its broker.

Canaccord Capital resigned as broker to Phytopharm yesterday – less than a month after a firebomb attack targeted its European finance director.

A website linked to the Animal Liberation Front claimed responsibility for planting the incendiary device which set fire to Michael Kendall’s car. The ALF says Phytopharm has links with animal testing group Huntington Life Sciences. HSL is a long-standing target for protesters.

Information  could have been used to clone credit cards

Police are investigating reports that an Indian call centre worker sold the bank account details of 1,000 UK customers to an undercover reporter.
The Sun claims one of its journalists bought the personal details from an IT worker in Delhi for £4.25 each.

They included account holders' secret passwords, addresses, phone numbers and passport details, it reports.

City of London Police has begun an investigation after being handed a dossier by the newspaper.

While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare City of London Police

The centre worker reportedly told the Sun he could sell up to 200,000 account details each month.

Details handed to the reporter had been examined by a security expert who had indicated they were genuine, the paper said.

The information passed on could have been used to raid the accounts of victims or to clone credit cards.

'Reflect on decision'

More than one bank is thought to be involved in the fraud.

A police spokeswoman said officers were not yet aware of "the breadth of what we are going to be investigating".

"While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare," she said.

The Amicus union said it had warned of the "data protection implications" of offshoring financial services.

"Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence," senior finance officer Dave Fleming said.

Continuity Forum Comment

In the past few months we have seen an increased media focus on the security of Electronic Banking Systems with both TV and Print news sources citing alarming lapses in the procedures followed.

While technology can go a long way to 'secure' information there remains for many the issue of the 'insider'.

Whilst a lot of time and money is spent combating external Security threats it appears as though there is still some way to go to protect the organisation and its stakeholders from the actions of someone on the 'inside'. Whatever the motivation, Greed or Revenge, the threat posed can be far greater both in financial terms and in damage to the Reputation of the organisation.

To help you consider the risks to your organisation we have listed below some of the common characteristics of the 'insider' below:

Insider Characteristics

The majority of the insiders were former employees.

• At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors.

• The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization.

• Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-time, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor.

• Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives.

Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status.

• The insiders ranged in age from 17 to 60 years (mean age = 32 years) and represented a variety of racial and ethnic backgrounds.

• Ninety-six percent of the insiders were male.

• Forty-nine percent of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced.

• Thirty percent of the insiders had been arrested previously, including arrests for violent offences (18%), alcohol or drug related offences (11%), and nonfinancial/
fraud related theft offences (11%).

Organization Characteristics

The incidents affected organizations in the following critical infrastructure sectors:

• banking and finance (8%)

• continuity of government (16%)

• defence industrial base (2%)

• food (4%)

• information and telecommunications (63%)

• postal and shipping (2%)

• public health (4%)

In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally.

Below we have outlined some of the effects on the organisation:

Consequences for Targeted Organizations

Key Findings

• Insider activities caused organizations financial losses, negative impacts to their
business operations and damage to their reputations.

• Incidents affected the organizations’ data, systems/networks, and components.

• Various aspects of organizations were targeted for sabotage by the insider.

• In addition to harming the organizations, the insiders caused harm to specific
individuals.

Supporting Data

Eighty-one percent of the organizations experienced a negative financial impact as a
result of the insiders’ activities. The losses ranged from a reported low of $500 to a
reported high of “tens of millions of dollars.” The chart below represents the percentage
of organizations experiencing financial losses within broad categories.
Percentage of Organizations Financial Loss

For the full 45 page Report or to comment on this piece please mail us HERE! or call Russell Price directly on +44 (0) 208 993 1599.

The banking firm has written to customers whose information was stored on computer tapes that were lost last month by courier UPS in transit to a credit office.

The Government remains on track to bring the bulk of the duties in Part 1 of the Act fully into force in November 2005.

The Continuity Forum’s mission is to build the resilience of organisations internationally, regardless of size or sector, through education and the promotion of best practice in Business Continuity Management and its related disciplines. The Forum is dedicated to aiding the growth and the development of the Continuity sector and appropriate standards.

One of our key aims is to lobby government, regulators and industry to recognise the vital importance and contribution of Business Continuity Management and its related disciplines to organisations and the need to establish a culture of embedded Continuity

We support this aim by

· Encouraging the development of BCM through co-operation and collaboration with all organisations relevant to the development of the sector.

· Engaging government, regulators and trade bodies to promote BCM and encourage adherence to recognised standards for BCM and professional practice.

In support of this approach Continuity Forum has, the in past 12 months, has built upon existing relationships and established new relationships with appropriate organisations. Examples of these relationships and activities are shown below:

British Standards Institution (BSI) – Continuity Forum have been working with BSI on the proposal to create a BCM standard and will sit on the sub-committee that will create the new high level standard based on PAS 56. Continuity Forum is also exploring other possibilities for guides that related to elements of BCM.

Chartered Institute of Public Finance and Accountancy (CIPFA) is one of the leading professional accountancy bodies in the UK and the only one that specialises in the public services. It is responsible for the education and training of professional accountants and for their regulation through the setting and monitoring of professional standards. John Sharp is a member of the Resilience sub group on the Better Governance Forum providing BCM input.

Chartered Management Institute (CMI) – Continuity Forum, working with one of their Gold Members – Veritas, are supporting the sixth annual survey into Business Continuity Awareness amongst general managers to discover what the key causes behind business disruption have been over the past twelve months and explore the impact that these interruptions have had. The report will also offer insights into UK organisations' preparedness for disaster and track changes in attitudes since 1999. The research, scheduled to be launched in March in support of Business Continuity Awareness Week.

City of London Police – Continuity Forum has formed a relationship with the City of London Police and are working with them to ensure appropriate BCM advice is available through the Police website.

Civil Contingencies Secretariat – John Sharp has been an active member of the teams writing the draft guidance and regulations supporting the new Civil Contingencies Act. Initially he worked with the Civil Contingencies Secretariat on the background to the Bill and subsequently provided input to the BCM Planning and Promotion sections of the draft guidance.

European Telecoms Resilience and Recovery Association (ECTR2A) is a EU funded body with a remit to improve telecommunications resilience and suppliers and organisations. John Sharp is a member of the Advisory Board providing BCM input.

London Resilience Team – Government Office for London. John Sharp has been an active member of the LRT Business and Critical Infrastructure Teams. He currently sits on two working parties, one looking at how BCM can be included in new Corporate Governance regulations and the other concerned with improving the promotion of BCM to the wider business community across London. Continuity Forum is also working to ensure that LRT gain maximum exposure for its work during Business Continuity Awareness Week 2005, (13 - 18 March 2005).

Metropolitan Police – John Sharp has been a member of the Met Police executive team for BCM for some time, providing high-level advice on improving the continuity capabilities of the police service in the greater London area.

National Counter Terrorism Security Office (NaCTSO) is a specialist police organisation co-located with the Security Service in the National Security Advice Centre (NSAC). The organisation co-ordinates a nationwide network of specialist police advisors known as Counter Terrorist Security Advisors who can offer help on counter terrorism security. Continuity Forum has a long-standing relationship with NaCTSO proving help and assistance on BCM. The Forum is currently providing input on a new Security publication being produced by NaCTSO and London First.

National Infrastructure Security Co-ordination Centre (NISCC) is an interdepartmental organisation set up to co-ordinate and develop existing work within Government departments and agencies and organisations in the private sector to defend the CNI against electronic attack. Continuity Forum have established a relationship with NISCC to explore how the use of their new Warning, Advising and Reporting tool (WARP) can be used to improve the communication of BCM issues.

Scottish Business Crime Centre is a non-profit making organisation created in 1996 under the Business Crime Reduction Strategy for Scotland, to establish a unique partnership approach between the Police, business community and Government. The main function of the Centre is to provide practical advice to the business/commercial sectors on how to develop business crime reduction and prevention strategies. Continuity Forum is very active in providing BCM advice to the Centre and to their audiences.

In addition to the above activities Continuity Forum is working with many other organisations including ALARM, Bank of England, British Bankers Association. Business Link for London, CBI, City of London Emergency Liaison Team, Communications Managers Association, Federation of Small Business, FSA, Home Office, IoD, London Chambers of Commerce, London Connects and OFCOM.

CMI and Continuity Forum Research 

The Continuity Forum and the Chartered Management Institute have joined forces this year to undertake the 6th annual survey into Business Continuity Management.

Supported by Veritas this project will continue to provide the most detailed and extensive Research available into management attitudes towards BCM, which has proven key in supporting our Industry development.

Business continuity and disaster recovery fundamentals are strong in Singapore because of its: Strategic geographical location - Free from natural disasters such as earthquakes and typhoons, Singapore is well known as a major financial, transportation and infocomm hub, and is home to more than 7,000 multinational corporations. Many use it as a launch pad to expand into the region.