Abstract:

Business Continuity is relevant... right now!

Since the events of Y2K and September 11, there has been an increasing level of risk awareness - whether related to terror, pandemic, power outage, reputation, security, IT or other risks. The need for organisations to have proper Business Continuity (BC) planning and Disaster Recovery (DR) management processes in place is ever increasing, in order for them to continue their business in the event of a disruption, and maintain customer service levels, staff safety and job security.
Historically, IT has been the area of focus in terms of Disaster Recovery. However, a broader, whole-of-business approach is now becoming mandatory and regularly audited by government authorities, for example in the finance/insurance industry. But also in other industries, we see more and more awareness that the business - not IT - should be the key driver when optimising services, procedures and systems for Disaster Recovery.

The real issues

History has shown that, in real-life situations, IT systems do not tend to be the main headache for organisations when experiencing an outage or other crisis, during their attempt to achieve staff security and continue ‘business as usual’.
Instead, issues are more likely to evolve around discomfort of the Crisis Management team when trying to make informed and timely decisions during the course of a disruption – in particular if some of their key line managers are not around, when reporting is not in place as per normal operations, and in case the team has not rehearsed decision-making in a crisis situation. Other problems tend to relate to reputation management, handling the media, relying on notification plans, accuracy of key staff contact details and general staff awareness of the Business Continuity Plan – including IT’s own team recovery plan!
Breaking it down into bite-sized chunks

The ‘8-step cycle’ is Business As Usual’s BC health-check model based on best-practice. It has been developed in accordance with guidelines and standards, including DRII, AS HB221, NFPA1600, COBIT DS4, IO22399 and BS25999.

Step 1 - Business Continuity process objectives
Step 2 - Risk management
Step 3 – Business Continuity teams & buy-in
Step 4 - Key business process identification
Step 5 - Operational & financial impacts
Step 6 – Implementing & testing Continuity provisions
Step 7 – Business Continuity Plan documentation
Step 8 – Exercises, training & awareness

Even when the process has been implemented from steps 1 through to 8, new changes to any of the parts are likely to occur. After step 8, step 1 and following activities should be regularly reviewed. The overall improvement of the process by regularly reviewing and optimising all relevant steps is highlighted in the model.

How to implement Step 8 most effectively... With interactive Disaster Simulations?

This presentation will show how to most effectively use a rage of interactive training methods to improve staff awareness/knowledge about the recovery process....
• Defining pre-determined objectives of BC testing
• Choosing appropriate means/types of testing
• Making testing/training regular and routine
• Measuring the adequacy of your exercise
• Writing an exercise review report
• Other awareness creation methods

Keywords:

disaster, simulation, exercise, rehearsal, crisis, recovery, response, training.