Wednesday, 3 December 2014

Horizon Scan 2015

Unplanned IT and telecoms outage, cyber attack and data breach – these were the three main threats to organisations according to the Business Continuity Institute's Horizon Scan 2014 report, but other threats are on the rise such as adverse weather, human illness and transport network disruption. Of course it varies depending on what sector you’re in, where you're geographically located and how big your organization is.

The annual Horizon Scan report, sponsored by BSI, is one of the main pieces of research conducted by the Institute as it provides an insight that those working in the profession can use to inform their own business continuity programme. The Horizon Scan report continues to receive great feedback from those who use it, but it only provides value if people take the time to complete the survey.

The BCI is now asking business continuity professionals and those working in the wider field of organizational resilience to take just a few minutes to complete the Horizon Scan 2015 survey and share your thoughts on what you think the biggest threats are that organizations face.

To complete the survey, click here. You can read the Horizon Scan 2014 report by clicking here.

Tuesday, 2 December 2014

Organizational resilience: Creating more value for BC practice

Resilience is fast becoming an industry buzzword which reveals underlying changes in the way practitioners view business continuity and other ‘protective disciplines’ such as emergency planning, risk management and cyber/physical security. From the development of clear boundaries which separate disciplines in the last decade or so, work is now underway to bring these fields together into a framework of organizational resilience. However, more than just thinking about it merely as the sum of ‘protective disciplines’, organizational resilience is thought of as a strategic goal that must be driven by top management. The quality of resilience is rooted in a series of capabilities that allow organizations to get through bad times (continuity) and thrive in good/changing times (adaptability). Organizational resilience involves a coherent approach ‘from the boardroom to the storeroom’ that requires strong governance and accountability among other ‘soft’ factors.

In the UK, this development in thinking culminates with the recent launch of the new British Standard 65000 (BS 65000) which outlines the principles and provides guidance behind organizational resilience. This parallels the development of global guidance on organizational resilience or ISO 22316 which is due on April 2017.

The Business Continuity Institute realises the value of BS 65000 and the thinking that comes behind it. It affirms its premise of strengthening the collaboration among ‘protective disciplines’ in order to create a coherent approach to achieving resilience. Business continuity as a discipline has resilience at its heart and the BCM Lifecycle explicitly relates to building resilient organizations. In participating in the ongoing development of organizational resilience, the BCI makes a positive case for the ‘protective disciplines’ and enabling top management buy in into our work. It also makes practitioners responsible for resilience more visible to top management, taking their work as a matter of strategic importance to the organization.

The BCI sees itself as a constructive partner in developing organizational resilience. The latest Good Practice Guidelines address organizational resilience and its relationship with BC. Our colleagues in the BCI such as Deborah Higgins MBCI, as well as our members, have been participating in the development of BS 65000 by representing the views of practitioners. Institute events such as the recently concluded BCI World Conference have also touched upon the various aspects of the organizational resilience debate.

From the thought leadership side, the BCI is committed to developing the literature behind organizational resilience and create resources that will be beneficial to the general practitioner community. Our recent working paper ‘Conceptualising Resilience’, written months before the launch of the standard, is an introductory view of then existing literature in organizational resilience. We are aware that this work has barely touched the surface of this field and we are committed to producing more work that delves deeper into the subject.

More importantly, the BCI 20/20 Think Tank – which now has working groups in the UK and Australasia – is considering how organizational resilience will impact future BC practice. We have had several fruitful meetings this year and work is underway to produce research output in 2015. This serves to complement existing literature and encourage debate leading to better practice.

We believe that resilience is more than just a buzzword and it may possibly herald changes in the way we practice our profession in the future. It is essential therefore that we remain at the forefront of these changes and discover how these developments will create more value to our work.

Patrick Alcantara Patrick Alcantara is a Research Associate for the Business Continuity Institute who joined after finishing a Masters in Lifelong Learning with distinction from the Institute of Education (University of London) and Deusto University.

Wednesday, 26 November 2014

BCI World Conference and Exhibition

Ever reacted to something quickly and soon regretted it? That is our Inner Chimp controlling us and sometimes there is nothing we can do about it. That was the message from Prof Steve Peters during his keynote speech at the BCI World Conference. Psychology plays a major part in business continuity and sometimes you need to take into account that people don’t always respond the way you would like them to, or in a way they would like to.

In the second keynote speech of the conference, Martin Fenlon – Business Resilience Coordinator at the Houses of Parliament, told us of the challenges he faced in ensuring resilience across a highly independent and disparate organisation. Of course it’s a very British organisation, so in the event of a crisis, as long as someone is making tea then all is well. It was particularly appropriate for Martin to be speaking on the 5th November as this day marks the anniversary of when Guy Fawkes attempted, and failed, to blow up the Houses of Parliament.

Over the two days, many speakers educated us and enlightened us about different aspects of business continuity. Whether it was new research such as the BCI’s Supply Chain Resilience or Emergency Communications reports; insight into some practical application of business continuity, for example how to deal with the Ebola crisis; or whether it was developing a greater understanding of the theoretical aspects of business continuity such as how to write a BIA; there was something for everyone.

Day one of the conference ended with the Gala Dinner and Global Awards ceremony at the Science Museum. Well done to all our winners in the nine categories of the Global Awards, those whose contribution to the industry was recognised above all else, and congratulations to everyone who was honoured on the night. A full list of winners can be found here.

One of the main talking points of the conference was the debate about whether business continuity can only ever be subservient to risk management as the top thought leaders from both sides of the industry battled it out. In the end it was a home win for business continuity and the motion was voted against but there were certainly plenty of interesting discussions on the matter. The general consensus however, was that those working in business continuity, risk management or other related fields need to collaborate more in order to improve organisational resiliency.

Organisational resilience has become a common theme in many of our discussions lately and we were fortunate to have Richard Taylor from BSI announce the new Standard on this very topic which is being published on the 27th November. This was followed by Dr Rob MacFarlane from the Cabinet Office who talked about resilience in practical terms, looking beyond just individual organisations but wider communities.

As in previous years, the BCI held a BC clinic, hosted by experienced practitioners, for people to ask their BC related questions and get advice that they can take back to their own organisation and implement.


To finish off the conference in style, Crisis Guardian hosted a game show whereby those working in the industry were given the chance to answer questions with the top three being invited on stage for the grand final. Demonstrating the international flavour of the conference, this was fought between an American, an Australian and an Italian. Ultimately the winner was Chris Miller whose baggage allowance for her trip back down under was put in jeopardy by her shiny new trophy.

Thank you to everyone who came along and made the conference the great success that it was. Exhibitors, presenters and delegates all contributed to this and we look forward to welcoming you back to the London Olympia next year on the 4th and 5th November.

Wednesday, 19 November 2014

Business continuity planning according to Paddington Bear

In just a few weeks the latest blockbuster movie to hit our screens will be released at the cinema – Paddington Bear. This is the story of a well-meaning Spectacled Bear with a fondness for marmalade sandwiches who made his way over to England from Peru and was adopted by the Brown family who named him after the station he was found in.

But what has this got to do with business continuity? When arriving in England, Paddington probably wanted to write to his family and let them know he arrived safely, but had he done so then his letter would soon have been returned to him with a polite note from Royal Mail saying that they weren’t even going to try posting it. Why? Because Peru was going through a lengthy postal strike that had left such a backlog that it would take many months to recover from.

Peru may be an extreme example but postal strikes happen in many countries all the time and if your organisation is reliant on the postal service then it could cause a major disruption to you and your customers.

Of course it’s worth noting that according to the Business Continuity Institute’s latest Horizon Scan Report, industrial disputes are not something that provides most business continuity professionals with any concern. In the survey that informed the report, only 21% of respondents expressed concern or extreme concern at the prospect of an industrial dispute causing a disruption to their organisation. Perhaps they were thinking more of their own employees taking industrial action rather than the consequence of a supplier’s industrial action.

It does make you consider just how reliant you are on the postal service, or any other service for that matter. Despite tending to use email and other forms of electronic communications, there are still times when we rely on ‘snail mail’. The main example is that, with many of us leading such busy lives, we often turn to goods and services that are delivered direct to our door. The rise in electronic communications has also seen the rise in online shopping so if you are a retailer then a postal strike could have a devastating impact on your business.

It is therefore worth thinking, what would you do if the postal service was no longer available to you, what are the alternatives? How would you deliver to your customers or receive goods from your suppliers?

Fortunately for Paddington, Mr Brown had a telephone so he was able to phone home instead and let his Aunt Lucy know he had arrived safely.

Tuesday, 4 November 2014

Business continuity importance to an integrated view when assessing critical infrastructures

As result of EDP Distribuição's responsibilities, its involvement was required in Portuguese efforts to comply with the European Council Directive 2008/114/EC, on the identification and designation of National Critical Infrastructures (NCI) and the assessment of the need to improve their protection.

EDP Distribuição is the Portuguese mainland Distribution System Operator, serving over 6 million customers in a regulated business with clearly defined responsibilities, being the holder of the concession to operate the Distribution Electric Power Network in Medium Voltage and High Voltage, and holding municipal concessions for the distribution of electricity in Low Voltage.

With EDP Distribuição under having responsibility for several assets and systems which are essential for the maintenance of vital societal functions - health, safety, security, economic or social well-being of people, the challenges were many. The selection of a manageable number of assets from a set of more than 400 main premises, the identification of their major threats and vulnerabilities, and writing down their emergency response procedures, were some.

With EDP Distribuição’s Business Continuity Department coordination, an integrated view of the organization was possible, enabling the address of critical infrastructure in the perspective of personal safety, facility security and information security, involving several departments from operational ones (Maintenance and Dispatch) to support departments (Automation & Remote Control, Information Systems, Health and Safety).

The key points and the key learning points we plan to cover in our presentation are:
  • Identification of major threats, vulnerabilities and cross-business risks for each NCI typology;
  • Development of risk assessment methodology in safety and security aspects and;
  • Application to each distinct vectors: people, facilities, system and communications;
  • Definition of emergency response procedures and supporting chain command enabling effective risk mitigation;
  • Upgrading the organization resilience through the implementation of this PDCA process.
Maria Luisa Pestana will be discussing business continuity importance to an integrated view when assessing critical infrastructures on day one of the BCI World Conference and Exhibition on Wednesday 5th November. You will find her in seminar room 2 starting at 13.10.
There was an error in this gadget