Story image

Business continuity planning – Bah humbug!

04 Apr 2017

Well, unfortunately that is the attitude of many NZ organisations.

If it happens we will deal with it – after all, why would we spend time and money working on something that might not even happen?

Once upon a time that kind of thinking was acceptable, but things are changing rapidly and that approach is now reckless at best.

Yes, it’s difficult to understand the complexity of modern threats like cyber terrorism, let alone the probability of being impacted, but that’s no excuse for not having some kind of business continuity plan.

A plan that will guide process and actions in the event that your organisation is brought to its knees, whether through a cyber attack, weather event, malicious staff action, hardware or software failure.

To help you avoid embarrassing questions from your CEO (after all, there are quite harsh penalties in NZ with respect to Director liabilities) or worse, a journalist, I spoke with highly respected Business Continuity specialist Nalin Wijetilleke who shared his thoughts on the steps that should be taken to ensure that our organisations are protected from mortal outages.

1. Risk Reduction

The risks that could jeopardise the running of business should be identified and appropriately mitigated. While that does sound straightforward, many threats are often unknown or unquantified, which is why specialist advice is crucial to implement the correct tools, techniques and practices.

 2. Response

The way the organisation responds is very important. A small issue could easily get out of control and become a crisis. There are ample examples from within New Zealand when basic safety issues have been overlooked resulting in major disasters. To be well prepared to effectively respond to such situations, organisations must have well-rehearsed plans and communication strategies.

 3. Recover

Recovery plans should be designed to be flexible and scalable to a broad range of scenarios. Those responsible must detail the actions required within pre-established time frames. Whom to contact, when to escalate and plans with the key suppliers should be in place. The plan should show the priority and sequence of resolution activities. 

 4. Resume

Once the problem is resolved, the process for resuming operations must be started. All critical activities and when to resume after a disruption must be pre-defined. 

 5. Restore

Depending on the nature of the disruption or the disaster, restoration can take anywhere from hours to months. The time to return to ‘business as usual’ after a critical process or product/service line failure can be pre-defined based on analytical techniques. Preplanning provides opportunity to think ahead as to what resources, external support or stakeholder communications are needed during the recovery and resumption stages.

 6. Review

It’s always good to learn from your mistakes. They should be well documented and actions taken to further improve resilience. Impact on the people, business, customers, community, and environment are all key aspects reviews should focus upon.

According to managing director of Continuity NZ and international speaker on the discipline of business continuity management, Nalin Wijetilleke, a logical first step is to take stock of your business’ current state including extent of exposure.

Exclusive to Techday readers, this month Nalin is offering a discounted Business Continuity Health Check (typically 4 hours).

Click here to take advantage of this one-time offer.

Why the retail industry has misplaced network priorities
“For retail organisations unplanned network outages can impact both revenue and reputation significantly."
How open source distribution accelerates Drupal development time by 30%
Acquia Lightning has adopted Drupal’s support for JSON:API, delivering out-of-the-box support for building decoupled or headless applications.
Qualtrics aims to help organisations master experience management
Experience Basecamp helps users master XM products, including CustomerXM, EmployeeXM and Research Core.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Huawei and IBM rank top in new cloud market analysis
360Quadrants has released a managed services report that also names Atos and Accenture as leaders in its new managed services report.
Cloud innovation driving NZ IT services market, says IDC
Managed services makes up the largest portion of total IT services revenue. However, the project-oriented market achieved the highest YoY growth.
DDN completes Nexenta acquisition
DDN holds a suite of products, solutions, and services that aim to enable AI and multi-cloud.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.