Top Tips for successful Business Continuity planning

By Andy Cuerel

Business Continuity Management Systems (BCMS) encompass comprehensive and often detailed suites of activities. Comprehensive, however, does not equate to incomprehensible. And detailed should not be a euphemism for over-engineered.

Consideration of the following should help keep your BCMS lean, mean and fit for purpose! Continue reading

Engaging the top team in crisis preparedness

Crisis-Management-Insights-Survey-2015-011.pngChief executives, managing directors and other senior business leaders are failing to engage fully in crisis preparedness and risk undermining their organisation’s ability to manage crises, according to Steelhenge and Regester Larkin’s latest crisis management survey.

The survey of 170 large companies from 27 countries revealed that big business understands the need to prepare for a crisis, with 86 per cent of respondents owning a crisis management plan, 59 per cent carrying out crisis training and 68 per cent conducting crisis exercises at least annually. It is clear that crisis preparedness is high on the agenda. Continue reading

‘Strategic’ and ‘operational’ resilience – establishing more comfortable bedfellows

Untitled-1By Dominic Cockram

The more I hear of the current discourse on organisational resilience, the more uncomfortable I find myself feeling.

The concept has been around for a long time and was brought sharply into focus in 2014 by the British Standard, BS 65000: Guidance on Organisational Resilience. As one of the editors, I was party to vivid and lengthy discussions and much positive disagreement as we ranged around the topic of organisational resilience, what it meant and how best to set it out in a standard. In the end, what came out was a ‘Guidance’ and that was an excellent result. Resilience is a complex and many faceted concept and it would have been wrong to go too far in framing an approach at this stage.

Continue reading

TalkTalk: The twists and turns of the cyber crisis continue

iStock_000006935624_LargeThe story of the TalkTalk cyber crisis and the company’s response continues to unfold as we saw inevitable outrage over the week-end with stories galore of customers with “potentially hacked bank accounts” raising a whole new raft of rumours, heating the debate and breeding more noise about what might have happened and just how great the impacts may be.

The story was moved by the CEO (quite cleverly) to the broader focus of “cyber risk is a wider problem the UK needs to face up to and address” with calls for more Government support to tackle cyber crime.  A fair appeal and one raised by me in my earlier blog – regulation and control or assurance in this domain is very much required –  even though challenging to apply in a reasonable manner. Continue reading

Talk Talk – a network hack by any other name

talktalk-cyberattack-hack-bank-card-detailsTalkTalk is the latest in a long line of high profile businesses to undergo a ‘cyber attack’ as they call it.  A real pattern is emerging of how these matters are managed in the public domain and it is interesting to note there is no use of the dreaded “hacked” terminology in their reports and messages.

They are now in that incredibly tricky position of knowing intruders have been in – but not being quite sure what they have left with in their bag of electronic ‘swag’.  It is now that the executive team discover just how convoluted the investigations can be and the awful fact that there is the potential to never know exactly how they got in or what was taken.  At a time when everyone is seeking certainty, the challenge of a cyber crisis such as this is that conducting investigations as to where hackers have been on your network, particularly if it is integrated across key platforms, can be a very, very long process. It can be quick if fortune smiles on you but there are no guarantees. Continue reading

Business Impact Analysis: value added or added toil?

The business impact analysis (BIA) is a key facet of any business continuity programme. It sits right at the heart of the benefit that business continuity can bring to any organisation.

It has concerned me recently that I have read a number of papers suggesting that the business impact analysis is either unnecessary or that short cuts could be used. While it is understandable that people would like to reduce the work involved in delivering a business continuity project, to play around with the business impact analysis without understanding the risks of doing so is to put the whole business continuity plan at risk.

Continue reading

Launch of BS 65000, The new British Standard for Organisational Resilience

The GuildhallThe new British Standard, Guidance on Organisational Resilience (BS 65000: 2014) was launched on 27th November at the Guildhall in the City of London. The venue was an apt choice for the launch of a resilience Standard; built in the 15th century, the Guildhall is one of the older secular buildings in London not only surviving both the Great Fire and the blitz but also remaining relevant today as the high-tech home of the City of London Corporation and the setting for many banquets, receptions and corporate events.  This history of the Guildhall struck me as having parallels with the essence of organisational resilience described by Chairman of the BS 65000 committee, Dr Robert MacFarlane from the UK Cabinet Office. He emphasised that resilience is a dynamic concept requiring organisations not only to be able to continue with their business operations during a sudden change or disruption but also to adapt over time to keep pace with changes in their wider context in order to survive and prosper. It seems the Guildhall has managed this. Continue reading

Managing Perception: Lessons from the Ebola epidemic shed new light on pandemic planning and response

Ebola-storyAs the tragedy of the Ebola epidemic continues to blight West Africa, the developed world has been reminded once again about the threat that diseases of epidemic proportion and pandemic potential pose in our globally connected world. It has also raised some complex questions in many organisations about exactly how they manage the realities and risks, both actual and perceived, of such disease threats in countries like the UK that have well-developed public health systems. Continue reading

Key Themes from the Crisis Management Conference 2014

IMG_0580Last month, we were delighted to welcome a capacity audience of international delegates to the Crisis Management Conference (CMC) 2014 in London.

The day had an auspicious start with the official launch of the new British Standard in Crisis Management, BS 11200 by the UK Cabinet Office and the British Standards Institution.  BS 11200 is the successor to PAS 200 and marks a significant point in crisis management as it codifies accumulated best practice into top-level guidance for organisations looking to implement a crisis management capability.

Continue reading

Ebola: The Facts

Last updated: 3rd December 2014

ebola 2Since the first incidence of Ebola was officially reported in March 2014, the disease has spread virulently across parts of West Africa and claimed 5738 lives in the process, leading the World Health Organisation (WHO) to declare an international health emergency. There is currently no approved vaccine or treatment and Ebola can prove fatal in up to 90% of cases. As such, the recent outbreak has caused serious concern and attracted media attention across the world. In this post, which will be regularly updated, we aim to answer the most important questions for businesses affected by, or planning for, the Ebola outbreak and include the current risk assessment for the UK.

In addition, organisations have been reminded yet again of just how fragile their safety margins are from the impacts of infectious diseases and we have created an advice note with suggestions of how organisations should approach and develop their preparedness for disease outbreak please click here.

Continue reading