Professional Documents
Culture Documents
High Jump?
Consultancy
Information Security
Business Continuity
Physical Security
Government
Accreditation
Data Protection
PCI Compliance
Services
Workshops
Seminars
Presentations
Training
Expertise
Terrible pun, I know. But if you saw something called 'Business continuity planning for
the Olympics' you might stop reading. But please don't! I am going to try something
that no-one else has ever done before; make business continuity FUN! I did think about
trying to something else that no one had ever done before and beat the Cuban Javier
Sotomayor's 1993 high jump world record of 2.45 metres (8 foot and half an inch in old
money) but I have a gammy knee. You can watch the amazing Senor Sotomayor strut
his stuff here in a 10 second video (no sound):
Lead Auditors
CLAS Consultants
ISO 27001
ISO 22301
PRINCE2
IT Security
[youtube=http://www.youtube.com/watch?v=eM24YXSpidU]
It is fair to say that good, earnest BC professionals like myself have, to date, largely
failed to capture the imagination of the man in the street, the man on the Clapham
omnibus, or in fact any man, woman, child, dog, cat (apart from the one pictured) or
mammal of any description. And it is unlikely that any career's advisor has ever had
their door beaten down by eager Year 11s desperate to know the best career path in to
BC management. Which is a shame really, because a Dara O'Briain (think 'Mock The
Week') observed, "Business continuity is brilliant." (Google it. I can't link you to it. Too
expert
integrated
independent
Advent IM Ltd 2014
Consultancy
Information Security
Business Continuity
Physical Security
Government
Accreditation
Data Protection
PCI Compliance
- identify the right management sponsor(s). They should have an interest in the
continuity of the company from a reputational, financial, or just practical point of view
- Sell, sell, sell! What are your business's BC 'drivers'? Is it financial? BC planning can
cost almost nothing, but can save you a lot of money in the event of disruption to your
income. Is it cultural? If you have a strong welfare culture the first tenet of BC planning
is always the preservation of life. Is it practical? Do your customers expect you to have
BC plans in place and are you sure that your key suppliers will continue to be there for
you during a disruption? In a recent exercise one of our clients asked over 30 of their
major suppliers to provide them with copies of their BC plans. Only two could!
- Publicise the fact that you are doing this and why you are doing it to the rest of the
organisation (or that part of the organisation your BC project covers)
FACT: In a 2011 survey 85% of respondent organisations had experienced supply chain
disruption in the past year and you might not be in the South East, but your suppliers,
or even their suppliers, might be
(http://www.bcifiles.com/SupplyChainResilience2011PublicVersion.pdf)
Services
Workshops
Seminars
Presentations
Training
Expertise
Lead Auditors
CLAS Consultants
ISO 27001
ISO 22301
PRINCE2
IT Security
expert
integrated
independent
Advent IM Ltd 2014
may choose to prepare a pro-forma for them to complete and this information will
form the bedrock of your BC plans. Generally the sorts of things you would ask for are:
- their key business activities (e.g. for HR this might be Recruitment, reward and
employee engagement)
- the resources (people, technology, information, premises and so on) these activities
are dependent on)
- the impact on the business of not doing these activities
- how soon we would want these activities restored in a period of disruption; and
- how much electronic information they can tolerate losing in a disruption
Day 40: Bringing it all together
Consultancy
Information Security
Business Continuity
Physical Security
Government
Accreditation
Data Protection
PCI Compliance
Most sportsmen and women have a strategy. For Javier it would have been which
heights to Pass or Attempt. And you will need a strategy as well.
Obviously you cant just stick all the information gathered in to a folder, photocopy it
umpteen times, and present it to the business as their BC Plan. They would rightly think
this a bit crummy. The information gathered needs some kind of rationalisation and this
is where you start to develop your embryonic Plan. You should be able to categorise the
information from your representatives in to thematic areas. E.g. Systems, People,
Premises and Accommodation [some extra info for Hotels coming very soon] Suppliers
and so on. This can be rough bullet points or something more substantial. You then
need to find people to turn these thematic areas in to chapters for your Plan. This could
be the same or different people who provided you with the information in the first
place. You shouldnt write the Plan. This is a BUSINESS Continuity Plan and the Business
needs to take ownership for it.
Day 60: The Plan
Javier had plans for training, meals and competitions and all sorts of other things and
now you have yours as well.
Services
Workshops
Seminars
Presentations
Training
Expertise
Lead Auditors
CLAS Consultants
ISO 27001
ISO 22301
PRINCE2
IT Security
expert
integrated
independent
Advent IM Ltd 2014
There are lots of ways to practice business continuity and test your Plan.
Communication cascades, systems recoveries, desktop exercises and full simulation
tests amongst them. You will need to decide what is right for your organisation. The
important thing is that you capture feedback and lessons learned from your tests and
incorporate this in to revised Plans.
Day 100: The end of the road?
Consultancy
Unlike Javier, who retired in 2001, your business continuity plans are never over.
You will need to regularly remind people about the business continuity plan, make sure
people are trained to operate it, and ensure it is regularly tested and updated. But well
done; you got there. And you may not get lots of gold medals and acclaim like our highjumping marvel but you will have the satisfaction of doing a good job well and after all,
as Dara observed, "Business continuity is brilliant."
Mark Goddard - Advent IM Security Consultant and Business Continuity Professional
Information Security
Business Continuity
Physical Security
Government
Accreditation
Data Protection
PCI Compliance
http://www.advent-im.co.uk/business_continuity.aspx
Services
Workshops
Seminars
Presentations
Training
Expertise
Lead Auditors
CLAS Consultants
ISO 27001
ISO 22301
PRINCE2
IT Security
www.adventim.wordpress.com
Advent IM Ltd 2014 any republishing in part or full with express permission of Advent IM
expert
integrated
independent
Advent IM Ltd 2014