ContinuitySA Chronicles Q3 2013 Newsletter


Published on

BCM, DR and Resilience - ContinuitySA quarterly newsletter focusing on business continuity management and disaster recovery within industry

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

ContinuitySA Chronicles Q3 2013 Newsletter

  1. 1. One highlight can surely be the Inaugural BCI Africa Awards taking place on the 10th September, where business continuity professionals throughout Africa will be recognised for their contribution to the BCM industry. The upcoming BizStrat 3rd Annual BCM & DR Conference in September, where ContinuitySA is the Platinum sponsor and the BCI SADC Chapter are the endorsers has a full agenda and this can be found towards the end of the newsletter or you can click here to down- load. Organisations and BCM professionals should be present at, at least one of the upcoming events, where you will receive tremendous insight into trends and changes within the business continuity industry. After all companies should be fo- cusing on making their companies more organisationally resilient. The recently launched Disaster Recovery Preparedness Benchmark (DRPB) Survey is still available and you can click here to access the online survey. Preliminary results have already been published and tell us that 3 in 4 com- panies are at Risk and or Failing to Prepare for Disaster Recovery. The results can be found on page 18 to 22. WAR is dead. Really! Michael Davies covers why he feels that work area recovery is still very relevant within business continuity. Tracey Linnell highlights why the Good Practice Guidelines 2013 has grown Business Continuity as a discipline and how GPG 2013 goes beyond descriptive statements and gives practical advice, so as to ensure business continuity measures stay effective. Planning – Life, Death and Resilience is a humorous and lighthearted article to show organisations that they should be more resilient. The average absenteeism rate amongst SA companies is estimated between 3.5 and 6 per cent per annum and trends show continuous increases and this looks like it could definitely be a growing crisis for companies and even the economy. Terry Booysen, CEO of the CGF Research Institute, covers absenteeism in the workplace. On that note, ContinuitySA has several BCM training sessions for the remainder of this year, so if you require any form of BCM training then be sure to view our upcoming events on our website which will give you full details on what our five-day BCM training covers or contact our training department via Just a reminder that we are continually looking for contributions of articles, case studies and white papers to include in our future issues of our newsletter, so for any submissions please feel free to contact me. Wishing you all health, wealth and resilience. Cindy Bodenstein Q3 2013 Keeping ContinuitySA clients informed 1 It seems that industry, media and events companies are all focusing on business continuity management and disaster recovery in the later part of this year. There are several BCM and DR events and conferences taking place in September and October, not forgetting the BCI World Conference in November, so be sure not to miss out on these strategic events. In this Issue Editor’s Note BCM, DR and Resilience2 WAR is dead! 4 New Good Practice Guide- lines take BC to the next level 5 Migration & Cross-Platform Data Sharing Solutions 6 BCM: the value- add for business interruption 9 BCM is good governance 11 Planning - Life, Death & Resilience 14 Triple4: Simple & affordable enter- prise backups 15 ContinuitySA launches virtual fax solution 16 Absenteeism: Eroding Company Profits 18 IT DRP Benchmark Survey Now Online 19 Preliminary DRPB Results Report 2013 25 Can your business survive disaster? 27 BizStrat’s 3rd Annual Confer- ence Agenda 33 ContinuitySA Training Dates All Links are now Interactive!
  2. 2. 2 Work Area Recovery (WAR) is dead’ so they say, but from experi- ence I do not believe that. Virtualisation, cloud computing and a more mobile work force has definitely impacted the way organi- sations conduct their Business Continuity Management (BCM) programmes and changed them in a positive and more effective way. Technology is changing and evolving at an accelerating rate and bandwidth is becoming more accessible and cheaper which makes it an exciting time to be in as virtually all organisations rely heavily on their ICT systems to operate. Organisations are looking towards elegant IT solutions for organisational resilience and there is a tendency to think that mobilising a work force around the Cloud is the way to go. This has an appropriate place in an effective BCM programme but it is not THE BCM programme. In addition to the mo- bile work force concept we have increas- ing adoption of ‘Bring Your Own Device’ (BYOD) policies which allow employees to use personally owned technologies such as laptops, tablets like the iPad and smart- phones to access privileged company in- formation and applications. BYOD is gaining more acceptance by businesses as increased productivity is becoming ev- ident with employees using both personal and business devices. In an article by Heino Gevers published in the Business Day (14th August 2013) he states that South African Organisations are gradually losing control of critical business information and that ‘A study shows that 81% of IT managers in British and US mid- sized organisations are concerned that employees are putting sensitive data onto consumer-grade cloud storage and serv- ices. It is important for any CIO and risk of- ficer to acknowledge that there are certain limitations and challenges with re- gards to relying on the Cloud and mobility as the backbone of a Business Continuity Plan (BCP) and I would suggest that the following points are considered; • Reliable connectivity is critical and should be planned to be resilient. The issue is not when 20% of your staff are mobile, such as a sales or consulting team, that remotely connect for work purposes but when a disaster is in- voked and your BCP is for 1,000 em- ployees to remotely connect to the network. • As employees introduce their personal devices to company networks, security and protection of company informa- tion will become a greater challenge. Business critical data stored on mobile de- vices is growing thereby making security more important and remote access to such devices needs to be thought through with regards to policy. • The proliferation of BYOD and an in- creasing mobile workforce necessi- tates deploying a remote access service that provides a layered security approach that mirrors the organisa- tion’s security and access to informa- tion policies. • As more employees become part of the mobile work force relying on the Cloud and the organisation’s network a highly scalable VPN infrastructure is required. By Michael Davies, Chief Executive Officer, ContinuitySA WAR is dead!… …and other fallacies
  3. 3. TOPICS ON THE AGENDA Recognising the threats: An as- sessment of the top business continuity threats South African organisations face Managing the risk: Planning and developing a business continuity solution in line with the organisation’s risk profile Ensuring resiliency: Having ef- fective backup and efficient recovery to ensure resiliency across all layers of the business Achieving compliance: Under- standing legal requirements and the role of corporate gov- ernance in your business conti- nuity plan Enabling flexibility: Having suf- ficient adaptability to handle ever-changing business requirements Realising a return on your in- vestment: Utilising business continuity management as a platform to increasing growth Who’s getting it right and how: A collection of local case studies highlighting how SA corporates have successfully addressed specific business continuity challenges 3 If your organisation manages to overcome the challenges then it can benefit from such things as; • Having a mobile work force which presents a good BCM strategy by de- fault as users become accustomed to working from various locations. • Mobile users are better equipped to deal with mundane interruptions, e.g. severe traffic congestion and lack of access to the normal work place. • With the rapidly evolving consumerisa- tion of mobile IT devices, organisations embracing the technology now should aim to be dynamic thought leaders adopting to the ever changing IT land- scape as opposed to setting fixed, rigid technology strategies. But WAR is by no means dead. In most or- ganisations there are certain departments that will require an office to work out of for a number of reasons. For most part, fi- nance and legal are just two of such de- partments which require access to original documentation and tend to be office based by the nature of the work. Call cen- tres are another example of employees re- quiring office space in time of disaster, should they not be able to work at their normal place of work. One could not imagine 600 call centre agents being de- ployed to work from home, for numerous reasons, security and remote connectivity to start with. Furthermore, there is already a feeling that mobile users work against the harmony and integration people build when work- ing together in an office. With little team interaction apart from through the internet and emails, cohesion between working teams breaks down. Some companies are bringing people back to the offices revers- ing ‘work from home’ or alternative loca- tion trends. I am all for technological advancement and welcome the Cloud and growing mobile workforces to improve resilience and business continuity within organisa- tions but also recommend that these fit into sound comprehensive BCM principles for the organisation. The Business Continu- ity Plans of an organisation should be en- abled by IT and not driven by IT. To this extent most organisations will still re- quire work area recovery incorporated into their BCM strategies into the future. Long Live WAR! Say goodbye to downtime Book for ITWeb's Business Continuity 2013 today. ...because business doesn’t have a pause button In today's interconnected world, virtually every aspect of a company's operation is vulnerable to disruption. Some risks could take your business offline for days, but in a competitive environment, even four hours of downtime could prove fatal. Yet in this context, business continuity has to become better, faster and cheaper. Your business must demand an uncompro- mising commitment to ensuring the resilience and recoverability of systems. You will learn how to achieve this at ITWeb’s Business Continuity 2013. So, future-proof your business by booking your seat today.
  4. 4. 4 Updated Good Practice Guidelines recently issued by the Business Continuity Institute offer practitioners and companies alike a significantly improved set of methodologies that are easier to follow and implement. “Business continuity has grown consider- ably as a discipline, and the new guide- lines reflect that,” says Tracey Linnell, general manager: Advisory Services at ContinuitySA. “Good Practice Guidelines 2013 go beyond descriptive statements to offer practical ‘how-to’ advice in layman’s language. They will contribute to making business continuity measures much more effective.” Linnell says that the Good Practice Guide- lines complement the International Stan- dards Organisation standard for business continuity (ISO22301): following the guide- lines will help companies ensure they com- ply with ISO22301. Among the improvements in the 2013 Good Practice Guidelines, Linnell singles out the greater focus on the supply chain and outsourcing. The guidelines go into much greater detail to show how business continuity plans must include suppliers. “You are responsible for ensuring that your suppliers have adequate business continu- ity plans and systems in place,” Linnell explains. “These guidelines take into account that businesses operate in, and are dependent on, complex ecosystems and that business continuity needs to span all their components.” Another important improvement is the guidelines’ deeper focus on the responsi- bility of top management to support business continuity initiatives – and how to make that support a reality. For example, they suggest building business continuity into executive performance appraisals. “Executive buy-in has been a problem in the past, so practical advice on how to obtain it is welcome,” she says. A related issue is the embedding of busi- ness continuity into the way a company does business. Here again, the guidelines notably shift focus from theory to action. In general, says Linnell, this is an area that receives too little attention but is vital if business continuity plans are really to be effective. The 2013 guidelines also amplify guidance regarding business impact analysis, and show how this can be undertaken at various levels: strategic, tactical and oper- ational. One area in which the 2013 guidelines fail to deliver improvement is in the validation process, where the 2010 guidelines offer a set of processes that are more thorough. However, says Linnell, the review portion of the validation process is much improved. “Once the business continuity plan has been completed, it needs to be reviewed for effectiveness. The 2013 guidelines offer functions, execution processes, methods and techniques as well as outcomes for each of an expanded number of areas,” Linnell says. “Crucially, the review process also incorporates supplier performance – another welcome recognition that a company’s business continuity efforts must cover the entire ecosystem on which it relies.” By Tracey Linnell, General Manager: Advisory Services at ContinuitySA
  5. 5. 5 Migration and Cross-Platform Data Sharing Solutions The recent data explosion has IT departments scrambling to adopt new storage solutions. At the same time, aging first-generation systems are becoming a liability, while new legislation is driving regulated industries to evolve their infrastructure for increased security and availability. As if all of this isn’t enough, mergers and acquisitions are at an all-time high and enterprises must quickly integrate teams and functionalities using varied legacy platforms. M igration & Cross-Platform Data Sharing solutions from Vision enable you to per- form easy, no-risk, near-zero downtime migrations to and from any combination of physi- cal, virtual or cloud platforms. And, if you need to share business-critical information between data- bases, applications and platforms as rapidly as it becomes available, we have the solution that gives you the competitive edge you need. Near-zero downtime migration solutions for any combination of physical, virtual or cloud platforms A Complete Migration Competency that Helps You Succeed Today, organisations deploy new technology quickly to keep up with competitive forces and expectations for profitability. With a long laundry list of technology to-dos, your finite IT resources are often stretched to the limit. Vision Solutions has competency in the skills and toolsets needed to eliminate the strain on your resources; dramatically reduce server downtime, and offset the risks associated with migrating complex, multi-layered computing environments. Regardless of OS or hypervisor, Vision Solutions offers the technology needed to make every in- house migration a success. And if you need more horsepower, our professional services experts can put their knowledge and best-practices method- ologies to work for you. We’ve successfully migrated tens of thousands of servers and have several different ways to handle yours. - Deploy strategic new systems more quickly - Ease the strain on your internal IT resources - Eliminate downtime - Mitigate the risks associated with untested processes Migrations Made Easy Double-Take Move allows you to migrate physical and virtual workloads with real-time replication from a single, intuitive user console. Protect your productivity with resource friendly technology that eliminates user and application downtime during migrations. Double- Take Move migrates your entire environment including the file system, permissions, attributes, compression and encryption settings without suspending production operations. It also moves database files regardless of whether those files are locked by applications. True data replication functionality precisely duplicates the appli- cation’s native write processes with real-time transaction awareness. Double-Take Move advantages: - WAN-friendly, real-time data replication - Moves operating systems, applications and data from one make, model and server configuration to another - Continuously captures byte-level changes to a server’s OS, applications and data - Hardware independent; can also be used for migrating virtualised workloads back to physical servers To learn more, watch our videos, read our product datasheets, listen to live- conference from our expects, and download free white ‘Solving the Technol- ogy Migration Puzzle’ and much more, visit the websites: Contact us today: / +27 11 561 0900 / +971 (0) 50 847 6734 / +32 (0) 473 672974
  6. 6. 6 Business continuity management: the value-add for business interruption Business interruption (BI) insurance provides businesses with vital protection against the possibility of a severe disaster – something that, according to one source, one in every 500 businesses will experience. When directors and executives look at ways to mitigate this risk and give the company its best chance of returning from such a disaster, business interruption insurance is an obvious answer. However, it must be understood that the chances of a company surviving a major disaster are slim. A leading brokerage noted that 43% of companies that experi- ence a disaster never reopen their doors and that 29% close down within two years. It follows that preventing a disaster from happening in the first place should be a businesses number-one priority, with the second being a resilient and tested plan for returning to the normal operational state as soon as possible. It is here that business continuity manage- ment represents a massive untapped op- portunity for insurance companies to differentiate themselves from competitors, and position themselves as true business partners to their clients rather than simply “premium-takers”. Building this type of relationship with clients is vital for insurers, given the trends that are changing the industry. The main driver of these trends is the increasingly connected nature of business. This connectedness has interlinkedsuppliers, providers and, crucially, customers more closely and trans- parently than previously – and has empow- ered customers like never before. Thanks to the Internet, both corporate and individual customers now have unprecedented ac- cess to information about competing prod- ucts and services they wish to purchase – including insurance. Customers’ expecta- tions for personalised offerings and service have also been raised. And, as we all know, the Internet also fur- nishes a platform on which customers can broadcast displeasure at poor service or unfulfilled expectations. This type of transparency means that insurers are under tremendous pressure to provide products that are highly differen- tiated and tightly focused on delivering customer value. When it comes to business interruption, I would argue that business continuity management offers a way to achieve both goals. In a sense, business continuity management and business interruption insurance are sides of the same coin – pro- tecting the customer from catastrophic loss – and complement each other. It’s important, though, to understand how they differ. Business interruption insurance kicks in after a disaster occurs. Its value lies in the accuracy with which the customer’s potential losses have been calculated, and the length of time (in- demnity period) for which they will be cov- ered. It’s obviously vital in providing a company with the cash flow needed to pay those expenses that continue despite the disaster (such as salaries) and also the resources for re-establishing operations. Business continuity management, by con- trast, is more proactive because it provides an holistic process to identify potential threats and their impacts. Crucially, it also offers a rigorous framework for building organisational resilience, including the capability for effective disaster response. In short, while business continuity manage- ment cannot prevent all disasters from happening, it can reduce the likelihood of one occurring, and can contain the loss of revenue and reputational damage linked with a disaster that does occur. It is a mature discipline, and the recent intro- duction of an ISO standard (ISO22301) further strengthens it. One might argue that by helping compa- nies to reduce their risk, business continuity management actually could reduce an insurer’s premium income. But the fact of it is that the majority of clients are already underinsured for business interruption – by 30% according to one broker. This means that when one gets to the claim stage, the By Ryan Holmes, Business Development Manager: Western Cape, ContinuitySA
  7. 7. 7 Should you have any enquiries as to how you can make a difference or would like to be included in regular communication, please contact: Louise Theunissen (MBCI)(PMP), BCI SADC Chapter Board Member Mobile: +27 82 928 7158 or Mail to: BCI SADC Chapter Forums insurer faces protracted disputes and the risk of negative perception in the market- place. In fact, as I have already argued, it’s likely that the customer will go out of business altogether, which means a total loss of that income stream for the insurer. By contrast, by working with a reputable supplier of business continuity manage- ment services, the insurer can position itself as providing a more comprehensive ap- proach to business interruption, one that encompasses risk mitigation as well as risk cover, and one that enhances the chance of the client recovering from the disaster. By providing these capabilities, business continuity management should ultimately lead to higher levels of customer satisfaction, and perhaps the opportunity to broaden the scope of the relationship between the customer and the insurer – as well as improved marketplace reputation. And isn’t a good reputation one of the foundations of the trust on which a suc- cessful insurance business is built?
  8. 8. By David Bollaert, Senior Advisor, Business Continuity Management at ContinuitySA 9 Business continuity management is good governance “Corporate governance aims to put in place the mechanisms necessary to en- sure a company is sustainable, in every sense. Business continuity management has an important role to play in achieving this goal because it identifies threats and provides a framework for responding to them,” says David Bollaert, senior advisor, Business Continuity Management at Con- tinuitySA. The bitter truth is that controls don’t always work to protect organisations against all threats. When a catastrophe occurs, busi- ness continuity management provides the safety net that aids recovery. Bollaert cites research by Rory Knight and Deborah Pretty showing that companies with a re- covery plan were able to respond better to a crisis and were ultimately able to in- crease their value relative to unprepared companies by 22 percent by the 225th trading day. Other research indicates that 25 percent of those companies that are hit by a disaster simply never recover at all.1 It’s also worth noting that the sustainability trends and risks faced by companies over the coming decades are growing in com- plexity and impact. Among them we should list climate change and associated extreme weather; scarcity of energy, water and materials; increased popula- tions; wealth disparity; increased consumer demands; food security and massive ur- banisation. Other risks include increased global out- sourcing, supply chain complexity, re- liance on third parties and ICT to operate, and a client base that is more aware and demanding of demonstrated resilience capabilities. Perhaps unsurprisingly, the average Global 1 000 company gives itself a 40 percent chance of suffering a catastro- phe that would destroy more than 30 per- cent of its market value over any five-year period.2 “And yet, most firms are not adequately prepared for disaster. However, those that are prepared are far more likely to sur- vive – and may even be able to take ad- vantage of opportunities that might arise during a crisis,” comments Bollaert. “For that reason, the question of business re- silience has entered law, through the Companies Act, codes like King III, and regulations like PASA. However, many of these place too great an emphasis on IT and not enough on the bigger business continuity picture.” Given the key role that business continuity management can play in creating resilient companies, its own governance is vital. Released in May 2012, ISO22301 is the global standard for business continuity management, and provides a clear framework for the policy and programme management, ongoing monitoring and reporting, and also the routine gover- nance tasks that are needed. Bollaert adds that business continuity man- agement can also help companies realise the benefits of sustainability. As compa- nies reshape the way they do business in order to take into account the need to be sustainable, new opportunities for revenue growth from environmentally-friendly products and new markets open up. At the same time, the pressure to drive re- source and operational efficiencies can help to reduce costs, and improved trans- parency in identifying and mitigating risk will enhance a company’s ability to sur- vive and prosper. “Sustainability and business continuity management are closely interrelated,” he says. “If they are seen as potential profit centres, and levers of competitive advan- tage, then they are likely to obtain greater support from the board – and to be able to present a better account of its strength to investors and other stakeholders in its integrated report.” Good corporate governance is now mandated by law through the Companies Act. Compliance with the King Code of Governance (King III) has also become a requirement for listing on the Johannesburg Stock Exchange. Corporate leaders now recognise it as a prerequisite for good management and long-term sustainability of their companies. Less widely recognised is the link between good governance and business continuity management. 1 JP Morgan Chase & Co, “Disaster preparedness planning: Maintaining business continuity dur- ing crisis, disruption and recovery”, Perspective (2009), available at online/commercial-bank/ document/Perspective_DisasterPreparedness.pdf, p 2. 2 Intercep, “The business case for preparedness”, available at research/pubs/annotated-business-case_20-aug-2007.pdf, p 3.
  9. 9. 11 1 Humour … This article is not for everyone and I apolo- gise in advance for those who might be offended. Seriously though – take the hu- mour with a pinch of salt. 2 Do you have a plan …. I do hate hearing that phrase! In many an organisation a plan is still about “burst water pipes” and I am conscious that there is a stigma in the upper echelons of business which pegs Business Continuity Planning at that level. Scary! Isn’t it? 3 Human frailty …. Interestingly enough we as humans go through so much in any day (BAU) where we plan activities, expedite those that come naturally, make risk assessments whilst drawing off experience and core knowledge. We change the course of activities, deal with issues, constantly man- age our existence on tight budgets, build resilience to cater for lean times and YET - the moment we enter our business prem- ises we shrug off all those qualities and expect someone else (usually the senior management) to hold our hand, protect us and make all the decisions on our be- half. As humans we face an inordinate amount of risk and threats in any one day and yet we make it through the day – admirably so. 4 The organisation I reflect on my slightly ageing body and marvel at what a wonderful organisation it is. The brain (exec) is still pretty dynamic, it’s mature (well not always as I am a boy at heart, so slightly risk tolerant), and it has developed a remarkable propensity for survival in spite of the many crises (resilience) – instinctively reacting to circumstances and making decisions all the time – some at lightning speed (adapt- able). It is creative, passionate, competitive and professional (amongst other qualities). My brain however isn’t very resilient - it occu- pies a small but key piece of my body ter- ritory - and I don’t have a spare one if this one goes defunct. The best my brain can do is tell the rest of the body not to do stu- pid things that puts it in harm’s way. Yes - my brain can subconsciously manipulate my body to instinctively avoid immediate dangers and while that characteristic has matured quite well over the years it is still reliant on the rest of the body being in good condition - so regular maintenance of the limbs and internal organs (opera- tional bits) is mandatory. More so the skin, hair and nails need to be kept tidy, in good health and toned (branding). The face, gestures, postures and clothing re- flects upbringing, culture and style of my “organisation” (more branding and some marketing). Fortunately we have some spares (contin- gency options) which we could cope without but with some limitations (arms, legs, eyes, ears, lungs, kidneys and those things). In some cases we have lots of spares for the things we use the most (such as fingers). The way the brain interacts with other humans (societal organisations) reflects the standards my organic organisation adopts. It stands to reason therefore that if other humans do not adopt equally high standards and decent behaviours that my brain (exec) is unlikely to interact with them - and in most cases may well avoid those people. There are many benefits which my brain (exec) enjoys from keeping this organic organisation in a good state. As a result the rest of the body gets plenty of rewards - but more importantly the family of related organic societal organisations (wife, kids, in-laws, grand children, siblings, friends, colleagues, etc) benefit from this one enterprising existence. Of course - it (the organic organisation) cannot go on forever but the values, passion, reputation and standards are passed on in some way to all those who are a constant in the lifespan of my existence and so, even in death, my existence continues - just more widely spread (succession planning) and no doubt branded differently (changed). I could extract this analogy to fill another 20 pages but you get the idea! By Eugene Taylor FBCI MIoD(UK) TaGza (UK and RSA) www.TaGza.Biz Organisational Resilience Planning - Life, Death and Resilience
  10. 10. 12 5 A day in the life .... My exec (the brain) has a number of vital objectives to achieve each day and then it has other objectives as part of it’s never ending medium and long term goals - often requiring tweaking of plans as a result of circumstances in a constantly changing environment. Here is my story for one day .... I get up reasonably early and contem- plate my objectives, have a shower and a shave (health and safety) and contem- plate my objectives some more. I have a cup of coffee (mandatory compliance). I kiss the wife (more mandatory compli- ance but also good public relations man- agement). Some of my objectives need re-arranging as the wife needs me to pop by the shops on the way home (project management and change). I look at her stunning features and have some naughty thoughts (and book mark an idea for the board / brain). I get dressed and prepare to go to work (governance compliance, branding, rep- utation, survival). I contemplate my objec- tives some more. Then I get side tracked and dwell on this “going to work” malarkey. Why go to work? Well I don’t own a farm and need some food and if that naughty thought is to see the light of day I need to get some collateral to set the scene - house, car, flowers, diamonds, new after shave (major cost impact con- sideration, review of revenue generating strategy and serious project management needed). Oops! I have been distracted from my core business of survival - but the benefits far outweigh the risks (entrepreneurial development in progress with some risk assessment). I bring myself back to reality and focus on more achievable objectives - driving to work (mundane BAU stuff - all risks having been assessed and mitigated). I don’t remember picking up my keys (pure habit from having a standard approach). I don’t remember even open- ing the garage door to get my car out (objectively focussed and risk resilient). I do remember kissing the wife (more good public relations - fuelling an option for ex- ploring that naughty thought - which is fast becoming a sub conscious objective). I drive to work – I don’t remember how many traffic lights I went through or even what colour they were. I don’t remember how many bicycles I swerved past. I don’t even remember how many expletives came to mind when encountering the less competent and downright overly risk tol- erant organic organisations along the way. Heck! I don’t even remember which route I took or whether I changed my mind. I definitely know what speed I drove at be- cause I drive at the speed limit - of a jet plane. I didn’t even give a thought to the amount of fuel I had or the condition of my tyres (resourcing). I don’t even remem- ber putting my brief case in the car or even checking its contents (security). I don’t even remember checking my wal- let (funding) to see if that naughty thought had a chance - thank the lord for debit cards, overdraft facilities and credit (risk) - now I remember why I have to go to work. I get to work safely and haul out my secu- rity card (security management) - didn’t even bother to check I had that. I think I greeted the reception security and I must have swiped my card - I really don’t re- member doing that. Suddenly - I am no longer operating within the realms of sub-conscious competence (doing things effectively without thinking about them). I am now a mound of jelly trying to re- member the gazillions of policies pub- lished on the intranet and waiting for the booming voice of my boss to re-direct MY objectives that I have carefully consid- ered throughout the morning. She’s quite sweet actually (my boss) - no naughty thoughts there (against one of our policies) - but I don’t like the beard nor the swash buckling cutlass she carries under her arm - I DO remember that, al- though I think it was her iPad with a copy of all the policies - waiting for a chance to catch me in breach - which she won’t (corporate culture and behaviour is in- grained). I remember what I am employed to do, avert Madame Black Beard and get started (dedication). I read through some 200 eMails and idly calculate that a) there are a lot of people with no life who work until midnight and b) if each email takes me 20 seconds to briefly scan to decide whether it needs an action then I am spending ONE Hour a day of my precious time reading diatribe from others who don’t know how to use a phone as a phone any more. I work out further that on average I need to deal with at least 20 of these mails and those take about 10 minutes a pop! So another THREE+ hours on email (time manage- ment). OK - so 3 hours left to do my job which includes sitting in boring unstruc- tured meetings for 3 hours (strategy and delivery management)! Ah! Now I know why those others work until midnight (re- source management, commitment). I reflect on the possibility that I am more grumpy than usual (incident manage- ment) and so I turn my attention to that naughty thought to cheer me up and de- cide I WILL take lunch and to heck with the ever increasing pile of work (risk assess- ment). Anyhow - the day goes on and everything gets further out of control (crisis manage- ment). I fast track some of my work by sending emails and temporarily transfer- ring the liability (risk management), catch up with a lot of proper work (efficiency and quality), manage lunch (pause and reflection) and notice Madam Black Beard has put away the cutlass (customer satisfaction). She’s also stopped growling and barking orders so I must have done something right (performance assess- ment). So, that’s HER objectives sorted then (project management). I make a decision to come to work early the next day (loyalty). I go through the same conscious compe- tence routine to leave work as when arriving at work - naturally I don’t walk backwards or out the entrance gate (security). I somehow manage to get back home without incident (sub consciously compe- tent) - except someone at the shop had been noshing garlic for lunch (incident management). I like garlic but it’s not that great on someone else after 3 or 4 hours fermentation in the executive suite (the mouth).
  11. 11. 13 6 That naughty thought ..... There is a spring in my step when I walk through the door. I am armed with all the collateral to woo my good lady. I kiss her gently behind the ear - and she shivers (but it is cold here in the UK and the door is open). I uncork the wine, pour her a glass, haul out the flowers and arrange them near her favourite spot in the house (all con- sciously designed). The scene is set ..... (planning) I now lean over, tickle her ear (which has warmed up) and whisper sweet nothings in an alluring purring voice (marketing). Actually what I said was ...... “I have the Jeremy Clarkson box set of Top Gear and wondered if you would enjoy watching them with me”. Voila! Instant acquiescence - a thought in the morning materialising in a result! 7 Messages If you managed to read through this article (resilience) there are many messages how we apply ourselves naturally to the ever demanding tasks of getting through one day. Throughout the day, starting from when we wake up to when we go to sleep we are dealing with a myriad of disciplines (risk, threat, incident, project management, strategy, planning, security, quality, health and safety - to highlight a few). Yet - when we get to work we have to consciously focus on corporate behaviour re- quirements, compliance requirements and most importantly our day job. We regularly and formally change our working plans to accommodate objectives and management needs. Yet we manage our personal lives pretty routinely - even though there are many more responsibilities and ad-hoc activities that we subject ourselves to. Business Continuity Management is the one symbiotic discipline that encourages that very subconscious competence within people. It shouldn’t be hard, or require particular focus. It is a mature subject and needs to be fully understood. Planning is not just the “burst water pipe” plan. It’s about all the disciplines in an organ- isation working as one cohesive product as a fundamental strategic element for devel- oping resilience and response capability. It allows us to get through each day pretty unscathed. We are remarkably resilient as humans. We should be remarkably resilient as organisa- tions so that communities can sustain life, continue in spite of death and further develop ongoing resilience (Societal Security). Planning - Life, Death and Resilience
  12. 12. 14 That’s a problem which can be solved with today’s technology, says Scott Orton, sales director at Triple4. “The answer is a man- aged backup service which ensures backups are always done – and always done properly,” he points out. All well and good, but Orton says there is one other criterion which isn’t particularly liked by those who sign the cheques. “There’s a definite perception that managed backup means a high cost and therefore doesn’t add as much value as it should. As a result, while many systems administrators are well aware of the availability of backup services, it’s the price that keeps them doing it manually.” Triple4 is setting out to challenge the status quo by introducing busi- ness-grade managed backup services at what Orton describes as an ‘affordable price’. “We’ve taken the approach of providing a simple, affordable, yet enterprise capable backup service,” he confirms. Simplicity is built into solution, with a straightforward structure de- signed to meet the backup requirements of the vast majority of customers. Features of the Triple4 backup service include: • A single per-gigabyte cost based on customer production data. Triple4 doesn’t charge for the amount of data consumed in its cloud environment • All enterprise-class application-aware backups are included • Customers can backup locally and replicate to an offsite data centre, all inclusive in the per-gigabyte cost • Daily backups are retained for two weeks, monthly backups for 12 months and a yearly backup is retained. This is all-inclu- sive in the per-gigabyte pricing • Day to day management of the solution is included • Triple4 provides a ‘pay per use’ Disaster Recovery model that can be added to the backup service for those clients who re- quire it • A web portal is available for customers to remotely view and download their data as required. “We’ve set out to create and deliver a solution that is big on value but small on cost. It is a fully inclusive enterprise-grade backup serv- ice that only charges for the amount of data customers are using in production, and not the amount that is stored in the data cen- tre,” says Orton. So confident is he in the value and performance of the Triple4 backup solution that he says IT administrators (and financial man- agers) are welcome to contact the company for a free proof of concept. “We think our solution offers great value – and we also think anyone who sees it for themselves and sees the pricing, is in- clined to agree.” Triple4 offers simple and affordable enterprise backups Ask any IT administrator which task is the most painful for them and the chances are very good they will reply ‘backup’. While this has never been a popular or enjoyable job for the vast majority of those tasked with doing it, backups are also enormously important, with their value often only appreciated when it hasn’t been done properly. For more information contact or visit
  13. 13. 15 ContinuitySA launches cost-effective, secure virtual fax solution Fax remains a widely used technology in certain industries and geographies, and yet many companies have not taken advantage of new technology approaches to reduce costs and improve performance, says Rudy Sutton, solutions architect at ContinuitySA. The facts speak for themselves. More than 16 billion faxes are sent each year, ac- counting for 10.3 square miles of forest and adding unnecessary expense to the office budget. “Government, banking, finance and insur- ance are just three industries that continue to rely heavily on faxing, and yet somehow the technology they use remains rooted in the past,” Sutton says. “Traditional faxing is far from secure as fax machines are gen- erally shared, and the paper and ink costs can be horrendous. Even those compa- nies that are using fax-to-e-mail solutions are spending more than they need to.” One reason for this overspending, Sutton explains, is that companies are paying for premium fax numbers without even being aware of it. Another issue is the constant need to upgrade the technology, imple- ment patches and so on. ContinuitySA has partnered with the Virtual Group to create a virtual, hosted fax solu- tion that brings this still-useful technology into the 21st Century. “Because it uses the cloud computing model, the virtual fax solution is billed per use using true per-second billing, and we offer our clients up to 10 years archiving at no cost. We also provide them with high security via an access-controlled fax vault, which can be managed remotely,” Sutton says. “It’s also very quick—around one minute to transmit one fax page. And be- cause it is hosted by ContinuitySA, the leading African business continuity provider, the entire fax environment has full disaster recovery in place, so data is al- ways safe.” Sutton says that the solution typically shaves off 20-30 percent of the cost of a traditional fax-to-e-mail solution. When used from a PC, the user simply sends an e-mail using the e-mail programme to the fax number@ Incoming faxes are re- ceived the same way. No fax machine, no paper, no ink. The system automatically generates delivery notifications and has an automatic retry capability. It takes, says Sutton, a very short amount of time to get a user with an existing e-mail address and Internet protocol address up and running. “ContinuitySA is using the solution and we found it was extremely easy to get all our offices connected,” Sutton observes. “We are starting to take the solution to our clients and they are very interested in the cost savings, the security and archiving, and the ease of use. Faxing really has en- tered the Cloud Age.” By Rudy Sutton, Solutions Architect at ContinuitySA
  14. 14. 16 ABSENTEEISM: ERODING COMPANY PROFITS Article by CGF Research Institute A s the world economy struggles to regain its former pace and growth since the onset of the fi- nancial crisis in 2008, companies and their leadership may have overlooked a growing area of risk which could be costing them dearly. In almost all cases companies are able to count their losses in, for example, a line item which has an attached tangible value on their balance sheet from one period to the next. And these losses – or profits as the case may be – are invariably linked to a known risk which has been, or is still in the process of being managed. The point being that whether such a loss (or profit) is made, is normally directly linked, defined and clearly understood by the people respon- sible for ensuring the financial health of a company. Indeed, these people – who comprise the chief executive officer, the fi- nancial director and even the internal au- ditors -- are generally considered the core leadership team who are responsible for the proper governance of the company’s daily operations, which entails both the financial and non-financial aspects of the company. Whilst there have been numer- ous corporate governance recommenda- tions documented across the world, notably those such as the King Report on Governance for South Africa 2009 (‘King III’) which emphasiSes the need for inte- grated reporting amongst other issues; one can’t help but wonder whether or not the company’s leadership have suffi- ciently applied their minds and reported the costs attached to their Human Capi- tal, especially when employees are absent from their workstations and without proper permission? In many companies, Human Capital has been considered a ‘soft issue’ and not much attention is allocated to this critical ‘asset’, unless of course there is a blatant problem, say for example a looming strike or a contagious health outbreak amongst employees or worse, the death of an em- ployee. Clearly these types of examples pose tremendous risks to a company and its sustainability, and they are not such ‘soft issues’ especially when the business’ con- tinuity is negatively affected. On the con- trary, whilst these risks – which are quite obvious and visible – can also have signif- icant impact upon a company’s produc- tivity and its profits, there is yet a further risk which is much greater than these already mentioned, namely absenteeism. “While it is possible that high levels of absenteeism may be as a result of the nature of the work or the physical environment in which it is carried out, in many cases I believe the root cause is more likely to be lack of job satisfaction or motivation on the part of the employ- ees. In short, if people enjoy their work, enjoy the environment in which they work and feel valued, they are far less likely to take time off unnecessarily.” Alistair Schofield Article: Absenteeism - problem or symptom? At the face of it, absenteeism may initially be completely undetected, and in fact not known about, or completely misunder- stood and not managed. In many re- spects, absenteeism can be likened to a ‘silent cancer’ that slowly erodes the com- pany’s profits, productivity, morale and even its culture. In the workplace, absen- teeism is one of the most common problems facing South African (‘SA’) com- panies and it is estimated to be costing the South African economy – according to the South African Chamber of Commerce By Terry Booysen – (CEO) CGF Research Institute (Pty) Ltd
  15. 15. 17 (‘SACOB’) – between R12bn to R20bn each year. In its most common form, em- ployees will claim to be ‘sick’ and then stay away from their workplace to maxi- mize their days for annual sick leave, and even exceed their benefits well beyond reason. Expectedly, an unsuspecting com- pany may not at first easily detect such abuse against the company (especially in larger companies and state owned enti- ties), mainly because the stay-away may have appeared legitimate as the em- ployee may have produced a doctor’s certificate to validate their ‘illness’. But absenteeism need not necessarily mean that an employee has to physically be away from their employer’s premises without their employer’s permission. Ab- senteeism also covers instances where employees are physically away from their work stations and are therefore unable to fulfill their obligations to their employer. Such circumstances include the employee habitually arriving late or leaving work early; taking extended tea, lunch or toilet breaks; taking excessive and unreason- able time to complete work assignments and attending to personal issues such as shopping during working hours. The average absenteeism rate amongst SA companies is conservatively estimated between 3.5 and 6 per cent per annum, and with its increasing trends, suggests it may be a growing crisis within companies and the economy. And with the recent Reserve Bank announcement that South Africa was unable to attain a full one per cent (1%) GDP in the first quarter of this year; it’s clear that an unhealthy, lethargic workforce is not going to assist to rapidly improve this dire situation. Companies who are plagued with this scourge, and more particularly those who do not take proac- tive action to remedy the situation, will most certainly feel the direct and indirect effects on their bottom line earnings. Some of the expenses linked directly with absen- teeism include payments for employees who are not at work, increased insurance premiums, additional salary compensa- tions, benefit payouts, or paying for em- ployees who are at work but who are “disengaged” and therefore not adding to the overall profits of the company (pre- senteeism). Many organisations are mostly worried about absenteeism levels and the management thereof. However, research has shown that presenteeism proved to be more costly to organisations because it directly impacts on productivity and service delivery. It is estimated that pre- senteeism is costing US companies $150 billion per year. The term presen- teeism has been defined in 1994 by UK Professor Cary Cooper. He defined presenteeism as "workers who remain on the job but who are not as productive as usual due to illness, stress or any other type of distraction". Saehws Afriforte Article: Identify and Manage Presenteeism Risks Let us also not be tempted to believing that absenteeism occurs only amongst the lower-level workers; it also happens amongst professional employees, and is sometimes worse at the higher levels com- pared to what is recorded at the lower ranks. Whilst there is limited research pub- lished in SA regarding the management or control of ‘sickness’ absence, according to the Adcorp Employment Index (April 2012), there has been a four-fold increase in absenteeism due to sickness since 2007. Moreover, in 2001, whilst 0.7 percent of SA employees were absent from work due to sickness, this percentage increased to 3.4 percent in 2011 despite no notable in- crease in the number of people employed over the past decade. Considering these facts, companies need to not only address their management and policy processes, but they may also need to consider the reasons behind absenteeism and which appear to be escalating this trend. Some of the reasons cited by employees that ex- acerbate absenteeism include; • poor income levels of employees, • poor communications and relations between management and employees, • poorly managed workplace disciplinary procedures, • unincentivised employer productivity programmes, • poor working conditions and / or the boring or repetitive nature of work, and • unfavourable geographic location of the workplace and / or workstation. Finally, caution must be exercised by com- panies who may choose a more dracon- ian approach to stamp out absenteeism. Remember of course that an employee has many rights (as does the company) and these are essentially found in our con- stitution, our common law, the Basic Con- ditions of Employment Act 75 of 1997 and the Labour Relations Act 66 of 1995 amongst other legislation. No matter how your company may wish to address this escalating problem, sadly, research sug- gests that notwithstanding the most noble sickness-management systems and pro- grammes being implemented, few com- panies have effectively managed to solve this problem which is eroding the com- pany’s profits. Perhaps companies should be involving their employees more fully into the com- pany’s strategy and explain to them how they will personally stand to benefit from the company’s overall performance? This may change the employee’s attitude to- ward the company and hopefully they will be more willing to support the company with better workplace attendance and personal performance within a shared stakeholder governance model. Of course there’s no telling what the outcome will be if the company is continually posting losses, or if the employee is also going to be held responsible with management when productivity is down? But then again, the company also has its rights, and employees who are caught defrauding the company of time through this mali- cious practice could find themselves fac- ing disciplinary action, being placed on terms, or simply fired once they have been proved guilty.
  16. 16. As recent cyber-attacks and natural dis- aster events have shown, the need for IT disaster recovery preparedness has never been greater. However, research indicates that less than half of all com- panies have a disaster recovery plan in place, and even fewer have actually tested their plans to see if they will work as expected. This need to uncover the value of disas- ter recovery planning and testing, as well as gain a better understanding of DR best practices to make prepared- ness more cost-effective and efficient was the driving force behind a recently created Disaster Recovery Prepared- ness (DRP) Council. Formed by IT busi- ness, government and academic leaders to address these issues, its mis- sion is to increase DR Preparedness awareness, and improve DR practices. The DRP Council has developed an on- line Disaster Recovery Preparedness Benchmark (DRPB) Survey. The survey is designed to give business continuity, disaster recovery, compliance audit and risk management professionals a measure of their own preparedness in recovering critical IT systems running in virtual environments. Tweet This: @DR Preparedness Compli- mentary Online Survey Now Available Founding members of the DRP Council include: • Steve Kahan, Council Chairman, PHD Virtual • Dave Simpson, Sr. Analyst, 451 Group • Bilal Hashmi, Sr. Systems Engineer, Verizon • Michael Sink, Director Data Center Technologies, University of South Florida • Steve Lambropoulos, University of South Florida • Darren Hirons, Principal Systems Engi- neer, UK Health & Social Information Centre • Tyrstan Trenberth, CEO and Manag- ing Director, Trenberth LTD • Riaan Hamman, CTO, Puleng Tech- nologies • Carlos Escapa, Council Research Director , PHD Virtual • Anita DuBose, Council Research Director, PHD Virtual “Users can now benchmark their own disaster recovery preparedness and find out real answers on how they would be able to get their IT systems up and running within a realistic time-frame to meet stringent business require- ments,” said Steve Kahan, Chairman of the DRP Council. “Just 10 minutes of their time will provide them with some immediate feedback and a bench- mark score that rates your DR prepared- ness with other companies that have participated.” “I am unsure if our current best prac- tices are the best or most efficient ways to deliver our SLA,” said Darren Hirons, Principal Systems Engineer, UK Health & Social Information Centre. “Learning about best practices through the Disas- ter Recovery Preparedness Benchmark could help us learn new ways to shorten the SLAs and deliver better service to our businesses.” The DRPB survey provides a benchmark- ing score from 0-100 that measures the implementation of IT disaster recovery best practices. DRPB benchmarking scores parallel the grading system famil- iar to most students in North America whereby a score of 90-100 is an “A” or superior grade; 80-99 is a “B” or above average grade; 70-79 is a “C” or aver- age grade and 60-69 is a “D” or unsat- isfactory grade. Below 60, rates as an “F”, or failing grade. Supporting Resources Disaster recovery Preparedness Council: Disaster Recovery Benchmark Test: 18 Groundbreaking IT Disaster Recover Preparedness Benchmark Survey Now Online South African, Riaan Hamman, from Puleng Technologies, appointed to a New Global Research Advisory Council Created to Help Provide IT Professionals with a Reflective Measure of Their Own DR Preparedness. Preliminary Results Report 2013 available on the pages following this article
  17. 17. 19
  18. 18. 20
  19. 19. 21
  20. 20. 22
  21. 21. 23
  22. 22. 24
  23. 23. 25 Do you know how well your business could survive a disaster? A business’s ability to survive disaster is a key competitive advantage – and demanded by regulators and shareholders. What are the key success factors you should be evaluating? As members of boards and key board committees like the audit committee, chartered accountants play a well-recog- nised role in South African corporate life. Those oversight roles increasingly include risk management, an area into which busi- ness continuity management clearly falls. Business continuity management involves planning for possible future disasters in order to protect the company’s critical business processes – and thus its value streams – from disruption. The discipline arose out of the need to protect IT systems (IT Continuity) but now has come to a more holistic view, hat cuts across all key components of an enterprise, ranging from workforce continuity concerns to sup- ply chain matters. The growth in importance of business con- tinuity management can be traced also to the broadening understanding of cor- porate governance and risk management contained in the King Reports, the new Companies Act, JSE requirements and the Code of Practice of the Institute of Risk Management. These South African drivers are strengthened by international devel- opments such as the Basel Accords in banking, Solvency II in insurance, the Cad- bury Turnbull or Combined Code Reports in the United Kingdom and the Sarbanes- Oxley Act in the United States. The need to measure For all these reasons, people with very dif- ferent skillsets became involved in business continuity one way or another. Addition- ally, of course, organisations are at differ- ent stages of business continuity maturity. It became apparent that members of boards and their committees needed a consistent, objective way to measure the effectiveness of business continuity man- agement programme. In order to discharge their responsibilities effectively, boards are finding it helpful to have a clear structure in place to assess their business continuity arrangements. In my experience, there are 12 success factors for effective business continuity management, and so I recommend using them as a way to provide a structured and logical way for people with varying skills to get an objective view of their com- pany’s business continuity management capability. In the remainder of this article, I propose to explore some of the key elements in each of these success factors. Executive support. Governance and executive support are crucial for success. It’s important to assess whether business continuity management has become part of the corporate culture. Is there a high- level, defined objective with a policy framework aligned to the business? Is there a steering committee of some kind and, very important, a budget? Resources and expertise. No business en- terprise can be successful without the right people. Given its magnitude, more than one person is likely to be required. Other considerations include skills, training and performance appraisal. Core enterprise threat assessment. The or- ganisation needs to understand which re- sources it relies on, and what the impact of a disruption to each would mean. It also needs a thorough assessment of the threats to each of these critical resources. Extended enterprise threat assessment. All businesses to a greater or lesser extent de- pend on a wider network of suppliers and business partners. This extended value chain requires the same assessment. Reg- ulatory and legal risks would fall into this category. Continuity strategies. Having completed the previous two assessments, the organi- sation also needs to have identified possi- ble solutions, and evaluated each one based on a cost/benefit analysis that takes into account its appetite for risk. This evaluation should culminate in the selec- tion of various Continuity strategies. Incident management framework. The or- ganisation’s framework for dealing with a disaster should include management ac- tions at the strategic, tactical and opera- tional levels. It’s very important that there be defined communication links between these levels, both during the event and thereafter – the latter in order to assess success and learn lessons. The framework needs the right infrastructure to operate in the form of, perhaps, a command centre and a bulk-SMS capability. Incident response. In the event of an inci- dent, are there processes in place to pro- tect the organisation’s most valuable assets: its people. Reputation management. Depending on the company’s business and the nature of the incident, its reputation could be dam- aged. By Karen Humphris, Senior BCM Advisor, ContinuitySA
  24. 24. 26 Is there a crisis media management plan and policy in place, and is there aware- ness in the organisation about the reputa- tional implications of a possible incident? Business continuity plans. These plans need to be based on agreed objectives about the initial response, and how long it should take to resume normal business op- erations. Recovery infrastructure. Has the organisa- tion provided an alternative infrastruc- ture? This infrastructure would include work areas for administrative staff, and/or specific equipment in the case of a man- ufacturing operation. Are there supporting resources in the event that it becomes necessary to move to an alternative site? Such resources might include, for exam- ple, a “battle box” that contains staff con- tact details and the business continuity plans – basically what would be necessary to get the workplace successfully shifted to the alternative site. Other considerations would include an as- sessment of the risk profile of the alterna- tive site. Is it sufficiently distant from the primary site, and does it have sufficient in- frastructure in the way of utilities and so on? And whether the alternative site is managed by a third party or the organi- sation itself, it is imperative that there are service level agreements in place and that the service provider has its own busi- ness continuity management plans in place. Testing. Inevitably, testing is the success factor that companies find most difficult to get right – but one needs to admit that if a business continuity management plan is not regularly tested, its effectiveness is al- ways in doubt. A disaster is not the time to discover holes in your business continuity thinking and arrangements! There are various testing methods, among them desktop walk-throughs and simula- tions. Many companies also perform real- life drills, in which they inform a particular division that a specified disaster has oc- curred and then let it activate its business continuity plans for real. Assurance reviews and audits. In this final success factor, one needs to look at whether a change management frame- work is in place, plus an audit function and management reviews. All of this is neces- sary to ensure that there is a culture of continuous improvement within the busi- ness continuity management area. Scoring As will be clear, business continuity is a complex and far-reaching discipline, but breaking it down into these 12 factors makes it easier to assess methodically. Each factor can be scored according to international standards and good prac- tice guidelines. Our scoring distinguishes between five levels of maturity, from Level 1 (cannot recover from or survive a disruption) to Level 5 (recoverability is cer- tifiable). These levels correspond to per- centage ranges, and so each success factor’s elements can be rated in terms of percentage to generate an overall level for that factor. The assessment results are granular enough to provide many different analy- ses; for example, business units or individ- ual sites could be assessed. Having thus provided a snapshot of where the organisation is at present, it’s now much easier to identify where it wants to be – and how to get there. And that’s surely the key, because better business continuity management is aimed at ensuring a company that is more re- silient and thus at protecting shareholder value. Prodata Distribution, is a value added ICT Distribu- tion Company headquartered in Lyme Park, Johannesburg, South Africa. Established in 1992 it works with an extensive network of channel partners in the Sub-Saharan African region, and offers a wide range of software and specialist hardware solutions to meet the requirements of corporate, public sector and educational institutions. Direct Enquiries to: 0861 PRODATA | +27 11 561 0900
  25. 25. BizStrat’s 3rd Annual Business Continuity Management & Disaster Recovery Conference 10 - 11 September 2013 • Sandton Convention Centre “CREATING STRATEGIC BUSINESS PLATFORMS FOR INTELLIGENT INNOVATION” Conference Overview: It is of vital importance, for the sustainability of a Company/ Organisation, to have an ongoing Man- agement Level Process IN PLACE to ensure that necessary steps are taken regularly to identify probable Accidents, Disasters, Emergencies and Threats. Every Company/ Organisation has an obligation to en- sure that it is adequately prepared to deal with unexpected events and those Companies/ Organisa- tions which disregard this obligation face a gauntlet of unacceptable Risks. This involves assessment of the potential effect of such events, development of recovery strategies and plans. Moreover, there has to be a stable maintenance of readiness through Personnel training and testing. As a result, it is crucial for a company to adopt a Business Continuity methodology for manifestation to value disruptions that might occur at any given time. Effective Business Continuity Management helps to minimise the effect of symic events/ disruptions on a Company/ Organisation and also reduces the Risk of Financial loss. BizStrat’s 3rd Annual BCM & Disaster Recovery Conference will highlight the core Issues and Solutions of Business Continuity Management with regard to Enterprise Risk Management, Disaster Recovery and Scenario/Contingency Planning etc. The Conference will bring together Business Continuity Profession- als, Risk Management Executives, and Disaster Recovery Specialists etc. from all Industry Sectors as well as Government Departments & State Owned Companies, who have the desire to increase their knowl- edge base and gain insightful information regarding Best Practices and Strategy. Our Speaker panel consists of Senior Executives, Directors and Industry experts, who will be identifying and examining pro- cedures as well as Strategies, which will enable Companies to respond to Accidents, Emergencies and Disasters without any stoppage or hindrance to its key operations. This Conference will also provide Strategies to enlighten and enable the recovery of your critical systems within an agreed timeframe. Inaugural BCI Africa Awards: The BCI Global Awards recognise and celebrate the fantastic achieve- ments of Business Continuity professionals working out in the field in every country in the world. The awards are one of the key outputs of the institute and provide an important platform to put the spotlight on some of the amazing talent working in this rising industry as well as to highlight the need for organisations of all sizes to start putting business continuity high on their strategic agendas. It also pro- vides a platform to encourage new blood into the industry. The BCI SADC Chapter in support will be hosting the Inaugural BCI Africa Awards this year and will be opening the awards to everyone working in the business continuity industry across Africa. The BCI Africa Awards will be held on the evening 10th of September in conjunction with the BizStrat BCM Conference scheduled for the 10th and 11th of September in Sandton. Key Topics to be addressed include: • Your Risk Thermometer • Building Organisational Resilience – ERM meets BCM • The Risk in the Cloud, Management Systems in BCM • Incorporating Risk Management into the BCM • Developing an ERM program • Scenario Planning as part of the BCP • Building a Governance Framework for your Risk Management • Black Swan Risks Who must attend? • Senior Executives with the authority to Plan and Execute Strategy in their Organisations including CEO’s, MD’s, CIO’s, IT Directors/Managers, CRO’s, CTO’s etc. • Group Strategists • BCM Directors, Managers, Specialists • Strategic Planners • Business Strategists • Risk Managers • Compliance Managers • Contingency Planning • Business recovery Specialists • Disaster Recovery Platinum Sponsor: Endorsed by:
  26. 26. BizStrat’s 3rd Annual Business Continuity Management & Disaster Recovery Conference 10 - 11 September 2013 • Sandton Convention Centre CONFERENCE CHAIRMAN: MICHAEL DAVIES: Chief Executive Officer, ContinuitySA has been involved in the Busi- ness Continuity Industry for almost ten years, progressing from Financial Manager to Financial Director and ultimately CEO of ContinuitySA. He has spoken on Organisa- tional Resilience at BCM Conferences and heads up the largest independent BCM supplier in Southern Africa. Michael has completed a B.Com degree from the Uni- versity of Natal and a MBA from the Henley College in the UK. He is an affiliate of the Business Continuity Institute based in London and a member of the Institute of Direc- tors. Michael has previous experience in the IT industry within companies such as Di- mension Data, Enterprise Technologies, Amdahl, Computer Configurations Holdings and MGX Holdings. SPEAKERS: BRIAN HENRY: Chairman, BCI SADC Chapter is a Fellow of the Business Continuity Insti- tute in London, (since 1994). He has practiced in the field of Business Continuity since 1986 and is a certified ISO 22301 Auditor and ISO22301 Lead Implementer. He currently serves as the Chairperson for the BCI Chapter in the SADC region. He served as a Management Consultant with three of the Big-4 consulting houses, providing support to Client management on business systems issues including Security, Business Conti- nuity, Risk and Impact Assessments, Organisational Restructuring and Strategic Planning. LOUISE THEUNISSEN: Board Member, BCI SADC Chapter has, since 2001, gained exten- sive experience in the South African business continuity industry. She has been in- volved in all aspects of Business Continuity Management (BCM), and the Project Management thereof, encompassing a wide range of industries. Besides her MBCI, Louise holds a PMP (Project Management Professional) accreditation. At the end of 2010 Louise was elected as a member of the BCI Global Membership Council serving for a two year term. Louise currently plays a strategic role in the establishment of the BCI SADC Chapter and a number of other BCI SADC initiatives and is an elected member of the BCI SADC Chapter Board TRACEY LINNELL: General Manager, Advisory Services, ContinuitySA. Tracey Linnell has been involved in Business Continuity Management (BCM) and ICT Continuity since 2003. She is a member of the BCI and holds the CBCI certification. Tracey is currently the General Manager of Advisory Services at ContinuitySA and is responsible for the operations of the Advisory practice. Tracey has worked on a number of assignments locally and internationally and spent 2 years as a BCM consultant in the UK. Tracey has many years of experience as a consultant and as a BCM practitioner. She previ- ously headed up BCM for Standard Bank Investment Banking and has significant financial services experience. HORST SIMON: Head of Risk, Ubank, South Africa. Horst is currently the Director of Risk Management at Horwath MAK, a member firm of Crowe Horwath LLP based in the Dubai International Financial Centre (DIFC). Horst held previous senior positions with Mashreq Bank, Emirates NBD, Barclays Bank plc and with the Standard Bank Group of South-Africa Ltd. He lived in four countries and worked in more than twenty. His special interest is in the field of People Risk and he has delivered presentations at international conferences on the Mitigation of People Risk and other risk management topics. He has also facilitated Risk Management training workshops for banks and banking PETER HILL (CISA, CISM, CGEIT) is an IT Governance Specialist with over eighteen years related experience.. He is currently a director of the IT Governance Network, a com- pany specialising in IT Governance, King III, COSO, COBIT, ISO 38500, ISO 27001 and ITIL implementation, training, and software solutions. Peter has assisted clients in the US, United Kingdom, Europe and Southern Africa. Amongst Peter’s clients is NASA in the United States who requested him to provide guidance on implementing IT Governance and building a sustainable approach to Information Technology Management.   CONFERENCE CHAIRMAN AND SPEAKERS BizStrat develops major sector focused events, providing business learning and networking opportuni- ties across a variety of industries and professions BizStrat is comprised of the following divisions: • Conferences • Workshops • Seminars • In House Training • Congresses For more Information please contact our Offices: Tel: +27 11 0271200 Fax: +27 11 7815242 Platinum Sponsor: Endorsed by:
  27. 27. BizStrat’s 3rd Annual Business Continuity Management & Disaster Recovery Conference 10 - 11 September 2013 • Sandton Convention Centre SPEAKERS: Continued GARTH BELL: Chief Executive Officer, Colbrad International (PTY) LTD. Garth has over 20 years’ experience and an impeccable track record of directing successful, highly complex, multidisciplinary Value and Growth Transformation projects and initiatives that deliver tangible results. His breadth of experience includes Strategy, Leadership, Human Capital, Customer Management and Organisation Design & Change capa- bilities that improve business performance and enhances value and growth. DEBBIE VAN ZYL: ITS BCRS Leader, IBM South Africa. Debbie is a well-respected and highly valued member of the Global Technology Services management team with current responsibilities for Business Continuity and Recovery Services (BC&RS) across South Africa. She has 24 years in the IT industry, with experience in the financial serv- ices and government sectors along with almost 16 years at IBM with focus on the IT industry supporting clients across multiple industries in a technical, executive, man- agement and sales capacity. Her previous roles in the financial and public services sectors have complimented her professional skills with a real understanding of the client experience. KEANAN REIS: Communications Consultant. For the last 6 years, he has been involved in a wide swathe of Marketing Communication disciplines, ranging from Consumer Engagement, to Public Relations, Media Strategy and Social Media Community Man- agement. In these years, he had the opportunity to work with Industry leading Or- ganisations such as Japan Tobacco International, Diageo, Eskom and Roman's Pizza. Keanan knows the importance of Effective Communications on Business sta- bility and Continuity all too well. More recently, his focus has shifted to Stakeholder engagement, and the development of communication plans and platforms to en- sure effective, integrated communications WILLEM OLIVIER: BCM Head, Cell C. Willem has been involved in the IT / Electronics / Consulting industry since 1986 after completing mhis studies in electronics (National Diploma). Renound companies he has worked for include: Siemens; ContinuitySA (Largest disaster recovery company in Africa); Liberty Holdings; Standard Bank and currently Cell C and specialises in Business Continuity Management. RAY STRIDE: Managing Director - Global Continuity. Ray is a specialist in Business Con- tinuity Management, Risk Management and Information Technology Management, having been involved in the industry for over 20 years. Global Continuity South Africa (GCSA) is a provider of innovative, cost-effective and tailor-made Business Continuity Management (BCM) and Information Technology Service Continuity (ITSC) solutions MICHAEL BROWN: Independent Consultant. Michael has a B.Com from Rhodes Uni- versity, a PGCE from Unisa and a Master of Business Administration from Gordon Insti- tute of Business Science (Gibs). He started his career as a stockbroker and was admitted as a member 15 July 1999. His status is currently non-practicing member. Michael spent four years in the Insurance Industry where he analysed alternative so- lutions to Risk Management before running his own property company for 5 years. He spent two years teaching while doing his MBA part-time and is now an Independ- ent Consultant specialising in Entrepreneurship and start up companies. ALICIA SWART: Head of Risk Services, Africa - Turner & Townsend. Alicia Swart is a risk turnaround specialist in the consulting industry of South Africa and currently the Head of Risk Services: Africa for Turner and Townsend. Turner and Townsend specialises in construction and management consulting and delivery. She has developed a strong reputation for her ability to roll out industry benchmarked Integrated Risk Manage- ment Programs. NICK SMITH: IBM. Nick specialises in the sales of Business Continuity and Resiliency Services. CONFERENCE CHAIRMAN AND SPEAKERS BizStrat develops major sector focused events, providing business learning and networking opportuni- ties across a variety of industries and professions BizStrat is comprised of the following divisions: • Conferences • Workshops • Seminars • In House Training • Congresses For more Information please contact our Offices: Tel: +27 11 0271200 Fax: +27 11 7815242 Platinum Sponsor: Endorsed by:
  28. 28. CONFERENCE DAY 1 08:00 MORNING TEA & REGISTRATIONS. 08:20 WELCOME & OPENING REMARKS BY CHAIRMAN: MICHAEL DAVIES 08:30 BCI Address: LOUISE THEUNISSEN 08:50 The Impact of Privacy Legislation on Business Continuity Management: PETER HILL The Protection of Personal Information Legislation requires all Public and Private bodies to apply the conditions for lawfully processing personal information. Failure to comply will have serious consequences. Included in these conditions is the need to ensure the “availability of information”. Who will be responsible and what is expected? Presentation outline: • The Eight Conditions for lawfully processing personal information • Why business continuity matters? • How far are you expected to go in planning for a disaster? • Why a risk based approach is important 09:30 Building a Governance Framework for Business Continuity Management: TBC 10:15-10:30 NETWORKING TEA, COFFEE & SNACKS 10:30 Scenario Planning as part of the BCP: TRACEY LINNELL • Making the reaction routine • Levels of scenario exercising • Planning for and running an exercise • Outcomes of running an exercise- lessons learned 11:15 Your Risk Thermometer: ALICIA SWART How do you create a Risk Environment that gives you an understanding of when your context becomes to Hot to Handle.  This presentation will cover the following: • Building a Risk Governance framework that enables and supports your Business Resilience Strategy. • Understanding your KRI's (Key Risk Indicators) and early warnings and how they contribute to your Organisational Reliance Factor.  • Ensuring Integrated Strategies to move towards better response to Business disruptions 12:00-13:00 NETWORKING LUNCH 13:45 The Risk in the Cloud: RAY STRIDE There is a headlong rush to Cloud Computing: • What does it mean • Are all cloud offerings the same • If you have a cloudburst - how will you be affected? • Where do you fit in your cloud suppliers DR plans? 14:00 Managing Reputational Risk: DEBBIE VAN ZYL • Enabling the resilient enterprise • Maintaining continuous business operations • The IT Risk Spectrum • Key indicators of business continuity exposure and maturity 15:00-15:30 CLOSING REMARKS, NETWORKING TEA & COFFEE 15:30 END OF CONFERENCE DAY ONE BizStrat’s 3rd Annual Business Continuity Management & Disaster Recovery Conference 10 - 11 September 2013 • Sandton Convention Centre UPCOMING EVENTS: • Overhead Line Engineering • Forensic Investigations & Fraud Prevention • Customer Analytics & Marketing Optimisation 2013 • Stores & Inventory Management • Leadership Risk, Development & Coaching • Hard Rock Mine Ventilation 2013. • Financial Wellness In House Training: Dean Richards on: +27 11 0271200 Case study: Using Scenario Planning to build Executive buy-in Platinum Sponsor: Endorsed by:
  29. 29. CONFERENCE DAY 2 08:00 MORNING TEA & REGISTRATIONS 08:30 OPENING REMARKS BY CHAIRMAN: MICHAEL DAVIES 08:40 BCI Africa Awards Dinner feedback: LOUISE THEUNISSEN 08:45 Revealing Five Risks of Do-It-Yourself Disaster Recovery: NICK SMITH  With falling hardware costs and the demands of an always-on, always-available world, many organisations have moved Disaster Recovery (DR) in-house. Forrester surveys re- veal unforeseen issues and significant challenges to successful do-it-yourself DR. Avoid the misconceptions and make better informed sourcing decisions. 09:30 Management Systems and Business Continuity -BCM Comes of Age: BRIAN HENRY • The concept of a Management System • Implementing a Management System • BC as management discipline • The new view of BC from ISO • Practical lessons 10:15-10:30 NETWORKING TEA, COFFEE & SNACKS 10:30 Building Organisational Resilience – Enterprise Risk Management (ERM) meets Business Continuity Management(BCM): HORST SIMON Organisations are at different levels of maturity and different stages of implementation of Enterprise Risk Management. • How do bring ERM and BCM together? • How to drive value from ERM & BCM • How to mitigate BCM risks • Building a culture of disaster resilience • Tested plans? 11:15 Black Swan Risks: MICHAEL BROWN Analysing recent black swan events and how they have changed the world we live in. • Dot Com bubble in the late nineties • The success of Google • World Trade Centre Attack • Financial Crisis of 2008 • Profiting in the post Black Swan Event • Protecting oneself against a Black Swan Event. • Discussion/ Questions 12:00 Leadership as a BCM Risk: GARTH BELL 12:45-13:45 NETWORKING LUNCH 13:45 Effective Communication and Business Continuity Management: KEANAN REIS • Overview & background • Relationship between Communication & Business Continuity • Preventative measures • Crisis Communication best practices 15:15-15:30 NETWORKING TEA, COFFEE & SNACKS 15:30 Business Continuity Management within Africa: WILLEM OLIVIER 16:15 CLOSING REMARKS & END OF CONFERENCE BizStrat’s 3rd Annual Business Continuity Management & Disaster Recovery Conference 10 - 11 September 2013 • Sandton Convention Centre UPCOMING EVENTS: • Overhead Line Engineering • Forensic Investigations & Fraud Prevention • Customer Analytics & Marketing Optimisation 2013 • Stores & Inventory Management • Leadership Risk, Development & Coaching • Hard Rock Mine Ventilation 2013. • Financial Wellness In House Training: Dean Richards on: +27 11 0271200 Platinum Sponsor: Endorsed by:
  30. 30. Terms And Conditions: Please read carefully. The following T’s & C’s apply: • All payments to be made di- rectly to Servigraph 30 cc t/a BizStrat, Payment is required in full, 5 days from date of in- voice. • No seats will be reserved, un- less otherwise agreed to by Servigraph 30 cc t/a BizStrat, Servigraph 30 cc t/a BizStrat, reserves the right to change speakers, program content , date and venue, due to cir- cumstances beyond the control of Servigraph 30 cc t/a BizStrat, • The signed registration form is a legally binding document. • The conference / workshop fee includes: conference / workshop material, Lunches and refreshments. •Servigraph 30 cc t/a BizStrat, is not liable for travel and ac- commodation expenses un- less otherwise stated in writing. Cancellations • All cancellations will be sub- ject to approval by Servi- graph 30 cc t/a BizStrat management. • All cancellations made 14 working days prior to date of the mentioned event will be subject to a 50% cancella- tion fee. • Cancellations made within 7 days or less of date of the mentioned event, will be subject to a 100% cancella- tion fee. • There will be no refunds or credit vouchers unless agreed to by BizStrat Man- agement in writing. Substitutions • Delegates, or any substitu- tions, must notify Servigraph 30 cc t/a BizStrat, in writing. • There is no charge for substi- tutions. Servigraph 30 cc t/a BizStrat will not be held liable for incorrect delegate details on certificates due to late substitutions being made on the day of the conference/ workshop. • Views expressed by speakers and facilitators are not nec- essarily those of Servigraph 30 cc t/a BizStrat BizStrat’s 3rd Annual Business Continuity Management & Disaster Recovery Conference 10 - 11 September 2013 • Sandton Convention Centre E-Mail/Fax Completed Form To: / 0027 11 7815242 Pricing: Tick box to choose Option Conference & BCI Awards Evening: per Delegate excl. VAT Conference only: per Delegate excl. VAT BCI Member (10% discount) DD Company Name: Type of Business: Address: Tel: Fax: VAT Number: Name: Position: Signature: Date: Authorisation: Signatory must be authorised to Sign on behalf of Company (This is a legally binding document) Delegate 1: Position: Email: REGISTRATION FORM: R8 490 R7 990 Delegate 2: Position: Email: Delegate 3: Position: Email: Delegate 4: Position: Email: Delegate 5: Position: Email: PAYMENT METHODS: 1. Cheques made Payable to: Servigraph 30 cc 2. Bank Transfer: Servigraph 30 cc t/a BizStrat Bank: FIRST NATIONAL BANK Branch Name: Bank Street Account No: 62322454422 Branch Code: 250655 Swift Code: FIRNZAJJ
  31. 31. The two-day course, the IT Service Continuity Training is targeted at IT and Business Continuity Management (BCM) pro- fessionals responsible for the continued uptime of IT services within their organisations. Key elements of the IT Service Continuity Course include: • The link between BCM and IT Service Continuity Manage- ment; • The evolution of IT Service Continuity; • The latest concepts and trends in IT Service Continuity; • Conducting an Infrastructure Impact Analysis; • Formulating and implementing cost effective IT Service Con- tinuity strategies to meet business requirements; • Security management in IT Service Continuity; • Testing the IT Service Continuity framework; and • A Continuity-as-a-Service case study. Attendees will not simply be bombarded with theory, but will be taught skills proven in the real world by active BCM practi- tioners with MBCI (Member of the Business Continuity Institute) certifications. The course is based on the Good Practice Guidelines of the BCI and complies with the new ISO22301 standard to ensure it is on par with international best practices. The 5 day Complete Continuity® Practitioners Programme is designed to equip business continuity prac- titioners within any organisation in all aspects of implementing, managing and maintaining an effective business continuity framework in their respective environments. The course is based on the Business Continuity Institute’s Good Practice guidelines and ISO22301 international standard. Key elements of the 5 day Complete Continuity® Practitioners Programme include: • Introduction and Origins of BCM • Trends and Observations • Standards and Compliance • Elements of the BCM Lifecycle • BCM policy and Programme Management • Embedding BCM in the Organisations culture • Understanding the organisation - Business Impact Analysis - Continuity Requirements Analysis - Risk Assessment • Determining BC Strategy - Selecting strategies and tactical responses - Consolidating Resource levels • Developing and Implementing a BC response • Exercising, Maintaining and Reviewing • Measuring BC Maturity ContinuitySA Training Dates Africa’s largest Business Continuity service provider, ContinuitySA, has enhanced its Complete Continuity Training Academy For more information on these courses, contact: or call +27 (0)11 554 8000. 33 Dates for the IT Service Continuity course are as follows: IT Service Continuity Programme (2 Day Training) 4th & 5th September – Johannesburg Dates for the 5 day programme are as follows: Complete Continuity Practitioner Programme (5 Day Training) 16th to 20th September – Johannesburg 14th to 18th October – Cape Town 20th October to 1st November – Botswana 18th to 22nd November – Johannesburg