Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

Did I pack socks? Check. Toothbrush? Check. Business cards, phone charger, passport? Check, check, and check. Do I know what I need to do and what not to do to protect myself, my devices and the company’s data while I’m on the road and traveling for work? [awkward silence, crickets chirping]

S&R pros, how would employees and executives at your firm answer that last question? It’s an increasingly important one. Items like socks and toothbrushes can be replaced if lost or forgotten; the same can’t be said for your company’s intellectual property and sensitive information. As employees travel around the world for business and traverse through hostile countries (this includes the USA!), they present an additional point of vulnerability for your organization. Devices can be lost, stolen, or physically compromised. Employees can unwittingly connect to hostile networks, be subject to eavesdropping or wandering eyes in public areas. Employees can be targeted because they are an employee of your organization, or simply because they are a foreign business traveler.



Wednesday, 04 March 2015 00:00

UK businesses frozen by cold snaps


Cold snaps are the weather phenomenon most likely to damage UK business performance according to new research commissioned by cloud services company, 8x8 Solutions, to highlight the need for businesses to prepare for adverse weather to limit lost productivity. Economists from the Centre for Economics and Business Research (Cebr) examined the relationship between different weather events and economic growth across the UK’s main industries over the last decade.

They found that since 2005, periods of very cold weather have seen quarterly GDP growth on average 0.6 percentage points lower than typical levels. When minimum temperatures are one degree Celsius lower than average, quarterly GDP is on average £2.5 billion lower. This is a bigger negative effect than any other form of adverse weather, including snowfall, heat waves or flooding.

The fall in GDP results from lower output across a number of industries and lost productivity as transport links and staff availability suffer. Those who do get to work on particularly poor weather days often meet a skeleton staff, hindering productivity.

Whilst cold has the biggest negative effect on the economy, different industry sectors are impacted by different forms of extreme weather. For example, professional services and accommodation and food are the sectors that take the biggest hit from heavy rainfall. High rainfall has a big impact on office-based jobs, with just ten millimetres above average costing the economy £86 million in a single quarter. In January 2015 rainfall was 26.5mm above the 2004-2014 January average of 126.8mm – potentially costing the economy £76.3million over the quarter.

The research also explores the resilience of businesses of different sectors and sizes. The information and communications sector is one of the few to see positive growth during poor weather. Cebr concluded that this is because the sector leads the way in using cloud-based technology allowing employees to work from home. On average, nearly two thirds (65%) of all companies in this sector use some form of cloud technology compared to just 15-30% of all other businesses.

But the report warns that smaller businesses are at a disadvantage in terms of poor weather, as Scott Corfe, Head of UK Macroeconomics, Cebr explains: “Many small offices are unprepared for such events as they often lack remote access to their work due to security concerns and a lack of infrastructure. This is compounded in many cases by inadequate internet connections or computing power at staff homes. In addition SMEs tend to suffer more than their larger counterparts who can spread the setup and maintenance costs of remote working infrastructure across many more staff.”

Kevin Scott-Cowell, CEO of 8x8 Solutions, says, “Bad weather hits businesses hard, and medium-sized companies are more vulnerable than their larger counterparts. Until now, the technical infrastructure to enable remote working and guard against disruption has been out of reach for many companies, but cloud solutions are changing this. It’s now affordable for any size business to put in place a plan and deploy the right remote working technology. This can make sure it’s business as usual for customers, whatever the weather.”

The research is released in the run up to Business Continuity Awareness Week, an initiative run by the Business Continuity Institute. Lyndon Bird FBCI, Technical Director at the BCI, said, “This research is a timely reminder of the need for companies to adopt business continuity management best practice. That means having the plans and technology in place to manage risks to the smooth running of their organisation or delivery of a service, ensuring continuity of critical functions in the event of a disruption, and effective recovery afterwards.”


By Duncan Ford MBCI

Could you get more out of your business continuity exercises? Do you have an inner concern that last year’s exercise programme didn’t demonstrate as much as you would have liked, or that there may be alternative ways of delivering the exercise that would be more cost effective and less effort?

Guidance from the various business continuity institutes and regulators, also included in recognised standards, puts a strong emphasis, quite correctly, on the essential requirement to exercise plans and recovery procedures. However, how do you assess the quality of the exercises, as opposed to the quantity?  Are different types and styles of exercises being used, within an integrated programme, to meet different business needs?
Take a couple of seconds to consider whether:

  • The maximum return is being gained from the time people commit to exercises;
  • Different techniques could be used to engage directors and senior managers;
  • The exercise(s) sufficiently challenge the organization’s assumptions about its ability to respond and recover.



Wednesday, 04 March 2015 00:00

The 2015 Natural Hazards Risk Atlas

Verisk Maplecroft has published its 2015 Natural Hazards Risk Atlas, which ranks over 1300 cities in 198 countries on their exposure to natural hazards to help organizations identify and compare risks to populations, economies, business and supply chains.

According to the Atlas, the strategic markets of Philippines, China, Japan and Bangladesh are home to over half of the 100 cities most exposed to natural hazards, highlighting the potential risks to foreign business, supply chains and economic output in Asia from extreme weather events and seismic disasters. Of the 100 cities with the greatest exposure to natural hazards, 21 are located in the Philippines, 16 in China, 11 in Japan and 8 in Bangladesh. Analysis for the Natural Hazards Risk Atlas considered the combined risk posed by tropical storms and cyclones, floods, earthquakes, tsunamis, severe storms, extra-tropical cyclones, wildfires, storm surges, volcanoes and landslides.

The Philippines’ extreme exposure to a myriad of natural hazards is reflected by the inclusion of eight of the country’s cities among the ten most at risk globally: including Tuguegarao (2nd), Lucena (3rd), Manila (4th), San Fernando (5th) and Cabantuan (6th). Port Vila, Vanuatu (1st) and Taipei City, Taiwan (8th) are the only cities not located in the Philippines to feature in the top ten.



The Cloud Standards Customer Council has released version two of its guide to cloud security.

The abstract reads as follows:

“Much has changed in the realm of cloud computing security since the original Security for Cloud Computing whitepaper was published in August, 2012. The aim of this guide is to provide a practical reference to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business. The paper includes a list of steps, along with guidance and strategies, designed to help these decision makers evaluate and compare security offerings from different cloud providers in key areas.”

Read the document as a PDF.

Wednesday, 04 March 2015 00:00

Responders are Human – With Limits

Business Continuity Planning is often theoretical.  After all, we can’t really know what we’ll need until a disruption occurs (and by then, it’s too late for planning!).  As a result, we have little choice but to make our best guess as to what we’ll need when something hits the proverbial fan.  A previous article discussed the pitfalls of assigning Business Continuity tasks to individuals because of risks to their availability.  You should also be cognizant of the limitations of those teams and individuals assigned to carry out recovery tasks.

BC Planning deals with many unknowns: what will happen, when it will happen, how severe the disruption may be.  We also don’t know how long the disruption – or the recovery from it – will last.  We may assume that assigned teams or individuals will stick with the recovery process until normalcy is achieved.  Is that likely?  Who knows?  But if it isn’t (if, for example, the recovery lasts more than 3 days) what is in our Plan to account for the limitations on assigned personnel? What kinds of ‘limitations’ must be accounted for?



Anyone who has ever used Business Continuity Management System (BCMS) knows that having access for your business, IT, and executive planners is essential for two critical reasons:

  1. YOUR SYSTEM MAY INHIBIT DATA GATHERING AND ANALYSIS: You need quite a bit of data from many sources in your organization in order to formulate your BCP. While meeting with all users is fantastic, it simply is not feasible—even in the smallest of organizations. Even though your BCMS is supposed to streamline this activity, limiting users can do the exact opposite. It FORCES YOU to gather data by going directly to the user or utilizing outside methods (e.g. spreadsheets or external survey tools). This requires extensive work outside the BCMS.




It is the end of an era for the Business Continuity Institute as Lyndon Bird FBCI has announced he is to stand down from his role of Technical Director. Over the last 21 years, Lyndon has become an integral part of the Institute, from his role as one of the founding members, through his position as Chairman of the Institute, to his job as Technical Director.

In nine years as Technical Director at the BCI, Lyndon has ensured that the BCI continues to have an effective and consistent voice on all matters of Business Continuity Management within the business, government, regulatory and academic communities. During his time, the Good Practice Guidelines have become a well respected source of global best practice, and the BCI has contributed significantly to the development of national and international standards.

On announcing his decision, Lyndon reflected that “although the BCI's work in all of these fields is ongoing, I feel my role as the main catalyst for this has changed. The BCI has grown to the point where it is staffed by a wide range of very competent people who are more than capable of dealing with the future challenges the Institute and the discipline might face. It is therefore an ideal time for me to move on and seek other interesting and challenging projects.”

On what lies ahead for him, Lyndon explained that "the opportunities created by the emergence of a wide-scale global resilience movement are very exciting and I look forward to continuing with my diverse writing, editing, teaching, commentating and consulting activities wherever in the world such opportunities emerge. I will no doubt be working with many BCI members in the future, albeit in a different capacity, but still with the same enthusiasm and passion for our subject.”

David James-Brown FBCI, Chairman of the Institute, described Lyndon as being "intimately involved with the establishment and growth of the Institute and has dedicated an enormous amount of his time and energy to making the BCI what it is today. Lyndon is truly one of the fathers of the industry and has been an inspiration to so many."

"On behalf of the BCI Board and the Membership I would like to express our heartfelt thanks and appreciation for an exceptional contribution; not just in terms of work but the personal attributes that Lyndon has brought. Lyndon will be sorely missed around the office for his wisdom, humour and humility; for his mentoring, his support and his encouragement. He will be missed by the Board for his dependability, his insightfulness and his clear thinking."

Steve Mellish FBCI, former Chairman of the BCI, and close friend to Lyndon, said of him: "Lyndon has always been reliably consistent in his passion for the subject and has such an astute capability to analyse situations and information to see connections or trends that many just don’t see. His devotion to the BCI has been there from ‘day one’ as one of the founding members. He has probably spent more time on the Board than anyone else I know including two terms as Chairman. To this day he still talks enthusiastically about the future and how business continuity and the BCI has and will continue to drive the whole resilience agenda going forward."

"If it wasn’t for Lyndon I know that I would not have achieved half of what I have done as a business continuity professional and without doubt, never have been so involved with the Business Continuity Institute. His wise counsel and support enabled me to face and deal with many challenging situations over my 12 years on the Board."