Friday, 10 October 2014

ISO22301 certification at the UK's Houses of Parliament

"If you don’t know where you are going you’ll probably end up somewhere else!” At the BCI World Conference in November I’ve been asked to run a session on two key stages of the BC Lifecycle; Policy and Programme Management and Embedding BC into the organisation. Can you imagine my excitement?!

Well, having just achieved ISO22301 certification for the Houses of Parliament I see the outer ring of the lifecycle (Policy and programme management) and the inner core (Embedding) as the tyre and axel of the wheel; get this right and you’ll have a smoother journey.

There are many lessons to share and I hope the conference provides an opportunity to do so. Let me give you an example of what I mean. My BC policy originally said that it ‘would be reviewed on a regular basis’. The external auditor from the BSI pointed out that ISO22301 requires that the policy is reviewed at ‘planned intervals’. My policy now says it will be reviewed ‘at least annually’; that is what we always meant but didn’t make clear. Other examples of poor language are found in phrases from Management Board papers saying “Human Resources might want to look into….” What does ‘look into’ mean exactly? It is not about being pedantic, it’s about being clear in your planning so that all interested parties understand what is being asked of them and how this will be assessed.

The policy sets out what you are going to do, the scope of your BC capability and defines roles and responsibilities. The programme will set out how and when you will implement the BC capability. So, the policy will help you know where you are going and the embedding will help you stay on course. My workshop at the conference will describe how these parts of the BC Lifecycle can be achieved.

Martin Fenlon MBCI, Business Resilience Coordinator at the UK's Houses of Parliament, will be discussing this issue within the 'Learn' stream at the BCI World Conference on Wednesday 5th November, starting at 10:30.

Thursday, 9 October 2014

Think you're an expert in business continuity?

Jeopardy, The Weakest Link, Who Wants to be a Millionaire, or perhaps just the local pub quiz. Everyone likes a good game show to challenge the mind and to test whether you really are as knowledgeable as you think you are.

Are business continuity practitioners any different? We'll soon find out. To end the BCI World Conference and Exhibition on a high, the Business Continuity Institute along with Crisis Guardian, will be hosting their very own game show.

The game show will contain relevant and important business continuity messages and will touch upon topics covered in some of the conference presentations, so make sure you pay attention. You will however be pleased to know there are no music questions.

This is an audience participation event so you can put your heads together with fellow delegates, using shared interactive voting handsets, to answer a series or topical questions and have fun at the same time as learning something new and interesting to take away with you.

So, do you think you're an expert in business continuity? Perhaps you are. Now is the time to put that to the test. Book your place at the BCI World Conference and Exhibition to take part in this one-off event and really put your business continuity skills to the test.

Wednesday, 17 September 2014

How social media can improve organisational resilience when disaster strikes

The devastating earthquakes that hit the South Island of New Zealand in 2010 and 2011 and over 4000 bigger aftershocks rattling Christchurch and Canterbury have caused an estimated $40 billion damage to the city, including wide parts of the CBD and around 100,000 homes. While there are parts of the city ‘red-zoned’ and will not be rebuilt, the rebuild of the rest is expected to take at least 15 years. The whole inner city is going to be re-arranged and while this is still undergoing, a lot of local businesses have moved out of the centre to somewhere else.
 
Christchurch, like New Zealand as a whole, has first-world ICT infrastructure and high rates of technology uptake across all sectors of society. This technology uptake and the rising importance of social media in society made the earthquakes one of the first natural disasters, where social media played a major role in direct response but also the long-term recovery. In the immediate aftermath of the major quakes in September 2010 and February 2011, social media services including Twitter provided crucial communication channels for individuals, communities and organizations. With a disrupted electricity supply, and unreliable SMS services, Twitter was an up to date and reliable source for eyewitness accounts and crucial public information.

During the recovery phase social media stayed an important part of people’s lives. While the CBD was corded and totally locked down, people didn’t know if businesses moved somewhere else, what the opening hours under these special circumstances were or which alternatives there were to purchase a certain product, service or simply going out for dinner. Social media enabled people to connect with each other for emotional support, information, calls to action or organizational purposes.

Various online communities developed around the central problems of the earthquakes, from neighbourhood groups helping with insurance claims, to forums and message boards where people posted pictures of lost and found pets or pages where people discussed, how the city should look like after the rebuild, to the Facebook page of the Student Volunteer Army, a student group who organised and coordinated volunteers through a Facebook page.

Apart from the examples mentioned above, I also encountered a couple of business uses in my research. With an online social media platform an organisation or group gains a channel to interact with the community, but also with customers and staff, enhancing business resilience as well.

In the case of Mainland Press, a Christchurch based newspaper business, print production was not possible immediately after the earthquakes. Through a newly found social media site, the Mainland Press reporters were still able to communicate their local news and information until the newspaper went back to normal production. But even after that, their Facebook page ‘Rise Up Christchurch’ remained an important platform for information exchange and discussion with a huge amount of followers.

For other businesses, social media became important a bit later on. To bring life back into the city centre, a transitional mall with shops in shipping containers was build up and re-opened. To spread the news about what was happening there and to keep people up to date about special offers in this new mall, a Facebook page was created and a community was built.

I could go on describing different examples of businesses and other people using social media in the aftermath of the earthquake for different purposes but you probably get what I am aiming for already. All communities are very different and tailored specifically for and through the people engaging, who are interested in the issue, be it earthquake updates, help or the latest news about what is happening in the inner city. Anyway, social media is a great way to keep in touch with your customers, serving as a two-way channel, which enables communication and can help a business or community to reach out and make it more resilient. In most cases, social media was not something organisations or businesses had used before the earthquakes, nor was there a strategy in place for how to deal with the new tool. Even though your social media presence isn’t a core feature in your marketing strategy, it doesn’t hurt to learn these skills and build up a community before a crisis happens.

Martina Wengenmeir is a PhD candidate at the University of Canterbury, in Christchurch, New Zealand. Her research interests lie in cross-medial information flow and online communities and publics.

Friday, 12 September 2014

Learning from experience by blogging

During my time studying business continuity, we were forced by our lecturers to take an additional module on reflective writing (as part of our personal development) and I really didn’t want to do it. I just couldn’t get my head around the value of exploring my thoughts retrospectively. Why should I use my valuable time in completing what is essentially a diary? Surely whatever I learned from the experience would be felt at the time?
 
Well it’s no secret that the art of completing a journal or a diary has been around for centuries. Many famous and successful individuals in history in their quieter moments have taken the time to reflect. There must be some value in doing this?

Despite my initial reluctance I started to see the value of reflective writing, particularly in understanding the more complex issues. I quickly realised that my brain wasn’t very efficient at breaking things down in real time and approaching it in this way would help me to understand whatever it was that I needed to know. This often included situations where I couldn’t quite grasp a decision, outcome or even the subtext of a meeting or conversation at work. I felt like my brain was clogged up with information that I could barely remember or even understand. I actually felt a bit suffocated by it and in an industry where looking the part is key, perhaps a little stupid. For me, writing these situations out in black and white created an opportunity to take a second look at the experience.

Over the last couple of years I’ve often struggled to see the big picture in situations right away. I’m also very honest about my lack of understanding when it occurs to me. However, I would regularly watch my friends and colleagues working in business continuity appear to understand concepts and other more complex issues much quicker than me (or at least they sounded like they did!). Surely I’m not always the last to the party? I would share these thoughts with close colleagues and loved ones over a period of time and then I started to recognise that I wasn’t the only one. In fact, even the individuals that initially looked or sounded like they understood frequently didn’t. I found some comfort in realising that I wasn’t alone but I was also deeply disappointed to find that very few of my peers were openly sharing these experiences. Wouldn’t it be valuable if we could share from each other’s learning without the fear of looking foolish? To quote an experienced colleague who I respect a great deal, “there is a real absence of a younger voice in what we do.” They are absolutely right.

The last 12 months for me have been a career development whirlwind in business continuity. I’ve had countless new professional experiences from exams and major incidents to ISO 22301 certifications and work area recovery planning. As you can imagine I’ve arrived at situations that are completely new to me and there’s never been a better time to reflect…cue BlueyedBC.

I created the social media platform called BlueyedBC in November 2013 after being encouraged by a number of senior colleagues to share my writing. I decided to go by this title because I wanted to combine the desire of junior professionals to become the blue-eyed boy or girl in their profession with idea of blue-sky thinking. Since this time the BlueyedBC BlogSpot has received over 7000 hits worldwide with hundreds of professionals from around the world starting to follow each article that is released. The unexpected volume of interest prompted me to release a small eBook on Amazon. It includes a series of anecdotes and thought processes that will hopefully assist other new starters and graduates who are about to embark on their careers. I’m also hoping that it offers some insight for senior BC managers in to the fresh mind of a young professional and how some might view these new experiences on face value. Most importantly, I use a simple, honest and easy to understand voice in my writing as described by several senior industry colleagues who have already publically reviewed the content. I can promise readers a light-hearted jargon-free account of how one might feel during the initial steps of their career in business continuity.

Luke Bird is a Business Continuity Executive at Atos in Glasgow and a regular blogger on his own ‘BlueyedBC’ blog site. You can read his blogs by clicking here or follow him on Twitter by clicking here.

Luke’s eBook ‘BlueyedBC: Business Continuity Management - An insight into the world of business continuity management’ is available online by clicking here.

Wednesday, 10 September 2014

Improving organisational resilience – the real justification for business continuity

Although the term resiliency is widely used in setting corporate goals, it is rarely defined in a way in which it can be meaningfully assessed. Traditionally business continuity has provided a proven means of reducing the severity of disruptive interruptions by understanding the operational priorities of the business, the infrastructure that supports them and the acceptable timescales for response and recovery. Business continuity practitioners have always argued that by taking a holistic approach to an organisation, critical dependencies and single points of failure can be better identified and mitigated, thus leading to improved reliability and customer satisfaction. This might seem a reasonable assumption but it is hard to really prove.

This lack of objective proof has perhaps contributed to the often reported difficulties in achieving more substantial stakeholder buy-in for business continuity at the most senior levels in an organisation. Perhaps this partly explains why the change in business terminology from business continuity management (BCM) to organisational resilience is happening so rapidly in many companies. Certainly key individuals promoting the resilience agenda see the opportunity to bring a new discipline into play at the strategic level as a game changer. Adaptability (rather than response) is becoming the new buzzword and traditional business continuity practitioners need to adapt to this new reality.

The construction of more and more detailed plans has failed to achieve the corporate goals for security and resilience that we as practitioners might have expected. The speed of business change makes the need for a more dynamic way of responding to crises ever more important, but as BCM professionals we need to change the way we work – developing organisational resilience capability and the people skills needed to take control of unexpected events should be our primary goals. Good planning is still essential but not writing more compliance based procedural plans.

So what are the obstacles to implementing a successful business resilience plan? Firstly, getting support from the top of the organisation and by this I mean not just budget, but rather the way the message needs to be enthusiastically and positively communicated from the top. Secondly, getting buy-in from the people who have to deliver the plans; this is predominantly the middle managers who are often already over committed and under resourced. Thirdly, making the risk look and feel real because if it is seen as just compliance then you will create a tick-box mentality.

To successfully address these obstacles, it is essential to properly understand how the business actually works and who the really influential players are, those whose opinions are sought and listened to. Find out what the real drivers of success are and what top management really worry about. Do not talk to senior management until you know what is important, any lack of company knowledge will ruin your credibility immediately so prepare well before you talk to them. Build awareness programmes and get your message right when you give presentations as the people who you need on your side are not interested in technical solutions, they want to know about what you can do to help them eliminate or reduce future business problems.

Business resilience is much more than recovery from disaster or serious incidents. It is the ability to identify and monitor risks to prevent them from happening in the first place, or at least minimise the impact. It is about the capability of the organisation to deal with incidents that cannot possibly be predicted or adapt itself to changes in its external circumstances such as civil war in a key supplier country. In some ways it is difficult to highlight companies who are good at resilience because by definition they will be the ones that handle problems, major incidents and even crises almost seamlessly.

The top challenge on the horizon for BCM professionals is changing the mind-set of people both inside the profession and outside it. We have many excellent programme managers but there is not enough really innovative thinking going on. The enthusiasm for the idea of resiliency does give us a chance to articulate a wider strategic vision for our discipline. Thinking up relevant approaches to deal with issues that do not fit the old BCM model of physical disruption to assets is a real challenge – cyber resiliency must be high on our agenda as is mitigating reputational damage using social media. It might be difficult but if we don’t do it, who will?

Lyndon Bird
Technical Director at The Business Continuity Institute
There was an error in this gadget