Story image

Business continuity planning – Bah humbug!

04 Apr 2017

Well, unfortunately that is the attitude of many NZ organisations.

If it happens we will deal with it – after all, why would we spend time and money working on something that might not even happen?

Once upon a time that kind of thinking was acceptable, but things are changing rapidly and that approach is now reckless at best.

Yes, it’s difficult to understand the complexity of modern threats like cyber terrorism, let alone the probability of being impacted, but that’s no excuse for not having some kind of business continuity plan.

A plan that will guide process and actions in the event that your organisation is brought to its knees, whether through a cyber attack, weather event, malicious staff action, hardware or software failure.

To help you avoid embarrassing questions from your CEO (after all, there are quite harsh penalties in NZ with respect to Director liabilities) or worse, a journalist, I spoke with highly respected Business Continuity specialist Nalin Wijetilleke who shared his thoughts on the steps that should be taken to ensure that our organisations are protected from mortal outages.

1. Risk Reduction

The risks that could jeopardise the running of business should be identified and appropriately mitigated. While that does sound straightforward, many threats are often unknown or unquantified, which is why specialist advice is crucial to implement the correct tools, techniques and practices.

 2. Response

The way the organisation responds is very important. A small issue could easily get out of control and become a crisis. There are ample examples from within New Zealand when basic safety issues have been overlooked resulting in major disasters. To be well prepared to effectively respond to such situations, organisations must have well-rehearsed plans and communication strategies.

 3. Recover

Recovery plans should be designed to be flexible and scalable to a broad range of scenarios. Those responsible must detail the actions required within pre-established time frames. Whom to contact, when to escalate and plans with the key suppliers should be in place. The plan should show the priority and sequence of resolution activities. 

 4. Resume

Once the problem is resolved, the process for resuming operations must be started. All critical activities and when to resume after a disruption must be pre-defined. 

 5. Restore

Depending on the nature of the disruption or the disaster, restoration can take anywhere from hours to months. The time to return to ‘business as usual’ after a critical process or product/service line failure can be pre-defined based on analytical techniques. Preplanning provides opportunity to think ahead as to what resources, external support or stakeholder communications are needed during the recovery and resumption stages.

 6. Review

It’s always good to learn from your mistakes. They should be well documented and actions taken to further improve resilience. Impact on the people, business, customers, community, and environment are all key aspects reviews should focus upon.

According to managing director of Continuity NZ and international speaker on the discipline of business continuity management, Nalin Wijetilleke, a logical first step is to take stock of your business’ current state including extent of exposure.

Exclusive to Techday readers, this month Nalin is offering a discounted Business Continuity Health Check (typically 4 hours).

Click here to take advantage of this one-time offer.

NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.
Partnership brings AI maths tutor to NZ schools
“AMY can understand why students make a mistake, and then teach them what they need straight away so they don't get stuck."
Polycom & Plantronics rebrand to Poly, a new UC powerhouse
The name change comes after last year’s Plantronics acquisition of Polycom, a deal that was worth US $2 billion.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.