Friday, 18 July 2014

The professional footpath for business continuity practitioners

As Business Continuity continues its growth as a profession, the idea of certification and the membership of professional bodies are more frequently discussed at all levels of the organization – from those starting out their career in the industry, right up to the Board Room.

As an individual you will be looking at the long term development of your career while those at Board level need to consider the long term growth of the organization. Of course the two of these are not mutually exclusive and many managers will tell you that the best way to grow an organization is to invest in its people.

The first step on the professional ladder is certification. Certification gives you an outward facing verification of your knowledge in that discipline. Attaining this level of qualification will set you apart from those who are not certified, who would only have knowledge of BC in their current environment.

Once you have become certified and embarked on your career in business continuity you need to think about what your next steps will be.

Like with any good BC Plan, you wouldn’t just write it and place it on a shelf to gather dust. It is a continual process of planning, learning, assessing and adapting to ensure that the plan is effective and can be relied upon. The professional development of anyone working in the BC industry is no different. You don’t take your newly earned certificate and hang it on a wall only to forget all that you have learned. You would, or at least you should, continue to develop yourself as a professional by testing your skills and adapting your skillset to suit the needs of the job.

Mentoring allows those who are new to the profession to be guided along the early stages of their career and offer great scope for improving their knowledge, understanding and the practical application of good practice.

For those at any stage of their career, Continuous Professional Development provides an opportunity to reflect on their academic and professional experiences to see how they can apply what they have learned to their own work. Where certification tests your base knowledge of a set subject matter, CPD requires a detailed demonstration of this knowledge and evidence of its implementation.

Increasingly employers are asking for evidence of professional development when employing people to work on their BC programme, so to find out how you can take advantage of the opportunities available, develop your skills and progress your career, visit the BCI website. With Education Month coming up in September, it is the perfect opportunity to do so.

Monday, 14 July 2014

Preparing for the Commonwealth Games

Two years on from the London 2012 Olympic Games, the UK is set to play host yet again to one of the largest sporting events in the world – the Commonwealth Games, hosted by the city of Glasgow in Scotland. Glasgow 2014 may not quite be on the same scale as London 2012, but the crowds will still be high.

On the 23rd July, and over the following two weeks, 6,500 athletes from 71 different countries will be taking part in 17 different sports for the right to win a gold medal. 2,500 journalists will be attending the events and with more than a million tickets sold, the number of additional visitors to Glasgow is expected to exceed 100,000.

So what does all this mean for business continuity planners? For many organizations events like this are a dream come true. Investment in the city in order to rebuild infrastructure over the past few years has been high with many local firms reaping the benefit. During the Games, retail outlets will do a roaring trade as the visitors spend their money on souvenirs, food, drink and, seeing as it’s the west coast of Scotland, probably a few umbrellas and rain coats.

For some organizations however, whether getting into the spirit of the Games or not, there will possibly be some disruption during the two weeks.

If you’re an employer then it’s highly likely that a few of your staff will want to attend some of the events or take leave during what is normally the holiday period. Have you taken this into consideration and made suitable arrangements?

Transport networks will be stretched to the limit as trains and roads become busier than normal. Have you made suitable arrangements to ensure your staff can get to work or perhaps work from home instead? If you work in the transport industry, are your customers or suppliers aware that there might be some delays? For such high profile events, security is always an issue and this can slow things down even further.

If you’re a retailer then the increase in visitor numbers means your stock may go quickly (that’s a good thing) but how quickly can you replace it in order to take an even greater advantage of the circumstances? With international events such as the Commonwealth Games, language can often be a barrier. English may be the common language for many of the countries competing, but there will be many other languages spoken too, do you have the ability to communicate with non-English speakers?

Let’s not forget the extra strain that will be placed on the communications network, do you rely on your mobile phone, and can you guarantee it will work when so many other people are trying to use theirs? There may be a similar issue with broadband if the network starts to reach capacity.

Of course, with all the excitement about the influx of new customers, businesses mustn’t forget their existing customers, those people who will (hopefully!) still be there long after the Games are over. Do they know what your arrangements are during the Games and have you considered ways to reduce the disruption to them?

A major event such as the Commonwealth Games brings plenty of opportunities to the host city and the surrounding area, but everything comes at a cost. If you prepare properly however, and consider what disruptions could affect your organization, then plans can easily be put in place to ensure that this cost is not high and is far outweighed by the positives.

Andrew Scott is the Senior Communications Manager at the Business Continuity Institute who joined after a brief stint working as the Press Officer for a national health charity. Prior to that he had over ten years at the Ministry of Defence working in a number of roles including communications and business continuity. During this time he also completed a Masters in Public Relations at the University of Stirling.

Wednesday, 11 June 2014

Practice makes perfect

I used to do the Telegraph crossword years ago, after my mother-in-law got me into it (one of the two things for which she is to be applauded – the other being her daughter, obviously). Whilst I wouldn’t claim to be an expert, I did go from not having the faintest idea what most of the clues meant to the point where I managed to finish it more often than not. But for one reason or another I stopped doing it and, until recently, I hadn’t had a go for donkey’s years.

When I started doing it again, I have to admit that I was absolutely useless, sometimes struggling to do more than half a dozen clues. The thing is, there’s a knack to doing crosswords and if you get out of the habit it can take a while to get that knack back again. Anyway, I persevered and, slowly but surely it’s coming back to me.

There are three things that have helped enormously:

Firstly, practice – seven crosswords a week provides an opportunity for lots of practice. Sadly I don’t have time to do it every day, but I usually manage two or three a week.

Secondly, I came across a website called 'Big Dave’s Crossword Blog' which gives the answers. More importantly though, it explains how those answers are arrived at. So for the clues I’ve struggled with (and sometimes there are lots), rather than just giving it up as a bad job, I have a quick look on Big Dave’s site and find out what they were on about.

And thirdly, I’ve put together my own little guide, which includes things like what certain words or phrases in a clue might mean, and what words might be anagram or 'sounds like' indicators or such like. I refer to it when I’m a bit stuck and it often nudges me in the right direction. (Let me know if you’d like a copy).

I still don’t finish the crossword every day (there are some really obscure clues from time to time that you’d have to be Einstein or Stephen Fry to stand a chance of solving), but I don’t do too badly now. I still have to think quite hard about things, but the basics are becoming ingrained and now when I pick up the crossword, I slip reasonably easily into the right way of thinking. I’ve progressed from seldom completing it, through occasionally to fairly regularly, and now I’m setting my sites on the dizzy heights of usually.

The point is that crosswords, as with many things in life – like juggling or playing a musical instrument or crisis management or business or IT recovery for instance – take practice if you want to be any good at them. And for most people, the more practice they get, the more proficient they become. Or to put it another way, the less you practice, the less proficient you’ll be.

So if we want our crisis management or recovery teams to be proficient and effective, we need to make sure they’re up to the job, adequately trained and get sufficient practice to keep them on top form.

Andy Osborne is the Consultancy Director at Acumen, and author of Practical Business Continuity Management. You can follow him on Twitter and his blog or link up with him on Linked In.

Tuesday, 27 May 2014

Football World Cup: a disruptive influence or an opportunity?

The long wait is nearly over. On the 12th June Brazil take on Croatia at the Arena de Sao Paulo in Brazil to officially kick start one of the biggest, if not the biggest, sporting event in the world – the football World Cup. Over the course of 31 days, 32 countries will battle it out in 64 games for the right to be crowned world champions.

So what does this mean for business continuity planners? Well clearly the level of disruption in Brazil is a major issue but this blog isn’t about that. It’s not about the many years of disruption caused by construction projects and the rebuilding of infrastructure. Neither is it about the disruption caused by having over half a million visitors descending on the twelve host cities. This blog is more about the disruption caused by, for most people, the antisocial timings of the matches.

When we watch our own football teams (or attend any other entertainment event), it is very often at a time that is accommodating – weekends or evenings perhaps. With large international tournaments this is rarely the case. Take England's three group fixtures for example – 11pm (expect some employees to be very sleepy the next day), 5pm (expect some employees to want to leave work early) and 8pm (okay that’s more like it). This is a problem that most of the European and African countries will have. Kick off times are even more unsociable if you’re from Iran, Japan, South Korea or Australia.

In England’s case the last two World Cups (South Africa and Germany) didn’t cause any problems as the time zones were only a couple of hours away, but the 2002 World Cup in Japan and South Korea did throw up issues with some games kicking off at 9am. Many employers chose to allow their staff to turn up a few hours late, some chose to install televisions in the office. Productivity may not have been at its highest but arguably this was a better solution than having people call in sick or just not showing up.

The timings of the games may not allow for the same solutions this time but employers still need to think about what their options are. Will their staff want to watch the games? What are the consequences of them doing so? Finally, the all-important question, what can be done to make sure this doesn't disrupt the organization?

Consider also how the World cup will impact on your organization. Will you be quieter as many of your customers will be watching the game, or will you be busier as many of your customers are the sort of people who have no interest in football and are desperate to avoid the football-mania taking place?

Of course you do not have to embrace the World Cup and you could insist that your staff are at work when they normally should be. In all likelihood this will lead to reduced morale and this will in turn reduce the overall level of productivity or service given to customers.

The World Cup is a massive event that for many countries will dictate the mood of the nation over the month that it takes place – organizations should make the most of this. Rather than thinking of it as a disruptive experience, think of it as an opportunity to enhance staff morale by allowing employees, where possible, the flexibility to watch games.

If you are allowing staff time off to watch any of the games, make it fair on all employees by creating a rota so work can still be done. You need to make sure it is fair to those who have no interest in football as they will not appreciate having all the work dumped on them.

Andrew Scott is the Senior Communications Manager at the Business Continuity Institute who joined after a brief stint working as the Press Officer for a national health charity. Prior to that he had over ten years at the Ministry of Defence working in a number of roles including communications and business continuity. During this time he also completed a Masters in Public Relations at the University of Stirling.

Sunday, 25 May 2014

Information - friend or foe?

Information is both a risk and a resource when thinking about organisational resilience, including business continuity. There are plenty of examples of information losses that have caused major embarrassment, cost a considerable amount of money to resolve and resulted in a loss of trust as well as clients. These have included hacking and cyber attack problems, lost memory devices, leaving files on the train or selling off filing cabinets with records still in them. They even involve being photographed on the way to an important meeting carrying a document the content of which can be easily read from the photographs. Organisations involved have ranged from small business to multi-nationals and public sector bodies. The nature of information as a risk is well publicised, as a result, even if after the fact of its loss. The assessment and treatment of information risks is perhaps less well understood in practice as such losses continue to occur. How well thought through is your information risk strategy? Do you fully understand the nature of this risk and have you treated it properly? No one wants to see his or her organisation’s reputation in the gutter due to the loss of sensitive information, be it commercial or personal.

Information is also a key resource when it comes to business recovery. Systems and processes are not useable if the information they require is not available in an accurate, up to date and workable form. Often it may take longer to get information, with proven integrity, loaded back onto a system than to recover the hardware itself. Perhaps this was the problem when it came to the interruption to bank account access experienced in the UK and Ireland in the recent past. The concept of the Recovery Point Objective, the time by which information must be recovered to meet the Recovery Time Objectives of critical processes, is well documented but perhaps less well implemented. If you haven’t gotten into the weeds on this one your recovery strategies may well not deliver as you had hoped. In addition some recovery strategies themselves introduce information risks that may not have existed before the business disruption that caused the strategies to be invoked. Take for example home working. How secure is sensitive or personal information, including emails, when this is your selected recovery option? It is not clear that all organisations have assessed this risk and put in place appropriate steps to treat it. The UK Information Commissioner has had recourse, for example, to fine an organisation in the past for information uploaded onto the web accidentally from a home computer during home working.

There is legislation to cover information risks with the potential for significant fines and websites that name and shame those found responsible for the loss of personal and sensitive information. Currently the EU is reviewing this legislative framework and the outcomes of this work could significantly strengthen the approach taken with those organisations that compromise such information. Planning for this issue isn’t just about what do to when information may be lost but includes a more careful analysis of what information you gather in the first place, how you store it, for how long you keep it, who you allow to access it and how it can be recovered in time. Added to this is the complication of where information ends up and how people actually access it, sometimes without organisations perhaps being aware. This covers issues as diverse as portable laptops, photocopier memory storage and Bring Your Own Devices (BYOD) such as phones or tablets. The scale of the problem can be considerable.

A key place to start is with an information policy. Such a policy could useful set out the principles by which information is to be governed, from initial collation to storage and use/sharing. It should also include destruction and disposal guidance that can be applied to information no longer of use or technology that is not required or obsolete. Such guidance should also cover the eventuality of the invocation of recovery strategies as well as how damaged or irreparable equipment that could hold information is to be safely managed. You can find out much more about this issue at the ICO’s website. Go have a look and educate yourself on this risk and resource.

Risk and Resilience Ltd

You can find out more on this subject by watching Alan's webinar - the management of information related risk.
There was an error in this gadget