If you have less than 500 employees, odds are you don’t have someone working full-time on business continuity. And, unless regulations require you to perform planning in some manner, your organization may not have a business continuity plan at all! Continue reading
Many business continuity professionals have expressed concern and uncertainty regarding the future of business continuity and how it will ‘fit’ with newer concepts like GRC (Governance, Risk and Compliance) and ERM (Enterprise Risk Management). In truth, these different ways of managing risk and optimizing business performance could significantly affect how business continuity programs are run. But, in the end, the importance lies in managing obligations and risk in the most efficient and cost-effective manner possible so the organization can thrive and meet stakeholder expectations. This article dissects the current state of GRC and what business continuity professionals need to know and do about it. Continue reading
Everyone seems to be talking about “the cloud” these days. Unfortunately, that is a REALLY broad term! So, let’s take a closer look at what “the cloud” really means, and then examine some key questions that continuity professionals should ask both their organization and cloud provider when the topic of cloud-based applications and recovery comes up. Continue reading
As published in the Summer 2010 Issue of the Disaster Recovery Journal – Volume 23, Number 3.
As business continuity professionals, we are often asked to “lead the charge” in establishing a business continuity capability throughout our organization. It’s a task we take seriously because we know the result should we fail. We’ve studied everything from hurricanes and fires to workplace violence and pandemics. However, in our passion for business continuity, it’s very easy to lose sight of what we’re trying to protect: an organization that must take risks to deliver value to its stakeholders. Continue reading
Over the last few months, DRI has spent a lot of time spreading a message of caution with regard to organizational certification. Their article on this topic was published in the last issue of DRJ (Are You Really Prepared? Who Says So?), it was the topic of a recent webinar (October 29th), and has also been the message delivered by their executive director in several small group meetings.
What’s interesting about this PR blitz is that the only business continuity standard currently available for organizational certification in the US is British Standard (BS) 25999. The federal government is developing a voluntary certification program (as mandated in law PS 110-53), but that won’t be available for some time. As a result, DRI’s motivation to encourage the status quo is unclear. Continue reading
Over the last year and a half we have met a number of organizations that thought they were prepared for BS 25999 certification, only to find key issues when BSI’s auditors arrived. As a result, we have compiled the following four myths and an important truth regarding BS 25999 certification. Continue reading
As published in the Disaster Resource Guide Executive Issue – Volume 12, Issue 3.
The Need For Business Continuity Management
All businesses face the threat of an unplanned business interruption. While the causes vary from natural disasters to IT service interruptions, many organizations lack the capability to respond in an effective way. As a result, thousands of businesses large and small are crippled every year by unplanned business interruptions. However, there are cost effective protections that every business can establish to avoid this risk. Many of these protections are focused on isolated risks; for example, if a company has a critical product that has to be shipped no matter what – they may choose to store that product in two locations, thereby protecting it. However, such an approach ignores the broader purpose of risk management: to examine these risks in a structured approach will result in a comprehensive understanding of the organization’s risks, thereby optimizing its investment to limit those risks. Continue reading
On the surface, one would expect healthcare organizations, particularly hospitals, to have well-developed, resilient business continuity programs. After all, who better understands the importance of organization and preparedness when responding to crises? However, recent research conducted by BCPWHO (Business Continuity Planning Workgroup for Healthcare Organizations) indicates most healthcare groups focus on the Joint Commission mandated areas of emergency management and IT disaster recovery. Emergency management typically focuses on the role of a hospital as a first responder – it is mostly outward facing to ensure that clinical operations can continue no matter what happens to the physical hospital or community. IT disaster recovery, another area of focus, addresses protecting critical clinical systems that, if unavailable, would affect patient care and safety.
Unfortunately, something is missing. Continue reading
Financial institutions, more than any other industry group, spend considerable resources on business continuity planning – and for good reason. Banks are a critical element of our economy’s infrastructure, and as a result, an ever growing body of regulations impose significant penalties for those who don’t comply. For many organizations, compliance, and its associated “satisfactory rating”, continues to be an elusive goal.
Based on our work with a diverse group of financial institutions, we have developed a common list of problems faced by many financial services organizations. Continue reading
“Computer Based Training”, or CBT, technologies have been around for years, but the integration of multi-media capabilities is relatively new. Multi-media CBTs, when combined with traditional table-top exercising methods, enables business continuity planners to “test” and train more and more business units each year. Scheduled at a time convenient to them, business recovery team members can leverage an exercising CBT and learn how to use their plans (and of course, make improvements based on this experience).
This webcast introduces a CBT-based exercising approach, and demo’s the technology that could enable an increase in awareness amongst organizations that leverage it.