article

Recognising threat - the importance of pre-incident surveillance

The attacks in Paris on 13th November and London on 7/7 show the planning and preparation spent by terrorists and other groups in gathering information to assist with the target selection and operational planning. Any thought that these events occur by chance or on a whim should be banished.

What about Resilience?

Risk, Business Continuity and Resilience - are we getting the landscape right?
 
Business Continuity, Resilience and the Rhinos ear
 
Imagine trying to describe or just outline what a Rhinoceros looks like to someone when you have only have seen a small part of the whole animal yourself, perhaps just a foot or an ear.
 
Three toed camel or a resilient  Rhino? When you haven't seen the whole thing it makes it awkward at best, perhaps even impossible. Its certainly rather tricky eh?  You could end up with a Donkey, a three toed Camel or indeed a host of bizarre critters. To describe a Rhino properly you have got to step back and get the whole picture. (We know this is usually done with elephants, but we prefer a rhino for this analogy...  its an ear thing!)  
 
We’re using this example to illustrate one of the most interesting topics emerging across the Risk and Business Continuity Sectors  - Organizational Resilience! 
A lot of people are talking about it and the discussion underway is really interesting. 
 

Climate adaptation measures and our BCM approach - a user perspective

Business Continuity at Dentons - IntroductionDentons - Global Law firm - creating positive change
 
Dentons is a global law firm driven to provide clients a competitive edge in an increasingly complex and interconnected world. A top 20 firm on the Acritas 2013 Global Elite Brand Index, Dentons' clients benefit from approximately 2,600 lawyers and professionals in more than 75 locations spanning 50-plus countries across Africa, Asia Pacific, Canada, Central Asia, Europe, the Middle East, Russia and the CIS, the UK and the US.
 
The Firm serves the local, regional and global needs of a broad spectrum of clients, including private and public corporations; governments and government agencies; small businesses and start-ups; entrepreneurs; and individuals.
 

Managing Cyber Risk from the top down

 

Connecting Cyber & Information Security with Business at the Top 

Each month seems to bring us a new report showing that business needs to be doing more on the threats to their IT.  Almost daily there are media reports of companies systems being breached by hackers, of data being lost and increasingly sophisticated criminal activity.  The Internet has become ever more part of our business processes around the world bringing new dimensions of communication, information sharing and performance. Our companies IT systems are critical, not just to business performance, but to organisational survival. 

So you think you're an auditor?

submitted article
 
Why BCM Audit need special consideration You are implementing a business continuity management system (BCMS) for the first time and you discover that one of the requirements is to conduct “internal audits”. What do you do? Who should be the auditor? Do they need to be trained? All valid questions (along with scores of others which you will doubtless ask yourself) which invariably will be rushed through without much thought into what is trying to be achieved (apart from a tick in the BCMS/certification box). 
 
Done well, audits are an excellent way for your business to learn what’s working and what needs to be improved but done badly they soon become robotic and worse, potentially divisive. Internal audits are a requirement of any management system standard so if you are committed to implementing a meaningful BCMS you might as well do it properly from the outset.
 
 

Business Continuity - BS 25999, ISO 22301 and ISO 22313

 
Click to visit the BSI
In May 2012, the International Standardization Organization (ISO) published ISO 22301 – Business continuity management systems – Requirements.  Although this standard was long in the making the response has been very positive - and with the promise of ISO 22313 – Business continuity management – Guidance – before the end of this year, it seems it was worth the wait.  
 
ISO 22301 blends the requirements from several national standards, including those from the USA, Japan, Singapore, Canada and Australia.  The similarity with BS 25999-2, however, is most evident.  A comparison of the BS and ISO standards reveals little difference in the requirements.  And in Clause 8 of the ISO, where the business continuity programme requirements reside, the text is identical in many places.
 

What is business continuity?

 
What is Business Continuity?
 
Business Continuity is defined by the International Standards Organization as the: 
"capability of the organization to continue delivery of services or products at acceptable predefined levels following disruptive incidents"*
*Source ISO 22300 Vocabulary 
Why is Business Continuity important?
 
Organizations of all types and sizes, public and private are effected all the time by "disruptive incidents'. These can be extreme, such as a natural disaster or more likely something mundane, such as a burst water pipe, the loss of power or other services, ICT issues and other forms of incident that disrupts the normal work of the organization.  The disruption caused usually impacts on the capability of the organization to perform its normal activities and as a consequence impacts on customers or other stakeholders, adding additional costs and creating the potential for losses in financial and even social terms.
 

ISO 22301 ... Business Continuity, Red Tape and Seat belts

 
ISO22301 Business ContinuityThere has been some fairly active discussion on a few of the industry forums recently about how standards such as BS25999 and ISO22301 are being seen as potentially even more 'red tape' by many businesses and SME companies in particular.
 
A key comment made was that many smaller organisations are under tremendous pressure at the moment, with more loaded on them by adding Business Continuity to the mix through the new ISO. It was summed up by the title … "It's unlikely that SME's will welcome the new standard with open arms".  
 
While I have great sympathy with the position taken about the plethora of regulations, legislation and other seemingly nonsense GUMPF* that surrounds us and eats away our time, I confess unsurprisingly though it's very hard to agree this is at all valid when it comes to Business Continuity.
 

Supply Chain questionnaire for Business Continuity

 
In August 2011, Gayle Hedgecock was the guest speaker at BANG!  During an entertaining evening, she posed the question: "Just how many Continuity questionnaires must I fill in each year?"
 
In her case, it was scores of the things; others were lucky and had fewer to do, but it became clear that ALL the questionnaires were different, even though in reality they were asking the same questions.   It was just that the questions were phrased slightly differently, or were in a different order.  In some cases, they were asking questions that had little relevance to Continuity...
 

London Cyber Conference ends, but what next?

 
Business Continuity Forum opinion
London Cyber Conference
2011 
 
 
Over two days the London Cyber Conference 2011 delivered a truly international focal point to examine how our digital world is developing and share what needs to be done to keep the benefits, but remove some of the risks.  
 
With over 700 people from 60 countries there really was a global presence and the issues discussed in the plenary and private sessions clearly communicated the breadth of the challenges being faced in cyberspace.
 

Commons Transport Select Committee reports on winter travel chaos

 
Snow causes massive disruption across the UK The Commons Transport Select Committee has issued its report on last year's snow chaos that shut Heathrow airport and disabled significant parts of the rail network.
 
Many roads including motorways were badly affected and it is reported that £280 million was lost to the UK economy each day.
 

How Mass Notification has evolved

submitted article 
 
Frank Mahdavi of MIR3 looks at the how Mass Notification has become a mainstream Business Continuity tool. 
 
The Evolution of Mass Notification
 
Events that Heralded the Need - The Cold War
 
Electronic mass notification gained prominence in 1963 when the U.S. government implemented the Emergency Broadcast System (EBS) to quickly warn the entire population of any emergency. In that era, school children routinely participated in nuclear bomb safety drills, and many of us recall a voice declaring over the television or radio, “This is a test of the Emergency Broadcast System. For the next 60 seconds … this is only a test,” followed by a loud, one-minute tone.
 
That system was replaced in 1997 by the Emergency Alert System (EAS), designed to enable the President of the United States to speak to the entire country within minutes. The EAS also relies on TV and radio, but includes analog, digital, terrestrial, and satellite broadcast. EAS is effective for reaching a very large geographical area, but it isn’t flexible enough to target a specific area such as a county, city, or neighbourhood. Better solutions were needed for Emergency and Business Continuity Personnel. 
 

Thoughts on VSAT, Continuity and Resilience

 
Working in the business continuity field can be challenging, even frustrating, but sometimes there are moments of clarity, a time when you realise why the challenges and frustrations are worth the stress.
 
Over the past few months we have been working towards the launch of VSAT -  the vulnerability self-assessment toolkit with NACTSO.  It hasn't been too easy.  The public sector is under tremendous financial pressure and money is more than just a little tight.  For 18 months,  the Continuity Forum and NACTSO  have been working against time and budget constraints to develop a shared vision, something that can make a real difference to the safety and resilience of all our communities.
 

5 steps to avoid Airport misery

 
Submitted Article
 
For some time now question marks have been placed against airports and their Business Continuity and resilience capability. In the past year alone we have seen at close hand the global chaos caused by the volcanic ash cloud, while more recently we witnessed some of Europe’s leading airports struggle to maintain operational readiness during periods of heavy snowfall.
 
If we go back a little further there are other striking examples, all of which add to the pervading view that airports cannot cope effectively when placed under duress and that their Business Continuity need to be improved.
 

Maintaining continual improvement momentum in BCM

Does the phrase continual improvement turn you cold?
 
Do you feel under pressure to keep reinventing the Business Continuity Management System (BCMS) wheel?
 
What is continual improvement?
 
If you think that you have to find new ways to improve your Business Continuity system every day for the rest of your life, relax. Continual improvement is a state of mind as much as identifying tangible improvements.
 
Take a look at what is meant by the words continual and improvement. 
 
Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...