Story image

Business continuity planning – Bah humbug!

04 Apr 17

Well, unfortunately that is the attitude of many NZ organisations.

If it happens we will deal with it – after all, why would we spend time and money working on something that might not even happen?

Once upon a time that kind of thinking was acceptable, but things are changing rapidly and that approach is now reckless at best.

Yes, it’s difficult to understand the complexity of modern threats like cyber terrorism, let alone the probability of being impacted, but that’s no excuse for not having some kind of business continuity plan.

A plan that will guide process and actions in the event that your organisation is brought to its knees, whether through a cyber attack, weather event, malicious staff action, hardware or software failure.

To help you avoid embarrassing questions from your CEO (after all, there are quite harsh penalties in NZ with respect to Director liabilities) or worse, a journalist, I spoke with highly respected Business Continuity specialist Nalin Wijetilleke who shared his thoughts on the steps that should be taken to ensure that our organisations are protected from mortal outages.

1. Risk Reduction

The risks that could jeopardise the running of business should be identified and appropriately mitigated. While that does sound straightforward, many threats are often unknown or unquantified, which is why specialist advice is crucial to implement the correct tools, techniques and practices.

 2. Response

The way the organisation responds is very important. A small issue could easily get out of control and become a crisis. There are ample examples from within New Zealand when basic safety issues have been overlooked resulting in major disasters. To be well prepared to effectively respond to such situations, organisations must have well-rehearsed plans and communication strategies.

 3. Recover

Recovery plans should be designed to be flexible and scalable to a broad range of scenarios. Those responsible must detail the actions required within pre-established time frames. Whom to contact, when to escalate and plans with the key suppliers should be in place. The plan should show the priority and sequence of resolution activities. 

 4. Resume

Once the problem is resolved, the process for resuming operations must be started. All critical activities and when to resume after a disruption must be pre-defined. 

 5. Restore

Depending on the nature of the disruption or the disaster, restoration can take anywhere from hours to months. The time to return to ‘business as usual’ after a critical process or product/service line failure can be pre-defined based on analytical techniques. Preplanning provides opportunity to think ahead as to what resources, external support or stakeholder communications are needed during the recovery and resumption stages.

 6. Review

It’s always good to learn from your mistakes. They should be well documented and actions taken to further improve resilience. Impact on the people, business, customers, community, and environment are all key aspects reviews should focus upon.

According to managing director of Continuity NZ and international speaker on the discipline of business continuity management, Nalin Wijetilleke, a logical first step is to take stock of your business’ current state including extent of exposure.

Exclusive to Techday readers, this month Nalin is offering a discounted Business Continuity Health Check (typically 4 hours).

Click here to take advantage of this one-time offer.

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.