Story image

Business continuity planning – Bah humbug!

04 Apr 17

Well, unfortunately that is the attitude of many NZ organisations.

If it happens we will deal with it – after all, why would we spend time and money working on something that might not even happen?

Once upon a time that kind of thinking was acceptable, but things are changing rapidly and that approach is now reckless at best.

Yes, it’s difficult to understand the complexity of modern threats like cyber terrorism, let alone the probability of being impacted, but that’s no excuse for not having some kind of business continuity plan.

A plan that will guide process and actions in the event that your organisation is brought to its knees, whether through a cyber attack, weather event, malicious staff action, hardware or software failure.

To help you avoid embarrassing questions from your CEO (after all, there are quite harsh penalties in NZ with respect to Director liabilities) or worse, a journalist, I spoke with highly respected Business Continuity specialist Nalin Wijetilleke who shared his thoughts on the steps that should be taken to ensure that our organisations are protected from mortal outages.

1. Risk Reduction

The risks that could jeopardise the running of business should be identified and appropriately mitigated. While that does sound straightforward, many threats are often unknown or unquantified, which is why specialist advice is crucial to implement the correct tools, techniques and practices.

 2. Response

The way the organisation responds is very important. A small issue could easily get out of control and become a crisis. There are ample examples from within New Zealand when basic safety issues have been overlooked resulting in major disasters. To be well prepared to effectively respond to such situations, organisations must have well-rehearsed plans and communication strategies.

 3. Recover

Recovery plans should be designed to be flexible and scalable to a broad range of scenarios. Those responsible must detail the actions required within pre-established time frames. Whom to contact, when to escalate and plans with the key suppliers should be in place. The plan should show the priority and sequence of resolution activities. 

 4. Resume

Once the problem is resolved, the process for resuming operations must be started. All critical activities and when to resume after a disruption must be pre-defined. 

 5. Restore

Depending on the nature of the disruption or the disaster, restoration can take anywhere from hours to months. The time to return to ‘business as usual’ after a critical process or product/service line failure can be pre-defined based on analytical techniques. Preplanning provides opportunity to think ahead as to what resources, external support or stakeholder communications are needed during the recovery and resumption stages.

 6. Review

It’s always good to learn from your mistakes. They should be well documented and actions taken to further improve resilience. Impact on the people, business, customers, community, and environment are all key aspects reviews should focus upon.

According to managing director of Continuity NZ and international speaker on the discipline of business continuity management, Nalin Wijetilleke, a logical first step is to take stock of your business’ current state including extent of exposure.

Exclusive to Techday readers, this month Nalin is offering a discounted Business Continuity Health Check (typically 4 hours).

Click here to take advantage of this one-time offer.

Survey reveals CX disconnect is risky business
Too much conversation and too little action could lead companies to neglect, lose, and repel their very lifeblood, according to Dimension Data.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Police making progress into Cryptopia breach
New Zealand Police say they are making ‘good progress’ into the investigation of an alleged cryptocurrency theft from Christchurch-based crypto exchange Cryptopia.
NEC concludes wireless transport SDN proof of concept
"Operation and management of 5G networks are very complicated and require automation and closed-loop control with timely data refinement and quick action."
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Avaya introduces private cloud delivery of its UCaaS solution
Avaya is supposedly taking a flexible hybrid approach to the cloud with these new solutions.
Data growth the growing case for managed colocation
The relentless growth of data could see colocation take on a new importance, says Jon Lucas.