Tag Archives: business continuity professional

Networking with DRI Istanbul

Exchange by DRI Istanbul has held its first event this Spring in Istanbul.  The event was an impressive start for Exchange, with about 40 attendees from 18 companies.

The day began with a discussion of the Professional Practices followed by a workshop and several working groups.  It concluded with an Executive Panel and a brief presentation on governance.

Photos of the event can be seen below.  For more information on business continuity in Turkey, please contact DRI Istanbul.

Important Resource for BCM in Turkey

Turkish coverThe DRI Ten Professional Practices for Business Continuity Professionals are now available in Turkish.  The Professional Practices are a body of knowledge designed to assist the entity in the development and implementation of a Business Continuity Management program.  Use of the Professional Practice framework can increase the likelihood that no significant gaps will be present in your program as well as increase the likelihood that the various parts of the program will work cohesively in an actual disruptive event.  This important resource will help DRI Istanbul serve Turkish-speaking business continuity and resilience professionals.

To download the Profesyonel Deneyimler, please visit MyDRI.

BUSINESS CONTINUITY MANAGEMENT & DISASTER RISK REDUCTION (DRR)

Philip Keshiro, DRI Nigeria

The Sendai Framework for DRR 2015 is a great improvement to the Hygo Framework for Action 2005 – 2015: Building Resilience of Nations and Communities to Disasters.

Having gone through the Hygo Framework, I summarized it with a statement ‘Developing countries help your citizens’.

It was generally not ‘punchy’ and clear BECAUSE any time I get in contact with those implementing DRR, the question is “what has Business Continuity got to do with DRR? ”. Hence, the understanding was flawed (my opinion), implementation was without a clear direction, and coordination was very poor.

I have gone through the Sendal DRR 2015-2030, and I am impressed with the detail and technical terms as shown below – as lifted from the document

The Hyogo Framework for Action: lessons learned, gaps identified and future challenges

1. It is urgent and critical to anticipate, plan for and reduce disaster risk in order to more effectively protect persons, communities and countries, their livelihoods, health, cultural heritage, socioeconomic assets and ecosystems, and thus strengthen their resilience.
2. There has to be a broader and a more people-centred preventive approach to disaster risk. Disaster risk reduction practices need to be multi-hazard and multisectoral based, inclusive and accessible in order to be efficient and effective.
There is a need for the public and private sectors and civil society organizations, as well as academia and scientific and research institutions, to work more closely together and to create opportunities for collaboration, and for businesses to integrate disaster risk into their management practices.

It is important to know that my concept of developing countries is basically AFRICA (Nigeria).

Expected outcome and goal

1. To attain the expected outcome, the following goal must be pursued:

Prevent new and reduce existing disaster risk through the implementation of integrated and inclusive economic, structural, legal, social, health, cultural, educational, environmental, technological, political and institutional measures that prevent and reduce hazard exposure and vulnerability to disaster, increase preparedness for response and recovery, and thus strengthen resilience

The pursuance of this goal requires the enhancement of the implementation capacity __and capability of developing countries, in particular the least developed countries, small island developing States, landlocked developing countries and African countries, as well as middle-income countries facing specific challenges, including the mobilization of support through international cooperation for the provision of means of implementation in accordance with their national priorities.

Findings

1. The goals if it has to be pursued, the knowledge base of the custodians of the DRR must be improved. The international community and the United Nations MUST come out with CLEAR statement that gives direction to help the developing countries who may not understand how to get this ‘implementation capacity’. Most developed countries and leaders within DRR do not even have a clear understanding of Risk Management, Continuity Of Operations Plan (COOP), Business Continuity Planning/Management, Crisis Communication. They do not know how this concept can be used as effective tool in reducing disasters.
2. Economic disasters are not even regarded as disasters, because industries are not generally seen as part of the SYSTEM, meaning that there is no direct connection between financial disaster (collapse of one bank) and physical disasters. To us, until you have deaths running into millions, then you have disaster, without mincing word, you will be told that according to the UN definition of a disaster, ‘this is not a disaster’.
3. A need to go down to the basic of what constitute a disaster and what is a ‘disaster chain’.

III. Guiding principles

(b) Disaster risk reduction requires that responsibilities be shared by central Governments and relevant national authorities, sectors and stakeholders, as appropriate to their national circumstances and system of governance;

(e) Disaster risk reduction and management depends on coordination mechanisms within and across sectors and with relevant stakeholders at all levels, and. it requires the full engagement of all State institutions of an executive and legislative nature at national and local levels and a clear articulation of responsibilities across public and private stakeholders, including business and academia, to ensure mutual outreach, partnership, complementarity in roles and accountability and follow-up;

(g) Disaster risk reduction requires a multi-hazard approach and inclusive risk-informed decision-making based on the open exchange and dissemination of disaggregated data, including by sex, age and disability, as well as on the easily accessible, up-to-date, comprehensible, science-based, non-sensitive risk information, complemented by traditional knowledge;

(l) An effective and meaningful global partnership and the further strengthening of international cooperation, including the fulfillment of respective commitments of official development assistance by developed countries, are essential for effective disaster risk management;

Comments

As beautiful as this guiding principles is, it can ONLY be achieve when different agencies and organizations have a level of understanding which is derived from a standard. Only then can there be coordination (on the field). Each of this organization would have acquired some level of capacity development, have a functional plan in place (within their “different” agencies), which would have been exercise (based on this standard) before coming together as one.
Most cases, you find out that confusion and stampede is the order of the day, where you have those wielding executive power without basic disaster management skill. This is an area we need to walk on.

For (I), This is where DRI International has to form a global partnership with UN to train different nations on the basic knowledge required to anticipate disaster, plan, with the ability to respond, and recover and build better facility that have been damaged or destroyed, using the principles of Business Continuity Planning
.
IV. Priorities for action

1. Taking into account the experience gained through the implementation of the Hyogo Framework for Action, and in pursuance of the expected outcome and goal, there is a need for focused action within and across sectors by States at local, national, regional and global levels in the following four priority areas:
2. Understanding disaster risk;
3. Strengthening disaster risk governance to manage disaster risk;
4. Investing in disaster risk reduction for resilience;
5. Enhancing disaster preparedness for effective response, and to “Build Back Better” in recovery, rehabilitation and reconstruction.

Priority 1. Understanding disaster risk

1. Policies and practices for disaster risk management should be based on an understanding of disaster risk in all its dimensions of vulnerability, capacity, exposure of persons and assets, hazard characteristics and the environment. Such knowledge can be leveraged for the purpose of pre-disaster risk assessment, for prevention and mitigation and for the development and implementation of appropriate preparedness and effective response to disasters
National and local levels
2. To achieve this, it is important to:

(a) Promote the collection, analysis, management and use of relevant data and practical information. Ensure its dissemination, taking into account the needs of different categories of users, as appropriate;

(d) Systematically evaluate, record, share and publicly account for disaster losses and understand the economic, social, health, education, environmental and cultural heritage impacts, as appropriate, in the context of event-specific hazard-exposure and vulnerability information;

(l) Promote the incorporation of disaster risk knowledge, including disaster prevention, mitigation, preparedness, response, recovery and rehabilitation,__ in formal and non-formal education, as well as in civic education at all levels, as well as in professional education and training;

V. Role of stakeholders

1. While States have the overall responsibility for reducing disaster risk, it is a shared responsibility between Governments and relevant stakeholders. In particular, non-state stakeholders play an important role as enablers in providing support to States, in accordance with national policies, laws and regulations, in the implementation of the framework at local, national, regional and global levels. Their commitment, goodwill, knowledge, experience and resources will be required.

(c) Business, professional associations and private sector financial institutions, including financial regulators and accounting bodies, as well as philanthropic foundations, to: integrate disaster risk management, including business continuity, into business models and practices via disaster risk-informed investments, especially in micro, small and medium-sized enterprises; engage in awareness-raising and training for their employees and customers; engage in and support research and innovation as well as technological development for disaster risk management; share and disseminate knowledge, practices and non-sensitive data; and actively participate, as appropriate and under the guidance of the public sector, in the development of normative frameworks and technical standards that incorporate disaster risk management;

(o) Increase business resilience and protection of livelihoods and productive assets throughout the supply chains. Ensure continuity of services and integrate disaster risk management into business models and practices;

(g) Ensure the continuity of operations and planning, including social and economic recovery, and the provision of basic services in the post-disaster phase;

Conclusion

I have tried to highlight areas where developing countries or individuals will find simple and direct instructions as road map.

It is important to state here that based on my personal knowledge and experience, the knowledge of business continuity planning as packaged by DRI International, is the basic knowledge required that can help executives in DRR Management, DRR staff and ALL agencies of government and ministries. Without this knowledge, the African continent will only be moving round in circles without direction, this will be evidence in the following ways;

▪ Lack of understanding of basic terms used in disaster management evidenced during regional and international forums (some officials will ask what is COOP, or Business Continuity Planning – What are these got to do with disaster).

▪ Lack of coordinated response during disasters

▪ Without appropriate plans, proper exercising which should improve plan will not be conducted, if conducted it is used as ‘public show‘ without any aim

▪ Different agencies will be working at cross road, trying to gain popularity from disaster incidents instead of focusing on safety and prevent loss of lives.

It is important that we all take the management of disaster as a profession, and create an appetite for more knowledge in disaster management.

DRR/Safety Institutes, Federal Government, State Governments and Local Governments MUST strive to have the knowledge of Business Continuity Planning principles which is an appropriate tool for Disaster Risk Reduction and a MUST.

May I ask, are you certified?

Kindly contact us on the following; 08054561141, 08125377462, or onaskme@dri-nigeria.org for further inquiries.

Please see www.drii.org, www.dri-nigeria.org

Yours sincerely,

PHILIP KESHIRO ABCP, CISSP, CISA, COBIT 5, AIMIS, ACIA, AISPON, MBA
PROGRAM DIRECTOR

DRI Course Content

BCM - Year 2015 Schedule

1

Avoiding Fatal Mistakes in Business Continuity – The Middle East Perspective!

Ayesha Al Bakoush, CBCP, CRA

Businesses and organizations are not immune to crises and therefore planning for the unexpected must be considered as a sound practice. Many organizations are unprepared to handle workplace crises, operating under the myth that “those things won’t happen here.” While most of us do not like to think about crises happening to us, planning to deal with them proactively and effectively would help protect human lives, prevent damage and reduce the likelihood of financial and non-financial impacts.

The whole concept of business continuity is relatively new to the UAE. Subsequent to the issuing of the first Emirati business continuity standard – AE/HSC/NCEMA 7000:2012, the majority of the government organizations have started to adopt business continuity into their strategies and have initiated plans from scratch. There are many factors that contribute to the success of business continuity plans, for example: obtaining the executive management support, completing the Business Impact Analysis and Risk Assessment. However, those elements alone cannot guarantee the effectiveness of the business continuity plans.

Business continuity should be more than just a plan, ideally it should be integrated into the culture of the organization and be part of daily operations. This article will undertake analysis of various reasons why business continuity plans might fail even if they cover all critical planning aspects.

  1. Experience & Right Skillset

Although learning the hard way is not always the best option, but the lack of experience in disasters usually leads to wrong decisions as well as the focus on areas that might not be crucial to the organization. Due to the fact that our country is considered to be a safe country and we do not face fatal disasters of any kind, it might be a challenge for organizations to plan and consider events that they have never faced and they don’t even know whether those events are going to ever happen.

1

Ideally training and professional accreditation is one of the best solutions, it helps professionals broaden their horizon about the topic through their networking with other professionals and help them gain more insight about the topic. Also, exploring other organizations who have robust business continuity plans in place and learning from their lessons.

The embedding of the business continuity into the culture of the organization is key to the success of the program. An experienced business continuity professional who knows and understands the culture of the organization he/she is working for, should be able to put plans and ideas to slowly and steadily engage the staff and make it easy for them to absorb the business continuity concept and make it fit into their business and operating models.

  1. Training and testing

Training and testing usually shows how serious an organization is about its business continuity plans.  Due to the resistance factors to new projects, business continuity plans might just end up as a document on the shelf that is never used or looked into. In addition, the safe culture and the lack of exposure to disasters might encourage organizations to skip testing and training which might be considered as a disturbance to normal operations and an unwanted task.

FeaturedTraining & testing are the best indicators to ensure the  proper execution of a business continuity plan.  As per DRI’s 10 Professional Practices, BC plans should be tested at least once a year to ensure the awareness of the employees about their roles and responsibilities and what is expected from them in case of disasters. It is also important to utilize different types of testing ranging from table-top to full scale exercises, each organization should choose the type of testing that suits the nature of its operations taking into consideration the maturity level of the Program.

  1. Over doing it

Many organizations fall into adding too much operational details to their business continuity plans to ensure the availability of all required information.

Another common mistake is “abusing” management support to force the implementation and execution of business continuity-related or non-related processes. In other words, business continuity related terminology might be used the wrong way to drive change into the organization which will demotivate staff and minimize their sense of engagement and ownership.

Business continuity plans should contain the information about critical staff and functions in a brief and well-structured way that makes it easy for the staff to read and execute. Details and long processes should be eliminated from the plan and kept into a separate appendix to minimize confusion, save time and effort. Also, shortcuts to long processes should be taken into consideration and activated during disasters to overcome human resource shortages.

With regard to the use of management support, business continuity professionals should know the required amount of pressure they should use with their staff to enforce rather than force change. Also, staff should feel that they are engaged and involved which will motivate them to contribute towards improving the plans.

  1. Wrong assumptions

4Understanding the nature and culture of the organization is a key element in building a successful business continuity program. Business continuity objectives should be aligned to the organization’s objectives to ensure maximum benefits. The ideal way to plan for disasters is to plan for the worst case scenario, but the question is: how bad the worst case can be? In this case, professionals should be realistic while planning for the worst case.

Business continuity professionals should flawlessly understand management expectations from the business continuity program. The most successful program is one that is tailored according to the needs and expectations of a specific organization. It is also required from business continuity professionals to have a strong vision about what might make a disaster even worse, and what would be the potential solutions or backups if further incidents do materialize.

  1. Outsourcing

5In some cases outsourcing might be a suitable solution to transfer risk and accountability to a third party. However, if an organization is planning to keep its critical functions up and running during a disaster, outsourcing or signing a contract with a third party promising to deliver a service or a product during a disaster is not enough. No matter how strict the legal terms and conditions are, if the service provider fails then the whole process fails.

Before outsourcing or transferring accountability to a third party, an organization should make sure the service provider has their own business continuity plans updated and tested. Also, service providers and third parties should be part of any organizations business continuity testing and training to help define expectations and outcomes from both sides. In addition, it is very critical to always have a backup plan in case the initial plan fails. In this case, finding more than one provider for the same service or product and keep their information documented and updated. And most importantly get them engaged and updated regularly.

Conclusion

Business continuity is a holistic approach based on simple and clear methodologies, if planned properly will ensure the continuity of an organization’s critical functions during disasters, and safeguards its human and physical assets. The implementation of best practices and international standards alone are not enough to ensure the effectiveness and the success of a business continuity plan, rather, it should be realistic, simple, flexible, and up-to-date.

Creating and maintaining a successful business continuity program is more than following a set of best practices; nevertheless, avoiding the above mistakes can enable a more effective capability that aligns to organizational needs and drivers.

 

Ayesha Al Bakoush is currently working as Principal Business Continuity Specialist with Abu Dhabi Crown Prince Court. With over 10 years of professional experience, she possess strong experience and domain knowledge, ranging from implementing and auditing business continuity management programs, enterprise risk management, and project management. She has done her Bachelors in Information Management from the Higher Colleges of Technology in Abu Dhabi and currently pursuing Masters in International and Civil Security at Khalifa University for Science and Technology Research. The author is a Certified Business Continuity Professional and can be contacted at: ayesha.albakoush@gmail.com

 

New THRIVE! Middle East Edition Out Now

DRI is excited to present a special edition of its online magazine, THRIVE! This issue offers readers a first-hand look at the rising business continuity trends in the Middle East and the work of DRI-certified professionals in the region.

As a result of recent business continuity forums held in Abu Dhabi and Qatar, our growing community of certified professionals requested a DRI publication targeted to resiliency matters in the Middle East – matters that are universally relevant to BC pros around the world.

In this issue you’ll find:
• An interview with Mohammed Al Jenaibi, CBCP
• A guide to dealing with your vendors’ BCM planning
• A spotlight on DRI Istanbul’s first-ever Business Continuity Forum,
• And more!
Click here to read the issue, and catch up on previous issues of THRIVE! In our archives.