Sunday, February 19, 2012
Saturday, February 4, 2012
2010 saw major earthquakes strike Haiti, Chile, China and Indonesia. It saw devastating floods in Pakistan and Australia. 2011 have brought out the opposite of resilience in people and organisation, confronted by the most extreme challenges. With flood events in Lagos, Australia, Brazil, the earthquakes in turkey, New Zealand, the tsunami in Japan, civil unrests in London, Greece, Spain, Italy, and the Arab spring of 2011, which ousted regimes in Tunisia, Egypt and Libya and created fuelled growing opposition to regimes in Syria, Yemen, Bahrain and other middle eastern states. These are very real recovery challenges that face organisations and you. According to the Lloyd’s of London’s risk index 2011, 2011 was the second most expensive year ever for the insurance industry because of these incidents.
In addition, while many of types of risk may be industry or regional specific, cyber risk is universal. 2011 saw the hacking of state network from India to Brazil to Nigeria. For businesses, the incident and frequency of data breaches have been even more unrelenting; Nintendo, Honda, Toshiba, Playstation, Nokia, Google, IMF, Wiki-leak and the Hong Kong stock exchange are victims of some form of cyber crime or hacking. A global estimate of cyber crime is now costing business around $114bn annually. Technical solutions are needed to evolve rapidly, together with more efficient reporting of breaches to help quantify the risk more accurately.
By reflecting on disaster in terms of the need for strong, visible and distributes leadership, differentiated response, recovery and effective communication, organisations can achieve better outcomes with BCM, and reliably meet their obligations to regulators, boards and stakeholders. Since the true measure of a BCM plan is the success of it after an incident, organisations should apply the good practice approach which provides a baseline and common language to help BCM professionals to perform a rigorous Business Impact Analysis Assessment (BIA). The BIA is the foundation on which the whole BCM is built. It can be used to understand the impact of the failure to deliver a service or a product. The BIA identifies business activities across the organisation, identifies management owners of processes, identifies suitable staff, quantifies time scale and collects data for the Continuity Requirements Analysis (CRA). The good practice dictates that a BIA should be reviewed as a minimum annually but frequently in the event of business change, change to internal and external business process and significant change to risk and threats. Furthermore organisations must focus on robust BCM frame works strategies, resource allocation supporting continuity plans which objectively ‘fit for purpose’, practical and periodically tested and rehearsed.
After the unfolding events of the last two years, businesses need to give much greater priority to BCM planning carefully for those risks they cannot prevent, as well as being realistic about those they can. Organisations must determine its BCM strategy by using information gathered from the BIA, CRA and risk and threat assessment. Whatever strategy an organisation selects it has to ensure that it meets the target time for resuming the delivery of its products and services following its disruption. One strategy could be ‘balancing cost and speed of recovery’. In this strategy, there is always a trade off between cost and speed of recovery which needs to be balanced when selecting a strategy. So shorter recovery time objectives = higher cost and vice versa. Another strategy worth considering and is quite popular is ‘separation distance and the concept of “off site” it’s basically replicating operations in a different location. It reduces the likelihood of two sites being affected by the same incident except in cases like pandemics and cyber attacks. Artco Solutions will also recommend a centralised access to data, emergency communications, emergency plans and key documents so senior management and employee have what they need when they need it.
As we have read, more than ever, businesses need effective BCM plans in place to protect their plants, infrastructure, property, staff, and supply chains from the fall of natural, political, social and economic threats.
For further assistance please contact firstname.lastname@example.org
Friday, February 3, 2012
1. Socio-economic challenges ratchet up a notch
Last year, it seemed as though we might be coming out the recession, but now the talk is all about the dreaded double dip. Economic hardship is exacerbating social and political tensions, especially as retrenchments swell the hordes of unemployed. Too many people without work or the prospect of it places a huge burden on the state, provides the climate for crime and is likely to fuel tension between the haves and the have-nots.
2. Government performance and service delivery still lag behind expectation
Ongoing service delivery and corruption issues have continued to fuel widespread social unrest. Some commentators are even talking about popular uprisings comparable to those that occurred earlier in the year in North Africa. Instability in the ruling party continues to unsettle political and social life, and this will only get worse as the ANC’s leadership conference approaches. Meanwhile — no doubt fuelled in part by the economic problems mentioned above — strikes and social protests seem to be getting more prevalent.
For business, one direct consequence is frequent work stoppages, with staff actually finding it hard to get to their places of work.
“It seems that South Africa is coming to a crossroads again, faced with the choice between the high and low roads,” says Michael Davies, ContinuitySA’s managing director. “We have to have confidence that our leadership will make the right choices but, meanwhile, prudence demands a renewed focus on safety measures, including proper business continuity plans.”
3. National infrastructure remains weak—and the middle class is feeling the pinch
While Eskom contrived to come through a very cold winter with relatively few blackouts, concern remains high as summer is the time for planned maintenance. Another concern is the availability of skills to maintain the aging infrastructure at Koeberg, and to operate planned new nuclear power facilities. On the positive side, recent moves to introduce independent power generation and green power into the South African energy market are welcome.
That said, there are worrying reports that lack of additional energy capacity at present is affecting the ability of some data centres to expand.
Other infrastructural challenges include the new toll roads around Gauteng and the new national health insurance system. While both are desirable, they are placing additional financial burdens on the middle class—i.e. the small tax base on which everything rests. Is the middle class coming close to feeling as squeezed as the poor and unemployed and, if so, how will it make its distress known?
4. Water remains a concern
Water security remains a problem in this country, exacerbated by the pollution of our existing water stocks.
Although the government finally woke up to the problem of acid mine drainage and made R400 million available, media reports indicate that little action has actually occurred. If substantial progress is not made in finding a solution, the acid water is expected to begin decanting into the Johannesburg basin in March 2012—it is already decanting on the West Rand. Companies with IT equipment in basements need to remain on high alert.
5. Worsening business climate
The risks mentioned elsewhere will continue to weigh on risk-averse foreign investors, while the volatility of the rand will encourage destabilising capital movements. The socio-political challenges we have mentioned are also taking their toll on the outlook of local business. With the business confidence index declining, investment in equipment and people will be curtailed at a time when they are more necessary than ever. Militant unions and demands for increases that are significantly above inflation are further worsening the business outlook.
With revenues under pressure, many companies will be tempted to skimp on business continuity but this approach is short-sighted.
6. Regulatory burdens and responsibilities increase
Promulgated during 2011, the new Companies Act has made the directors of companies personally liable for the outcome of their decisions. The legislation is new and untested, making compliance even more risky than it might otherwise have been.
In combination with the recommendations of the King Commission, the new act has made risk management a much more important item on the board agenda—and this includes IT risk.
Boards are increasingly accountable to all stakeholders rather than just shareholders. In this regard, environmental issues are becoming more prominent, which may add impetus to the move towards cloud computing, which has the effect of greening the IT department.
7. The sting in the supply chain tail
Recent natural disasters like the volcanic eruption in Iceland and the earthquake and tsunami in Japan have emphasised the flipside of global interconnectedness. In order to ensure business continuity, companies must increasingly consider their entire supply chains. Adequate consulting around the business continuity threats originating outside of the organization is imperative.
8. Cloud computing blurs vision
As predicted, 2011 saw considerable movement in cloud computing. While it’s clear that cloud computing has real benefits, non-specialist public cloud offerings should not be confused with specialist business continuity, which is also making use of cloud-based approaches.
“The need to have absolute quality assurance and security in terms of your business continuity remains, especially in light of boards’ enhanced accountability,” Davies notes. “On the other hand, the greater availability of bandwidth and improvements in technology are changing the model.”
9. Mobility is creating huge new data risks
The growing range of smart mobile devices, and the explosion in useful applications, has made mobility a fact of life. At the same time, there is growing awareness of the value of a company’s data, hence the emergence of ‘data as a platform’. Securing and backing up the corporate data on mobile devices usually owned by employees rather than companies is raising CIOs’ temperatures worldwide.
10. Business continuity is still not integrated into corporate strategy
Given the scale and magnitude of the challenges business faces, the danger remains that business continuity is marginalised and siloed. In many instances, financial pressures are causing companies to cut back on business continuity. For example, banks which have retrenched large numbers of people now have excess office space which they tend to use to provide their own workplace recovery—and this may lead to a business continuity solution that is less than optimal.
A related issue is that the long-term viability of smaller business continuity providers is looking less certain in this climate. We think this will prompt a ‘flight to quality’ in many cases.
As indicated above, the emergence of new opportunities to remodel business continuity using a private cloud approach is a game-changer, offering cost savings, a much more effective product and the opportunity to get a return on your business continuity investment.