Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

PURPOSE

The purpose of business continuity planning (BCP) tabletop exercising is to demonstrate to management the ability of one or more critical business processes to continue functionality, within the required time frame, following an interruption.

OBJECTIVES

The approach to completing the BCP Tabletop Exercise is to first agree with business process owners and managers on the scope and objectives of the exercise. Facilitated sessions are then planned for the execution of the tabletop exercise. At a high level, the planning and execution of these sessions should include:

  • Selection of relevant scenarios for the tabletop exercise
  • Identification, notification and scheduling of appropriate personnel
  • A facilitated walk-through of the scenario, along with discussions on Business Continuity Plan actions and responsibilities
  • Capture of tabletop exercise notes, including issues and areas for changes/additions to the BCP documents
  • Assignment of responsibilities for BCP update work
  • Closing discussions.

Following the conclusion of the tabletop exercise, the facilitator and participants should discuss issues and comments relevant to the status of the business continuity plans. The business process managers retain ownership and responsibility for ensuring that appropriate changes and updates to the Business Continuity Plans are implemented

The millennium rollover, and events during the first few months of 2000 are no longer a mystery; they're history. We know what has happened, and what hasn't. We know how accurate the predictions were, and how they weren't too accurate. Yes, there may be a few surprises still in store as quarterly and special reports are run, but hopefully by the time you read this, Y2K will be history, and we'll be looking ahead. Now before we wipe the slate clean, and try and forget all the long hours and impossible deadlines, let's explore the likely legacy of that monumental effort.

Companies and governments spent billions of dollars and thousands of person-years attempting to protect their organizations from the so-called Millennium Bug. Was it worth it? More to the point, was there an option? In hindsight, critics will abound and the murky vision looking forward will now be a crystal clear assessment of history. But let's set this tongue-wagging aside and see if we can find a few "pearls" in the graveyard of Year 2000 plans and strategies.

What, for example, might never have happened, or at least not so promptly, without the impetus provided by the insidious nature of the Y2K threat and a fixed deadline? We believe many organizations have taken a quantum leap in their level of resilience, perhaps without realizing it, through the plans and preparations they put in place. Today, our challenge as continuity planning professionals is to ensure that the beneficial aspects of all this effort are not discarded. We worked hard to create a seamless defense against 'the bug', but we know further challenges lie ahead. Here are a few areas we might all benefit from thinking about, before the next unpredicted disaster disrupts our business operations.

The Stag Looking into the Pool

A stag, drinking at a clear pool, admired the handsome look of his spreading antlers, but was much displeased with the slim and ungainly appearance of his legs. "What a glorious pair of branching horns!" said he. "How gracefully they hang over my forehead! What an agreeable air they give my face! But as for my spindle-shank of legs, I am heartily ashamed of them." The words were scarcely out of his mouth when he saw some huntsmen and a pack of hounds making toward him. His despised legs soon placed him at a distance from his followers, but on entering the forest, his horns got entangled at every turn, so that the dogs soon reached him and made an end of him. "Mistaken fool that I was!" he exclaimed; "Had it not been for these wretched horns, my legs would have saved my life."

Since childhood, I have enjoyed the simple fables and underlying lessons of the famous Greek slave, Aesop. A while back, I drafted a book on management principles, using several different, mostly less well known fables, including the one above, to illustrate various principles of management. But having only recently entered the practice of business continuity planning, I began to find myself visiting these nuggets of wisdom again with a renewed point of view. The stag's story rang a particularly loud bell for me. Perhaps you may also find it useful as well.

It's too easy to conclude that the stag suffered from narcissism and merely got what he deserved for such a character flaw. But from the perspective of a contingency planner or risk manager, his fatal error was in wrongly prioritizing his resources. He admired his antlers and loathed his legs based on his apparently high valuation of appearance. The underlying issue is values: what things are most prized in the corporate culture and, more importantly, are they correctly prioritized? There is ample evidence that companies of all stripes embrace similar belief patterns: they place inappropriate emphasis on what they think are the critical vulnerabilities, processes or assets, while ignoring or shortchanging truly vital ones. One particular area stands out in this regard.

Executive Summary

Developing a Request for Proposal (RFP) for technology solutions is a well-accepted practice. It is a method for vendors to recommend enabling solutions that may give your company a competitive edge. On the other hand, preparing an RFP for consulting services often is considered unnecessary. This is not the case. Many companies look at bringing in consultants to help implement a Business Continuity Planning (BCP) program without really understanding what their end goals are. Preparing an RFP for consulting services will help you develop the proper scope and objectives, as well as choose the best consultant to do the work.

The table below shows the trend of using outside consultants to assist in the development and maintenance of a BCP program is increasing. The information in this table was taken from this year's survey of 531 companies relative to their business continuity planning program.

When it comes to hiring a consultant, we all know it is very important that you feel comfortable with the consultants themselves who will lead the effort. These professionals from outside your organization are expected to obtain some information from you and develop processes and plans for you to maintain and use. If they can't develop these processes and plans in a manner that is compatible with the way you run your business, the project will be a failure. In other words, the priorities and procedures developed must be consistent with your existing "corporate culture". If not, the procedures won't be followed; or if they are, your business, and business relationships may suffer. For example, consider a company where the employee needs are very important in the decision making process. A BCP plan that calls for these employees to work long shifts for extended timeframes, or who are required to travel without consideration to family situations is probably not consistent with the corporate culture. When hiring consultants you're looking for individuals who will share your company's values. However, if they can capture your corporate culture, but don't have the necessary BCP skills, the end product may not be maintainable, testable, or executable. The RFP process will provide the structure necessary to base your decision on specific criteria so you don't fall into the trap of hiring a consulting firm solely because you felt comfortable with the project team.

As the need for greater system availability intensifies across virtually every industry ' from global banking to just-in-time manufacturing ' network, IT, and other information systems managers are asked to guarantee an unprecedented level of computer uptime. To compound the problem, the platforms on which these critical applications reside have never been more vulnerable. They are often a mixture of leading-edge and aging technology and housed far from the protected environments sensitive electronics once enjoyed.

This white paper concerns the recently developed power protection system, distributed redundancy. Distributed redundancy ensures 100% power as it dramatically improves power availability, approaching the virtual 100% level. The unprecedented level of power protection is assured regardless of platform, application criticality, or downtime sensitivity ' when even one hour per year of power system downtime is unacceptable. Moreover, distributed redundancy doesn't compromise any aspect of system management, from the ability to easily perform equipment maintenance to the ability to fit within an investment/liability budgetary ratio. What follows is an examination of factors that led to the need for this level of protection as well as a detailed discussion of the components that comprise distributed redundancy.