All the latest Articles, Features and Resources

Digital Resilience & Business Continuity Planning in the post-Covid era …

In the wake of the global Covid-19 pandemic, businesses worldwide were forced to confront unprecedented challenges. Organisations had to rapidly adapt to remote work models, ensure data security in a distributed environment and maintain operational continuity amidst a rapidly changing landscape. In this new era, digital resilience has emerged as the foundation of effective business…

Why Cyber Resilience is not Cyber Security

  In today’s digital landscape, protecting sensitive information and safeguarding against cyber threats has become a top priority for organisations. Two concepts that often come up in this context are cyber resilience and cyber security. While related, there are distinct differences between the two disciplines and also to business continuity planning. This post outlines the…

COVID19 – Business Recovery Phase

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses need to know how to prepare…

Decommissioning is Part of Disaster Recovery Planning

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true. You may be tempted to reply that 1) there aren’t many of this kind of server anyway, and that 2) comatose servers may not be doing any good, but as such they are not…

Adapt or Die – A Darwinian Take on Business Continuity

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another. While we have business continuity theories, principles and tools galore, it’s worth revisiting one of the most fundamental concepts from time to time – that of Darwin’s idea of evolution,…

How’s Your User Experience for Your Disaster Recovery?

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions. The only UX that many IT…

Towards Set-It-And-Forget-It Business Continuity

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception. Business continuity in most cases requires periodic adjustment because environments and conditions are constantly changing. However, here’s a thought that could change that. The idea…

Why Stop at Just Disaster Recovery with Your DRP?

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it. The more DRP and DRM can help you increase profits or…

COVID19 – Business Recovery Phase

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses…

Decommissioning is Part of Disaster Recovery Planning

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true.

Insiders, Still One of IT Security’s Biggest Problems

The enemy is (largely) within, when it comes to the security of information and information systems. Knowing how and why insider threats materialise is a big step towards dealing with them.

Adapt or Die – A Darwinian Take on Business Continuity

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another.

Why the Internet is an Elephant

Proverbially at least, elephants never forget. Neither does the Internet. Once information is out there, you must assume it will always be out there, and that deleting it at its source may make no difference.

Towards Set-It-And-Forget-It Business Continuity

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception.

Why Stop at Just Disaster Recovery with Your DRP?

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it.

How’s Your User Experience for Your Disaster Recovery?

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions.

Steering a New ITSM Course with Container Management

IT service management changed a few years ago with the introduction of containers. They helped usher in the concept that a data centre was no longer a place with computers, but that the data centre itself was the computer.

Time to Get Your Disaster Recovery Plan Straight?

Time is money, as they say, and it is also a key factor in IT disaster recovery. Take, for instance, the well-known recovery time objective or RTO, which defines how fast you should get back to normal operations after an IT incident.

Training Can Be Double-Edged in Business Continuity

Imagine taking your car to the garage for an urgent repair, only to be told that you’ll have to wait for week because the garage mechanics are off on a training course.

Mind Your Language in Your Disaster Recovery Planning

Military precision? Business descriptions? No fluff? All these qualifications have a bearing on a disaster recovery plan, but with certain conditions.

IT Systems Management and the 5 S’s

We may live in a digital age, but much of the concepts from the previous industrial era still carries through. We have virtual cloud data factories and production lines, just like their physical counterparts for making cars, furniture, aircraft and so on.

Where Does a Business Continuity Plan Fit with Emergencies, Contingencies and Disasters?

The bigger an organisation gets, the more the plans multiply. There may be plans for dealing with contingencies, crises, disasters, emergencies, pandemics, risks and who knows what else, all in addition to your business continuity plan.

Cyber Security and the Legal Sector

It’s commonplace to see articles and discussions about cyber security and the law, but this article is not about that. It is about cyber security and law firms, those august institutions with their lawyers, barristers, and attorneys.

AI in Your DR – Should You, or Shouldn’t You?

Artificial intelligence is finding its way into many applications and systems, so why not disaster recovery? The advantages are multiple.

Business Continuity and Volcanoes – So Far, and Yet So Near

The Agung volcano in Indonesia has been in the news recently. At time of writing, observers are sending back reports of clouds and glows that suggest that major eruption could be imminent.

Building a Kill Chain to Boost Your IT Security

When hackers try to penetrate your databases and IT infrastructure (or perpetrate any other cybercrime), they often plan a sequence of steps to get what they want. Individual steps may seem innocent or meaningless.

The Business Continuity Runbook – Between Automated and Manual BC

Much of business continuity today can be automated. Production lines, supplies reordering, failovers in case of problems, management reports, many of these things now work on a “set it and forget it” basis.

Linux the Unhackable? That All Depends…

Linux has an enviable reputation as a secure platform for servers. But Linux the Unhackable? Certain myths persist about the inherent resistance of Linux to viruses and the superfluity of firewalls.

Legal Requirements for Business Continuity

Business continuity is good for your business, but is it also a legal requirement? Laws and regulations differ from one country or one industry to another, although there is a basic expectation that organisations will act responsibly.

Cyber Security and Pointers from Criminology

While cyber security may have you thinking in zeros and ones, and wondering which next generation firewall you should buy next, the human element is alive and well in cyber crime.

Near Misses, Critical Parts of Business Continuity

If everything is working and you have a business continuity plan in place, is there anything left to worry about? Yes!

ITSM and Statement of Work

With the aim of IT service management being to serve the business or the organisation funding the IT, it’s crucial that business requirements drive ITSM projects and procurement.

The “Six Degrees” of Business Continuity

The “six degrees” concept is that you can reach any person in the world using a maximum of six personal relationships in a chain stretching from you to the person you want to reach.

Information Security and ERP Systems

In principle, every IT system needs to be secure. In practice, some IT systems are less secure than others.

Business Continuity in 2017 – Lest We Forget?

So, it’s that time of the year again, when we look back over the last 12 months in business continuity to see… nothing?

Santa Clause and Cyber Crime

Does Father Christmas know just how exposed his operation is? With one of the largest address books ever conceived (names, addresses, gift preferences of billions of people) and a seasonal workforce of elves that may or may not have been vetted before hiring, Santa’s gift selection, preparation and delivery system may be hugely at risk.

Robots and Business Continuity – We’re Well Past the Turing Test

Meet Sophia, who has Saudi-Arabian nationality. There’s nothing unusual about that, except that Sophia is a robot.

Threat Hunting Could Accentuate the Corporate Divide

The idea behind threat hunting is that some attackers are getting too smart for current IT security technology.

ITSM and the Scourge of Server Sprawl

In theory, IT service management should contain sprawl, limiting or preventing the spread of underutilised IT assets.

Business Continuity and Suppliers – Take Nothing at Face Value

“Yes, we have a business continuity plan”. Every enterprise wants to hear this from its suppliers, especially the key suppliers.

IT Security and the Unikernel – the Answer to Hackers and Attackers?

First, there was the virtual machine. Then came the container. Now, welcome to the unikernel, the latest initiative for atomising computing.

The Business Continuity Battle Against FUD

Fear, uncertainty and doubt. Collectively known as FUD, these items skew rational thinking, panic otherwise sensible people, and throw sizeable spanners in the works of business continuity planners.

The End of the Password (Again)?

Will it ever go away? The basic password is still alive and well.

Business Continuity Management and Avoiding Bankruptcy

Bankruptcy per se is not necessarily the end of an enterprise, as several high-profile phoenixes rising from the ashes have shown.

Why You Can’t Trust Anyone These Days

It’s not paranoia, they really are out to get you. When the very organisations promoting IT security manage to botch it up, it’s difficult to have confidence in anything anymore.

Why Business Continuity Will Be a Constant Battle Against Silos

You may well have heard the story of the person trying to streamline business operations and driving past huge, separated grain silos one day, which reminded him of the mentalities and divisions he was trying to overcome back in the office.

How Far Back Do You Go in Your Business Continuity?

It’s a fact of business life that customers, markets, and industry commentators only see your brand, and not the suppliers who provide the materials, components, or products behind it.

Bad Habits Are the Worst IT Security Risk

People – “Can’t live with them, can’t live without them” might be the motto for many enterprises and their chief information security officers (CISOs).

Business Continuity by Staying (Very) Close to Your Customer

Sometimes in business continuity we end up with such a fierce focus on actions inside the enterprise that we neglect actions directed towards the outside world, and specifically towards our customers.

A Zero Trust State of Mind in IT Security

Hollywood (once again) got there first. Remember those films in which shadowy figures hiss “Trust no-one!” before vanishing from the scene?

Business Continuity for Machines? Just a Sec, I’ll Print You Some

You may find this blog article mind-expanding – especially if your natural reaction is to think about its title in two dimensions, rather than three. To set things straight, we’re not talking about paper printouts of business continuity plans that by definition are out of date the moment they are distributed.

IT Service Management, Your New Name is Marketing

What’s more important in IT Service Management (ITSM), the management or the service?

The Observer Effect in Business Continuity

When you look at something, you have an impact on it. That’s the observer effect.

When Bolted-On IT Security is the Only Option

If you’ve worked in IT development for hardware or software, or had dealings with that world, you may well have seen the statistics about the costs of fixing bugs.

Business Continuity? It’s in Our DNA, Right?

How many times have you heard business people talk about their DNA – meaning their business culture or something similar?

Risk Management and Proactively Dealing with Threats

What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.

3 Ways to Build Collaboration into Business Continuity Management

As a business continuity manager, you are likely to be involved in getting your colleagues to take business continuity seriously and ensure that their own departments will continue to function even in adverse conditions.

Business Continuity Management – How Relevant is It to Data Breaches?

It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.

People are Important to Business Continuity Too

Sounds obvious? When you’re knee deep in metrics, reports, and audits, it’s not always easy to remember that without people doing their jobs, nearly every organisation will rapidly cease to function.

The Most Worrying Definition of the Blended Attack

It almost seems that there are as many definitions of the “blended attack” in IT security, as there are experts willing to give them.

Is Business Continuity about Prevention or Detection & Repair?

Ideally, business continuity means no discontinuity.

The Rise and Rise of the Insider Threat in IT Security

Once upon a time, IT security was all about building the highest wall possible to keep attackers out and corporate users and systems safe.

Is IT Getting in the Way of Business Continuity?

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

Risk Assessment Pitfalls to Watch Out For

Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.

Are Politics Interfering with Your Business Continuity?

Politics in career progression, in investments, in enterprise projects – but in business continuity as well?

The Four, No… The Five “P”s of IT Service Design

People, products, processes, and partners are the four “P”s of IT service design in a lifecycle model for IT services, but is there something missing?

Business Continuity and Resiliency Engineering

To stay healthy, should you get your jabs or eat your vegetables?

What Will It Take to Kill Off the Password?

Back in 2004 at the RSA Security Conference, Bill Gates was campaigning for the replacement of the password by two-factor authentication or some other secure mechanism.

The Use of Praise in Business Continuity

Don’t get us wrong, simply telling somebody how wonderful he or she is unlikely to guarantee business continuity!

Even in Australia, Europe’s New Data Regulation Could Affect Your Business

Talk about the long arm of the law!

Objectives or Capabilities, Where Does Business Continuity Start?

In business continuity management, should you start with what you want or with what you have?

Disaster Recovery Failure with a Cyber Security Twist

The case of Code Spaces still echoes in cyberspace.

Business Continuity Management May Need Another Name

Did you know that car manufacturers tend to choose the letters for their car model references according to the type of buyer they want to attract?

IT Risk Management is Getting Tougher, but are Managers Keeping Pace?

Tougher to do, and with tougher consequences if you get it wrong: these are the two big trends in IT risk management today.

Agile Business Continuity – A Happy Medium Between Fossilisation and Chaos

Ah yes, agile, that buzzword that is being borrowed by so many parts of businesses! The word itself is full of promise, suggesting all kinds of good things, like flexibility, nimbleness, and adaptability.

ITSM for All, Including Those Who Have Nothing to Do with IT

We’d be straining your patience if we didn’t explain the title of this blog right away. ITSM?

Business Continuity Jargon – For or Against?

Jargon crops up everywhere, and business continuity is no exception. RTO, RPO, BIA, and others are often sprinkled liberally into conversations, plans, and reports.

The Vulgarisation of IT System Hacking Could Be Good News

Attack sophistication is growing. 20 years ago, social engineering had already made inroads and automated attacks were on the rise, with denial-of-service, browser executable attacks, and techniques for uncovering vulnerabilities in the binary code of applications.

Adaptive BC – The New ABC of Keeping Things Running?

Every so often it’s good to shake things up. Sometimes the simple act of asking questions about what we do in business continuity and why we do it can give us a fresh point of view and point out areas for improvement.

Should Disaster Recovery Be a Legal Requirement?

Governments often make legal requirements about things that could damage people’s health, whether in a physical, financial, or possibly other sense.

Synchronizing Your Business Continuity Plans with a Changing Business

The cliché of “change is the only constant” is true for most enterprises. Customers, business analysts, and employees all expect some sort of evolution, even if it is with varying degrees of enthusiasm.

Just Delete It – Destruction as an IT Security Strategy

If confidential information didn’t exist, you wouldn’t have to worry about data breaches.

Dealing with Combined Mobile and Cloud IT Security Problems

Now that so many people and enterprises have rushed headlong into mobile, cloud, or both, it’s time to take a step back and consider your security posture relating to these two items.

The Macro and the Micro of the Perfect Storm in Enterprise Risk Management

What does a perfect storm make you think of – natural catastrophes, perhaps, like the one portrayed in the film “The Perfect Storm”, the risks confronting the Korean economy, or simply a situation you would rather avoid in the interests of business continuity?

IT Service Management, Meet Marketing!

IT service management is sometimes described as a customer-focused approach to making information technology available.

Business Continuity and Machine Learning

According to certain industry analysts and software vendors, we are now midway between a stage 10 years ago when few applications used machine learning, and a stage 10 years into the future when apparently, most applications will function with it.

IT Service Management, Automation, and Erosion of Job Satisfaction

Labour-saving devices, robots, and automation – Weren’t they all supposed to improve the quality of life, by removing manual work and drudgery?

The Coming Roles of Virtual and Augmented Reality in Business Continuity

If you thought virtual reality (VR) and augmented reality (AR) were just gimmicks for people with too much time on their hands, you could be in for a surprise.

Enterprise Attacks that Start in Mobile Apps

Some IT security attacks start from the most innocent mobile apps and in ways that let cyber-criminals simply pick up confidential communications without having to hack into anything at all.

Business Continuity by Working Backwards

Ever since marketing figured out that companies could do better by asking customers what they wanted, rather than just trying to tell them, businesses have moved massively to the notion of working backwards from the customer.

IT Self Service Management is Not the Easy Option

It’s tempting to see IT self-service as the simple way to hand off responsibilities to end-users.

Combining Scenario and Impact Planning in Business Continuity

Scenario planning, in which you seek to identify higher risk and higher probability causes of business interruption, attracts both supporters and cynics.

IoT Device Security Doomsday on the Horizon?

Does it sound strange that many organisations believe they are exposed to major problems with Internet of Things device security, yet few of them have taken any measures to resolve those problems?

Why Business Now Needs Personal Business Continuity

Business no longer controls all its data, now that the data is spread out over systems that could be in-house, in the cloud, or in somebody’s pocket.

IT Asset Management of Grey Matter

If you’ve already moved all your systems and applications to the cloud, you may feel there is little left for you to manage other than your organisation’s data and your IT department’s skillsets.

Disaster Recovery and Human Error

The title of this blog post could almost have read “Never send a human to do a machine’s job”.

Are Routers Open Doors for Hackers?

Small businesses using low-end routers for their networks may be highly vulnerable to hackers.

Business Continuity, Gut Feeling and Data-Driven Decisions

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

Adapting Your IT Sourcing to BYOD (or is that CYOD?)

In theory, BYOD or bring your own device lightens the load in terms of IT sourcing, because it transfers the work (and cost) of acquiring a device to the user of that device.

How Business Continuity Goes to the Movies

Vendors like to go to the movies, meaning they like to see their products and logos in Hollywood productions, and are usually prepared to pay for the privilege.

IT Security and Strange Mobile App Permissions

If you have already installed mobile apps on your smartphone to go beyond the stock selection provided with the device, you may well have noticed how a mobile app asks for permission to access certain resources or take certain actions.

Secrets of a Business Continuity Culture

Do you dream of a work environment in which everybody automatically thinks “business continuity” and acts accordingly?

Cloud IT Sourcing via Brokers – A Solution Whose Days Are Numbered?

What used to be IT sourcing at the physical system level is turning into an exercise at the virtual cloud level, but with a new actor, the cloud broker.

Better Business Continuity with Analytics Chatbots

In this age of big data, business analytics are likely to form an increasingly large part of business continuity planning and management.

National Preparedness Month, World BackUp Day, and Change that Sticks

A while ago, we asked in this blog if World Backup Day was really a good idea. Our logic? If everybody focuses on one day in the year to get their backups right, then spends the other 364 days ignoring the issue, things won’t change for the better.

Business Continuity and Multipathing

Sometimes, IT can teach business a thing or two. In a recent survey on private cloud computing use, there was a statistic on the use of multipathing.

Is It Time to Rename Malware as Sneakyware?

Malware (Sneakyware) is the software that gets into your system and causes havoc, unless you detect it and neutralize first.

Business Continuity and the Knock-On Blackouts

Power blackouts in business can range from a minor inconvenience to a major threat. Diggers slicing through power cables, extreme weather conditions bringing down power lines, or other local failures can all interrupt the supply of electricity.

BYOD, BYOT, BYOC, All One Facet of a Bigger Challenge

IT has no shortage of four-letter words. It’s not clear what the latest variations on the “BYO” or “bring your own” theme add.

The Other Face of the Business Continuity Hacks

There are hacks and there are business continuity hacks. Some hacks are bad news, especially when they target IT security and jeopardize business continuity, but others – the other kind of hack – could save the day in certain circumstances.

Ransomware is so 2016 – The New Menace is Ransomworm

Don’t take this title too literally. Ransomware, the malware that extorts money from victims to prevent a disaster, will surely continue to be active, at least in the short term.

Business Continuity and Machine Learning – Is It Time?

Machine learning, if you have not already met it, is the capability of a machine (a software application) to modify its rules and algorithms according to new data.

ITSM and DevOps – A Win-Lose Situation?

Do the formalism of IT service management and the agility of DevOps mean that one can only succeed if the other fails?

The Business Continuity Manager and the Typewriter

A well-known IT security solution vendor recently published a white paper about planning for business continuity, and listed typewriters as examples of equipment that should be safeguarded to prevent interruptions to an enterprise’s activities.

Data Lake Hacking is the New Dumpster Diving

When computers ran on punched cards and information was stored and communicated using paper, suspicious individuals could sometimes be seen loitering close to the large rubbish bins or dumpsters used for corporate refuse.

The Great Business Continuity Risk-Reward Mix-Up

Investors and financial institutions like to correlate business continuity risk with business continuity reward. If risk is greater in an investment, then the potential reward should be greater too.

Our 2016 Business Continuity Review – From National Resilience to Toasters (and Back)

It’s always an editorial dilemma – Do we start with the event with the biggest business continuity impact? The event that was the most unbelievable? For the 2016 Business Continuity Review, we have some difficult choices, including the massive cyberattack of the toasters, the most powerful man in the world (soon) trying to carve up the Internet, and a smartphone threatening the health of a national economy.

Travelling at the Speed of IT Security

Einstein, move over. There is a new universal constant now, one that governs all IT-driven security activity, which by now is almost everything that goes on in the known world.

IT Service Management and Digital Transformation

Speaking of these two items in the same breath might seem incongruous. After all, what does IT service management looking after daily operations (mundane) have to do with the digital transformation of an organisation (visionary)?

Why IT Strategy Fails and What to Do About It

IT strategy – hmm, that sounds good! It suggests you know what you’re doing, and that those invoices from your IT suppliers correspond to something of value to the business.

BCM, ITSCM and BIA – Alphabet Soup or a Chance to Save Money?

We know you know, but to save you the mental effort of fleshing these acronyms out into full-length descriptions, here’s what they stand for. BCM is business continuity management. ITSCM is IT service continuity management.

6 Ways to Go Down the Road to ITIL Hell (or to Avoid Doing So)

Paved with good intentions and best practices, the road to ITIL hell can look so alluring to the unwary IT manager.

Business Continuity and Business Transformation

Can these two items coexist? Business continuity is about keeping things going, whereas business transformation is often about breaking things (figuratively, if not literally) to get out of a rut and into a new, more competitive mode of business.

Emergency Management and the Rise of the 5G Networks

5G networks is on the horizon now, destined to increase mobile data transfer speeds and reduce communications latency compared to current 4G.

Ethics and Your IT Sourcing Strategy

IT servers, enterprise applications, data centres and cloud services might seem world away from other sectors traditionally attracting attention in terms of a ethical sourcing strategy.

Should You Have a Secret Agent for IT Asset Management?

Start humming the James Bond theme, now. Or perhaps not. Agents in IT asset management don’t quite have the glamour of 007.

At this Moment, Deep Inside Your System, an APT May Be at Work

The advanced persistent threat or APT is the up and coming menace to IT systems today.

Four Steps to External IT Sourcing without Tripping Up

The road to IT sourcing nirvana is full of potholes, not to mention the ravines on either side, should you stray from the straight and narrow.

IT Service Management as a Business Partner

Now and again, we hear rumblings about IT governance and how synergy must be developed between IT and the rest of the organisation to work in harmony as a “business partner”. The principles are praiseworthy.

IT Risk Management as Seen by the Man with the Black Swan

The man in question is Nassim N. Taleb. He coined the term “Black Swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

Seven Mistakes to Avoid in Planning Your IT Strategy

According to some sources, only 10% of any business strategy plans are ever effectively implemented.

IT Security and the Worry About WordPress

As free and freely available software that has helped millions of individuals and enterprises easily establish a presence on the web, WordPress has a reputation for being well-designed and reliable.

The Link Between Online Dating and IT Asset Management

You mean, there is one? Yes, indeed – You see, online dating organizations are all about asset relationships, preferences, likes and dislikes.

Is World Backup Day Such a Good Idea?

Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.

The Delicate Position of the Chief Information Security Officer (CISO)

A well-paid, but heavy responsibility with a built-in ejector seat is one way of looking at the CISO position.

IT Asset Management and Hardware Hoarders

You’d be surprised at the emotional bonding that can go on between users and their IT hardware devices but there’s a difference between managing your asset appropriately and actually collecting a heap of junk hardware you’ll never use.

IT Service Management and Complete Recovery from Service Failure

How do you measure your IT service success and failure? Performance numbers and metrics can be valuable, because they help you to improve, as well as to defend your IT service management against possible criticism.

The Comeback of the CMDB for IT Asset Management

Enough of the four-letter acronyms! CMDB, in case this had slipped your memory, stands for configuration management database.

Four Pitfalls in IT Risk Management that You Can Avoid

IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.

In the Future, IT Service Management May Lose the “IT”

Don’t worry, all you IT people, you won’t lose your jobs because IT service management changes its name.

IT Risk Management and Technical Debt

When you shove things higgledy-piggledy into your desk drawer, just to clear space in your workspace, you have a quick solution, you also have a dirty solution, because trying to find the key to your filing cabinet will take you ages afterwards, and Yes, you’ve just experienced technical debt, first hand!

6 Pitfalls in IT Risk Management

IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.

Using MTTR, Not Just MTBF, in Your ITIL Problem Management Processes

If ain’t broke, don’t fix it, as the saying goes. However, even unbroken IT installations must be fixed by patches, upgrades or redesigns to meet new business objectives. ITIL Problem Management Processes tackles the issue by taking a problem-solving and root cause approach.

How Often Should Users Change Their Computer Passwords?

This is a little like asking “how long is a piece of string”, except that in this case the string may already be a lot shorter than you imagined. Passwords are often the bane of the IT helpdesk.

IT Service Management and Employee Engagement

Does talking about these items in the same breath seem incongruous to you? After all, IT service management is typically viewed as technology at the service of an enterprise and its end-users, helping productivity, rather than being linked directly with motivation.

Uberisation and Business Continuity

So much of business is being scrutinized through the lens of uberisation that it would be an omission (and possibly a dangerous one) to neglect a quick squint at business continuity.

Adjusting Your IT Risk Management Language for Your Business Colleagues

Sure, as a CIO or IT manager, you know what IT risk management is. It’s all about applying risk management principles to IT, including the adoption, ownership, operation and influence of IT within the larger context of the enterprise but in terms of risk management language, are these principles communicated properly across the organisation?

Cascading in IT Asset Management – Should You or Shouldn’t You?

“Here, take my old PC. I’m getting a new one to help meet my advanced needs, but this one will surely do the job for you.” This, in a nutshell, is cascading in IT asset management.

IT Strategy – More than Just a Simple Matter of Business Alignment

On the face of it, it sounds simple. IT strategy should be driven by business requirements.

Your Strategy for Shadow IT Sourcing

Wait a moment, does it actually make sense to talk about shadow IT and sourcing strategy in the same breath?

Archived Backups and Backups of Archives – What Do You Need?

If you’ve archived backups of data for contractual or regulatory reasons, do you also need to back that data up?

Whaling? If Your IT Security Smells Fishy, It Probably Is

There is some deeper relationship between IT security and the sea that has yet to be fathomed.

Will IT Management Morph into Business Process Management?

Take IT as a service, IT governance and maybe some business process execution language, and mix them all together.

Big Data Security Challenges Now and Into the Future

People and organisations generate more data than ever before. Smart software can analyse mountains of data and offer insights and recommendations, or even take decisions.

ABS Census Attacked by DDoS

What were Australian’s doing on the evening of the 9th of August, 2016? All jumping on the bandwagon to fill out their Australian Bureau of Statistics (ABS) Census details on the Census website.

Is Blockchain Going to Be Big for Business Continuity?

If you’ve met blockchain before, it may well have been in the context of the cyber currency Bitcoin.

Expanding ITIL to Cover the Whole DevOps Model

What do ITIL and DevOps have in common, you may ask – apart from the syllable “Ops”? So far these two items have had little overlap, but that may now start to change significantly.

When Less is More in Risk Management

In business risk management, risk-reward is a concept known by many, but understood by rather fewer.

Lean and Cost Cutting in IT Service Management

Enterprises can come up with all sorts of schemes for cutting waste and costs, ranging from cancelling coffee machines to selling off entire business units.

Would You Reveal Your Password for Chocolate? For Even Less?

A survey showed that commuters in London more often than not (more than 70%) would reveal their computer password in exchange for a bar of chocolate.

IT Service Management and Handling Shadow IT – Fight, Flight or Better Marketing?

Now that business apps (that really can help you do better business) are available immediately in the cloud, the internal IT organisation may find itself being ignored as the shadow IT.

The Business Continuity Fight of the Week: Real Clouds vs. Virtual Clouds?

What would you expect residents of Sydney to be doing Sunday afternoon and evening, 5 June 2016?

Will Every IT Security Risk Now Be Followed by a Fake Risk?

It would be risky to generalise from one specific example in IT security, but the case of fake ransomware is intriguing.

Where Do You Put the Cursor for Supply Chain Resilience?

Supply Chain Resilience have so many moving parts that rapidly becomes a priority issue.

Business Impact Analysis Errors You Must Avoid

In business continuity planning, business impact analysis or BIA is possibly the most critical part.

Risk Evaluation and the Science of Danger

Let’s be honest. Between ‘Risk Evaluation’ and ‘The Science of Danger’, the second name has more star quality.

Cyber Criminals attack on Third Parties

Where do cyber criminals focus their attacks? On the organisations with the information of most interest or highest worth, naturally enough.

Designing Business Continuity into Your Business Strategies

As IT morphs from legacy on-site systems and firewalls to cloud computing, mobility and data-anywhere, it is having to change in terms of agility and security.

Learning from How Others Do Their Business Continuity

Looking at how other enterprises organise their business continuity can be beneficial for two reasons. First, it helps to compare your own preparations with those of another entity.

Have Data Protection, Can Travel – IT Security without Borders

IT Security perimeters no longer exists, now that mobile and cloud computing are so prevalent. The availability of files and information to employees in the office, on site, on the road or at home is high.

Resilience and TICTF (Too Interconnected to Fail)

Remember the economic meltdown (almost) of eight years ago? Two buzzwords came to the fore at that time. One was “systemic risk”, the risk that applies to an entire sector or domain; in this case, the global economy.

A Lean Approach to Business Continuity

Often, techniques that are invented in one domain can be of use in another one too. If you’ve spent your working in life so far in business continuity, you may not have seen much of the lean approach that is frequently used in manufacturing.

If Facebook Rules the World, What about Business Continuity?

The company has a vision of making its Messenger app the default communication mode for businesses, whether with other businesses or with customers.

Where Whistleblowing Fits into Business Continuity

On the face of it, business continuity is a robust process. You gather the appropriate information, apply methodologies to assess business risk.

Outward-Looking Business Continuity

It is easy to indulge in navel-gazing when it comes to business continuity. We examine your business, its components, its requirements, its objectives and the risks that could affect it.

Get Your Own Local Resilience Forum

A Local Resilience Forum? Should you have one? Also referred to for short as an LRF, the idea is to bring together different respondents in a local area in order to guarantee cooperation

Cloud Business Continuity – Brilliant, but Still Garbage In, Garbage Out

Current press coverage may be focusing on exaflops and artificial intelligence, but the IT success story of the decade is still likely to be cloud computing as Cloud Business Continuity struggles to bring much progress.

Will Buggy Releases Triumph Over Smart Mobile Architectures?

Smart mobile has so far been largely a consumer-driven market. That has been good news for the business sector. It has reaped the benefits of the technological advances and better user experiences, with which vendors have sought to woo Jane and Joe Public.

Willie Sutton Logic and Cyber-Attacks

Willie Sutton was the man who (according to a popular story) gave the definitive answer to the question “Why do you rob banks?” He said “Because that’s where the money is”.

Why BYOD Isn’t All Enterprise Security Gloom

The economic arguments for bring your own device (BYOD) working are multiple. The first one is that if employees fund their own terminals (smartphones, tablets, portables), their employer does not have to.

Human Rights and Business Reputations

Sourcing and procurement in business is becoming less and less hands-off. Gone are the days when an enterprise could shut its eyes to labour conditions in a supplier’s company, as long as the products or services arrived on time and at the agreed cost yet behind the scenes what impacts the most is business reputations when the human element becomes non-existent.

Are Cyber-Security Skills Due to Nature or Nurture?

Culture and language determine much of how we live, think and act. So does history. These factors could explain why the Netherlands has gained a reputation as a leading exporter of IT Cyber-Security.

The (Non) Strategy of Australian Government Cyber Defence

The 2016 Defence Whitepaper from the Australian government is now available online. It discusses a broad range of defence topics, of which cyber defence is just one.

Proper Backups Can Beat Ransomware Attacks

Ransomware attacks are on the rise, according to recent reports. Cybercriminals often favour these attacks, because they find them to be effective and lucrative.

The Inherent Risks of payWave and PayPass Cards

Convenience is the name of the game, especially when it helps customers spend more. The new generation “tap and go” paywave and paypass cards are designed to do that.

Does It Make Sense for a Battle Box to be a Physical Artefact?

If you have a battle box for your enterprise, then it probably contains vital information such as employee and major supplier contact details, the most important business contracts, system codes for accessing or restarting critical applications, and so on.

Winning in the IT Service Continuity Management Obstacle Race

In an ideal organisational world, ITSCM (IT service continuity management) guarantees rapid recovery of critical IT services after unplanned downtime.

Nobody, but Nobody is Safe from Cybercriminals

You might not go as far as to bet that they would never, ever suffer a breach of security. Yet today’s scandals seem to concern entities in the private sector.

The Rise and Rise of the Recovery Consistency Objective

Timing, as comedians say, is everything. It’s true if you’re on stage entertaining an audience.

Hi, Can I Interest You in Some Second Hand Security?

Buyers, beware! While a car with one careful previous owner (we’ve all heard that one, right?) may still be a viable purchase proposition, somebody else’s security may be ill-suited to your organisation. Second Hand Security can crop up in situations like company mergers and acquisitions.

Employees vs. Employees – the Internal Battle for Data Security

As organisations have boldly gone when no enterprise has gone before, meaning out to the far corners of cyberspace, the face of data security has changed significantly.

Zika and the Multi-Dimensional Development of a Pandemic

The Zika virus is turning out to be a bigger and more unwelcome surprise than expected.

Should Mobile Device Data Protection Be Encouraged or Enforced?

How many people in your enterprise use their personal mobile devices for work?

Our 2015 Business Continuity Review – Cloudy with Scattered Security Breaches

Information security, both in-cloud and on-premise, was somewhat higher profile during 2015. The top three threats for the year for cloud environments were (in decreasing order of importance) app attacks, suspicious activity, and brute force.

IT Security Trends in Technology, Politics and People – Always Two Sides to the Coin

With mobile computing already so widespread and the promise to add billions more attached devices, a large part of your security will be determined by the state of your technology.

How Ready Do You Feel for Bring Your Own Encryption?

Revelations of government snooping and pressure on cloud providers to provide customer data to authorities have led to new developments in the way encryption is applied with those ready for the Bring Your Own Encryption (BYOE) phase.

Micro Answers to Expanding IT Security Perimeters

If you use a cloud service or let your employees access company systems from their own smartphones, you’ve probably already noticed how your IT security perimeters has expanded.

IT Security and the End of Ivory Towers, Bolt-Ons and Bigger Fences

Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven…

The Rise of Rule-Based Security in Cloud Computing

Corporate policies on anything from safety to ethical sourcing are all about rules. Do this; don’t do that! Often created from the experience of everything that went wrong in the past, policies can soon turn into large, unwieldy documents. IT security also has its rules, some of them born of common sense, others of past…

IT Security, One Rotten Apple and a Whole Bad Barrel

Barrels of apples can go bad, both literally and figuratively, because of just one rotten apple. The rot spreads from one apple to another until the whole barrel is infected. Not so long ago (in 2014), experts from security company ESET discovered 25,000 servers infected with malware, some of these servers being grouped together in…

3 Broad Categories of Cyber-Security Trends for 2016

System hacks, data breaches and information theft are frequently in the news, and will surely continue to feature strongly in 2016. However, recent crystal ball gazing by different actors and experts yielded an intriguing variety of predictions for the coming year. Broadly speaking, there are IT security trends we can expect, those we should suspect,…

Data Encryption and Reputation Management

What do encryption and reputation have to do with each other? On the face of it, the link seems tenuous. However, if a data breach occurs, encryption could be the difference between intense corporate embarrassment and a corporate reputation that remains untarnished. Of course, we’re talking about than standard encryption of data in transit with…

Cryptographic Protection that Does Not Hide Your Information

Does this sound like a contradiction in terms? If your idea of cryptography is all about keeping confidential information hidden from prying eyes, then the idea of applying it to information that is then consumable by others may seem strange, to say the least. However, this is a major function of cryptography too. It makes…

Password Salting may be Effective, but is it Healthy?

Much of IT security revolves around the question of how much you believe users can think for themselves. Password salting is a solution likely to appeal to those who think users are unreliable, careless or otherwise unable to behave correctly when it comes to the proper use of passwords. Yet the brain is a muscle…

How to Make It Through a Failed Security Audit

Embarrassing – or inevitable? How you view a failed security audit, whether in IT or at an overall organisational level, depends on whether you think security is a result or a process. There is a fundamental difference between the two points of view. In addition, current trends suggest that security is becoming less of an…

Four Fatal Flaws in IT Security Flagged at Black Hat Europe 2015

IT security flaws are now myriad, but these four stuck out like sore thumbs at the recent Black Hat Europe 2015 conference on security. Their distinguishing feature for the most part was the massive scale on which hacking could be perpetrated, either because of the number or the size of the systems affected.

Is Your Toaster Spying on You? Security Concerns in the Internet of Things

When so many products can now be equipped with a tiny microprocessor and Wi-Fi connectivity, the possibility to pervert their use over the Internet of Things is a threat that nobody can ignore. Initially, IoT was to be a next generation, connected world in which devices talked to each other for automatic management, repair and…

Employees are Still Unaware of the Need for Information Security

“Careless talk costs lives” was one of the slogans on posters displayed during the Second World War. It was a warning to people to avoid discussing confidential matters in public places, where spies could eavesdrop on vital secrets. Many people also know the saying “wall have ears”. Yet in enterprises and other organizations, too few…

Auditing Security in New Virtualized IT Environments

In the old days, there was a physical cable running from A to B. One server ran just one application. Auditors could see the boundaries and could assess IT security accordingly. But today, matters have changed considerably. The virtualisation of X applications over Y servers, and the use of the cloud make it impossible to…

Extending to Long Range Disaster Recovery Planning

People go to their “panic stations” (or rather, their designated disaster recovery roles!) to contain and repair the damage.

Free Wi-Fi Spots Are Security Risks for the Unwary

Unsuspecting and easy to attack – users of public Wi-Fi spots are a hacker’s dream target. Cybercriminals don’t wear cat-burglar masks and striped t-shirts, so it may not be easy to see them. On the other hand, the smart user of a free Wi-Fi hotspot knows that he or she should assume that hackers are…

How Printer Security Issues Have Been Creeping Up on Us

Printers print. By definition, that is their function. Wads of printed paper, transparencies, continuous feed printouts, presentations stapled together, and so on. Many people are aware of the security risks of leaving printouts lying around, or throwing them out without shredding them. Thirty or forty years, tales of hackers going through refuse were rife. Now…

The IT Security Risk on Your Wrist

Mobile computing devices used to be the challenge for many enterprises. IT departments found themselves tugged in several different directions at once. Employees insisted on using their tablets and smartphones to access company applications, while security officers threw up their hands in horror at the idea of unknown and uncontrollable devices having a way in…

Time to Put Up Your Defences

The world is a dangerous place and a simple firewall just won’t cut it when it comes to this generations highly advanced weaponry, the weapon of knowledge, the knowledge you have turned against you. Warfare is no longer only on the battlefield but on the Internet where anyone with some knowledge of hacking becomes a…

Diamonds are Forever and So (Unfortunately) Is Biometric Security

They last a lifetime and they never change. Fingerprints, irises and even gaits (as in walking) are immutable, if you discount the use of surgery. That is what makes them such reliable identifiers and the basis of different biometric security systems. From science fiction and spy films, we now have smartphones (iPhones for example) that…

Why You Should Keep Doing IT Penetration Testing

If the business and IT environment fluctuates so much, why then is it still important to do penetration testing?

The Cloud Experience

For many years we’ve been hyped with the cloud generation of computing with the likes of giants such as Amazon, Microsoft, VMware and Oracle to name a few in the ring. But moving entirely to the cloud has some considerations to take into account and a Cloud Risk Assessment is to be conducted to analyse…

How Are You Doing with Your Android Security?

Every once in a while it’s good to take stock of a situation. A projected 1.25 billion Android users for 2015 (according to Gartner) is such a situation. Either your organisation is already an Android shop or it is likely to become one in the near future. A plethora of software apps for the Android…

IT Network Firewall Technology is a Model for Business Continuity Too

Instead of (or as well as) trying to sneak past a firewall with a few innocent-looking data packets, the DOS attack tries to cripple a network

Middle East Respiratory Syndrome – Is Carelessness or Ignorance the Bigger Problem?

Middle East Respiratory Syndrome (MERS) is a new threat for humans. Also known as ‘camel flu’, it is a viral respiratory illness first identified in 2012 in Saudi Arabia, where so far it has caused over 280 deaths. Since then it has spread to other countries. As of late June 2015, South Korea was the…

A Marketing Lesson in the Debate about AES 128 and AES 256 Encryption

For business executives and marketers, as well as IT departments, the following paragraphs on the secrets of cryptography hold a useful lesson. First a quick recap on what this is all about. AES stands for Advanced Encryption Standard, used to keep your data confidential. The 128 and 256 numbers refer to the size of the…

Image Backups Help You Get Back in Business Faster

What does it take to get PC or server backups to work properly and bring computers back to operational status?

Backfiring Data Encryption or Being Hoisted by Your Own Petard

Data encryption should be a good thing for security. When your data is encrypted using today’s encryption standards, other people cannot decode your files or your information. Data at rest encryption (DARE) takes care of the data sitting on hard drives, while data in motion encryption (logically DIME – you read it here first!) ensures…

Teachers and Role Models Falling Down on Disaster Recovery

When it comes to singling out sectors that are in the forefront of disaster recovery, finance is often quoted as an example. With so much depending on the ability to recover systems and data rapidly after any incident, major banks were among the first to implement hot failover data centres for instance – as well…

Risk Management for the Masses! Or At Least For Each Project…

Risk management is one of those areas that are too often “somebody else’s responsibility”. Whether through lack of knowledge or indifference, it gets shunted off somewhere else and replaced with an approach of “it’ll be alright on the night”. Unfortunately, it frequently isn’t. Like business continuity or information security awareness, risk management should ideally be…

Data Loss Prevention and the Insider Twist to IT Security

For many people, IT security is about keeping the bad guys out of the data centre by using firewalls to control external access and anti-malware programs to prevent hackers from infecting servers. That is only half the picture however. The threat that has also been growing comes from people already within the security perimeter of…

Look Who’s Doing Risk Management

If you’re wondering how much risk management should become part of your organisation’s rulebook, you may already be looking around to see who else is doing it. Insurers and bankers are obvious examples, because their businesses are centred on risk calculation, whether in terms of setting insurance premiums or defining credit interest rates. Many insurers…

Putting Numbers on Levels of Importance in Crisis Management

Now that management science has taught us how to quantify so many other things, crisis management is a good candidate for being awarded its own scale of seriousness too. The detail you put into such a scale will depend on how much crises afflict your enterprise. If you are battling a continual stream of problems,…

Does the Concept of Agile Recovery Make Sense?

‘Agile’ is still a buzzword. That’s quite a feat in today’s high-speed business and technological environments, where concepts date so rapidly. The original ‘Manifesto for Agile Software Development’ appeared in 2001, some 14 years ago. Since then, the word and the concept it labels have been applied to different business areas, including marketing and supply…

The Critical Importance of the Spokesperson in Crisis Management

Try this simple test, made possible thanks to the ubiquity of the smartphone and its on-board camera. First, imagine a crisis that would put your organisation in a difficult posture with the public. A generally applicable example is breach of your confidential business data, including your customer records. Now take your smartphone and record a…

The Internet of Things and the Two Faces of Risk Management

Within the next five years, the number of people connected to the Internet is forecast to rise to over 7 billion. The number of things hooked up to the web is projected to be around 50 billion. While the Internet of Things (IoT) still has to fulfil certain promises, the base is already there. From…

When the Best Response to a Pandemic is… Don’t!

The Ebola crisis, also a pandemic because of cases in different countries, has hit the nation of Sierra Leone the hardest. National and international health teams have worked round the clock to contain the disease and prevent new outbreaks. Pharmaceuticals companies have ramped up efforts to develop new vaccines. Sierra Leone counts almost 12,000 people…

I know What You’re Doing in My IT System from these Tell-tale Signs

IT security managers and IT teams can install the latest antivirus software and firewall appliances to protect their computers and networks. However, there are also other signs to look out for, which software and hardware products are not always smart enough to see. Human beings on the other hand are naturally gifted in spotting strange…

It is with Regret that the Demise of RAID 6 is Announced – for 2019 Precisely

Information technology has certain features that make it possible to calculate probable dates of demise. It’s all digital, with a finite number of bits and bytes, and calculable error rates. As disk storage capacities increase, technologies viable today may run out of steam tomorrow. They cannot scale forever. Unlike vinyl records in the music industry…

Active/Active IT Configurations and How HA and DR Work Together

If the title of this post makes you go cross-eyed, don’t worry. All will become clear. Let’s explain. Active/active IT configurations consist of computer servers that are connected in a network and that share a common database. The ‘active/active’ part refers to the capability to handle server failure. First, if one server fails, it does…

Disaster Recovery Forecast: Cloudy with Scattered Virtual Machines

First there was the dedicated, physical server. Then came virtualisation to help organisations mix and match over different servers on their sites. After that came cloud computing with more virtualisation (and multi-tenancy thrown in). However, organisations typically still did their virtualisation between machines in close physical proximity, even if they were using cloud services. Now…

Disaster Recovery and the Pitfalls of ‘No Pain, No Gain’

How often have you heard the expression ‘no pain, no gain’? These four words sum up the idea that if you are to receive benefits, then you must suffer (or at least make an effort). Alternatively, you could take it to mean that if you don’t make an effort, you can’t expect benefits. An example…

Pros and Cons of Virtual Tape Libraries

Tape data storage just keeps on going. It’s almost like the steam punk of IT, a branch off into a different universe where everybody reads with bigger candles instead electric light bulbs. But it works. In fact, it works well enough for the largest IT vendors to continue pushing the envelope on data storage density…

Patterns in Data Theft and What Organisations Should Look Out For

Data theft is becoming big business if the estimated damages of recent breaches are any indication. Can you imagine being insured for US $100 million against such events, yet having to bear costs that exceeded even that figure? The recent attack against Anthem, the second largest health insurer in America, involved as many as 80…

Five Aspects of Usability to Integrate into Your Disaster Recovery Planning

Disaster recovery planning for your IT installations may use automated procedures for a number of situations. Virtual machines can often be switched or re-started in case of server failure, and network communications can be rerouted without human intervention. For other requirements, people will be involved in getting IT systems up and running properly after an…

The Pesky Human Factor in Password Resets and IT Security

Forgot your password? Call in-house IT support. They’ll ask you a couple of questions to verify your identity (maybe your date of birth, your favourite colour). Then they’ll reset your password and tell you what it is so that you can go and do that work that’s been piling up. Or so that you can…

Do You Need a CRO for Your Business Continuity, or a CRO, or Both?

No, there is no typo in the title. In today’s C-level world, CRO can stand for Chief Risk Officer, but can also mean Chief Reputation Officer.

Hacking Yourself to Find Holes in IT Security Before Others Do

The more IT pervades businesses, the more IT-based tools hackers have to exploit vulnerabilities. If you want your company to stay safe, you may need to ‘attack’ yourself to find out where the weak points are and fix them to prevent others from breaking in. The following list of hacker tools and techniques will give…

What is Virtual Machine Side Channel Analysis and Why Should You Care?

Here’s the quick version. Hackers operating in the same cloud server hardware as you can steal your encryption keys and run off with your data/bank codes/customers/company (strike out items that do not apply – if any). Yes, behind that mouthful of a title is a scary prospect indeed. Until recently, this kind of cloud-side hacking…

What Are Your Disaster Recovery Options if Your Data Storage Fails?

The answer to this question depends on how fast you want your data back and how much time and effort you are prepared to spend. If your data is both mission and time critical, then full, frequent backups possibly with mirrored systems for immediate restore or failover may be the only solution. Financial trading organisations,…

Putting the Cloud inside Your Company Firewall

Some enterprises are attracted by the potential advantages of the cloud for disaster recovery and business continuity. However, they fear the possibility of information being spied on, stolen or hacked after it leaves their own physical premises. A little lateral thinking suggests another possible solution. Instead of moving outside a company firewall to use cloud…

When a Government Deliberately Stores Data Outside the Country

As cloud computing develops and providers multiply their data centres, physical location of data has become an important issue for many organisations. Their goal has often been to prevent storage of confidential data outside their national boundaries. The risk of a data breach is considered to be too great, especially in the wake of the…

Are Company Boards Taking Risk Management Seriously?

All business in a competitive market is risk-based, whether or not enterprises admit it. Positive risk indicates opportunities. Negative risk points to the need to take measures to avoid, transfer or mitigate that risk. Banks are a case in point, with risk analysis at the heart of their daily activities as they continually calculate the…

Disaster Recovery and the Darker Side of the ‘Undo’ Function

There are times when you wish you could undo what you just did. Sometimes, you can’t. Financial investments, office reorganisations and even that too-hasty email you sent often cannot simply be reversed. With IT on the other hand, it’s a different story. From individual PCs to corporate data centres, the ‘Undo’ function has become a…

When the Resilience of the Web Comes Back to Haunt You

The Internet is truly a work of genius. From the original DARPA brainwave about a network that would reroute around failure to the social media that have brought billions of people together, the Internet is a wonder of the world as much as the Egyptian pyramids and the Taj Mahal. It is a fascinating thought…

What’s Stopping People from Defining Their Own Recovery Objectives?

People who manage a functional department or a business process may find it tough to set recovery objectives for what they manage so devotedly, day in and day out. That does not necessarily mean that they are not objective. Instead, they may not know how critical their part of the business is to the rest…

Androids, Apples, the Long Distance Wipe and Mobile Computing Security

Statistics from reputable sources are clear: Symantec of anti-virus software fame found that 73% of organisations it contacted saw higher levels of efficiency as a key advantage. Deloitte, the audit firm, has said that 71% of enterprises are already deploying mobile apps. That means opportunity for faster sales reactions, improved productivity and even lower operating…

Smart Power, Cheap Power… Safe Power? Smart Grids and Resilience

They say that information drives business. Actually, it’s electricity. Your data will most likely be useless if you have no power. On the other hand, if you can turn the lights on, you can start working, one way or another. But now in a kind of millennial Mobius loop, information is also increasingly driving power…

How to Start Tackling a Big Web Threat – Cross Site Scripting

If you haven’t yet met cross site scripting or XSS for short, it’s probably only a matter of time. And if your enterprise is running a web site that allows users to enter data, for example as search terms, consider XSS as a threat to be tackled now, not later. The short version of what…

Ebola and the Ramifications of Pandemics You Should Consider

Efforts continue in order to stop the spread of the Ebola outbreak and find vaccines to defeat the virus. However, businesses need to be prepared in more ways than one. Although the risk is considered low that a widespread Ebola infection would occur outside West African countries, the potential consequences could be catastrophic and deadly.…

How much of an Iceberg are Data Security Issues Today?

The bulk of the iceberg is hidden below the waterline where it lurks, ready to sink large entities like the Titanic and corporations. One of the most recent news items about data security ‘icebergs’ involves incorrectly configured web servers located in a number of prominent organisations. The systems at risk were identified by ethical hacking.…

Current Australian Preparedness against Ebola

As efforts to contain and eliminate the current Ebola outbreak in West Africa continue, countries around the world are making preparations to be ready in case the virus arrives. The Australian government is also making plans to deal with such an event. Ebola already exists in Australia – but fortunately (so far) only as the…

Disaster Recovery and Technological Horrors

In disaster recovery, technology is often a neutral element – neither good nor bad, in itself. Some technologies are better suited to specific needs or offer relative improvements to existing solutions. What determines whether an organisation benefits or suffers is the application of technology. When it is used unthinkingly and incorrectly, the horror stories start.…

The Ebola Disaster and Double-Edged Logistics

The Ebola outbreak in West Africa is taking a horrific toll in human lives on a scale that is unprecedented. It is also happening in a place that makes the whole rescue process an order of magnitude more difficult. Besides trying to save those already infected, aid workers must cope with the fact that the…

Ebola Outbreak – What Should You Know About It?

With the deaths of more than 4,000 people and an estimated 8,000 cases (at this time), the Ebola epidemic has affected three West African countries in particular. But Ebola could also spread to become a pandemic without geographical limitation. There are three key questions to be answered:

Coffee-Shop Recovery Tactics for Today’s Enterprise

The times, they are a-changing. Mobile computing devices not to mention BYOD and a millennial attitude mean that a substantial number of employees in enterprises now do their work away from their desks. Whether at home, in a bus, train or plane, or in their favourite coffee-shop, if there’s a Wi-Fi connection available, there’s a…

Information Security – Are Companies Giving Up?

With the security threats around today, the sheer mass of information and the vulnerabilities to attack, it has to be admitted that information security is a challenge.

Information Security – What Do You Think It’s All About?

When was the last time you saw a survey on Information security in enterprises? It’s a topic that often means different things to different people.

Have You Met the Recovery Consistency Objective?

Which disaster recovery measurements do you really need? The answer is the ones that are effective in helping you to plan and execute good DR. So your choice will naturally depend on your IT operations. The two ‘classics’ of the recovery time objective (RTO) and recovery point objective (RPO) are so fundamental that they apply…

Where are the Holes? Turning IT Security Inside-Out

It’s an unfortunate truth. The holes in your IT security are most likely to be where you neither see them nor expect them. That means they’ll be outside the basic security arrangements that most organisations make. Firewalls, up to date software versions and strong user passwords are all necessary, but not sufficient. Really testing security…

Who is Responsible for Cloud Data Security?

“The Buck Stops Here”, said US President Truman. And he made it doubly clear by having that statement inscribed on a thirteen-inch sign on his White House Oval Office desk. But what would he have made of the cloud, where IT engineers, managers and employees can all upload data and trying to pin down one…

IT Security is Essential in the Cloud – But Which Cloud Do We Mean?

Clouds by definition are nebulous and vague. Their use in IT models and discussions goes back decades, long before the current cloud computing models. A ‘cloud’ was convenient shorthand for showing a link between a system on one side and a terminal or another system on the other. Today however, the concept has evolved. Not…

Integrated Network Technologies Make Disaster Recovery Simpler (Sort Of)

What is the scarcest IT resource today? Processor power, main memory and disk space all seem to grow unabated. But network bandwidth on the other hand is still comparatively expensive. Consequently, enterprises tend to have less of it, which is turn leaves them more exposed to possible outages. Luckily, other technology means that bandwidth can…

Penetration Testing: How Many Shades of Grey?

Commercial enterprises know that the best way to maintain market leadership is to attack yourself. It’s the same in IT security if you want to maximize your resistance against hackers. A niche industry has grown up around penetration testing – or ‘pentesting’ for short. Providers in this sector offer their services for applying automated or…

“Data, Data, Everywhere, nor Any Drop to Drink”

The literature buffs among you should recognise this paraphrase of Samuel Coleridge’s epic poem, ‘The Ancient Mariner’. Besides having to put up with an albatross hung round his neck, the Ancient Mariner despaired of a lack of drinking water while becalmed at sea (“Water, water, everywhere…”) Given today’s oceans of data, CIOs might feel much…

Virtualisation Needs More Than Just a Physical Security Approach

As you bring virtualisation into your IT infrastructure, you may have noticed a few security-related aspects that weren’t present in a purely physical ‘one-app-one-server’ environment.

Disaster Recovery – Sometimes the Devil Really is in the Details

Disaster recovery planners are often recommended to take a holistic view of their IT organisation. They should work to deal with potential outcomes, rather than possible causes. That certainly helps businesses to greater overall DR effectiveness and cost-efficiency. However, there’s no denying that a number of practical details must also be respected. Otherwise, the best-aligned…

Beyond Data Back-Up Requirements to E-Discovery Compliance

Your data backups are there to help you recover information, applications and files if required, hopefully both effectively and efficiently. But they and any archiving you do may also be there for external parties to use as a result of e-discovery. That’s the retrieval of electronically stored information (ESI) for use in legal proceedings involving…

Living Dangerously with Virtual Machine Mismanagement

Virtualization is a business continuity answer to the vulnerabilities and foibles of physical servers. By spreading applications virtually and horizontally across vertical stacks of computing power, service can be ensured even if one stack goes down and the same application elsewhere picks up the slack. In principle, that’s fine – as long as IT administrators…

Disaster Recovery Services and Multi-Tenancy in the Cloud

Historically, vendor solutions for disaster recovery have been created for on-site use for individual enterprises. The client company concerned was the sole owner of the user data involved, and disaster recovery could be implemented without having to worry about anybody else. The cloud computing model changes that situation. It’s possible to use cloud services to…

Disaster Recovery as a Service and the New ‘Not Invented Here’ Syndrome

The ‘not invented here’ syndrome was something that forward-looking corporations set out to beat about 20 years ago. If a different product or service could be more cost-effectively bought in rather than being designed and manufactured in-house, then it was bought in. The challenge was to overcome misplaced pride and internal turf wars, where being…

Continuous Data Replication – Is This ‘Goodbye’ to Your RPO?

Traditional data backup happens once every so often – once an hour, once a day, once a week, for example, depending on the recovery requirements associated with the data. It’s typically the recovery point objective or RPO that determines the frequency of the backup. If you cannot afford to lose more than the last 30…

The Crisis Management Call Tree – Manual or Automatic?

Ensuring employee safety by rapidly disseminating the right information, and keeping communication lines open in a time of crisis are both priorities for businesses. Traditional solutions for this have relied on the manual ‘call tree’ or ‘phone tree’. Key employees are contacted first to inform them of whatever situation or crisis has arisen, with remaining…

Crisis Communications and When No News is Not Good News

No news is good news, or so the saying goes. But when equipment malfunctions and services are interrupted, no news can mean intense frustration for customers and end-users.

Tape Backup Developments – Death-Defying or Simply Better?

Considered by some to be obsolescent, obsolete or virtually flat-lining, tape backup is still around. Even new hard drive technology and solid state storage cannot match the price point per terabyte stored. Now IBM and Fujifilm have pushed the envelope even further with new tape cartridge that can hold 154 terabytes of data. By comparison,…

Disaster Recovery Lessons from Radiology

When hospitals moved from film-based hardcopy systems to electronic images, they began to generate large amounts of data held on PACS – Picture Archiving and Communications Systems. Hospitals use various ‘modalities’ to scan patients, including Computer Tomography, Magnetic Resonance Imaging and Ultrasound systems. These modalities must regularly (and frequently) upload the scanned images to the…

A Theorem for IT Disaster Recovery – But With Practical Application

If you look through the literature on disaster recovery, you’ll probably see that practical ideas, recommendations and methods abound – but that theory is in rather shorter supply. This makes sense in that all those IT systems and networks are running now – so if they break, you’ll want some good ‘cookbooks’ or ‘how-to’s’ for…

Business Continuity Benefits – Not Just an Insurance Policy

Business continuity often inspires a feeling of ‘disaster averted’. In other words, the perception is that spending money on business continuity is really an insurance policy, and as such brings no positive benefit, but helps to avoid negative outcomes.

Opening Up Company Systems without Compromising Security

As business shifts more and more to the Internet, enterprises find themselves increasingly driven to provide better access to their IT systems.

Emergency Management – Getting Ahead of the Social Media Test Curve

Social media is increasingly being looked to as a tool for emergency management. It has a number of attractive characteristics, including cloud-based resiliency and being well-known and understood by a large portion of the public and professionals alike. The problem that many organisations face is in knowing how to prepare their use of social media.…

Are You Obliged to Use a Risk Management Software Application?

Risk management software identifies the risk associated with different assets. It then communicates this information to the enterprise concerned, for example through business dashboards displayed on screens. While risk is a factor for every organisation, some are bound by regulations to practice and demonstrate good risk management. Banks are a case in point: they must…

Crisis Management and the Growing Role of Social Media

Facebook and Twitter are already used to disseminate information about breakdowns and crises. Public service organisations have begun to use them to as part of their PR strategy for good crisis management.  Now there’s a move to use social networks, Twitter in particular, for communication in the opposite direction. In the UK, the London Fire…

Are Global Shocks Part of Your Business Continuity Planning?

Planning for business continuity includes identifying real risks and evaluating their impact on business activities and objectives. The risks to be included are the ones that could reasonably be held to apply to an organisation. Of course, each entity needs to make its own list, because many risks are situation-specific. For example, an enterprise in…

Keep Your Pandemic Plan Updated in Case of MERS

Is another pandemic on the way? The generic coronavirus is common everywhere, but this one – Middle East respiratory syndrome coronavirus, or MERS-CoV – is a particularly virulent strain. It’s also on the move. The World Health Organization published information on May 1st about serious infection of a hospital patient in Egypt who had returned…

Disaster Recovery, Horses for Courses and Other Metaphors

Just think how exciting the world of disaster recovery has become. What used to be exclusively tape storage has branched out into all kinds of disk storage, virtual snapshots, deduplication and cloud object storage. That’s great for DR managers, right? Not so fast. One of the central elements of disaster recovery is risk mitigation, which…

Making a Profit Centre out of Business Continuity Management

Hands up all those in favour of a cost centre. Nobody – just as we thought! Now, hands up all those who’d like a new profit centre. Ah, much better! With the trend to define business operations in terms of the net profit they generate, instead of the expense to be funded, your next clear…

A Quick Guide to IT Disaster Recovery Technology

Money alone can’t buy happiness, and technology by itself can’t buy disaster recovery – but they can both help significantly! IT disaster recovery management needs thought, planning and training of personnel; being aware of what technology has to offer is an important part of this. Check our handy ten-point list below to see if you’re…

A New Metric for Business Continuity – the Stupidity Index

If most problems are due to human error, the next metric for understanding risk and business impact might just be the stupidity index. It’s a somewhat tricky concept in a business sense, because stupidity is often context-dependent. The Peter Principle points this out, by stating that in organisations, people are promoted to their highest level…

The Heartbleed Threat to Business Continuity

If you’ve been following the news of any kind recently, you may well have seen articles about Heartbleed. This is the vulnerability in the OpenSSL network protocol that theoretically allowed hackers to invisibly copy sensitive data from a web server. A sign of the times, Heartbleed even made front page news in the tabloid press…

Mapping Networked Business Continuity Disciplines into Documents

As organisations evolve, they need to re-evaluate their degree of preparedness in the different business continuity management disciplines. In the networked partner model that has become common today, risk management, governance over recovery, crisis communications and talent management all need updating, compared how things used to be in the vertically integrated enterprise. Changes made in…

Is Seven the Magic Number for IT Security?

The number seven crops up in many contexts: the Seven Wonders of the World, the seven dwarfs, and now the seven levels of cyber security. Let’s start with the different levels of threats posed by hackers. In order of increasing severity, we have: script kiddies (hacking for fun); the hacking group (often the first level…

Supply Chain Resilience and Other Great Unknowns

Outer space, the deepest parts of the oceans, the human brain – and perhaps supply chain resilience? A list of great unknowns still yet to be fathomed might include all of these things. Supply chain business continuity features in it because supply chains are fast becoming a (or even the) key competitive differentiator for enterprises…

BS 25999-2 to ISO 22301: Will Your Business Continuity Certification Still Be Valid?

Being able to show a valid certificate for business continuity management is becoming increasingly important. Firstly, you can expect to parlay your hard-won certificate into financial advantage for your company in several ways. Secondly, many customer organisations also now insist that you demonstrate business continuity certification as a condition for doing business. The BS 25999-2…

Business Continuity and Split Corporate Personality

Business continuity originated in electronic data processing or EDP. Some observers joked that the personality of an EDP manager corresponded to those three letters. E stood for Engineer. The EDP manager, more commonly referred to as an IT manager nowadays, was technically astute and obsessed over the hardware and software details of the company’s computer…

Is a Windows or Linux Server Better for Business Continuity?

The answer is clear, says the Linux fan. The Linux operating system has proven its dependability time and time again. If NASA uses Linux for the International Space Station, and Oracle and IBM make it a strategic plank in their systems platform, organisations everywhere can also rely on this open system for day-in, day-out business…

I Spy with My Google Glass Eye

If you haven’t yet met Google Glass, the new computing and communications tool from Google, you might be surprised at what it can do. Looking like a designer spectacles frame but without the lenses, Google Glass manages to tuck into a very small space: a miniature screen (just above your right eye), camera, microphone, ear…

Smart Satellite Communications and Business Continuity Benefit

Among the previous articles you’ve read in our blog, you may have noticed that besides discussing how good business continuity management can save organisations from disaster, we also like to point out where it can also simply save you money. Here’s one of those cases. Satellite communications may intuitively seem to be more expensive than…

Successfully Sitting on the Fence with Hybrid Cloud

So what will you choose: public cloud, private cloud – or perhaps a solution in between? The flexibility and scalability of the cloud have also made it well suited to partial use, namely the hybrid cloud solution. Those who can’t quite make up their mind can have as much or as little of the cloud…

Version Control Basics for Better Business Continuity

Business continuity is often about reinforcing existing infrastructure or eliminating sources of business disruption. Bringing in techniques to accelerate or multiply results thanks to good business continuity may not be so frequent, but here’s one that may well do that. It’s version control, which is used when several knowledge workers need to simultaneously work on…

When You Just Know What the Next Disaster Will Be

From the title of this post, some people might immediately think of intuition: that vague and rather flaky resource used when that’s all you have. However, we’re actually thinking of something a little more structured in this context. In the coming age of Big Data and associated worldwide online resources, analytical techniques like those used…

Can Tablet Computers Cure Disaster Recovery Headaches?

Let’s proceed by elimination. Servers? Those are the things that fall over when your data centre is hit by lightning and for which you do your disaster recovery planning anyway. Desktop PCs? They’re practically nailed to your desk, so they won’t be going with you as you run for the exit. Laptops? Maybe, although battery…

Vetting and Monitoring Cloud Providers

Set it and forget it? Not if it’s a cloud computing solution on which your enterprise is relying to accomplish its daily operations. Due diligence in cloud vendor selection and frequent regular testing are both key components of the overall process. Taking a leaf out the banks’ books can be instructive in this context. While…

Server Crashes and Data Security Breaches: Just Like Death and Taxes

US statesman Benjamin Franklin was famous for many things and for one in particular: his proclamation that “in this world nothing can be said to be certain, except death and taxes”. Well, Benjamin, it seems like modern technology and inflation have conspired to add a couple more items: server crashes and data security breaches. In…

Why Server Virtualisation Is Not a Disaster Recovery Plan

It’s funny how some myths continue to be believed, even by hard-nosed business people. The notion that virtualisation will save a company’s data is such a myth. Although it can be valuable in optimising an organisation’s use of IT resources and reacting quickly to changing IT needs, virtual environments are not inherently safer than independent…

New Business Continuity Lessons for Banks – and Others Too?

Businesses can’t function if they don’t have customers. When customers find other solutions and move away, it’s therefore a threat to business continuity. Conventional banks may be at risk if a new development in online-only banking takes off. Startup ‘Simple’ (that’s the company’s name) for instance is giving clients an innovative alternative. Its solution is…

Data Snooping and Privacy – Is There a Pilot in the Plane?

The data snooping debate has quietened down a little recently, even if Edward Snowden’s name still crops up here and there. Whether or not the revelations about intelligence activities have changed much in terms of governmental attitude and behaviour remains to be seen. Pressure can still be applied to Internet, cloud and telecommunications service providers…

Data Deduplication Ramifications for Disaster Recovery

Data deduplication or the elimination of repetition of data to save storage space and speed transmission over the network – sounds good, right? ‘Data deduping’ is currently in the spotlight as a technique to help organisations boost efficiency and save money, although it’s not new. PC utilities like WinZip have been compressing files for some…

DIY Phishing has a Message for Business Continuity

Think you need advanced computer skills to set up a phoney bank website and fool people into giving you their money? Think again. DIY phishing is now on offer in kit form. Someone who knows how to set up a personal website or even a Facebook page probably has the level of knowhow required to…

The Purpose-Built Backup Appliance Comes of Age

Not everybody chooses the cloud as the first option for backing up data. Despite the advantages of practically limitless storage area, pay-as-you-go pricing and resilience, a weak point for the cloud is the network speed for uploading or downloading all those gigabytes (terabytes, petabytes…). The alternative for organisations is to put their own solution in…

What Disaster Recovery Planners can Now Expect for Data Storage

Did you know that in six years’ time each individual on the planet will correspond to over 5,000 gigabytes of stored data? That’s the estimate from market research company IDC and digital storage enterprise EMC who see worldwide data holdings doubling about every two years to reach 40,000 exabytes (40 million billion gigabytes) by 2020.…

The Internet of Things and Big Data – Both Looking for a Killer App

Despite the publicity given to Big Data and (to a lesser extent) the Internet of Things, their practical advantage has yet to be clarified. It’s difficult to think of them in terms of business continuity when they don’t influence the fortunes of an enterprise; unless you count the negative impact of money spent investigating them.…

The importance of Network Security in Disaster Recovery Planning

There is no question that technology today forms the core of business. In their role of facilitating transactions and storing sensitive data—the data of both the staff of the company and the stored data of the clients—the systems and networks of companies are increasingly under siege. This makes data both the most precious asset to…

The Perils of the Password – How to Protect Your Business Continuity

How many passwords do you have? How many can you remember – and what do you do about the others? Business and consumer life is controlled to a significant degree by passwords. It’s a balancing act between making them memorable (for their rightful owners) without opening the door to password abuse or theft. The business…

Factoring in Human Error in Your Business Continuity Planning

Good business continuity training helps managers and enterprises prepare business continuity plans. However, they’ll also need to deal with a further factor – human error. This element is a cause of anything from small business failure to nuclear power plant meltdowns. A little information on the subject can help make business continuity that much more…

A Startling Idea in Disaster Recovery (and Nothing to do with Technology)

Ask people where the next surprise will be in disaster recovery and they may well point to technology, the weather or legislation. While all of these areas should be taken into consideration, there’s another one that is vital to good DR management.  It’s people.  Perhaps because it’s so obvious, disaster recovery plans sometimes gloss over…

Virtualise All You Want but Business Continuity Must Still Be End-to-End

It started with IT server virtualisation and then continued with cloud computing. Instead of physical machines running a company’s own software applications, we now simply have interfaces to virtual instances of these things. Computing resources are no longer located in a specific piece of equipment on a company’s premises. They are ‘somewhere’ in the cluster…

Tons of Technology for 2014 – But Does It Help Business Continuity?

At the start of each year, there’s always a long list of IT offerings vying for attention. With many solutions still looking for a problem, it pays to take a moment to consider the business impact rather than being seduced by the high-tech glitter. Here’s a quick rundown of what might affect business continuity in…

Point of Sale Hacking – a Growing Threat to Business Continuity?

The data breach at the Target Corp, the US supermarket chain, was a shock for many. The personal information of at least 70 million customers was stolen by hackers who intercepted the information as buyers used credit and debit cards at the company’s points of sale. The reputational damage seems to have quickly spilled over…

Security Risk Management – Standing Still is Moving Backwards

The world turns, things change and new security risks continue to appear on the scene. Some organisations bury their head in the sand or cross their fingers. ‘It wouldn’t happen to us’ is their motto. Others make plans using different approaches, some better than others. Then they leave the plan untouched without updating it and…

Business Continuity and Balancing Expert Resources

People are often cited as the most valuable resource of an organisation. The more capable an employee is and the better trained, the more an enterprise stands to profit – up to a point. Difficulties may begin when a person becomes indispensable because of unique expertise that is essential to the smooth running of the…

Balancing Acts and the CIO – the Blondini of the Organisation?

150 years ago the Great Blondini, the world-famous tightrope walker, performed incredible feats of balance and daring in his aerial ambulation above Niagara Falls. While today’s Chief Information Office doesn’t always hold crowds breathless with excitement in quite the same way, he or she has a balancing act to get right too. How much detail…

Is It Time to Review Your Malicious Software Reporting Policy?

Be honest – do you currently have a malicious software reporting policy? Just relying on the existence of anti-virus software and firewalls may be too optimistic nowadays. The potential damage to information assets and productivity, let alone identity or bank account theft, suggests that a malware reporting policy should be in place in any organisation.…

Outsourcing: Good Contracts are Only the Starting Point

Stick to core competence and competitive advantage, and outsource the rest: such has been the mantra of businesses for decades now. The logic is simple. By using external partners specialised in the non-core activities, for example, accounting, logistics and pay, an enterprise can benefit from that partner’s economies of scale and superior expertise. Profits go…

Data Sanitisation and Its Impact on Business Continuity

In data management, the way you delete information can be as important as the way you keep it. Confidential information that finds its way into the wrong hands can lead to loss of advantage over competitors, public relations crises or other threats to business continuity. However, that doesn’t mean the wholesale destruction of data within…

A Perpetual Motion Machine for Sales and Business Continuity

Perpetual motion, like the alchemist’s stone, makes a great legend. The idea of something that keeps going indefinitely with no external source of energy is highly seductive, but also highly impractical. Friction or resistance of some kind will always intervene to eventually bring the system to a halt. However, almost-perpetual motion that just needs a…

What the NSA Revelations Mean for Business Continuity

Although the dust hasn’t yet settled on the Edward Snowden revelations about the activities of the US National Security Agency, the consequences already extend beyond the purely technical. While the immediate reaction was to think of better ways in which to encrypt data, it also dawned on foreign organisations that they might want to review…

Business Continuity and IT Security: Give Up or Give In?

There are different ways of looking at IT security involving end-user equipment such as PCs and mobile computing devices. One is to batten down the hatches at a corporate level, repel all viral boarders and let end-users fend for themselves. Another is to extend security to all end-user devices and take responsibility for maintaining data…

Business Continuity and Why the New Age Still Needs the Old

What words spring to mind to describe the business world today – remote control, automation, speed, renewal? These concepts can all help with business continuity and competitiveness, but so can their ‘yesteryear’ counterparts. Although new technology lets organisations improve different areas of operations, it doesn’t mean that it is a panacea to be applied universally…

Homing In on Best Use of the Public Cloud

When new technology arrives, it’s not always clear how best to use it. Mobile phone makers invented the text message because they thought it would be of use to technicians in their troubleshooting. Since then the SMS has become one of the most popular means of communication for the general public ever. Similarly, public cloud…

How Much Can Predictive Analytics Help Business Continuity?

If you can see what will happen in the future, you can take steps to prepare for it – or avoid it, or even change it. That’s the promise of predictive analytics, a topic that naturally interests business continuity managers. While there’s no guarantee of exact predictions, predictive analytics can indicate change patterns and emerging…

Unthinkable – Business Continuity without a Battle Box?

Lists, kits, packs… they often exhibit order and completeness, two dimensions that are also important for effective business continuity. They are also the underlying principles of the ‘battle box’, a repository for vital information to allow an organisation to carry on operating in adverse conditions. Just like first aid kits and motorists’ emergency packs, a…

Business Continuity and Creative Cyber Criminals

While the web has opened wide the doors of opportunity for entrepreneurs around the world, others have shown evidence of creativity as well. Ingenious use of technologies has led to hacktivism, identity theft, distributed denial of service (DDoS) and swatting, to name but a few. Perpetrators use both the latest cyber-techniques and also old-fashioned approaches…

Risk, Business Continuity and IT DR – the Year of 2013 in Review

Risk certainly marked the year of 2013, with knock-on effects on business continuity thinking. However, in a year picking up the pieces after different disasters, the real message was a reminder that while we collectively now know a great deal about risk, we don’t always prepare or take action appropriately. The devastation caused by rainfall…

How Much Can You Outsource a Risk?

A common corporate credo nowadays is: ‘make only what you cannot buy’. The idea is that if a supplier is already making an affordable, quality component or product, there is no sense in re-inventing the wheel. The company would be better off using its internal resources to develop more strategic advantages related to its core…

Should You Warn Vendors about Impromptu Disaster Recovery Tests?

Vendors supplying you with components or services for your infrastructure need to feel confident about working with your organisation. That way they’ll be motivated to give off their best. It could be argued that stressing a vendor with unannounced tests might have a negative impact on their relationship with you. After all, they have a…

Disaster Recovery – the Truth is Out There

There are statistics, there is business folklore and there are facts about disaster recovery. Some of the statistics quoted may not always be easy to trace back to their source, but it remains a fact that to stay in business, you need to be able to do business. That’s why good disaster recovery planning and…

How SMBs Can Consolidate Their Business Continuity Strategy

‘I keep it all in my head’. Or ‘How likely is it that an event occurs that stops my business from operating?’ These are frequently the reactions of small business owners to the idea they should pay more attention to business continuity and disaster recovery. While business continuity often occupies an increasingly large part of…

Using Qualitative Tools to Assess Your Business Efficiency

Numbers can be useful, but they don’t always tell you everything. Just like business forecasts and other models, it’s wise to include both quantitative and qualitative evaluations of your business efficiency. While quantitative measurements are designed to give hard numbers, qualitative tools can help fill in the gaps where other data are lacking. Qualitative tools…

What Should You Upgrade – Dinosaur Computers or Dinosaur IT Skills?

Business continuity is a matter of staying competitive as well as operational. With much of current business revolving around computers, that means ensuring that IT resources are effective and efficient. However, the fastest processors and the most recent versions of software do not automatically confer competitive advantage on the companies using them. Indeed, the standard…

Accelerated Business Continuity – Are Real-Time Analytics the Future?

How do you view Business Continuity? Is it all about avoiding business outages for a given speed of business, or should it also contribute to increasing that speed? After all, if business continuity is designed to move an enterprise away from slowdowns, then logically it should be moving the enterprise towards picking up the pace…

Infinitely Versatile? The Bid for QR Codes to Now Become Your Authentication

User IDs and passwords are part of everyday business life and business continuity for many people. You need them to log on to get your email and use other company systems. Often, the easier they are to remember, the easier they are to hack. And cryptic codes often get written down on scraps of paper…

Eight Security Questions to Ask a Cloud Vendor Before You Sign Up

Cloud services whether PaaS (platform), SaaS (software), DraaS (disaster recovery) or another ‘as a service’ option are part of the business landscape now. However, in the vast majority of cases, using them means that your data is stored outside your organisation. No matter what the cloud vendor’s reputation, security must be evaluated, confirmed and applied.…

Is Google Earth a Good Tool for Business Continuity and Disaster Recovery?

When you’re scouring your neighbourhood to detect possible risks to your organisation, a tool like Google Earth can be a valuable asset. Without leaving your desk you can tour streets and advance street view by street view, pinpoint addresses such as the nearest phone service and electricity providers on your map and spot vulnerabilities –…

What Are Your Top Ten Organisational Risks?

Organisational risk is in the eye of the beholder. What you see as being the main risks as an innovative small business serving the Melbourne metropolitan area may be very different from the point of view of a multinational corporation with projects all over the world. It’s wise however for both types of organisation to…

Agile Organisations and Business Continuity

‘Agile’ is a common buzzword in organisations today. Intuitively, it fits well with the notion of business continuity – an agile enterprise, able to respond iteratively to whatever today’s business conditions or events throw at it. The old concept of long-term corporate planning is light years behind; many businesses don’t know what will happen in…

IT Security for Small Businesses – Are You Listening?

Hacking of the IT resources of small and medium businesses is on the increase. The age-old excuse of ‘We have nothing worth hacking’ is no longer valid, although this doesn’t always register with SMBs. Hackers see small businesses as targets of interest for several reasons. Firstly, SMBs are vulnerable. Their security is weak, because of…

‘If It Ain’t Broke, Don’t Fix It’ – When Change is Not the Only Constant

The ‘new normal’ propounded by management gurus a few years back was that ‘change is the only constant’. Companies, said the gurus, must constantly change, innovate and reinvent themselves in order to remain competitive and successful. They applied their mantra to everything from marketing to manufacturing to supply chain – with varying results. Victories included…

Critical Vendor Reviews are Part of Business Continuity Management Too

What goes on inside your enterprise is of prime importance for your business continuity management. However, so are the actions and attitudes of vendors on which you rely to run your business.  In the same way that you regularly check on BC processes and awareness inside, you should also conduct periodic investigations of key business…

How Technology Smooths the Way for Business Continuity and Disaster Recovery

While good planning and processes are at the heart of business continuity and disaster recovery, technology can accelerate the benefits as well. We live in an age of cloud computing and smartphones. Both can be used to help an organisation get back on its feet after incidents, or simply ride them out without severe or…

The Army as the Model for Business Communications

One of the biggest factors in helping people to get along and making businesses profitable is communication. Mobile phones in particular have become the symbol of this: depriving somebody of his or her mobile phone is today akin to torture, at work, at home or anywhere else. The trend continues too towards more advanced and…

ITIL, ITSM, and the Way They Can Help Business Continuity

IT is at the heart of most business today. Whether it’s in marketing systems and CRM, design software applications, production line automation or finance and accounting, if the information technology being used breaks down, so do business operations. Conversely, when service from the IT department is defined in terms of the business objectives of the…

How Not to Be a Victim of Your Own Data Centre

Nowadays, IT plays a vital role in supporting business functions for many organisations. They depend on their data centres to keep their activities going and to come up with new ideas about how to improve them. However a report by research company IDC (International Data Corporation, 2012) suggests that both business operations and innovation may…

Making Virtualisation in IT an Advantage, not a Risk

The big selling point about virtualisation, at least in disaster recovery terms, is the power it gives to handle single points of IT failure. The idea is to distribute applications the right way over a number of servers; then if one physical machine crashes, another one should be available to ensure that applications can continue…

Keeping Organisational Policies Up to Date in Business Continuity Management

Whether or not rules are made to be broken, company policies are made to be reviewed. What was suitable for an organisation a few years ago may be out of date with requirements now. Paradoxically, this is an instance where business continuity management needs to introduce some discontinuity, to avoid the enterprise getting stuck in…

Encryption Alone Won’t Ensure Business Continuity and Here’s Why

Did you know that the ‘uncrackable’ 128-bit Advanced Encryption Standard (AES-128) in fact turns out to be crackable? Granted, it would currently take 2 billion years using an enormous number (like a trillion) of computers. But before you heave a sigh of relief on behalf of your organisation’s information, think again. That’s the situation when…

How Well Does Your Company Password Policy Perform?

If you haven’t seen it, you’ve probably heard about it: the sticky note on the computer screen with the account login and password for all to see. While this archetypally bad behaviour has security officers recoiling in horror, there are also other less obvious forms of password vulnerability that affect many organisations. Fundamental problems that…

Organisations in Europe Are Making Risk Management a Priority

Research into leadership in risk management in Europe indicates that it is gradually becoming a board-level item and an integral part of organisational strategy. While banks for example have embedded it into their operations since their inception, in other sectors the importance of risk management has taken longer to come to the fore. Common categories…

Are Chinese Businesses Doing Well Because of or In Spite of the Web Security?

Is there a relationship between the Internet control and censorship policy in China, and the country’s economic success? Chinese Internet censorship has meant that access has been denied to Facebook, Twitter, YouTube and many others (Wikipedia estimates over 2,600 websites in total). Meanwhile the Chinese economy continues to grow. While the jury is still out…

Five Strategies to Prevent a Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) attacks are becoming a trending and serious issue when it comes to Cyber Security across many industries in particular the banking and financial sectors. In a DDoS attack Botnets (usually referred to as a “Zombie army”) bombards a server or a network with thousands of system requests sent from infected…

Social media – Risks and Productivity Impacts in the Workplace

A few years ago, social media were the bane of many businesses. Seen as a dangerous distraction for employees, some even instructed their IT teams to block access to social networking sites in an effort to recover employee time and productivity. Nowadays however, the tide seems to have turned. Companies look towards social media as…

Virus Protection – Think of it like Car Insurance

If you’ve never dinged your car (other than brushing bumpers while you’re parking), you may not appreciate how good it can be to have adequate car insurance. Likewise, if you have been spared the pain of a PC that slows down or dies because of a virus, software for protection against viruses may seem more…

Cyber Security Risks for Financial Systems

The financial sector and the banking industry in particular are unique in the IT world: no other businesses have the same combination of constant drive for innovation, regulatory pressure and customer-facing IT applications. That also means increased exposure to cyber security risks via the interfaces to the public, whether these risks are linked to criminal…

Agile Business Continuity – Simple as ABC?

Agile techniques have become popular over the last few years. They have their roots in software development projects. Unhappy with ‘monolithic’ projects that exceeded both time and money budgets, project teams looked for a better way to deliver useful end-results to software users – and that also kept up with changing requirements into the bargain.…

When Business Continuity Means Not Coming to Work

Do you remember those problems in school calculus about the multiplication of bacteria? Throw in a little network effect and you can start to build a crude but realistic model of how illnesses like influenza are propagated throughout an organisation. One person carrying flu germs and coming into contact with other people in an enterprise…

Just When You Thought It Was Safe… Emergent Risks

Decades ago, the ‘Jaws’ film series struck a chord with its marketing slogan ‘Just when you thought it was safe to go back in the water’. Risks are like sharks as well. You think you’ve disposed of one, only to find a new one circling you and your organisation, waiting for an opportunity to emerge…

Disaster Recovery Set to Grow in the Cloud

One of the big things about cloud computing is the potential for cutting costs and saving capital. On demand storage and Software as a Service (SaaS) paved the way with applications stretching from cloudified accountancy to sales force and customer relationship management. ‘All things shall move to the cloud’ is the mantra of many, and…

Duct Tape Business Continuity – Can It Work?

Perhaps you’ve already come across Duct Tape Marketing, a popular business book about successful marketing for small businesses. Duct tape, as you may know, is the strong adhesive tape you can use as a quick fix to bind many different things together especially if you don’t have any other solution. It stops things from falling…

When Retail Giants Move into Disaster Recovery

Amazon already did it. With huge data centre installations and expertise to support its exclusively electronic commerce, it wasn’t a big leap to start providing cloud computing platform services and practically limitless data storage resources for other companies. Amazon Web Services now offer organisations the possibility to move their disaster recovery and business continuity into…

Cyber Business Continuity Needs Broad and Deep Together

In mid-July 2013, several of New York’s Wall Street firms participated in an exercise to test their resilience in the face of cyber-attacks. The initiative was coordinated by SIFMA, the Securities and Financial Markets Association, and included commercial financial companies, as well as the U.S. Treasury Department. Financial institutions in the US have been subjected…

IT Security and Business Continuity Through Divide and Conquer Tactics

‘How do you eat an elephant’ is the age-old metaphorical business question. ‘One piece at a time’ is the answer. Big problems can be broken down into smaller ones, which can in turn be broken down again, until you get to a level where you can see your way to solutions. Project management and production…

Disaster Recovery – How Would You Like to (Not) Pay for That?

Usage-based payment systems are becoming increasingly common, but a recent variation in disaster recovery has an interesting twist. A new pricing model from a company called Asigra is based not on how much data an organisation backs up, but how much it restores. In particular, a ‘recovery performance score’ determines the amount of money a…

Business Continuity and the use of Robots

For most organisations, business continuity issues have more to do with breakdowns in everyday processes than with incidents in a nuclear reactor. However, events like the most recent catastrophe in Japan have catalysed discussions on the potential for using robots for recovery and continuity – discussions that could progressively include even ‘run of the mill’…

Disaster Recovery Planning and the Use of Automation Software

If your IT systems go down, you want a solution in operation ASAP – or within the limits imposed by criteria like your recovery point objective and your recovery time objective. The problem is that under stress and time pressure, the difficulty of correcting failure is magnified. Human emotion is the cause. It causes delays,…

WAN and Cloud Disaster Recovery: Look out for the Latency

How fast does your application need to be – how quickly do you need to be able to see a response after you enter a command? In some contexts, speed is not a critical factor. For instance, if you’re entering or retrieving accounting data, you don’t want to wait for half an hour, but anything…

Shrinkage, Fraud and Other Hidden Parts of Business Continuity Management

Sometimes we get so wrapped up in business continuity management that deals with natural disasters or accidental breakage that it’s all too easy to forget about another dimension: deliberate acts that damage the worth of an organisation. Even if terrorism and activism get publicity, theft and fraud often remain in the background. And yet there’s…

What Constitutes National Resilience?

More news about IT disasters (and disaster recovery) last week, this time concerning a French state financial system. Service was interrupted for four days in a configuration used to pay suppliers, and running SAP software and operated by the national French IT company, Bull. France still has a national computer company, providing mainframes and servers,…

Virtualisation at the Heart of a Health Provider’s Disaster Recovery Planning

A recent article on the website ZDNet.com describes how a health provider in Indiana, US, put in place IT virtualisation to manage a number of challenges, including disaster recovery planning. One of the big changes was moving from a situation where a breakdown in a physical server threatened the welfare of hundreds of individuals, to…

Cloud Business Continuity Moving Towards Self-Healing Solutions

While cloud services have promised advantages of redundancy and resilience from the start, there is still the spectre of failure. Even the largest operators can be affected. Amazon’s EC2 (Elastic Compute Cloud) suffered breakdowns in 2011 because of a wrongly applied change of configuration, and again in 2012 owing to ‘historic’ thunderstorms in the neighbourhood…

Crisis Management and Social Network Resources

Customers are influenced by what they experience, but also by hearing about the experiences of others. In crowded, competitive markets, maintaining positive ‘brand capital’ with customers is an important part of business continuity. Although social networks often have a gradual effect on a company’s activities rather than an immediate one, crisis management is an exception.…

Move over, the Six Million Dollar Man. Now It’s NYC’s Turn for Increasing Resilience.

Remember the TV series with Lee Majors playing the role of astronaut Steve Austin? It’s OK, you can admit it without overly dating yourself – there have been reruns since the series was originally launched in 1973! In essence, Austin is ‘rebuilt’ after an accident using bionic body parts to make him stronger and better…

Getting Visual with Natural Catastrophes and Business Continuity

As part of the business continuity insights from Hurricane Sandy, the American National Hurricane Centre is reviewing the way that it makes warnings about storm surges (abnormal rises of sea water). The problem was not in the accuracy of the predictions but in the perception of the information by the public. There was a disconnect…

Disaster Recovery Myths about Deleted Computer Files

Once a file is gone, it’s gone, right? Well, it all depends. In many cases files are not physically removed from hard disks, but simply hidden from users by the operating system, and left available to be overwritten by new files. That means that some degree of disaster recovery may still be possible if a…

Disaster Recovery Goes Mobile with a Self-Propelled Solution

After meals on wheels, how about mobile disaster recovery? That’s what US distributor Avnet Technology Solutions is offering customers in a scenario that sounds rather like it came out of Star Wars. The company has put together a technology package of products from EMC, Brocade, Cisco, Metalogix and Microsoft, all installed on a chassis from…

Spot Your BYOD Challenge for Business Continuity

BYOD, or ‘Bring Your Own Device’, is spreading through the business world. Initially a user-driven phenomenon, some organisations now even want to stop supplying computing devices to employees that have them anyway. But once computing and data for computing for the organisation are no longer controlled by the organisation, the question of business continuity comes…

Where is the Truth in Business Continuity Today?

Let’s set some expectations. This blog post won’t give any definitive answer about the question above! On the other hand, this post is prompted by a comparison of recent news items, on the face of it interconnected and yet apparently at odds. Within the space of less than a month one survey found that companies…

Social Networks, Business Continuity and the Pyramid of Needs

What do people in your organisation do when there’s news of bush fires approaching or impending floods? Batten down the hatches, check the emergency generators, and perhaps get connected to a social network like Facebook or Twitter? Social networks can sometimes provide a vital connection when other means of communication fail. Available over mobile devices…

On the Trail of the Business Continuity Calculator

Business continuity? Sure, but how much will we earn from it – or at least, how much will we save? Business continuity managers often appear to be destined to an eternal quest for hard data on the return on investment for their activity. The situation is complicated by the fact that business continuity is almost…

What’s the Bill for Repairs after Recent Natural Australasian Disasters?

The Global Catastrophe Recap for April 2013 from reinsurance company Aon Benfield gives a region by region breakdown of recent damages and costs after different natural disasters. The Impact Forecasting organisation, part of Aon Benfield, uses data on disasters to build models of catastrophes to better understand the risks. This helps customers better understand the…

How Business Continuity is Built into Australian Police Operations

Crime-busting is a key part of their activities, but police forces in Australia also have a much wider remit to protect communities. People naturally turn to the police of help and guidance if there is an emergency, making police officers the first to respond to many situations requiring rescue or evacuation, for instance. Senior officers…

Business Continuity RAA-RAA? Get Ready for Resilient Australia Awards

The 2013 Resilient Australia Awards (RAA) may put the accent more on measurable accomplishment, rather than “boisterous and uncritical enthusiasm and excitement” (an online dictionary definition of “rah-rah”). Notwithstanding the natural keenness of people to do a good job, the awards have been put in place to recognise achievement and innovation in resilience: increasing the…

IT Business Continuity – How Safe and Green Can You Be at the Same Time?

The Data Centre Risk Index (DCRI) has been published for 2013. Companies looking for IT business continuity may have to choose between being the safest or the greenest when it comes to installing their data centres. Overall, the worldwide winner is the United States. In Europe, the top country is the United Kingdom. The UK…

Resilience Management Models – Is There Anybody Out There?

Resilience as a subject is getting wider coverage nowadays. For example, Resilient Australia is an example of an organisation promoting the concept and holding competitions to award prizes to entities judged to have done outstanding work in the area of resilience. Resilient Organisations (ResOrgs) is a public research programme based in New Zealand as a…

Making Business Continuity Friends in Manufacturing

Some areas of an enterprise are naturally more sensitive to business continuity than others. Whereas interruptions may be a nuisance in accounting, they may simply be unacceptable in manufacturing production lines aligned to lean and just-in-time manufacturing methods. As facilities increase in size, they tend to use more automation. The Manufacturing Execution System or MES…

“Location, Location, Location”, OK but where’s the Business Continuity?

In the property business, the three most important things are (so they say) location, location and location. You can hear the wisdom of the ages in those words when it comes to buying, selling and renting – as long as the estate agent’s systems are in working order. And that according to a survey recently…

The Agile Approach to Implementing Business Continuity

The Agile approach is currently in vogue in a number of business areas, one of the better-known examples being software development. The same principles that can help keep software applications aligned with business needs and available on a timely basis can also be applied to business continuity. The name “Agile” refers to the notion that…

What Would You Like to Win a Business Continuity Award For?

It’s that time of the year again, and surveys are running to see who will win the title of Business Continuity Person of the Year. Common criteria include the most effective, most innovative, most promising newcomer, and best lifetime achievement. There are even a couple of new categories being offered: best crisis communications and best…

Disaster Recovery and IT Systems with Minds of their own

The bigger IT systems get, the more complex they get, the more chance there is a failure somewhere inside and a need for disaster recovery. It’s mathematical – as you multiply the number of components or the number of computer procedures called, you multiply the possibilities for something to go wrong. Even the biggest guns…

HaaS and the Business Continuity Challenge

When a global IT distributor like Ingram Micro gets on board the HaaS (Hardware as a Service) bandwagon, you know it’s really on the move. The concept behind Hardware as a Service is that organisations no longer have to own, support or in general worry about the IT hardware that is present on site. Instead,…

What Business Continuity Management and Zero-based Budgeting have in Common

Every so often (business continuity plan updates, for example), figuratively speaking it’s time to get the crystal ball out and see what the future holds. This is an ambitious undertaking given how difficult it is to know what the weather will be like next week, let alone business in six months’ time. Modern science has…

Isn’t a Threat Landscape More than just Worms and Viruses?

By a quirk of language, the term “threat landscape” is currently used to refer specifically to cyber-threats. These threats alone already keep business continuity professionals on their toes, even if the nitty-gritty of protecting a company in this area is often the direct responsibility of the IT department. However, considering that threats were confined to…

Have You Got Your Global Risk Analysis Kit?

Want to know what’s on the radar screen for economic and technological risks? Or is your interest more in societal and environmental threats? The Global Risks 2012 report from the World Economic Forum has something for everything. It breaks risks out into five global categories – the four we’ve just mentioned, plus a fifth, geopolitical…

Disaster Recovery can be a “Free” Consequence of Cloud Computing

In the world of disaster recovery, one of the challenges is getting people to approve budget for having the right DR capabilities in place. Unless you are dealing with enlightened senior management, it’s not always easy to get people to sign off for events that may or may not come about, at some indeterminate time…

ASIC BC Guidance as an Alternative to Putting Your Money under the Mattress

There was a time when the safest place for your money was reckoned to be under your mattress. Paper money didn’t exist. The gold and silver coins in use were resistant against flood and a certain degree of fire, as well as theft if you were lying on the mattress at the time: in other…

To Share or Not to Share Business Continuity in a Shared Supply Chain

One of the challenges to business continuity planning in 2013 will be the trend to share supply chain facilities between two or more companies. The logic is that to keep logistics and distribution running smoothly but at acceptable cost, the overhead of facilities such as distribution centres or delivery can be shared. It is even…

Embedding Business Continuity Management Into A Company’s Culture

One of the challenges for the business continuity manager is to get his or her colleagues to think about BCM too. People who remain unaware of business continuity plans and requirements, even in their simplest form, may be unable to continue their work when an incident or a problem arises. So getting a minimum of…

NFPA1500 or how the Fire Department Does Business Continuity

With emergencies as the very basis of its existence, a fire department still needs to think out its own business continuity. The NFPA (National Fire Protection Association in the United States) 1500 standard details the procedures that a fire department should or must follow in order to continually remain operational. Instructions in NFPA 1500 start…

Never a Dull Day with Business Continuity

Business continuity principles may span industries and continents, but their application can turn out to be very different. Organisations in different professional sectors have varying methods and priorities in organising their daily activities. What may be sufficient as business continuity planning in one enterprise may be inadequate for another. Try this as a thought experiment…

What the SS540 Business Continuity Standard is Designed to Do

Is a population of around five million people enough to justify bringing out a separate business continuity standard for that country? After all, with other internationally applied standards already available, such as BS 25999 and now ISO 22301, making your own version might be described as reinventing the wheel. However, when that country is Singapore…

Business Continuity Plans for Mergers and Acquisitions

Business continuity plans are not only to be used when uncontrollable or unpredictable events beset an enterprise. They also have a role to play in events that, so to speak, firms bring upon themselves. Mergers and acquisitions are good examples. Such events are deliberately induced, unlike fires, floods or IT systems breakdowns. However, that still…

Linking ISO 22301 to Related Management System Standards

To paraphrase John Donne, no standard is an island. Users implementing systems according to ISO 22301, the standard for business continuity management within the context of societal security, can gain from linking their work to that done on other standards as well. While the standard takes an all-hazards approach and applies equally to both private…

Keep CALM and Share My Business Continuity With Me

As supply chains increasingly integrate suppliers, it’s time to extend business continuity in the same way. In simple situations involving individual consumers and providers, this is already happening. Customers who buy new cars today often rely on the dealer to also provide their “car continuity” because the systems in the car require specialist equipment for…

Divergent Attitudes to Business Continuity Regulation and Recommendation

Should business continuity planning be a legal requirement? Should it be an option left to the discretion of an organisation? A school forced to close for a day because a heating pipe burst and flooded the ground floor is an inconvenience. An online shop that loses its e-commerce site for a day may be a…

Physicians, Heal Thy Business Continuity Thyself

Like the cobbler’s children who are the least well shod, it seems that organisations whose whole business is in emergencies are not necessarily well-prepared for business continuity. In particular, hospitals have come under scrutiny in recent years because of an apparent lack of integration of risk management practices. Approaches have sometimes stopped short of the…

Reality Bites – Business Continuity Incident Examples and Statistics

As business continuity covers all parts of an organization, there is a tendency sometimes to describe it in correspondingly general terms. Compared to all the theoretical possibilities of how BC issues can affect businesses, real-life examples are often in shorter supply. On the other hand, statistics about the number of businesses that go bust after…

Why Should You Care About Business Continuity Management Governance?

Let’s face it. It’s hard enough to define what corporate governance is in a general sense, let alone drilling down to explain it for business continuity. Apart from being something that organisations start pondering once they’ve tamed their marketing and business strategy, governance can also be defined in terms of its component parts: the “Reporting,…

Not only is tape back-up still around, but it’s also still beating disk

The classic strength of tape compared to disk is in the relative cheapness, but now there’s more. If you’re thinking in terms of long-term archives, then tape also beats disk, because it has a “shelf life” of 30 years, compared to a “measly” 10 years for disk. After 10 years, disk runs the risk of…

Disaster Recovery – the Price to Pay for Self-Inflicted Disasters

“A stitch in time saves nine” is a well-known saying. However, “familiarity breeds contempt” as they also say, and knowing your maxims off by heart doesn’t automatically mean taking the appropriate action. The “stitch in time” in IT terms is a proper plan, or good change management, together with backup planning if things don’t work…

Customers Who Make the Laws for Business Continuity in Manufacturing

In finance and healthcare, they have laws for business continuity. In manufacturing, they have OEM customers and it’s a moot point as to which, laws or customers, have the stronger influence.

Keeping Business Continuity Plans Up to Date – Say “Aah”!

It’s kind of like going to the dentist. You might not want to make the appointment, because you don’t know how it might turn out. However, you know down inside that regular care and attention will mean you’ll stay in better shape than if you let things slide. If visits to the dentist annually are…

Social Media and Crisis Communications – Starting Out Right

In developed countries, statistics indicate that about half the population participates in social networks or online communities. The Internet is also the third most popular channel of communication used by people to gather information on emergencies, even if TV and radio remain the favourites. And to top it all, about two-thirds of people expect that…

Hurricane Sandy and Business Continuity Plan Best Practice

The damage from Hurricane Sandy was front page news for some time, even if it will probably finish by fading from popular memory, as new tropical storms come and go. Yet because it hit the Northeast of the United States with its financial nerve centres, there was a particular impact on the operations of the…

Preparing for Product Recall beyond Standard Reverse Logistics

Where product recall sits in relation to your overall business continuity planning will depend on the gravity of the recall. At one end of the scale, reverse logistics is simply part of distribution and shipping: when someone somewhere receives a defective or unwanted product, the supply chain has to be able to handle the flow…

WorkCover Sticks and Business Continuity Carrots

One of the consequences of aiming for business continuity is the need to fit in with other programs and imperatives in an enterprise. In particular, employee safety is a requirement that must be met, although it opens the door simultaneously to opportunities for BC planning. Australian states such as New South Wales, Victoria and Queensland…

Don’t Abdicate Your Disaster Recovery Just because your Employees are Doing It

In today’s world of cloud and BYOD (bring your own device) computing, disaster recovery sometimes almost seems to be organising itself. Employees can copy all sorts of data to mobile phones, tablets and personal web storage, including customer lists, proposal templates, financial spread-sheets and more. It would take at least a double disaster – for…

How would You like a “Disaster Resilience” Plan?

Just when you thought you’d figured out DR, up pops a new concept – now it’s DR for “Disaster Resilience”, as well as for disaster recovery. Entities like the Australian Government and the Australian Emergency Management Institute are getting in on the act, so it might be good to know what’s going on and what…

What Does Bloom’s Taxonomy Have to Do with Disaster Preparedness?

If you’ve worked in education or training, Bloom’s Taxonomy may mean something to you. It’s a tool for structuring learning, for example learning about disaster preparedness, via a set of simple steps. Depending on which terminology you choose to use, these steps can be named in order as: remembering; understanding; applying; analysing; synthesising; and evaluating.…

The Real Business Continuity Lesson to be Learned from Hurricane Sandy

In terms of natural disasters for 2012, the “big one” for many people was Hurricane Sandy. The storm affected individuals and enterprises as it knocked out power lines and punished buildings, roads and infrastructure on the US East Coast. After the fact analyses of the hurricane took different standpoints. Some praised the decisions taken by…

BCM in a Health Organisation – Who Gets Priority?

Health organisations are a special case (not the only one) in business continuity management. Life and death issues are the backdrop in many cases, while the size and complexity of some hospitals elevate BCM to new levels of complexity. At the same time, they need to generate income in order to pay the ongoing costs…

New Zealand Earthquakes and Disaster Rebuilding

Why should DR stand only for disaster recovery? In the face of the earthquakes that assail parts of New Zealand from time to time, both the short term and the long term implications are being taken into account. Short term is disaster recovery, in a wider context than just IT, but disaster recovery nonetheless to…

Business Continuity Test Scenarios at the Speed of Light?

The more business continuity test scenarios you can run in your IT systems, the closer you can get to a bullet-proof organisation. Of course, that doesn’t mean that you’ll necessarily achieve such a Holy Grail; it might just mean you’ll be a little less further away than when you started. And then there’s all that…

Cloud Disaster Recovery, OK, but what if the Cloud IS the Disaster?

Disaster recovery via cloud computing is a hot topic nowadays. Inexpensive compared to traditional hot standby solutions and with greater flexibility, by definition cloud data backup is independent of local or even regional incidents. In theory, cloud data restore should be just as independent. The problem however comes when a cloud provider fails to provide…

Bush Fires and Business Continuity – Has Anything Really Changed?

Should you stay or should you go? That’s the big question in thinking out preparedness and plans for disaster recovery and business continuity in the event of a bush fire. In Australia, the damage done in 2009 in Victoria sparked off new debates about the right choice between staying to defend property against bush fires,…

Embedding BCM – Not Just Another Road Paved with Good Intentions?

Embedding business continuity management in an organisation certainly gets a mention in standards like BS25999 (with good intentions carrying through to ISO 22301). So it should. As BCM concerns everyone and is only as strong as its weakest link, it needs to be understood and applied by all: hence the embedding into the organisational culture.…

How the Cloud Mixes Up Everything and the Impact on Disaster Recovery

Despite some claims that that data storage and data recovery are set to become two separate items in computing cloud land, at the moment it’s all in there together: data, the applications that handle that data and the infrastructure that needs to be managed in consequence. IT disaster recovery plans involving cloud now have to…

What does AS/NZS5050 have to Do with Black Swans and Defining Your Destiny?

AS/NZS5050, with its title of “Business continuity – Managing disruption-related risk”, caused a few ripples when it was published in 2010. With its focus on risk management, it recommends that disruption should be stabilised as soon as possible, with resumption of mission-critical operations and a speedy return to normal functioning. It also recommends that a…

Check Your Level of Crisis Management Maturity

If there was a crisis, how well prepared would your organisation be to deal with it? While scales of preparedness can only be relative, the following model may help to evaluate the situation. Adapted from part of a presentation at the DEP Expo 2012 on Site Location Response Teams by Martin McNamara, each of the…

What HICS does to Help Hospitals Cope with Disasters and More

HICS – Hospital Incident Command System, or Control System for some – contains guidelines specific to hospital organisations with respect to business continuity requirements. While most people would readily appreciate the life or death nature, literally, of certain activities within a hospital, business continuity and disaster recovery stretch can have a very broad remit. Fires…

Cloud Disaster Recovery still Needs to be Analysed and Tested

While it’s comforting to think that a professional organisation can now hold your data safe and sound for you in the cloud, cloud DR planning still needs the same careful attention as a solution using any other technology. There are significant business advantages available, not least in terms of financial flexibility and hugely scalable resources,…

Too Much “Business as Usual” can be Bad for Your Health

It’s something of a paradox. On the one hand, maintaining business as usual (BAU) could be considered a key goal of business continuity, especially if “business as usual” means high productivity and efficiency. Yet as a research paper presented by Dr. Robert Kay at the DEP* Expo 2012 points out, a focus on BAU that…

APRA and Business Continuity in Finance – Accountable in More Ways than One

Business continuity is a big deal in financial institutions. This is not just because of the institutions themselves, but because of the widespread follow-on effects of interruption to their millions of business and consumer customers. APRA (Australian Prudential Regulation Authority) revised its compulsory standards in 2012 by bringing out Prudential Standard CPS 232 for Business…

BCM Culture – Who is the Most Important Player in Your Organisation?

While the idea that business continuity management needs to become part of corporate culture is gradually gaining ground, the practical aspects of making it happen may be less obvious. You want everybody in your organisation to be BC-aware, because business discontinuity can happen at any time and affect anyone. But how do you communicate that…

What’s the Basic Business Benefit of IT Disaster Recovery via the Cloud?

Let’s stop talking technical for a moment. Although the quality of IT disaster recovery depends on which technologies are used and how, we sometimes fall into the trap of assuming that innovation and specifications are all we need to optimise DR for our business. Cloud services are a case in point. Yet taking a moment…

Preventing Policy and Employee Disconnects in Business Continuity Plans

Recent information about IT security, a particular aspect of business continuity plans, highlights the high risk behaviour of people in using computer passwords. The data comes from passwords uncovered by hacktivists group Anonymous, who then exposed them online. The more general question is then whether such a gap between stated rules and real life behaviour…

Is that Maximum Tolerable Outage, Maximum Tolerable Disruption, or What?

Maximum tolerable outage or MTO is a common measure in both disaster recovery and business continuity. It is the maximum amount of time a system or resource can remain unavailable before its loss starts to have an unacceptable impact on the goals or the survival of an organisation. It’s either on or off, and if…

SydneyALERT Aims to Improve Emergency Information to the Public

Central business districts (CBDs) are known for the high concentration of people in them, during business hours. This makes them a special case in emergency management. There is a strong need to provide timely, clear instructions to the public in this instance in order to contain any emergency situation and to avoid complications. SydneyALERT is…

If Bigger Australian States have DISPLANs, What do Smaller States Have?

If search engine results are anything to go by, state-wide disaster plans are common currency for the largest Australian states in terms of population (New South Wales and Victoria), but not so much in evidence for others. NSW even goes one better with not just a DISPLAN, but also an EMPLAN – Emergency Plan (the…

Business Continuity Plans of 2012 – a Mayan Point of View?

Case histories and past experience are material for building the business case for business continuity plans. So what have the last twelve months contributed? Since the Mayan prophecies on December 21st provoked no major upsets in the world, 2012 was quiet compared to 2011. There were events like the Olympic Games and Hurricane Sandy, but…

Resilience Management and the Road to Unified Continuity

As fields such as business continuity, risk management and security management, to name but a few, develop, they often develop different branches and specialities. With the multiplication of concepts and methods, the original discipline isn’t big enough to hold them all, or so it seems. Yet resilience management is something that bucks that trend. It…

Business Continuity Plans that Accentuate the Positive

If the names of Johnny Mercer and Harold Arlen don’t immediately strike a chord, at least in business continuity, you could be forgiven. Yet their sage advice has been around for some time. It dates from 1944, when they wrote the lyrics and the music for the song “Accentuate the Positive”. How does it go?…

What Sort of Cloud Best Suits Your Disaster Recovery Plan?

It had to happen. Just having “the Cloud” was too simple. In the same way that the Internet morphed into intranets, extranets and more, cloud computing is now branching out into internal, external, inter-, public and private clouds. Vendors and service providers alike have seen the opportunity to leverage existing solutions and create their own…

Production Pressure that Prevents Proper Business Continuity Plans

“Do it now”, “do it faster”, “do more”,… While these may all be justifiable goals on their own, the problem comes when production pressure like this has a negative impact on business continuity plans and actions. BC planning is preventive and its objective is the absence of disruption to a business. However, it can therefore…

Emotional Continuity Management – Still Just Right-Brain?

Presented as the offspring of business continuity planning, emotional continuity management has been around for a few years now. The concept links emotional distress in the workplace with a negative impact on productivity, and conversely emotional wellbeing with a positive impact. People who feel good perform better. People who don’t fall apart emotionally when disaster…

Why Earthquake Intensity can Affect Any Disaster Recovery Plan

If you think your organisation is in an earthquake-free zone, you may be right – up to a point. From a purely local point of view, your site may never have experienced the slightest tremor or be likely to. On the other hand, you may also be using suppliers for raw materials or components that…

Going Deeper than just a Dashboard in Your Business Continuity Plan

Production has them. So does supply chain, and finance; for sales, it’s practically a no-brainer. Yes, it’s the departmental dashboard – that one page summary of key performance data, typically in a graphical format with pie charts, bar charts and the like. You get at-a-glance information on how well an operation is doing. Most company…

Showing Off as Part of Business Continuity Plan Best Practice

Getting your organization to recognise the value of business continuity is sometimes hard. However, business continuity plan best practice isn’t only a matter of what you put into your plan, but also what you do with it afterwards. You already need to show it to your management, the board, departmental heads affected, and others in…

Maximum Tolerable Outage(s) for the Supply Chain in 2013

End of year deadlines and festivities mean that maximum tolerable outage is an increasingly hot topic in many sectors. But what will expectations be for the year to come? MTO in itself is a measurement, a tool to be used in delivering business continuity overall. Changes in MTO, whether in terms of level or application,…

Is it Time for Disaster Recovery Plans to Include QR Codes?

You’ve probably already seen QR codes many times. A QR code typically looks like a bit of computer-generated art in a square, printed in magazines, on cereal packets, on buses, and so on. What’s the link with disaster recovery plans? Simple enough. The use of smartphones is increasing, and so are the opportunities for enabling…

Where’s the Proof of Business Continuity Plan Best Practice?

Practice all you like, but if you can’t see measurable results in terms of your organisation, then you can’t guarantee that business continuity plan best practice is of benefit. True, in some cases, it seems intuitively obvious. Or perhaps a sufficient number of relevant case histories exist for the probability to be high enough that…

Integrative Negotiation as Part of a Business Continuity Plan

Business continuity is not always the easiest thing to put in place. Budget that gets allocated to BC is budget that does not get allocated to other projects or departments, and then there are also organisational turf wars to consider. If you’re faced with a manager intent on protecting his or her fiefdom, a slide…

Why being a Minority in Business Continuity Planning is still OK

In the best of all worlds, everyone in an organisation is convinced of the merits of business continuity planning, and works to make BC happen as it should. Idealism may be inspiring, but many BC managers feel they have more in common with lone voices in the wilderness, or Cassandra of mythical Greek fame, who…

Why Prospect Theory has a Role in Your Business Case for Business Continuity

Cloud computing and risk mitigation, OK – but when pundits start linking business continuity plans and “prospect theory”, discussions can run deep indeed. What do the two have in common? To answer a question like that, you first have to know what prospect theory is about. In a simple form, it describes how people make…

Ethics and Business Continuity Plan Best Practice

Keeping a business going is what business continuity is all about, but at what price? Ethics have more than one role to play as part of business continuity plan best practice. Not only are they important in order to prevent continuity from being jeopardised, but they are also a crucial part of any response to…

Maximum Tolerable Outage by Whose Criteria?

Maximum tolerable outage means what it says – the longest time that an organisation can accept that a given service or facility is out of operation. Many enterprises and institutions go to great lengths to predict and calculate MTO, usually because of what’s at stake. Hospitals for example cannot accept IT outages that disrupt critical…

Ray Bradbury and the Role of Paper in Business Continuity Planning

Ray Bradbury was the author of many works of science fiction and futurism. SF literature owes to him classics such as The Martian Chronicles, Something Wicked This Way Comes and Fahrenheit 451. Although monsters from outer space do not feature in the top ten risks that organisations must face, the title alone of Fahrenheit 451…

How to Sell the Business Case for Business Continuity

Some of the most effective selling in any context is done by systematically applying certain rules. Selling the business case of business continuity is no exception. Finding out what internal decision-makers want and presenting the case for BC so that it demonstrates value in their eyes, while motivating them to accept sooner rather than later,…

4 Trends in Business Continuity Plans for IT and Beyond

With the end of the year looming larger and larger, it’s time for a review of trends that have marked BC in 2012 so far, and that will likely continue to do so into the next year. Four important ones are rooted in information technology: cloud computing, mobile devices in the workforce, social networking and…

Operation Teapot and Vital Records in Business Continuity Plans

There’s no doubt about it. Governments think up the strangest codenames for their secret activities. The innocent sounding Operation Teapot referred to a series of tests by the US Federal Civil Defense Administration to find out what impact a nuclear explosion would have on towns and infrastructures. Part of that impact involved business records and…

Is your Disaster Recovery Plan Based on Inaccessible Backup Data?

Every so often discussions arise outside the domain of disaster recovery plans, but that trigger thought-provoking questions. One recent example was about the extent to which backup tapes destined for DR were accessible or not for legal information discovery. This is the procedure whereby the databases of an organisation can be searched by the opposite…

7 Levels of Business Continuity Plans in the Cloud

There’s something about the number seven that makes it a favourite choice for models of all sorts. They range from the layers of the standard network model (the OSI version at least) to telephone selling methodologies (depending on what you’re selling) and of course colours of the rainbow. Since 1956 and “Miller’s Law” in psychology,…

Data Destruction, the Flip Side of Disaster Recovery Planning

With the emphasis in disaster recovery planning on safeguarding and restoring data, it may sound strange to talk about deliberate data destruction. After all, isn’t that the exact opposite of what DR teams in businesses are trying to achieve? However, like the yin and the yang of the universe, destroying data is a natural counterpart…

How Hacktivism Fuels the Business Case for Business Continuity

Statistics from the 2012 Data Breach Investigations Report from network provider Verizon indicate that the biggest thieves of data are now the hacktivists – activists with the ability to hack into organisational data systems. Hacktivism puts a new spin on the business case for business continuity because they are no longer hacking just to show…

Maximum Tolerable Outage is Also Defined by User Frustration Levels

In the days when business continuity was still mostly a competitive advantage, there was a tendency to think of maximum tolerable outage as being defined by external customer expectations. Whether for manufacturing, finance or other industry sectors, MTO was measured in terms of effect on the customer base, likely customer reactions and the impact on…

One Day You too may have a Disaster Recovery Plan in Your DNA

Yes, you can take that title literally. While the debate goes on about whether a disaster recovery plan should be centred on back-up to hard disk or tape, there’s a new kid on the storage block (or around the corner for the moment) – DNA. In a paper entitled “Next-Generation Digital Information Storage in DNA”,…

Business Continuity Plan Best Practice and Business Book Top Sellers

Books on business continuity plan best practice don’t feature in the overall business management book bestseller list – or not yet anyway. It’s not that there’s any shortage of books on the subject. There are many respected authors who have something to contribute to BCP at various levels. Popular BCP titles include for example “The…

Which Business Continuity Plan Best Practice can deal with BYOD?

Now that people in many organisations expect to be able to use their own mobile computing devices at work, it may be time to update business continuity plan best practices. At the moment, the BYOD (Bring Your own Device) challenge seems to have caught enterprises on the hop. Managing the use of tablets and smartphones…

Enabling projects for business continuity plan best practice

Business continuity plan best practice does not happen overnight, whatever the size of your company. Figuring out how to optimise the chances for a business to continue successful operations, whatever the circumstances is a process that can take considerable time. Finding a way to show that progress is being made above all in the early…

Business continuity test scenarios – what do you know?

Seriously, what do you know about business continuity? Or rather, what does your organisation as a whole know about it? Among the different business continuity test scenarios possible, testing how aware people are and how much their reflexes and behaviour are in tune with BCP occupies an important place. After all, business continuity applies to…

Dynamic disaster recovery plans and the promise of “set it and forget it”

The “set it and forget it” dream has been around for a while. It has always been tempting to wish that systems could be built in accordance with disaster recovery plans, and then left alone until the moment when circumstances called for them to be activated. Now cloud computing is being hailed as the solution…

A government disaster recovery plan with long term visions

How far would you expect a disaster recovery plan to extend into the aftermath of a disaster? Days? Weeks? Months? Years…? The Queensland Natural Disasters Jobs and Skills Package from the state of the same name in Australia shows how government perspectives on a situation can be different to individual enterprises, especially in terms of…

Disaster Recovery Plans and the “New Normal”

Disaster recovery plans need to take account of changes. Regular reviews of changes in a company’s operations and dependencies, and developments in DR tools are all part of DR planning. What was true twelve months ago may have changed significantly by now and projected responses to disaster situations need to be updated accordingly. However, until…

Business Continuity Plan Best Practice and the APT Conundrum

Ideally, business continuity plan best practice revolves around identifying the key risks and how to handle them, and separating out risks that do not justify planning time and effort, because they are too small or too improbable. The problem is to decide whether or not a risk merits inclusion in the BC plan. The current…

Business Continuity Plans and Clouds with Fewer Silver Linings

Cloud computing, that recent IT evolution, has been hailed as a boon to business continuity plans. Indeed, it has a lot to offer, including IT network redundancy, reduced costs and flexible billing. For these reasons, it immediately scores over traditional hot or cold mirrored data centres with more substantial initial and ongoing costs. Naturally, adequate…

When the Business Case for Business Continuity affects Supply Chain Operations

A business case for business continuity is not just about additional benefits that BC might bring to an organisation. In some cases, the need to ensure that an enterprise can “take a lickin’ and still keep on tickin’ “ means other advances in operational theory and practice need to be given up.  A case in…

Business Continuity Planning Outside the Box

Necessity as they say is the mother of invention. Business continuity planning sometimes needs some outside-the-box invention, especially in the case where a major functional component of an organisation becomes unavailable. This has been the case for a museum (Le Museon Arlaten) in the south of France, founded in 1899 with the mission of conserving…

Did the London Olympics Overdo the Business Continuity Planning?

Stay away from London during the Olympics. That was the message that many people understood from the business continuity planning warnings issued about the difficulty of getting to, and moving around in, London, while the 2012 Olympic Games were being held. Companies were told that their employees might face effective denial of access to their…

Is Stale Data Hoarding Really Part Of Business Continuity Good Practice Guidelines?

Companies today are often so focused on the secure storage of data that they miss the point about which data is really worth storing. A recent article by a Storage Networking Industry Association member made the point that “stale data backup” afflicts many organisations. It’s a problem that is as much cultural as technological. In…

The London Olympics 2012 and Business Continuity plan best practice

Events like the Olympic Games are also opportunities to see BC planning in action, hopefully along the lines of business continuity plan best practice.

Auditors as allies for the business case for business continuity

To persuade senior management to accept the business case for business continuity, you sometimes need all the friends you can get. One friend in particular that may be worth cultivating is your internal company auditor. Auditors by virtue of their job know about the different business operations of an enterprise and have a double advantage.…

Business Continuity Consultant of the Year?

If you follow the CIR magazine’s annual Business Continuity Awards and the one for Business Continuity Consultant of the Year in particular, the following may be familiar to you. The factors considered by the judges include “the use of creative ideas to resolve problems, innovation in the actual techniques used, the instigation of a business…

Hiring a business continuity consultant – scoping is key

It’s not unusual to feel apprehensive about hiring a business continuity consultant, or indeed any kind of consultant. There are a number of possible reasons. Fear of the unknown is one. How do they work? How do they charge? What return on my investment will I get? Fear of change is another. Consultants bring change…

What’s in a name? (as in Business Continuity)

Is the term “business continuity” appropriate? It applies to a wider sector than the “business” part of the name suggests. As well as profit-driven, private sector enterprises, many public sector organisations also have BCM in place. Still, the public sector can be just as “business-like” in pursuing its goals as the private one. On the…

What About Debris In Disaster Recovery?

In any disaster that involves some kind of destruction (and are there any disasters that don’t?), there’s going to be some kind of debris. Complete disaster recovery means dealing effectively with that debris. The FEMA (American Federal Emergency Management Agency) 325 Debris Management Guide published in 2007 indicates the potential size of the problem: over…

International Disaster Recovery Planning Disparities

If you’re involved in disaster recovery planning at an international level, you may well find disparities in the different country branches of your organisation. Differences can arise in a number of ways. They can range from simple lack of knowledge of what disaster recovery is or should be, through time lags where different countries are…

More on business continuity good practice guidelines

At the risk of labouring a point, here’s some further information on a particular business continuity good practice guideline – that of understanding where to look for the most likely threat. A survey from the Neverfail Group, a systems software vendor, earlier this year indicates that that the real danger to business continuity is from…

Small business continuity and succession planning

Of all the possible interruptions to business continuity for small businesses that are the least often considered, but the most likely to stop a company’s operations, lack of succession planning is high on the list. The difficulty associated with finding someone to take over when the current owner or manager retires is compounded by the…

Calculating the Approximate Cost of Downtime

Downtime costs are not something you can calculate exactly. However, along the lines of “what gets measured, gets managed”, it’s useful to have some idea of where you’re headed even if it’s just an approximation. What’s often missing in any formula for this are either one-off charges that you didn’t think of at the time…

Anyone for Partial Business Continuity?

As the saying goes, half a loaf is better than no bread, and the same could be said of business continuity. Although you’d like to have an organisation that can weather any storm and survive any setback, if it’s a choice between sub-optimal performance or catastrophic failure, then naturally the first one wins. However, catastrophic…

Disaster Recovery Tape Storage Myths

Tape storage of information sometimes has an image of being out-dated, outmoded and out-performed by disk storage. That’s true enough – in the living room of your home, where audio cassettes and the VHS system for video cassettes are now antiques compared to CDs, DVDs and Blu-ray media. However, a living room is not a…

Business continuity and football clubs

When you think of business continuity, you might think of manufacturing, financial services, public utilities and emergency services – but would you think of football clubs? Somehow the images of soccer players on a pitch and the “stop and go” of a match with goals scored, free kicks, penalties and half-time don’t immediately bring to…

Disaster Recovery Templates

What does “disaster” mean to you, in the context of a disaster recovery template? Explosion, storm, power outage? The Federal Emergency Management Agency (FEMA) has an interesting take on this in its “Emergency Management Guide for Business & Industry”.  Not only does it also list “loss of key supplier or customer” in its sample list…

MTO and RTO inside and outside disaster recovery

MTO and RTO are integral parts of disaster recovery planning, but they can also be used outside of that context. To recap on their definitions, MTO (Maximum Tolerable Outage) is the maximum amount of time that a process or facility can be unavailable before significant disruption and/or financial loss occurs to an organisation. RTO (Recovery…

Loophole In Business Continuity Planning In The Finance Sector?

Business continuity planning is a hot issue in the finance sector, and understandably so because of the real time nature of much of its activities. It’s not surprising therefore that two of the prominent regulating bodies in the United States, FINRA (Financial Industry Regulatory Authority, Inc.) and NFA (National Futures Association), both define their expectations…

Malware Threats and Your Business Continuity Plan

Although a business continuity plan now typically covers more than just IT aspects, that doesn’t mean that IT issues are static. With mobility exploding among users in 2012, security threats are growing at the same rate as well. Worse still, they are affecting not only traditional software download and email delivery routes, but also the…

Automation and Business Continuity Plan Best Practice

When you’ve implemented business continuity plan best practices in your organisation, the next logical step is to automate them. The assumption is of course that you really do have best practices in place; otherwise automation will simply help you to be wrong more efficiently. In addition, BCM automation has a way of unexpectedly bringing things…

What’s the Difference between Crisis Management and Disaster Recovery Planning?

What’s in a word? With the multiple definitions of disaster recovery planning already in existence, here comes crisis management as well. Example: let’s say your whole data centre crashes because of a faulty power supply configuration, leaving you with no sales and no customer support, and your IT staff threatens to walk out because of…

Disaster Recovery Plan Templates for Critical Data

If disaster recovery planning seems like just one more of those things to do when you can get round to it, it may help to think about the critical business data you need to protect, and get started with a relevant disaster recovery plan template. Your organisation has information concerning customers, operations, and administration that…

Small business crisis plans few and far between

New Zealand small and medium-sized firms are highly unprepared for a future crisis similar to the Christchurch earthquakes, a study has found. Massey University’s annual BusinesSMEasure canvassed 1000 companies across the country. It found only a small proportion of the firms surveyed had a formal continuity plan in place and fewer than 10 per cent…

Business Continuity Plan Templates and the BCI 2012 Horizon Scan

The idea of a business continuity plan template is intuitively seductive: you take a “one size fits all” document, tick the boxes that apply to you and then “turn the handle” to generate your BC plan. There are certainly common principles, risks and factors across businesses and organisations in general; but the latest survey findings…

Business Continuity Good Practice Guidelines for 2022?

Yes, you read that correctly – what will business continuity good practice guidelines look like in ten years’ time? Given the evolution of BC planning over the last ten years, what the next ten will hold could be anybody’s guess. Unlike traditional things in life whose worth depends on them staying close to a few…

Lessons from a Business School on Business Continuity

From time to time, it’s instructive to look around and see what organisations are doing with business continuity. With business continuity management now an increasingly important part of good business practice, business schools are led to include this in their courses, and hopefully practise what they preach. A visit to the website of the London…

ISO 22301 Societal Security for Business Continuity Management is coming

New standards for business continuity management take a while to define, vote and promulgate, so a schedule that has changed slightly for ISO 22301 in the course of its development isn’t necessarily a problem. What was originally planned as a Q1 release of the standard now appears to be scheduled for May, although by this…

MTO and RTO in a Cloud Backup Context

A couple of interesting cases came up recently about differences in cloud backup services, and the effect that this might have on MTO and RTO. As a reminder, maximum tolerable outage (MTO) is the maximum time you or your organisation can afford to be without a given system or resource; recovery time objective (RTO) is…

Disaster Recovery Repackaged for SMEs

Small businesses typically don’t have much in the way of an IT department. Often as not, IT is somebody’s part-time responsibility while holding down the rest of a job. Neither do they necessarily have the funds to splash out on elaborate disaster recovery solutions, or the time to sit down and figure out how to…

Business Continuity Management for the Masses

Henry Ford would have appreciated the Wiley publishing company’s approach to business continuity management. In keeping with the rest of its “For Dummies” books, Wiley will (September 2012) be bringing out the “Business Continuity for Dummies” edition, mass-produced BCM in something of a one-size-fits-all approach. Not that there’s anything wrong with that – BCM deserves…

Is Social Networking now part of Business Continuity Plan Best Practice?

Social media like Facebook and Twitter now have a lot in common with mobile phone networks. They are accessible to millions of people and they also stay up and running even if disaster strikes an enterprise and shuts down its corporate IT system. Anything that is that “continuous” merits examination in the light of business…

Business Continuity Test Scenarios and Predicting What to Test

You can’t test absolutely everything; it’s fact that rapidly becomes obvious when you start to put together business continuity test scenarios. Common sense dictates that as a priority you should test the scenarios that have higher risk and that do more damage, all part of the risk and business impact analysis that goes into BC…

Building Business Continuity into the Heart of a System

While business continuity goes further than IT and data protection, it’s a sign of the times when computer hardware manufacturers start building BC directly into their systems. Twenty years ago, BC in the guise of “100% uptime” fault tolerant systems was the select domain of companies like Tandem and Stratus. Although costing less than some…

How to get your Colleagues to use a Business Continuity Plan Template

If you’ve picked a business continuity plan template for your organisation and you want the various departments to use it, your sales skills or charm may impress your colleagues at the start. But how do you ensure that their enthusiasm won’t totally evaporate afterwards, when you’re back at your desk, and they’re back at theirs…

Does a Business Case for Business Continuity Change after Disaster?

It’s been a year since the natural earthquake and tsunami disasters struck Japan, wrecking many high-tech factories on the country’s north-eastern coast. The Sony Sendai Technology Centre was one of those factories and suffered like the others. Managers and employees struggled to save what they could to restart operations as rapidly as possible. Sony top…

Human Beings in the Disaster Recovery Equation

Ever since Frederick Taylor’s ideas on system engineering were shown to have a fundamental lack of appreciation of the human factor, businesses have been coming to terms with the messiness and at the same time the potential of human beings in the disaster recovery process. Taylor’s precept was that workers were too stupid to understand…

What do People Put into a Business Continuity Plan? What do They Leave Out?

What people should put into business continuity plans is the information needed to get organisations back on their feet after disaster strikes. Leafing through BC  plans often reveals that planners have made choices as to what to put in or leave out. If an item isn’t mentioned, it doesn’t necessarily mean that the plan is…

Maximum Tolerable Outage of Your BC Team

To put a new twist on maximum tolerable outage, we’re talking about the length of time an organisation can afford to stop working, not in terms of making its products or providing its services, but on looking after its business continuity. Companies that have dedicated BC personnel may never have to answer the question. However,…

Fail Early – a Mantra for Business Continuity Test Scenarios

In what used to be a business climate orientated firmly towards success, the notion of constructive failure has changed attitudes, hopefully opening up new possibilities for progress by liberating organisations from the notion that all failure was bad. There’s a message for business continuity test scenarios as well – it’s the “fail early, fail cheaply”…

Business Continuity Planning and Vandalism

In articles about business continuity planning, vandalism often makes something of a token appearance as part of a list of potential disasters that include floods, storms, fires, pandemics and terrorism. Like these others, vandalism can cause business interruption as the recent story of an attack on a cable bridge in London showed. The result was…

The BIG business continuity plan from BCI

The latest “business continuity plan” on a worldwide scale from the BCI (Business Continuity Institute) has recently been defined in the organisation’s new Strategy Document. It maps out actions for the BCI for 2012 through 2015, centred on spreading BCM around the globe and growing the institute. The goals are three-fold: a consistency of the…

Business Continuity Plan Best Practice and BCP Standards

Do standards really contribute to business continuity plan best practice? The obvious answer is “yes, of course they do”, and in many cases this is true. However, it is also constructive to dig a little deeper to find out why or how BCP standards can help. For one thing, this means less risk of clinging…

The Role of Social Media in a Crisis – BCAW Webinar

During this webinar, you will learn: How Social Media can be used to support CERC (Crisis, Emergency and Risk Communication), Then and Now – Social Media and traditional communications tools, Advantages and Disadvantages of current technologies, Best Practices, What have we learnt?, How to Implementing your solution. http://www.continuity.net.au/displaycommon.cfm?an=1&subarticlenbr=587

Business Continuity Awareness Week – 19th to 23rd March 2012

Business Continuity Awareness Week (BCAW) is the global educational event for people to learn more about Business Continuity Management (BCM). BCAW is facilitated by the Business Continuity Institute (BCI), the prestigious international membership body for BCM with approaching 7,000 members in some 100 countries. Full details available at www.bcaw2012.com

Going Mobile with Business Continuity Test Scenarios

Business continuity doesn’t stop with the production of a shiny, new BC strategy, but has to go further, to include business continuity test scenarios. The big challenge here is to overcome complacency in the organisation. This can happen at the planning stage where an “it’ll be alright on the night” attitude is common. It can…

Business Continuity Plan App

In this age of connectedness, welcome to the business continuity plan app. While an “app” can refer to any software that runs on a desktop or notebook computer, a tablet or a smartphone, it’s the smartphone app in particular that concerns us here. Although the devices listed above use different operating systems, Internet technology sometimes…

Smartphone Business Continuity Software

Why make smartphone business continuity software? Because the smartphone is an easy-to-use tool that’s growing in use by leaps and bounds – already an estimated 450 million smartphone owners in 2011 among literally billions of mobile phone users – and it fits in your pocket. When that fire alarm goes off, it’s a lot easier…

Smartphone APP for Business Continuity Plan

Making the most of the compactness, computing power and ease of use of smartphones, OpsCentre now has a new smartphone app for business continuity plans. Named MIRA for “Mobile Incident Response Application”, the app makes the most of the features on smartphones that are absent in other computing platforms. Paper-based or even PC-based systems, which…

Maximum Tolerable Outage Alphabet Soup

Specialist subjects are notorious for their abundance of acronyms and BCM with its “maximum tolerable outage” or MTO for systems is no exception. How many members of the MTO family are there? At the last count there were seven, although families often grow, especially when you’re not looking. Here’s the list: Maximum Acceptable Downtime (MAD),…

MTO, RTO… How about MTD (Maximum Tolerable Degradation)?

We’re sometimes all too easily impressed by a few acronyms, like MTO, RTO and others in business continuity. It’s easy enough to find out what they mean, either from this site or elsewhere, but the real issue is whether that’s the point. Let’s explain. MTO stands for maximum tolerable outage, and RTO is for recovery…

Half-Price Business Continuity Plan

“I know someone who can do my business continuity plan for half the price.” The fact is, it’s probably true. In business, there’s always someone ready to offer a solution at a lower price. Some companies make a profit out of being the low cost supplier in a particular market. With economies of scale, they…

Business Continuity and Alternate Site Distance

The pairing of business continuity and alternate sites has around for some time. Whether hot, warm, cold, mirrored or even mobile, the idea is to provide facilities for an organisation to continue to function, at least at a basic level, if disaster strikes normal operations. The question that arises is how close or how far…

Isn’t my Insurance the Only Business Continuity Plan I need?

Is it or isn’t it? The first thing to understand is what really is covered by your insurance and how such insurance would be applied as part of your disaster recovery or business continuity plan. The mistake made by organisations, and small businesses in particular, is in assuming that their insurance covers everything. Insurance policies…

Business Continuity Test Scenarios – the Game!

There’s nothing like making something fun to get people involved and interested, and the same applies to business continuity test scenarios. What makes them fun depends. For some, it’s the intellectual challenge of figuring out the right way to test scenarios to cover the right proportion of all the possible outcomes. For others, it’s a…

Business Continuity Management in Your Business DNA

It’s fashionable to talk about business DNA. Often it’s another term for business culture, otherwise expressed as “the way we do things around here”. Using “DNA” instead of “culture” has the advantage of using an acronym with some “buzz” to it. Even if you don’t know exactly what DNA is or does, the basic concept…

The Challenge of Distributed Detail in Business Continuity Planning

Much of the difficulty of effective business continuity planning lies in the fact that you need to make detailed plans for things not to happen, rather than just for things to happen. This means the strength of mind necessary for delving into the detail of scenarios that may never come up and simulating situations that…

Pandemics and Business Continuity Plans

Pandemics are good material for Hollywood disaster films. They also feature in various disaster recovery planning documents issued by governments as advice, or by private sector organisations as disaster recovery plans. In true Hollywood style, projected pandemics are often almost too big to be believable. That makes them great subjects of conversation at the coffee…

Does a Business Continuity Consultant Interfere?

Interference has negative connotations, and a business continuity consultant should bring something positive, not negative, to an organisation. However, if an organisation is to derive any benefit from the services of a BC consultant, there has to be change at some level. Change has to be driven or at least guided. Change is disruptive by…

Would Business Continuity Awareness Week Benefit from Remarketing?

So Business Continuity Awareness Week 2012 came and went (in March, in fact). Sponsored by the BCI (Business Continuity Institute), this annual event brings together BC professionals and other interested parties for a week of events and presentations. However, the risk of emphasising a special week once a year is that people then think the…

When the Private Sector Makes its Business Continuity Planning Public

“Putting your money where your mouth is” is as true of business continuity planning as of anything else. Government agencies often set an example in this respect, making their BC plans readily available and free of charge. That doesn’t mean that there’s no need for constructive criticism. Some of the plans are well thought-out and…

SMB Disaster Recovery Plan Templates and the 3P Principle

Small and medium businesses often rely on being nimble enough in the market to compete with big businesses. A “disaster recovery plan template for SMBs” would ideally take that into account, covering all the different aspects of such businesses, while remaining concise enough to facilitate updates as business configurations change with market conditions. The trouble…

Business Continuity Plans and Lessons Learned

“Learn from your mistakes” is a good motto and business continuity plans are no exception. In the previous post, “Disaster Recovery Plan – the Map is Not the Territory”, we described how ASCDI (Association of Service and Computer Dealers International) found out that in a hurricane its disaster recovery plan was less than perfect. The…

Disaster Recovery Plan – the Map is Not the Territory

Although it’s encouraging to hear about perfect disaster recovery plans and outstanding recoveries, it’s also refreshing from time to time to hear about frank accounts of recoveries that weren’t so perfect. This isn’t for gloating. It’s for tempering optimism with reality and remembering that “the map is not the territory”. In other words, what you…

Rightsizing Your Business Continuity Consultant

Of course, what we really mean is rightsizing the services a business continuity consultant can provide. How much or how little an organisation decides to involve an external consultant will depend on the extent of business continuity planning needs, and how that organisation is set up to handle them. Ideally, you’ll leverage the involvement of…

How Often Should A Business Continuity Plan Be Tested?

How often should you test or ‘exercise’ your business continuity plan? How long is a piece of string? The answer to both questions is of course – it depends. It depends on the nature of your business, the rate of change in your activity and your industry sector and whether or not you’ve had to…

Black Swans and Business Continuity Consultants

“Black Swan”, following the theory of the same name proposed by Nassim Nicholas Taleb, is the epithet now applied to a number of catastrophes and business continuity challenges. The underlying idea is simple enough. Certain high-impact events are hard to predict and have relatively little chance of occurring; however, when they do occur, they can…

Business Continuity Management or Leadership?

Business continuity management might be defined as “doing things right” in business continuity. Leadership on the other hand is doing the right things. In a world where businesses and threats to businesses change rapidly, management in a general sense isn’t sufficient. Unless someone carries the torch of leadership, any organisation is ultimately doomed because it…

Getting BC In Through The Virtualisation Back Door

Sometimes you have to be pragmatic. While it would be great to have the business case for business continuity generally agreed in an organisation, it’s not always that simple. So if there’s an opportunity for business continuity to get into a business on the coattails of some other project, it may merit consideration.

Primary Metrics For Disaster Recovery And Business Continuity

Metrics are what you use to measure things. It sounds obvious. What’s not so obvious is why figure-driven metrics seem so often to be channelled off towards disaster recovery and IT in particular, whereas other high-level metrics end up with business continuity. Sure, there are the historical IT roots of disaster recovery to be considered…

Morphing DR Plans Into BC plans

Disaster recovery plans are like car insurance. It’s not because you’ve insured your car that you’re obliged to have an accident; similarly, it’s not because you have a great disaster recovery plan, that you’re obliged to have a disaster. Although reactive disaster recovery will always be a counterpart to proactive business continuity, better driving will…

The Difference Between Disaster Recovery And Business Continuity

The difference between DR and BC often depends on the person you’re talking to. It’s one of those grey areas, where definitions are sometimes arbitrary and no universal standard definition exists. The two terms not only evoke different meanings, but provoke different reactions in organisational management. Disaster recovery may be largely ignored because “disaster” is…

Where Does Emergency Management Stop And Business Continuity Start?

Just when you thought it was safe to go back to your planning… We discussed the relationship between disaster recovery and business continuity in another post, but this time the subject is the dividing line between emergency management and business continuity. In fact, we’re back to the same question: how do you carve up everything…

The Danger Of Disaster Recovery Overkill

In theory, disaster recovery like its counterpart business continuity needs to concentrate on what is critical in an organisation to keep it functioning correctly, and concentrate on planning for and managing those aspects. Experience plays a large part in understanding how far to go, and having broad knowledge gained by working in or with the…

Minimising the impact of recession on how well you recover

About the only certainty left is in the way they increase risks to an organisation in terms of business continuity. Risks that you have to manage in a recession-free environment, that range from IT failures to natural disasters, will still be present if recession arrives. It’s the new risks that you’ll also need to be…

Business continuity statistics or scaremongering?

Business continuity numbers can be impressive: $200 billion for damages caused by Hurricane Katrina in 2005, including the disruption to businesses because of destruction of facilities and displaced employees. Then there are the fabled “60-70-80%” statistics that typically look something like this: “70% of companies go out of business after a major data loss”. Yet…

Benchmarking and business continuity

Benchmarking business continuity means different things to different people, judging by the variety of information available. In one case, the standard by which comparisons are to be made is based on how many organisations (manufacturers and service providers) think their BC plan covers their supply chain risks. Opinions are subjective and no guarantee of results.…

Metrics, red flags and reality

Business continuity has its challenges and finding the right metrics is one of them. The difficulty is in accepting that metrics need to show there are problems or unsatisfactory performance, at least from time to time. It’s tempting to wish for an array of indicators that always show a positive result. The fact is that…

Disaster recovery template mania?

A disaster recovery template has its uses. If you’re stuck for ideas about how to lay out your DR plan or if you need a quick-fix solution until you can revisit it in depth, a template that covers the main points can be a boon. It’ll probably be generic, because templates have to be usable…

Business Continuity Management indicators – leading or lagging?

In business continuity management, you need to know how well you’re doing. In fact both BCM and disaster recovery need their indicators, just like the rest of the management sectors, whether for finance, production, logistics or any other domain. In a world where KPI (Key Performance Indicator) is a watchword, and the accepted rule is…

Bankable Business Continuity

What does business continuity suffer from most? According to a number of Business Continuity Managers, it’s not a lack of methodology or solutions – it’s a lack of senior management attention. Because business continuity is often seen as a cost in terms of both time and money, it may be assigned a correspondingly lower priority…

Business continuity in the supply chain

With outsourcing now firmly on the agenda of so many organisations, business continuity in the supply chain is an additional challenge that has to be met. It’s not the same challenge as BC within the organisation, because visibility and transparency of a third-party’s BC management may not be readily available. The common pitfall is for…

Alternatives to tape back-up

Although tape still has advantages for high volume data back-up, not every organisation is properly equipped or structured to exploit those advantages. Small and medium businesses in particular may want alternatives to tape back-up if their IT department would rather put its resources, whether money or staff, into other projects than the management of an…

Innovation in business continuity plans

Innovation in business continuity doesn’t always have to be technological, as one award-winning approach to a business continuity plan has shown. Sometimes the real innovation is simply in the point of view – the “how” of business continuity, instead of the “what”. That was what the New South Wales Police Force revolutionized to win the…

Disaster Recovery and Interdependency

Ever since the second computer was attached to the first network, interdependency has grown. Servers depend on each other to provide vital services and applications are distributed over machines. Disaster recovery is not just a question of recovering a database, when servers also need name and directory services to find each other again across a…

Business Continuity After Customer Collapse

Disaster recovery and business continuity are often thought of in terms of floods, fires, explosions and similar physical events. What may be less obvious to BC planners but just as critical to the survival of an organisation are the non-physical events, such as the loss of a major customer or a major change in a…

Business Continuity Good Practice Guidelines 2010

The business continuity good practice guidelines 2010 were defined by the Business Continuity Institute as an update to BC planning and practice.  The fundamental model maintained the six phases of the BCM lifecycle. What changed was the flavour of the guidelines compared to earlier versions.

Business continuity and alternate site location

Business continuity and alternate site decisions involve a number of possible trade-offs. Depending on the budget to be made available or the flexibility possible in recovering operations for different sites, an alternate site policy can differ from one case to another.

Moving towards a business case for business continuity

Making the business case for business continuity is an area that companies struggle with. Whereas fires and explosions can have people’s imaginations working feverishly, when a little time goes by and they don’t happen, they get relegated to a “to do” list that might get done by the IT department, but not by others.

Virtualisation and Disaster Recovery

Virtualisation may not have all the answers when it comes to disaster recovery, but it can do things that basic tape or online back-ups cannot. It makes it easier to accomplish the three mandatory parts of a successful recovery: restoration of the data, the application using the data and the operating system required to make…

The telecommunications industry and business continuity

The National Emergency Communications Plan drawn up by the US Government in 2008 makes interesting reading. In its introductory section, it states that “during the last three decades, the nation has witnessed how inadequate emergency communications capabilities can adversely affect response and recovery efforts”.

Disaster recovery and the domino effect

The emphasis in recent times in BC/DR planning has been on getting rid of the “silo” effect – the blinkered thinking that only takes into account one department at a time. By recognising that isolated business risk does not exist, enterprises have made progress in adapting their disaster recovery planning for company-wide coverage, with less…

Business continuity plan best practice – best for whom?

Even businesses that compete in the same market may be very different in structure and operations. For a generic approach, business continuity best practice is available in any number of books or training courses, but best practice for the detail of what goes into your plan may be harder to come by.

What's your maximum tolerable outage?

If the air conditioning breaks down in a hospital administration department in the height of summer, productivity starts to drop as the temperature rises. It becomes harder to stay focused on the task at hand, people get crabbier on the telephone with patients and suppliers and the “go the extra mile” motivation your organisation normally…

Business continuity test scenarios – do you have to “pull the plug”?

Business continuity test scenarios are an integral part of good Business Continuity planning, on two conditions: they test for the right things; and that they are realistic in how they test. It’s important to keep the end goal in mind. A simple definition of business continuity can be helpful here, such as the one from…

Employee and Personal Impacts of a Disaster

Although recovering servers and IT applications is an important part of disaster recovery and business continuity planning, it’s also important to take into account the impact on employees of a disaster. A company’s systems may be vital if employees are to be able to work, but employees are also how a company communicates and continues…

Business Continuity and Common Risks for Small Businesses

What makes small businesses different to bigger ones when it comes to business continuity? Common risks for small businesses are linked to their operations being confined to one specific sector and one geographical location. They don’t have the possibilities of mitigation available to larger, more diverse, distributed companies. Disaster can strike all of their resources…

Offsite Backup Tape Archiving for Disaster Recovery

If tape backup is an essential component of your disaster recovery strategy, then offsite tape archiving will often be as well. One of the classic tape backup risks is leaving the tapes onsite, where any disaster that wipes out your systems will do the same to your tapes. Basic disaster recovery strategy dictates that tapes…

Validating your data backup plan

Having a plan for data backup as part of your disaster recovery strategy is the right thing to do, but it’s not the end of the story. Too many organisations have planned their data backups, only to find in situations of emergency that the backups were unavailable or insufficient. The reasons can be varied, but…

Preparing for an exceptional event that happens every year

If the city where your business runs is hosting the Olympic Games or similar, then you’ll be facing a one-off exceptional event. As such, you may need to take exceptional measures in order to ensure business continuity. For events of this magnitude, organisers or municipal agencies often produce continuity guidelines to help avoid the worst…

How do you get the organisation to recognise the importance of Business Continuity?

The road to hell is paved with good intentions. Sure, people in an organisation want business to go on successfully. Their jobs, families and futures depend on it. If you ask them what would happen if systems suddenly crashed, if access to their workspace was blocked, they’ll probably agree it would be a disaster.

Cloud Computing and Business Continuity – Have we seen this somewhere before?

The discussions about cloud computing and business continuity are reminiscent of similar ones a few years back about the use of software as a service (SaaS). The similarities are all the more striking following the recent outages of certain well-known cloud computing services and the questions raised about the viability of cloud computing for strategically…

Tape or Disk Backups? – Why not do Both?

Discussions about whether to go for disk or tape as a back-up medium are frequent, but there’s still no knock-out result one way or the other.

OpsCentre goes to University

Good business continuity continues to be both a learning and a problem-solving process. While the Business Continuity Management industry has its own experts who work on the problems and solutions on a daily basis, continuing to be open-minded about input from outside the industry can also be rewarding. For OpsCentre, our participation in the University…

Canberra Business Continuity Certification – Bringing Public and Private Sectors Together

Attaining the prestige of business continuity certification in Australia is one good reason for attending a course. For many professionals, there’s also another one – mixing with BCP peers and exchanging points of view. The give and take between private and public sectors is a good example. Private industry and service sectors often take their…

Upcoming DRII Business Continuity Planning Courses

We are pleased to announce dates for two upcoming DRII courses which OpsCentre is delivering as the Australian affiliate of DRI International. BCLE-2000 Business Continuity Planning This 4.5 day course covers the 10 professional practices for Business Continuity Planning professionals and also the qualifying exam for the CBCP Certified Business Continuity Professional qualification. SYDNEY Monday…

Getting real with CBCP – Certified Business Continuity Professional

The real power of information is when it’s applied. When theory turns into practice, or to use another expression, where the rubber meets the road. Business continuity is no exception. An organisation looking for someone with the right capabilities for a business continuity management role will want two things: in-depth understanding of the principles of…

DRII Training Courses Available – CBCP

OpsCentre is the Australian representative of Disaster Recovery Institute International (DRII) and we are pleased to offer the BCLE-2000 Business Continuity Planning course. This 4.5 day course covers the professional practices required by a business continuity professional and also includes the CBCP – Certified Business Continuity Professional exam. Become a CBCP, contact OpsCentre to obtain…

Sydney Round Table Event – Testing Business Continuity Plans

OpsCentre’s Managing Director, Rod Crowder, will be facilitating a round table event on behalf of Continuity Forum, to be held 29th Jun 2011. The topic is Business Continuity Testing/Exercising. For more information and registration details please go to the Continuity Forum website here. We hope to see you there.

Is your Disaster Recovery plan up to scratch?

In this searchcio.com article, Anthony Caruana highlights a recent IDC study which found that only one third (1/3) of the orgianisations surveyed could recovery more than half of their systems in real time. Worse still, only one in nine (9) believed they could restore any systems in realtime. Anthony then provides eight tips for designing…

Careers at OpsCentre: Business Continuity Consultant

OpsCentre is seeking an energetic, motivated and experienced Business Continuity Consultant to join the team. Please see our SEEK AD for more details.

News feature: Risky business

Awareness is growing around the importance of risk management, and IT’s involvement in ensuring compliance. A special ARN report. Risk management should be high on the list of priorities right now. If organisations and boards didn’t realise its importance previously, the natural disasters of Queensland, Victoria, Perth, Christchurch, Japan, and, most recently, Myanmar (it’s been…

Cloud Computing – “Too Much Redundancy Is A Myth”

Michael Jenkin from Business Technology Partners, posted an Article in ARN on the 22nd March; discussing redundancy in the IT world. What an interesting article. This will get you thinking about Cloud Computing solutions for your business. Have you dotted your ‘I’s’ and crossed your ‘T’s’. Have you opted for the cheaper option? Have you…

Cloud Computing – "Too Much Redundancy Is A Myth"

Michael Jenkin from Business Technology Partners, posted an Article in ARN on the 22nd March; discussing redundancy in the IT world. What an interesting article. This will get you thinking about Cloud Computing solutions for your business. Have you dotted your ‘I’s’ and crossed your ‘T’s’. Have you opted for the cheaper option? Have you…

Cloud Computing: Risky Business Round Table

OpsCentre will be hosting a Round Table on the 28th of April at the Vibe Hotel in Sydney; to register click here. We will be discussing the risks associated with cloud computing with industry professionals. To get you warmed up for the discussion have a look at this very informative clip posted by Macquarie Telecom discussing Cloud computing…

CIOs warned to prioritise governance and business continuity

Recent natural disasters have spurred warnings to forgo a reactive approach to governance. In this Computerworld article, HopgoodGanim’s IT lawyers are reminded of the importance of  prioritising ICT governance and business continuity to minimise risk to the business, in the wake of the recent natural disasters plaguing the nation and indeed the world. Click here…

Business Continuity Awareness Week Events

OpsCentre have updated our Events page with details and links for some of the Australian activities for Business Continuity Awareness Week (this week). Plus we’ve also put up the topics for our June and August Round Table Discussions in Sydney. Happy BCAW!

Japan Earthquake – Before and After

Some amazing photo’s of the Japan Earthquake have just released by ABC. Slide your mouse left and right over the images to reveal the before and after scenes. Click here

OpsCentre Round Table Event – Cloud Computing: Risky Business?

OpsCentre is hosting another Round Table event at the Vibe Hotel in Sydney on 28th April 2011 to discuss Cloud Computing Risks. Details have been updated on OpsCentre’s Events page and there is a link through to more information and registration. OpsCentre Events Page

Business Interruption – Water pipe burst evacuates 3500 from Sydney’s AMP Tower

A real life example of a business interruption incident today. A burst water pipe in the AMP Building in Sydney caused 3500 staff to be evacuated. For the businesses without water damage, hopefully access can be restored and everyone is back to work on Monday morning. If any businesses sustained significant damage to their floor,…

Business Continuity Planning – More Than Just Disaster Recovery

The disasters in Queensland, Victoria and Western Australia have put BCP into sharp focus. In this article, Allan Davies provides advice he gleaned the hard way from working through numerous disasters, and suggests that CIO’s need to think in broader terms than just IT disaster recovery. He outlines nine valuable lessons that should be incorporated…

Business Continuity Management, Legislation, Regulations & Standards

There are many guidelines, good practices, regulations and auditable standards relating to Business Continuity Management available internationally and specific to Australia. The BCI has release a document that aims to be the  most comprehensive list available outlining all of the different business continuity management standards etc available. It is divided up by country and classifies…

Advice for dealing with risks in public cloud computing

Public cloud computing risks are numerous enough to field a top 10 — or even more. Professional organizations and CIOs are developing threat lists to help them come to grips with the public cloud, an entity that will continue to seep into the enterprise IT environment whether they like it or not. SearchCIO has just…

Webinar: Disaster Recovery Planning & Testing – The Real Cost of Downtime

Novell is hosting a complimentary Webinar on the Real Cost of Downtime on January 19, 2011 (or Thu, Jan 20, 2011 6:00 AM – 7:00 AM AEDT if you’re in Australia). The main topics to be covered are: – Traditional disaster recovery challenges, particularly when it comes to testing and recovery planning – Best practices…

Webinar: Disaster Recovery Planning & Testing – The Real Cost of Downtime

Novell is hosting a complimentary Webinar on the Real Cost of Downtime on January 19, 2011 (or Thu, Jan 20, 2011 6:00 AM – 7:00 AM AEDT if you’re in Australia). The main topics to be covered are: – Traditional disaster recovery challenges, particularly when it comes to testing and recovery planning – Best practices…

Roundtable Event – Building Resilence in your organisation – Is it really possible?

OpsCentre is hosting a roundtable event on the 7th of December, 2010.  With today’s ever changing environment; with new technologies, environmental factors and new generation risks pose increasing threats to managers in an ever changing landscape of uncertainties. The question we pose is does resilience really exist within an organisation, and how can it be achieved…

Embedding Business Continuity Management into your organisation’s culture

Your business continuity and IT disaster recovery plans are living documents that need to continually evolve otherwise they will stagnate. If you maintain and exercise your plan it will evolve along with your organisation, helping you to be prepared should a business interruption strike. Here are OpsCentre’s top 5 tips on how to keep the…

Embedding Business Continuity Management into your organisation's culture

Your business continuity and IT disaster recovery plans are living documents that need to continually evolve otherwise they will stagnate. If you maintain and exercise your plan it will evolve along with your organisation, helping you to be prepared should a business interruption strike. Here are OpsCentre’s top 5 tips on how to keep the…

OpsCentre has added an Events section to the website

OpsCentre has updated the website with a new section on upcoming events that may be of interest to you. This event page will highlight upcoming industry events relevant to Business Continuity, Disaster Recovery and Risk. You can find the new Events page here… OPSCENTRE EVENTS

Don't have time for Business Continuity Management? Then why not outsource it!

Ensuring continuity of your business functions, processes and critical IT systems and applications, along with the decision making in a time of crisis cannot be completely outsourced;  there will always be responsibilities owned by the board, executive team and operational staff members.  However, a great deal of the co-ordination and maintenance can be outsourced for…

OpsCentre Roundtable Event – Managing Emerging and New Era Risks

In the 21st century, a number of New Era or Emerging risks are challenging our traditional risk management methodologies, tools and techniques.  Risk professionals must keep up-to-date with them: assessing, mitigating and managing these risks, each and every day.  What is a New Era, or Emerging, Risk? Categories include Economic, Environmental, Geopolitical, Societal and Technological. …

OpsCentre Round Table Event – Operational Risk – the convergence of People, Processes & Technology

Operational Risk emerges from various sources; sometimes lying undetected for years, or more often, unexpectedly, catching executives off-guard.   Join us for this roundtable discussion to share your ideas and find out how your peers mitigate operational risk and ensure protection of their organisation’. The discussion is relevant to Chief Executives, Chief Financial Officers, Managing Directors, Business…

OpsCentre Round Table Event – Operational Risk – the convergence of People, Processes & Technology

Operational Risk emerges from various sources; sometimes lying undetected for years, or more often, unexpectedly, catching executives off-guard.   Join us for this roundtable discussion to share your ideas and find out how your peers mitigate operational risk and ensure protection of their organisation’. The discussion is relevant to Chief Executives, Chief Financial Officers, Managing Directors, Business…

Be ready for everything and anything

Being ready for everything and anything is important. One of the problems we consistently come across is businesses facing major delays because they do not have a best practice approach to business continuity management. Increasing, many have poorly devised methodologies, lack value in their data quality management, are unable to meet deadlines and have poorly…

Business Continuity Best Practice Strategies – YouTube Video

OpsCentre’s YouTube channel features Rod Crowder, Managing Director, discussing key Business Continuity Planning issues and best practice strategies.

OpsCentre’s Risk Management Video on You Tube

OpsCentre has uploaded a video about Risk Management to our You Tube Channel…

OpsCentre's Disaster Recovery Video on YouTube

Here is the link to OpsCentre’s video about Disaster Recovery on our YouTube Channel…

Introduction to Business Continuity Management

OpsCentre is pleased to launch our YouTube Channel which contains concise, informative videos relating to Business Continuity, Crisis Management and IT Disaster Recovery. Here is the link to our first video..

Sydney’s F3 Traffic Debacle has lessons for us in Business Continuity Management

This week, motorists were stranded for up to 9 hours on Sydney’s F3 Motorway due to a traffic incident.  Emergency plans to implement ‘contra-flow’ arrangements to get the traffic moving again were not implemented until many hours into this incident whilst people endured hours waiting in their cars with no water being distrubuted to them…

Sydney's F3 Traffic Debacle has lessons for us in Business Continuity Management

This week, motorists were stranded for up to 9 hours on Sydney’s F3 Motorway due to a traffic incident.  Emergency plans to implement ‘contra-flow’ arrangements to get the traffic moving again were not implemented until many hours into this incident whilst people endured hours waiting in their cars with no water being distrubuted to them…

Business Continuity Test Scenarios

Testing BC and DR planning is an essential component of any “healthy” continuity management program and as such, should be undertaken on a regular basis.  While this is generally “good practice,” organisations are often under internal and external compliance and governance pressures to complete additional and more complex or mature testing regimes. There is a…

Key Supplier Resilience as part of Business Continuity Management

It is not enough just to look at the resilience strategies for within your organization, the entire supply chain needs to be considered for your critical business functions. Are you reliant on a single supplier for any key products or services? If you have alternate suppliers, are they geographically separate or in other ways diverse…

Business Continuity Planning for Small to Medium Enterprise

Consider the scenario of losing your primary premises due to fire. Can you answer these questions? – How much revenue would you lose being out of action for a day, a week or a month? – Have you got an alternate location to operate your business from? – Is your data regularly sent off site…

Compliance Management

Compliance is an outcome of an organization meeting its obligations. Policies and procedures to achieve compliance must be integrated into all aspects of how the organization operates. Compliance should not be seen as a standalone activity, but should be aligned with the organization’s overall strategic objectives. An effective compliance program will support these objectives. While…

Business Continuity – Is your business ‘Recovery Ready’?

Do you know the answers to these questions for your organisation? 1. How would we continue to function in an extended building evacuation such as a power outage or flood in the basement? 2. Who are our most critical customers and how would we contact them? 3. What is our current IT Disaster Recovery capability?…

Business Continuity – Is your business 'Recovery Ready'?

Do you know the answers to these questions for your organisation? 1. How would we continue to function in an extended building evacuation such as a power outage or flood in the basement? 2. Who are our most critical customers and how would we contact them? 3. What is our current IT Disaster Recovery capability?…

Recommended considerations for selecting an Alternate Recovery Site

Do you need to select an alternate recovery site for your business continuity or IT disaster recovery? In the event of a disaster, it is crucial that your organisation can transition as smoothly as possible into a recovery site and commence working on critical business processes as quickly as possible.  Ensuring that an appropriate alternate…

Have you outgrown your paper-based business continuity and disaster recovery plans?

Your organisation has changed and you are finding that the current “paper-based” planning methodology no longer is fit for purpose.  If you recognise any of the following items familiar, it may be time to invest in a business continuity software planning solution:  1.       Are your plans hard to maintain and have numerous areas for updates?…

Business Resilience and Agility

We are increasingly hearing about the word resilience. When speaking scientifically it refers the physical property of a material to ‘bounce back’ to its original position after deformation that does not broaden elastic limitations. Irregular change is nothing new to modern enterprises: witness the colossal changes in technology and economies as well as social and…

OpsCentre offers complimentary Business Continuity Consultation

OpsCentre is pleased to announce the launch of our COMPLIMENTARY Business Continuity Consultation offer. For a limited time we are providing a complimentary consultation, to Australian Businesses valued at $495. The Business Continuity Consultation assesses the effectiveness of your organisation’s Business Continuity Program. If you don’t have one in place, the assessment will identify the level…

Top 5 things to look for in a Business Continuity Consulting provider

The linked article here by Richard Jones of Burton Group in the US whilst written in 2008 is worth revisiting because it describes some useful tips on how to get the right staff for Business Continuity Planning. The article describes what you need in an internal BCP leader and how to find the right BCP…

7 Habits of Highly Effective Business Continuity

1. The Senior Executive actively supports Business Continuity The CEODirectorGeneral Manager that believes in and wants a functional Business Continuity program in place is a critical success factor. To have a senior Executive that is responsible for setting the priorities and vision for the organisation to stand behind BCP and communicate this to the staff is a powerful change…

Business Continuity and Disaster Recovery Events Calendar

OpsCentre have compiled the following list of Au/NZ Business Continuity and IT Disaster Recovery related exhibitions, expos, conferences and other events. Hope to see you there at one or more of the events. Feb 23/02/2010 Sydney Continuity Forum CF Experienced User Special Interest Group Feb 24/02/2010 Wellington Conferenz 5th Annual Business Continuity Conference March 22/03/10…

Making Sense of Business Continuity Frameworks, Standards & Guidelines

There are about 50 or more Standards, Codes of Practice and Practice Guidelines for business continuity, risk management and IT disaster recovery around the world. Some are internationally applicable and some are country-specific.   Below is some information about the various frameworks and standards that may relate to Australian organisations. This is not the complete list…

What type of Business Continuity Recovery Site do you need?

The Recovery site is sometimes also referred to as the Alternate Site, Standby Site or Fallback Site.

Are your service providers the weak link in your business continuity strategy?

Business functions, systems or processes to be outsourced locally or internationally should comply with the organisation’s Business Continuity Management Policy and Outsourcing Policy.  It is the responsibility of business owners, in conjunction with the sourcing department, to conduct adequate due diligence on the business recovery capability of the outsourced partner, however the relevant Business Continuity…

Business Continuity Terminology – What’s the difference between MTO, RTO and RPO?

A common query that we come across in business continuity consulting is, ‘what is the difference between MTO, RTO and RPO?’ MTO is the Maximum Tolerable Outage The Maximum Tolerable Outage for a critical business process represents the maximum amount of time that an organization can survive without the business process in any form (manual or automated).…

OpsCentre offers Recession Buster ‘Quick Start’ Business Continuity Planning

This program is ideal for the small to medium enterprise.  It is a fixed fee, fixed scope project that provides a complete solution in the fastest possible timeframe. It can usually be completed within a 1-2 week period. We utilize our consulting experience and best-practice materials to adapt a business continuity strategy to suit your…

What is the difference between disaster recovery and business continuity planning?

Persons new to recovery planning often find it difficult to differentiate between Business Continuity and Disaster Recovery. In its simplest form, Business Continuity differs from Disaster Recovery in that its focus is on people and the continuation of business processes and objectives rather than the availability of IT systems and infrastructure. Business Continuity Planning deals…

Business Continuity Software Benefits

Many organisations utilise software to create, support, maintain, distribute and test their Business Continuity Plans and ensure business survival in any emergency. Regardless of size, most companies can benefit greatly from the use of Business Continuity software and many options exist for its implementation and plan maintenance strategies. Some of the direct benefits that Business…

‘Tis the season to get a Pandemic Plan in place

If you didn’t add a Pandemic Plan section to your Business Continuity Plan last time around, now is a great time to get one in place, in the downtime between flu seasons. Now that the Southern Hemisphere has weathered the flu season during the Swine Flu H1N1 pandemic of 2009 it seems like the worse…

Does your Business Continuity Plan rely on teleworking?

CSO Online article highlights the results from a recent Telework Exchange research report, finding organization’s expect staff to work from home in a pandemic but do not provide adequate resources for them to be able to do this. Full article at CSO Online http://www.csoonline.com/article/510552/Lack_of_Telework_Preparedness_Puts_Business_Continuity_in_Danger_ The teleworking provisions in your Business Continuity Plans must be included…

The Business Case for Business Continuity Management

It is commonly the case that Business Continuity is on the agenda due to external regulatory or audit requirements and this provides sufficient impetus for a Business Continuity Implementation. With or without these external pressures, a business case for the cost of implementing and maintaining business continuity will need to be created. Below are some…

Business Impact Analysis

A Business Impact Analysis (BIA) allows an organisation to identify the criticality of processes, interdependencies with other business units and third party suppliers, critical system requirements (e.g. systems and applications), vital files, network drives and hardware, describe manual work arounds and prioritise business functions during a recovery situation. The BIA forms the basis for the…

The business continuity plan is not just for major catastrophes

Many organisations have business continuity plans designed to cater for major catastrophes but often don’t consider some of the less dramatic but more common causes of business interruption such as extended power or IT failures. Consider whether your BCP has the flexibility to respond to the wide variety of incidents that may occur.

Workarounds and the backlog effect

A workaround is an alternative process used to replace the normal ‘business-as-usual’ process or IT system which may be unavailable during business disruption. When determining the Maximum Tolerable Outage (MTO) for a business function, whether or not there are manual, paper-based workarounds is a factor that can help work out how long you can afford…

Choosing a Business Continuity Recovery Site

If an organization experiences a ‘denial of access’ or ‘loss of premises’ due to incidents such as extended power outage, flood or fire, an alternate location for critical business processes and staff needs to be established. An Alternate Site is the premises to which a business unit may transfer its operations in the event of…

Is an outdated business continuity plan worse than none at all?

This is a debatable point but possibly acting upon an outdated strategy will be time, money and energy misspent in recovering something that is incorrect or no longer needed. Change is inevitable … A plan can easily get out of date as staff turnover, new business units are created or decommissioned,  IT systems are changed,…

Business Continuity Testing Isn't a Pass or Fail Exercise

Business Continuity Plans (BCPs) need to be regularly tested and updated to ensure accuracy and effective recovery in the event of a disruption. Testing (sometimes referred to as Exercising) shouldn’t be viewed as a Pass or Fail exercise as every test is an opportunity to find potential problems with your plan and to have an…

Business Continuity Testing Isn’t a Pass or Fail Exercise

Business Continuity Plans (BCPs) need to be regularly tested and updated to ensure accuracy and effective recovery in the event of a disruption. Testing (sometimes referred to as Exercising) shouldn’t be viewed as a Pass or Fail exercise as every test is an opportunity to find potential problems with your plan and to have an…

Israeli Super-Vaccine for Flu Reported

Israel Radio reported Sunday morning that an Israeli company had developed a universal vaccine for all forms of flu – including bird and swine flu – and shares of Rehovot-based BiondVax trading on the Tel Aviv stock exchange went through the roof. But the ardor of investors was tempered somewhat when the company announced that…

Latest Global Disaster Recovery research just released by Symantec

Symantec Corp have now released their annual Global Disaster Recovery Survey.