News

British Standards Institution announces BCM Standard Committee at Forum event

30th June 2005

Today at the Continuity Forum ‘Raising the Standard’ Event, Nicki Dennis of the BSI, took the opportunity to announce the formation of the special BCM Committee which will be driving through the final stages of the new BSI standard for Business Continuity expected next year.

The formal 'kick off' of this BCM working group will be held at the Institute of Directors, in Pall Mall, on the 22nd August with the first meeting scheduled to be held on the following day.

John Sharp, our Policy Director, will represent the Continuity Forum on this committee and we invite any with contributions on issues relating to the development of this new milestone for BCM to mail John directly HERE!.

The audience unanimously welcomed the news and the Continuity Forum will continue to report on the development of this group and the issues as it progresses towards the introduction of a FULL British Standard for Business Continuity.

END

__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

A STANDARD FOR BUSINESS CONTINUITY

As announced on this website on the 30th June, British Standards Institution has formed a technical committee to commence the development of a British Standard for Business Continuity Management.

The first meeting of the committee will take place on the 23rd August and John Sharp, Policy & Development Director of Continuity Forum, who chaired the team that developed the BSI Guide to BCM, (PAS56), will sit on the committee along with Continutiy Forum Chairman, Russell Price.

Over the next 12 to 18 months the UK has a unique opportunity to build on the foundation of PAS 56, which has sold over 4500 copies worldwide, and create a workable BCM Standard.

As BCM has developed and it becomes more mainstream it has been recognised that some uniformity of approach is required. No organisation is an island, they reply upon suppliers, outsourcers and intermediaries, i.e. their partners, to assist them in delivering their products and services to their clients and customers. These partners serve many organisations across all sectors and they will be called upon to have BCM processes in place by many of their customers.

If the processes comply with a BS BCM Standard then organisations will have greater confidence in their trading partners and the partners will minimise their cost of BCM compliance by using a single certification process.

The creation of a BCM standard raises many questions:

- What form should that standard take and what should be included?

What, if any, evaluation criteria should used to ensure that an organisation has achieved compliance with the standard?

- How should organisations be certified and audited?

- Can it apply to public sector organisations?

- How do we avoid the standard being for the 'big boys' only and not applicable for the SME market?

- How do we avoid more red tape being imposed on an already pressurised SME management?

The Continuity Forum provides you an opportunity to have your say. By joining in our BCM standards debate you will be able to share with other participants your views and indirectly provide input to the BSI deliberations.

To support this debate we will be holding a number of general face to face meetings addressing issues related to the developing standard. These will commennce in the Autumn after the formal launch of the Standards Committee in August.

We will also be hosting through the Forum Discussion area of this website an on-line group which will facilitate further professional debate and provide an opportunity to share ideas and materials relevant to the profession.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.

 


The Commissioner, the Companies and the (lack of) commitment

Business needs to look in the mirror to discover who needs to do more

Following the terrible attacks on London, there has been increased concern over the levels of planning in London, but it seems to us that the media has been quick to point the finger at those doing MOST to correct the situation rather than lamblast those ignoring the advice that has been repeated time and time again.

How vulnerable are public sector systems?

This synopsis by Dr David J. Smith MBA LL.B(Hons) FBCI former Editor of the Business Continuity Management (BCM) Good Practice Guidelines 2002 and a key contributor to the British Standards Institute BCM Good Practice Publicly Available Specification (PAS56) 2003 outlines various approaches that can help organisations prepare for business/service availability and continuity.

City terror attack 'inevitable'

It is only a matter of time before London's financial heartland is attacked by terrorists, the police chief responsible for the area says.

City of London Police Commissioner James Hart told the Financial Times potential targets had been staked out several times since 11 September. "Hostile reconnaissance" had been disrupted, but no suspects had been arrested over this so far, he said.

Mr Hart also said that only 50% of firms had Business Continuity or contingency plans in place. 'When, not if' The mindset of the would-be terrorist meant that the financial centres of western governments were prime targets, he said. "If you want to hurt the government, hurt people at the same time, and you want to cause maximum disruption...where better to hit than at the financial centre?"

Mr Hart also pointed out that the City of London had been a target for terror attacks for 30 years, highlighting the number of times the area had been hit by the IRA. "I think it is a matter of when, rather than if." P

otential targets included prominent sites and business - "anywhere where the maximum damage can be inflicted on the financial systems," he said.

Sites where an attack was likely to cause large numbers of casualties and maximum disruption were also likely targets, the police commissioner added.

Continuity Forum Comment

Commissioner Harts comments coming so soon after the attacks on the 7/7 clearly indicate the level of concern of police and security services have over the risks of further terrorist violence in the capital. Of particular interest to us is the raising of the level of planning within organisations at a time when the risks could not be higher.

Organisations of all types must ensure that they have effective Business Continuity Plans in place and that staff are aware of the emergency procedures.

In our opinion and that of our legal counsel, organisations not implementing Business Continuity Management and rehearsing their emergency procedures are clearly negligent with regard to their duty of care to personnel and other stakeholders. This negligence leaves them open to both extended losses and significant claims for damages and loss, which could cripple the company following an incident.

We would ask that people working not just in the City, but across the country start asking the employers who have yet to make provision for Business Continuity WHY?

Directors need to act now to resolve the issues of planning and ensure a proper and responsible focus on protecting their staff and the interests of other stakeholders. I

It should be noted that following 7/7 legal claims are now in the initial stages of seeking damages. We have already reported that many insurance policies do explicitly exclude losses from terrorist acts and we further recommend that policies are reviewed and updated if required, particularly in relation to the personnel issues.

On a more positive note, we have been working for over three years with both the City of London and the Corporation of London and in our opinion there is probably no area of the country better prepared to deal a major incident.

We have already run a number of events in association with both the City Police and the Corporation providing support and information to organisations and there will be further sessions in the coming months. For further information on these please contact us directly.

END 

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

 


MCI expands business continuity and disaster recovery solutions

MCI, Inc. has announced that it has expanded its disaster recovery capabilities for government customers to include back-up voice services that will restore incoming communications within minutes.

Businesses focused on need to beef up security

By Roger Blitz Financial Times 

Lyndon Bird is uncomfortable saying it, but the business that helps industry to prepare and cope with large, unexpected incidents is benefiting from one of those periods of growth when terrorism dominates world attention. 

More than 20 years in the business continuity industry has taught him not to expect these growth spurts to last long.  “There was a period when the IRA campaigns were a major concern, but that died away and people were less concerned about it,'said Mr Bird, who runs Continuity Planning Associates, a consultancy. 

The attacks on New York on September 11 caused another big upturn in business, but even that lasted only six months. This latest surge in demand following the London attacks may be another blip, but the signs are that businesses are taking seriously the need to beef up their security to ensure they can keep going should there be another attack. Medium-sized businesses have been making up the bulk of the 75 per cent increase in inquiries since August 1 at Continuity Forum, an independent group offering support, advice and best practice. 

Larger businesses have, in part for regulatory reasons, already spent millions on security and continuity planning.  “There has been more concern expressed by medium-sized organisations and these are the ones who had not been taking business continuity seriously,'said Mr Bird. 

Russell Price, of Continuity Forum, said:  “[Medium-sized companies] are now taking a greater interest, they are struggling in some respects to understand what they should be doing.'Smaller businesses remain unwilling or, more likely, unable to invest in business continuity and security. Mr Price said one retailer in Russell Square found that a lot of his passing trade vanished after the Metropolitan Police sealed off an area containing his business because of forensic examination of one of the four bomb explosions on July 7.  

“Many small businesses are on the edge. This might be enough to put him into receivership,'Mr Price said.

Many inquiries from small and medium-sized businesses are about insurance, but Mr Price said since September 11 there was a reluctance from insurers to provide cover.  “The insurance companies are making it clear in policies that terrorism is excluded and that cover for other areas, such as loss of IT systems, might not be available.'Inquiries from SMEs are naturally focusing on the more affordable items of security and continuity, such as CCTV, glass-protective film and, for entertainment premises, security guards. The costs start to mount for protective barriers and specialised security.

The temptation for some businesses is to spend security money for the sake of it, rather than taking what Mr Price calls a more integrated approach to risk.

“A lot of companies are spending money to make them feel better rather than adopting a strategy to protect themselves. There needs to be a more strategic management of risk through the business continuity management process  “It's not just terrorism. In fact, the vast majority of businesses are more likely to be seriously affected by IT, personnel, power and water damage issues.'Besides, the costs may be not as great as they once were.

“Only the largest and most profitable companies could afford to do it, but now there is much more available to people,'said Mr Bird.  “Organisations are more able to negotiate competitive and more sensible back-up arrangements for accommodating their IT systems and services. The industry, the suppliers of services, people who supply alternative accommodation and desks, the front office-type services, they have become more available to people then they were,'he added. 

END  

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

SAFETY CHAIN - Building the right kind of Business Continuity

Computer Weekly 12/7/05 

Your trading partners  plans for business continuity can be as vital as your own. Arif Mohamed looks at positioning yourself for maximum competitive edge Good business continuity planning can give a company an edge over its competitors. 

Apart from the assurance that the business will run regardless of natural disasters or external hacker attacks, a company with a good plan can use it as a selling point. In fact, customers have driven the requirement for good business continuity planning over the past few years, says Gartner research vice-president Simon Mingay.  “One of the biggest drivers has been that customers have asked:  Have you got a plan? Show me the plan. What is the scope of it and how do you aim to keep it up to date? 

Mike Stichbury, head of business continuity services at BT Business, says,  “We frequently come across small and medium-sized companies that are asked for copies of their business continuity plans by clients who want to be assured they have sufficient procedures in place to protect against interruption to service.  

Mingay says most companies are alerted to business continuity planning by a catalyst.  “They might have an incident or a close call, or someone in the supply chain or a competitor has an incident, or a new executive comes in and decides to make it an issue. There could be a change in the regulatory regime, or an auditor who makes a comment, or a customer who starts asking questions, he says. Mingay says the issue of business resilience concerns many customers, and is a particular worry in financial services, with life sciences and pharmaceuticals following closely. One major benefit of business continuity planning is that companies stand to offer customers and potential customers assurance that their business is robust, which may be something their competitors cannot do. 

Business continuity planning can be a selling point for IT internally, and for the business externally, says Chris Stewart, technical consultant at EM C s Solutions Group, which offers business continuity consultancy.  “When you are looking at business continuity you want to make sure you are continuing to provide all the critical services the business relies on. IT services are one of those, but you are also going to have external services that you require from other companies, and you may be providing critical services to other businesses,  he says. With this in mind, an IT department will gain the edge if it can carry out risk assessments from planned or unplanned incidents and calculate how much data can be recovered and the time it will take, says Stewart. In addition, the IT department will get the company s executives onside if it can demonstrate a methodology, showing design and best practice, implementations and testing, and recovery and failover plans, he says. Industry-specific regulatory requirements, such as Sarbanes-Oxley, Turnbull and US healthcare legislation HIPAA, have acted as a significant catalyst for adopting a business continuity plan. 

Callum Sinclair, a solicitor with law firm Maclay Murray & Spens, says,  “Certain bodies deemed vital to running the country such as emergency services, the NHS and certain transport providers, are required to maintain continuity plans under the Civil Contingencies Act 2004.  “Beyond this, there are various additional industry rules and guidance which apply, to a greater or lesser extent, to financial services companies, PFI/PPP providers and others.  But what a company is required to do in terms of having a business continuity plan varies greatly by sector. 

In some sectors there ire few regulations, and in others, such as financial services, requirements are manifold, says Richard Chapman, solicitor at law firm Berwin Leighton Paisner.  “Regardless of sector, directors always have o act in the best interests of the company, and make appropriate measures to protect the company s assets,  he says.  “One way is to take out in insurance policy to cover databases, communications or customer records. All businesses should see what appropriate ways :here are to protect their assets.  One major issue surrounding business continuity is the involvement of business partners and suppliers, which often play a key role in the supply or business chain. Medium-sized as well as large companies are increasingly integrating their IT systems into their partners  systems, says Mingay.  “Organisations are much more tightly integrated into a trading ecosystem, and IT is fulfilling much more of that role than it did previously. Information is now being largely transferred automatically through the supply chain,  he says. 

Companies should therefore demand from their suppliers a high level of preparation for interruptions to business.  “Business interruptions will affect customers far more quickly than before,  says Mingay.  “You should be concerned about your own suppliers, and h~ asking more detailed questions about their business continuity planning. Just because they are big, do not assume they have a plan.  Many companies rely on their business and outsourcing partners to be resilient, as their services are core to the business. Because of this, business continuity issues are often addressed within a contractual framework, to ensure the core business is able to continue if the partner goes down. In creating a contractual framework for business continuity planning,  “Keep it simple and flexible and ensure you get the involvement and commitment from everyone in the business. You need to create the right organisational culture and adopt a holistic approach.  Chapman says,  “In outsourcing transactions, you would commonly put in the contract that your supplier is required to have business continuity in place. You will also want to have a disaster plan in place that links in with yours.  

Stichbury says,  “To get the best possible protection, organisations need to consider which elements of their business and supply chain are mission-critical and the potential impact should one of these fail or be hindered in any way. Armed with this information it is easier to negotiate service level guarantees with subsequent compensation should your supplier s services fail.  Sinclair adds,  “Where the strategy involves working with a partner - handling off-site IT back-ups and disaster recovery, for example be certain the contract includes assurances in relation to service levels. 

These should include specific requirements for response times and service availability.  “However, it is also important to have a good working relationship with such partners, with regular meetings and updates to help foster in-depth knowledge of processes and systems.  “There are data protection implications around using a third party for disaster recovery, as the information held in off-site backups may fall within the remit of the Data Protection Act 1998. Details of any third party providers should be included in information such as privacy statements and fair use notices.  

Chapman says that where a disaster recovery location is situated abroad, transferring personal information across national boundaries may also have data protection implications, being subject to international data protection laws. But Mingay says,  “Regardless of onshore or offshore, the issue is the same. As we move towards outsourcing, from an IT point of view, organisations absolutely need to concern themselves with the business continuity and disaster recovery plans that the provider has, and not assume that because they are going with an external service provider, that they have made provision for them, if there is nothing in the contract.  “It is a common problem that people have made assumptions of the level of capabilities of their partner. It is not always the fault of the provider. It is sometimes the fault of the client, who is looking at ways they can take costs out of the deal, and that may involve reducing their business continuity. You pay for what you get.  

CASE STUDY 

Carphone Warehouse mirrors its datacenters 

Retailer Carphone Warehouse wanted to ensure it had effective business continuity. It offered consumers services that required its communications network to be up and running around the clock, each day of the week Last year the company built a new datacenter that mirrored its core environment, but is also capable of running live services. 

Carphone Warehouses’ infrastructure and operations director Attiq Qureshi, says the company now regularly switches key services between the sites, whenever they add capacity or carry out maintenance. The firm signed a 10-year deal in September 2004 with business continuity service provider Globix to ensure the datacentre and its networks run at all times. The contract included service level agreements that cover network performance at 99.99% uptime, hardware failure response, and round-the-clock application monitoring. I think it has given us a competitive advantage, We now have two large datacentres, so we can move between the sites. It has given us growth and raised the profile of business continuity systems in the business,  says Qureshi Carphone Warehouse has an audit committee made up of some of its most senior executives, who are now very interested in the company s business continuity plans. 

The company was required to communicate its capabilities and plans to telecoms regulator Ofcom. Carphone Warehouse also informed the Financial Services Authority, for insurance purposes.  “We were urged on by our insurers, and now that we have business continuity, we have got some fantastic savings on our insurance as a business,  says Qureshi.  “From an insurance point of view, customers need to know that we can continue to provide telecoms services and billing, can activate a new phone and bar it if the phone is stolen, and can give them accurate and timely bills,  he says. 

Continuity Forum Comment 

Recent events have added impetus and focus to the management issues surrounding BCM and we are already seeing a reaction similar to that following 9/11 where organisations rushed to show that they were active and positive towards Business Continuity Management and Security. However, this knee-jerk reaction to events needs to be considered against a broader backdrop of resistance and partial planning. 

The tendency to improve the 'easy' side BCM planning, the one with a host of suppliers - IT must be balanced by the other side. We have spoken with probably more people and organisations than any other in the sector and the consistent theme is that there are STILL significant issues in getting organisations to develop broad enough plans. 

Artificial parameters are being set on the BIA phase of the planning limiting the scope and effectiveness of the process and often huge omissions are left unaddressed by both Public and Private Sector organisations. The issues outlined above are great to plan for and resolve, but they represent only a proportion of the planning needed. What about your people? do they know what to do? What about the Supply Chain and key partners? Has a critical dependency been left unresolved? Has effective  liaison with Emergency Services, Local Authorities and the Insurance companies been undertaken? When was the last Rehearsal or full BCM plan review? 

Remember, Business Continuity Management is an ongoing process and needs regular review and update, it should cover all critical processes, not just IT ones and connect with the people working within the organisation. 

Our Benchmarking study shows that even amongst the best of breed adopters of BCM there are areas consistently left out and according to Murphy’s law you can bet that is where disaster will strike - life tends to be like that! On speaking with one Public Authority recently we were told that they were confident of being fully compliant with the Civil Contingencies Act, due to come into effect in November, yet when we asked about how they had handled some of the key local services, such as Care for the elderly and those in schools etc, we were told that they had 'concentrated only on the Authorities Buildings.

It came as a shock to them to find out that the scope of the Act goes far beyond a bit of Facilities Management, but it was a greater shock to us to hear that after 2 years (of notice) people had still failed to actually understand the importance and scope of Business Continuity Management to the Organisation. 

By the way the only IT system that was within the plan was that dealing with Council Tax! Business Continuity Management is a tremendously powerful and effective process, but there does need to be an honest and COMPLETE assessment of the organisations responsibilities and needs for it to be truly effective. 

We are working hard to address these issues and progress is being made, but please do realise that it is the executives responsibility NOW not to artificially limit the scope of activities involved in the BCM process, but rather develop an integrated, structured understanding of how ALL the processes and resources will be affected during an event and then link them back to the needs and responsibilities of the Stakeholders. Failure to do this will only leave you high and dry when you need Continuity most! 

END  

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

 


Business urged to lead London's recovery

Business must play a key role in limiting the economic damage to London after Thursday's attacks, experts say.

An air of normality returned to London after the shocking events of the past 24 hours but their full impact on the capital's economy is less than clear.

Hoteliers and retailers are expected to see a fall-off in business in the short term but it is hoped that the impact in other areas will be limited.

Experts said the next few days could be vital in maintaining confidence.

Fighting back

Numbers travelling into central London were reported to be below normal levels after Thursday's travel chaos and amid some uncertainty about when London's transport system would return to normal.

"It does seem that London was quiet on Friday and it will become all the more important for Londoners to hit the ground running next week," said Dan Bridgett, from the London Chamber of Commerce.

Although the share prices of leading travel and leisure companies bounced back on Friday, the capital's hotels are most likely to suffer as people take stock after Thursday's events.

Travel agents have reported many cancellations from both domestic and foreign tourists.

However, hoteliers and tourism development organisations are putting a brave face on things.

Hilton Hotels says it has not seen a rush of cancelled bookings

Hilton Hotels says cancellations have been no higher in the past 24 hours than at other times.

"Hilton is confident that London will quickly return to normal and demonstrate traditional levels of resilience," a spokesman said.

VisitLondon is "optimistic" about the response to the attacks from foreign travel markets, believing that travellers have become more accepting of security threats and travel disruptions.

"The kind of things we have been hearing have been positive," says its spokesman Ken Kelling.

Retail hitch

London's shops were returning to normal after Thursday's disruption which prompted House of Fraser, Marks & Spencer and Arcadia among other companies to close outlets.

"We are urging firms to reopen as soon as is possible, out of economic self-interest as much as anything else," Mr Bridgett added.

There are concerns that an already struggling retail sector could be further weakened by stay-away consumers.

"Obviously there will be an effect and we will need to look at conducting public relations and marketing campaigns to stabilise things," said Jace Tyrrell, from the New West End Company, which represents retailers located on Oxford Street, Regent Street and Bond Street.

However, he insisted that storeowners were resilient.

"Retailers have faced these kind of issues before from Iraq, foot and mouth and the closure of the central line. They have got through difficult times before.

"There may be a short term hitch in that but I believe it will stabilise very quickly."

The United States saw record retail spending in the aftermath of the September 11 attacks while consumer confidence remained high in the wake of the Madrid train bombs last year.

Contingency needed

Businesses in London have lived under the shadow of terrorist threats for many decades and many were prepared for this eventuality.

However, the severity of attacks will serve as a wake-up call for companies with no business planning in place.

"Businesses must have contingency plans," Mr Bridgett said.

"There is a great divide in British business between large firms which have contingency plans for a range of things such as terrorism compared with small firms who in far too many cases do not have any plans."

A number of City companies were forced to put contingency plans into effect and succeeded in keeping disruption to a minimum.

Among those affected was LCH.Clearnet, which clears transactions for a series of financial markets including the London Futures Market, the International Petroleum Exchange and the London Metals Exchange.

It was forced to transfer key staff to its back-up site elsewhere in London minutes after it was evacuated from its office overlooking Aldgate tube station.

It was the first time it had had to invoke its disaster recovery plans, in place for a number of years.

"We have contingency plans for data and staff transfer and they were put into action yesterday," said a spokesman.

"These plans worked extremely well. There was no interruption to the clearing process. In fact, we cleared record volumes."

Continuity Forum Comment

Thursday attacks on London, though terrible, showed the effectiveness of the planning and training undertaken by London Emergency Services and various the various Authorities involved in supporting the response to a major incident.

Over a 100 companies either invoked their Business Continuity Plans or were placed on Standby. Many retailers and some offices closed early in order to permit staff additional time to travel home and a proportion had only a skeleton Staff on Friday.

Some organisations found it difficult to control personnel as the crisis developed and some with a 'Shelter in Place' had to give way in the face of opposition from staff, which clearly indicates how difficult the issues and problems relating to personnel can be during a major incident. Those who had previously clearly communicated the organisations plans (and logic) appeared to have the least difficulties in this area. These issues are indicative of the value in embedding and communicating the planning in place to personnel on an ongoing basis and it appears many drew confidence from the awareness of the companies’ procedures.

There were a number of problems with communications reported as call levels reached capacity and some as a result had problems with Event notification, communications with personnel and call trees as a consequence. Many we feel will be updating their procedures in this area as a result.

As Londoners return to work, with an almost universal determination to continue life as normal, there will undoubtedly be an increased focus on both Security and Business Continuity Management planning. The events in London, whilst terrible and shocking, show that proper planning and communication really makes a huge difference, and we urge the majority of businesses and organisations that have yet to FULLY implement Business Continuity Management to act now to address the issues they face and develop an effective process to deal with all aspects of an events effect on their operations.

Government agencies and groups, such as the Continuity Forum, have been warning for many years of the risks of terrorist attack and all are agreed that organisations have a responsibility to personnel, customers and partners to be prepared, yet still the vast majority of organisations do not have effective BCM programmes in place.

Developing Business Continuity is no longer an issue of cost or benefits, but clearly one of responsibility. Failure to plan is planning to fail, and in light of last weeks actions the price of failure is far too high!

END

__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Phishing emails soar

source SC Magazine

Phishing email reached a new high in July, according to email security company Postini, which tracked more than 19 million phishing attempts last month. That number is the highest monthly total since Postini began tracking phishing in January.

July's total breaks June's record of 16.7 million phishing emails, the company said. While phishing attacks increased, the number of emails containing viruses decreased in July by 20 percent compared to June, Postini said.

The amount of spam remained stable at 88 percent of the total number of emails sent. The company processed more than 14 billion emails last month. Directory harvest attacks decreased 8 percent from June.

Gartner researchers have estimated that online debit card fraud, perpetrated via phishing and keystroke logging attacks, has resulted in $2.75 billion in losses in the past year.

END 

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.

 


E-mail outage a major concern for businesses

Companies have become so reliant on e-mail that 85% of firms admit that e-mail downtime would severely affect their business, according to research from analyst firm Quocirca.

As a result, companies expect a high level of support from their IT departments, and 70% of organisations said they would expect IT to respond to e-mail outage within 10 minutes. “The majority of respondents see e-mail as an integral part of key business processes such as sales and customer service. A rock-solid infrastructure is the key to a successful business continuity strategy and this must extend to mobile and home-workers," said Clive Longbottom, service director, business process facilitation, at Quocirca. 

The survey also found that 50% of the businesses surveyed believed they would not be able to maintain e-mail service levels if they migrated from one e-mail system to another, and that this was one of the main barriers to migration. “The importance of maintaining service levels is confirmed by the reluctance of organisations to accept any interruption in service during the upgrade process itself" said Longbottom.

Greater use of laptops and PDAs has made e-mail business critical, making respondents more aware of e-mail downtime.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

 


The Business Resilience Conference - 7th October 2005

 

The Business Resilience Conference

Early Bird Event Announcement Risk strategies for organisational strength The Continuity Forum and Continuity Insurance & Risk magazine have joined forces to organise a special one-day conference: Business Resilience, risk strategies for organisational strength.

We are delighted to announce that our keynote speaker for the Event will be Sir Digby Jones, Director-General of the Confederation of British Industry, one of the highest profile Business Leaders in Europe.

Date: Friday 7th October

Venue: Institution of Mechanical Engineers, One Birdcage Walk, London, W1

The Conference aims to provide high-level analysis, at the strategic level, of the key issues that organisations private and public now face, and how effective business continuity and risk management can help to achieve compliance. The event will promote resilience as a way of making the UK more competitive in the global marketplace. It will also focus on a number of verticals including the insurance, financial services and public sectors. The conference will address core topics such as:

· Strategic level analysis of the key issues that organisations, both private and public now face

· How effective business continuity and risk management can help to achieve compliance

· Using resilience as a way of making the UK generally and organisations specifically more competitive

· The importance of Resilience from an international perspective

· Creating strategic advantage from organisational strength

Speakers already include:

Sir Digby Jones, director-general of the CBI

Mr Gregg Goble, global vice-president of business resilience, IBM

Mr John Sharp, policy & development director of the Continuity Forum

Mr Victor A Meyer, global head of business continuity, Deutsche Bank

STANDARD CONFERENCE FEE: £450 + VAT (£528.75)

CONTINUITY FORUM MEMBERS EARLYBIRD RATE: booking before August 2nd £355.50 + VAT (£417.71) giving members a direct saving of over 20%!

The full agenda will be published shortly, but if you require more information please contact the Continuity Forum 

Continuity Forum Members To reserve your place please click HERE! or phone Sara McKenna  +44 (0) 208 993 1599. If you would prefer to pay via cheque or be invoiced please contact us on 020 8993 1599. Please do contact us directly if you have any questions or you would like to upgrade to Full Forum membership, email us HERE!

BOC faces £20m Sarbanes-Oxley compliance bill

More than we first estimated, says chief executive Industrial gases group BOC said it faces higher than expected costs, totalling around £20m, over the next two years in order to bring the company into full compliance with the Sarbanes-Oxley (SOX) corporate governance regulations.

In the company's third-quarter results presentation to analysts, BOC chief executive Tony Isaac said he was "surprised" about the high corporate costs of compliance compared to first estimates.

The deadline for SOX compliance is September next year and BOC said it will have to spend £10m this year and another £10m in 2006 to bring its financial reporting and internal controls up to scratch.

In a conference call, Charles Spence, director of financial control at BOC, said of the group's increasing corporate costs: "One of the underlying drivers is the cost of compliance with Sarbanes-Oxley." The SOX legislation was introduced by the US to prevent another Enron scandal but there have been increasing calls by businesses for the rules to be relaxed because of the high costs of bringing financial reporting processes and related IT systems into compliance. The Confederation of British Industry called for changes to SOX claiming that it is too onerous and costly, while BT is one of a number of companies which have threatened to de-list from the New York Stock Exchange because of the high costs of compliance.

Continuity Forum Comment

There is no doubt that good Corporate Governance is essential, but the value and cost of compliance needs to be carefully balanced against the benefits gained. Many organisations are finding that SOX is the equivalent of using a sledgehammer cracking a nut!

Yes Enron, was a terrible scandal and many were seriously affected by the collapse of the company, but the proper controls, checks and balances need not entail the spiralling costs that seem to be arising.

What is interesting is that whilst spending on Governance is seen to be rising dramatically, the effective BCM is being overlooked, with many Corporates failing to ensure that the business is sufficiently protected form the myriad of threats facing them. Planning is still somewhat fragmented and BCM teams are often severely overstretched and lacking in both support and resources.

It seems somewhat incongruous to us that there is an awful lot of money being spent on Governance projects that are by their very nature limited and specific in their value when something as vital as BCM is screaming out for serious improvement and investment.

Whilst it is difficult to state as an absolute fact, all the indicators point to Corporations losing far more money through avoidable Business Continuity Events than through Governance issues each year. We, and many others we're sure, would prefer that regulators address these issues rather than aggressively impose overly arduous (and expensive!) Governance Procedures. 

END 


Be ready for any disaster

Just under half of small firms in the UK have no plan in place to ensure that their business could survive an emergency or disaster., according to research from AXA.

Many are not covered against risks that have a much greater chance of hitting their business than terrorism, such as a fire or a flood. If the unexpected happens, companies without a contingency plan could lose thousands of pounds or even go out of business.

The insurer said the fact that these companies had such a plan was worrying because of the time it can take businesses to recover from a disaster. Research by AXA found that almost one in five small to medium-sized firms had been hit by a disaster.

One in 12 said it took them more than six months before they were up and running again and it took one in 20 of them more than a year to get their businesses back on track. AXA's risk control strategy manager Doug Barnett said: "Businesses face a number of challenges and risks and they need to do everything possible to reduce the chances of these happening. "They also need to have an effective plan in place to deal with them if they do.

Every year, thousands of enterprises fold but some of these could be saved if they had a strong business continuity plan in place." Even if a business does have plans in place it is important that companies tweak them so that they are prepared for potential seasonal risks and carry out annual test to see they will work.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

 


Bombings trigger high state of alert

Aug 3 2005 Liverpool Daily Post

Penny Fray looks at how Merseyside businesses are protecting themselves against the new agents of evil

The world in 2005 is a dangerous and uncertain place. Businesses as much as individuals are vulnerable to the twin threats of urban terrorism and high tech fraud. But experts claim that most companies remain hopelessly unprepared for the consequences of a major attack, estimating that as many as nine out of ten SMEs could go out of business within two years of suffering a catastrophe.

A recent Liverpool Chamber of Commerce report claims that most small to medium sized enterprises have neither a written security policy nor a contingency plan to deal with disasters such as fire, severe flooding or a terrorist bombing. Moreover, 80% of those analysed don't even have adequate procedures to deal with IT and utility failures that would otherwise enable them to function effectively during an emergency.

David Chandler of G Security and Surveillance in Prenton, Wirral, isn't surprised but claims the wheels of change are now in motion. "No-one starts the day believing that the physical presence of a business will be gone later that morning, especially here in Merseyside," says the former police detective turned security expert. "But if the terrorist attacks of September 11 have not already altered the way that businesses view security and disaster planning, the terrible events in London will. "Already, we've had a flurry of calls from both private and public sector agencies worried about safety.

Certain schemes involving public buildings have been brought forward and additional security budgets have been made available." One company that has gone to great lengths to ensure that their security system is bang up to date is Living Ventures, the name behind popular celebrity hang-outs such as The Living Room and Est, Est, Est. "People these days need to feel safe," says Richard Tarran, an IT and systems executive for the company. "That's why we've gone to great lengths to ensure that we're one step ahead of the game through installing equipment and making sure that everything is the best it can be." Although several other large companies in the region confirm a similarly heightened emphasis on security, they've all declined to comment for fear of reprisals.

However, the Daily Post discovered that one large retail outlet has just installed a hi-tech visual verification system, recording vehicle number plates - even those moving at up to 100mph in the dark. Iris scanning, hi-tech firewalls and shatter-proof windows have become popular options for those eager to stay abreast of 21st century crime. "Like most companies who provide extra protection against crime, we've seen a sudden rise in the sale of laminated windows," confirms Kay Ruddy, managing director of Bebington Glass.

Continuity Forum Comment

It is great to see that organisations are investing in better security, but that really is more a comment on what hasn't been done in the past, rather than being a positive step forward in resilience and Business Continuity Planning. Integrating the BIA and Risk Assessment phases of Business Continuity Management presents the organisation with far greater overall Resilience against a wider range of events, while enabling greater value to be achieved.

END 


Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...