For the past few years one of the key underlying drivers helping to develop Business Continuity has been the Public Sector. The introduction of the Civil Contingencies Act five years ago included clear responsibilities on many different types of government agencies as well as what can be termed as private sector utilities. In addition to the business continuity requirements on these organisations, there was a further "duty" to promote business continuity more broadly within the business community.

High Performers & Foundational Controls: Building a strategy for Security and Risk Management 

This Enterprise Management Associates White Paper discusses building a strategy security risk management.

With all the attention given to the increasing sophistication of threats, and the security implications of technology trends such as virtualisation and cloud computing, our enterprises ready for tomorrow's security risks? These are the questions being addressed in this white paper.

The White Paper concludes that for many organisations the answer is no!

Disruption and resilience, 2010 from the CMI

Over the course of the past 10 years the annual Business Continuity study by the Chartered Management institute has plotted the progress and expansion of the profession. 2010 is no exception.  Over the past 12 months the country has faced widespread disruption through extreme weather events, recession and the potential posed by the swine flu pandemic ... it has been a year to challenge most working in the field.

When you think about your disaster recovery plan, does your tape backup system come to mind? Does the mere mention of disaster recovery make you a bit nervous? If so, you're not alone.

Many businesses risk grave losses due to failures and disasters yet continue to depend on their limited options provided tape backups to help them recover successfully should a major outage occur.

Trevor Elswood, BSI group managing director

Although the symptoms of the H1N1 virus (swine flu) are currently similar to a normal bout of winter flu, the World Health Organisation has designated the current alert level for the virus as Phase 6, indicating widespread human infection.  So, what are companies doing to ensure business continuity?

Preparing or Politics?

Proper preparation can prevent poor performance

Dr Margaret Chan, director-general of the World Health Organisation, yesterday announced formally the arrival of the influenza pandemic, describing it as now “unstoppable”.  By the time you read this note, in the UK we’ll have had around 1400 cases identified, with probably many more going undiagnosed. 

The novel A(H1N1) virus causing the Pandemic is so far relatively mild, with much of the message coming from Health professionals giving reassurance that the virulence is moderate and for us all not to be alarmed.  Notably, the move to a Pandemic level has been described as reflecting geographic spread only and not marking a specific increase in the danger of the virus.

This all sounds not too bad; it’s not the H5N1 Bird Flu, which is far more deadly, the symptoms are pretty mild, and most get well without needing much medical intervention … so is it really something for us to be concerned about?

Well, I’d say yes.

From a medical perspective, the issue is that nature has created in the virus a very adaptive thing.  It is constantly evolving, changing and merging its structures to try and survive and spread. So far there have been 30,000 cases globally; this is a tiny percentage of those likely to be infected, and in a person infected with a tricky virus like A(H1N1), the possibility of the virus mutating still further not just exists, but is reasonably likely. What this means is we really don’t know just what the longer-term impact of the virus is going to be. It may stay as a mild seasonal ‘flu type strain or it may increase in its severity.  Crossing ones fingers and hoping, though, is a poor risk management tactic despite its frequent use. 

One thing is certain, people infected will be too ill to come to work and if the spread of the Virus does scale up dramatically in the Autumn then a lot of Offices, Shops and Factories are going to have to function with fewer people for a while.  There could well be further impact should Schools continue to close (and parents need to stay at home), or if the Transport networks were affected through staff loss.  

The Continuity Forum and the Government have been campaigning for BCM to be more widely adopted by organisations, and today around half our ‘corporates’ do have plans to some degree.  However, many of these (>65%) do not cover the People issues the threat of Pandemic raises.  In smaller organisations, as you may expect, the level of planning is much less. Scaling this up and taking a National view means more than 90% of organisations, covering something like 80% of the UK Workforce, have not developed proper plans.

This raises an important organisational issue. It is rare for those working in the Continuity field to get any significant notice of one specific event, but that is the case with the current Pandemic. 

Most of you reading this will be ‘believers’ in the value of BCM to an organisation, but you’ll also know that there are real difficulties in gaining the necessary support of develop effective plans. It should come as no surprise you that 8 out of 10 of those with BCM plans in the Corporate area (our best prepared) have not considered at all the financial impact of a Pandemic, and fewer than 30% have looked at their supply chain at all. 

Against this backdrop, I have reservations about how people will now act, particularly in the SME community, where pressures are intense just now. They may feel it is too late or hard, and choose to do little or nothing, putting their faith in luck.

Understanding how your organisation will be affected by a period of sustained staff absence is vital to coping well with any disruption - and maybe even averting a crisis. There is a lot of advice now available that people can follow, mostly practical and easily implemented. 

The first steps though are a real critical examination of the likely impact on foundations of the Organisation.  Look at areas like cash flow and production difficulties, consider how you would cope if you lost critical skills.  This is often overlooked, not just in areas such as IT or production, but in terms of people authorised under regulation to do certain tasks whether it is a safety licence as seen in the Gas, electricity and similar sectors or professional qualifications needed in other sectors such as Law, Banking, Insurance and of course Medicine.  Absence of other 'authorised' personnel such as those able to deal with banks and access sensitive information can also become a difficult issue for organisations if not considered fully ahead of time.

By carefully thinking through how your organisation relies on specific skills you'll be able to identify critical activities ahead of any skills shortage and develop a more measured and appropriate response to any absences affecting the organisation.

Remember to extend this thinking to other key partners on whom your organisation may rely too.  With most organisations having partnerships or outsourcing relationships that place key skills outside of your direct control it is vital that you understand the steps these organisations are likely to be taking and how they will impact on you.

Some will doubtless feel as though there are enough difficulties in the economy at the moment to spend time on what they may feel is just another 'health scare', but that is a very dangerous position to take.  With the economy under such pressure, further disruption could well be the final push that takes unprepared organisations over the edge.

The old adage of "a stitch in time ..." has never been more true and should the projections for the Autumn be realised you'll certainly appreciate the effort made.   

So the first task has to be to choose to act and act now or else we (and you) risk losing  the window of opportunity we have ahead of the traditional Flu Season to mitigate the potential effects to us all. 

There is a lot to consider and space is limited, but you are not alone and we can help.  If you would like to know more please contact us at www.continuityforum.org.

The Continuity Forum is holding our third Pandemic Summit on 26^th June please contact us directly for more information.