The Golden Rule for Backing-Up Data

by Blog

The advantages of a good backup solution is that once it’s in place it can be relatively left alone to do its thing. But, over time it may no longer be achieving the desired outcome to meet the ever-changing needs of the organisation. In addition, it may not be taking advantage of the improvements in backup technologies.

Testing your backups on a regular basis is absolutely key, but also it is essential to ensure that your backup solution follows the 3-2-1 ‘Golden Rule’:

  • 3 x Copies of data: So, that’s two further copies in addition to your primary data
  • 2 x Different media types: For example, an internal hard drive and a removable storage device
  • 1 x Copy off site: Ensuring data is also moved to an alternative secure physical location

But we now have to question whether this is still THE ‘Golden Rule’? There is no question that this the minimum for a backup solution, and may be sufficient to save your business from incidents like:

  • Environmental (fire, flood etc)
  • User error (file deletion)
  • Internal malicious attack (disgruntled employee)
  • IT error (equipment failure)

But, the world has changed, cybercrime has evolved, and now extra resiliency is needed to ensure your data is truly secure and you have the ability to recover it, if a major cyberattack occurs.

Nowadays, due to the additional threats and their increased maliciousness it is strongly recommended that you must add 2 further steps, so it becomes:

As before:

  • 3 – Copies of data
  • 2 – Different media types
  • 1 – Copy off site

Plus, in addition

  • 1 x Air-gapped and immutable copy: This has no network connection to your IT infrastructure, and can be a ‘write-once read-many’ state; making your data inerasable and unmodifiable (immutable), but still recoverable
  • 0 x Errors in the backups: Verifying your data on a daily basis to ensure the backups were successful, and undertaking regular rehearsals to ensure the data can be recovered.

Therefore, ‘3-2-1-1-0’ has become the NEW ‘Golden Rule’! This will help you mitigate against the risk of your organisation experiencing any unforeseen downtime because, with this, you should have the right solution in place to ensure a fast and secure recovery.

If you need to discuss this subject any further then please talk to us, the experts. Ci Continuity’s managed Backup-as-a-Service (BaaS), and Disaster Recovery-as-a-Service (DRaaS) solutions, together with our 25-years’ worth of expertise, will ensure that your data is safe.

Get in touch today to speak with one of our Business Continuity Sales Specialists:

Book a 30-min call

Business Continuity Trends You Can’t Afford to Miss

by Blog

Disruptions and threats to businesses are becoming increasingly prevalent, making business continuity planning an essential aspect of any organisation’s strategy. Organisations must be prepared for the unexpected, from cyber-attacks and natural disasters to supply chain interruptions. In this ever-changing landscape, staying informed on the latest trends and best practices is crucial to ensure your business stays resilient. This blog post highlights four key trends in business continuity that you should consider integrating into your strategy.

 1. Data protection takes centre stage

As data has become the lifeblood of modern businesses, ensuring its protection is paramount. A data breach or loss can have severe consequences, including reputational damage, financial loss, and regulatory penalties. The growing importance of data protection has made it an integral part of business continuity planning.

Organisations must implement robust data backup and recovery strategies to ensure their critical information is safe and easily accessible during a disaster. Regularly testing these strategies is also crucial to identifying potential weaknesses and ensuring that the systems in place work as expected.

In addition, businesses should consider implementing advanced security measures such as encryption, access controls, and multi-factor authentication to protect their data from unauthorised access. Raising awareness about cybersecurity best practices among employees is also vital, as human error remains a significant contributor to data breaches.

2. Embracing cloud-based recovery services

Cloud technology has transformed how businesses operate, and its benefits are preserved in business continuity planners. Cloud-based recovery services offer a cost-effective, scalable, and agile solution for organisations looking to ensure their operations remain uninterrupted in the face of disruption.

By leveraging the cloud, businesses can store their critical data and applications off-site, ensuring they are accessible even if their on-premises infrastructure is compromised. Moreover, cloud-based recovery services can be rapidly deployed during an outage, allowing companies to resume operations with minimal downtime.

When evaluating cloud-based recovery services, it’s essential to consider data sovereignty, security, and compliance with relevant regulations. Working with reputable cloud providers that offer robust service level agreements and have a proven track record in data protection and recovery is crucial to ensuring the effectiveness of your business continuity strategy.

3. The adoption of AI and automation

Artificial intelligence (AI) and automation technologies revolutionise how businesses approach continuity planning. These cutting-edge tools offer numerous benefits, such as predictive analytics that can identify potential risks before they materialise, allowing organisations to mitigate them proactively.

AI-powered platforms can also assist in automating the recovery process, reducing the time and resources required to restore operations after a disruption. By analysing large volumes of data, AI can identify trends and patterns that may indicate potential threats, enabling businesses to make data-driven decisions to bolster their resilience.

In addition, automation technologies can help streamline routine tasks related to business continuity, such as updating documentation, conducting risk assessments, and testing recovery strategies. By automating these processes, organisations can ensure that their continuity plans remain current and effective while freeing staff to focus on more strategic initiatives.

 4. A focus on employee well-being

In times of crisis, a company’s biggest asset is its employees. Ensuring their well-being during a disruption is a moral responsibility and critical to maintaining business continuity. A workforce that feels supported and cared for will likely stay engaged and productive in adversity.

Organisations should develop comprehensive plans to support employees during a crisis, addressing remote work arrangements, mental health resources, and clear communication channels. Regularly updating and testing these plans is essential to ensure their effectiveness and instil confidence in employees that their well-being is a top priority.

5. Supply chain resilience

The globalisation of businesses and the increasing interconnectedness of supply chains have made them more susceptible to disruptions. A single event can have far-reaching consequences for organisations across industries and geographies. Therefore, building a resilient supply chain is vital to business continuity planning.

Companies should assess their supply chains, identifying potential vulnerabilities and single points of failure. Businesses can reduce the risk of supply chain disruptions by diversifying suppliers, considering local sourcing options, and implementing robust monitoring systems.

Also, fostering strong relationships with suppliers and partners can contribute to improved communication and collaboration during a crisis, helping mitigate disruptions’ impact. Investing in supply chain visibility technologies can also enable organisations to identify and address potential issues before they escalate quickly.

6. Regular training and testing of business continuity plans

A business continuity plan is only as effective as its implementation. Regular training and testing of these plans are essential to ensure all stakeholders know their roles and responsibilities during a crisis. This also allows organisations to identify any shortcomings in their plans, enabling them to make necessary adjustments.

Simulation exercises, tabletop exercises, and scenario planning are all effective ways to test your business continuity plan. These activities help staff understand the steps they must take during a crisis, fostering a culture of preparedness and resilience.

Don’t wait until it’s too late

The world of business continuity is ever-evolving, with new trends and technologies emerging constantly. By staying current on these developments and incorporating them into your business continuity strategy, you can ensure that your organisation remains resilient and prepared for the challenges.

From data protection and cloud-based recovery services to AI and automation, numerous tools are available to bolster your business continuity efforts. Furthermore, focusing on employee well-being and supply chain resilience can help you navigate disruptions with minimal impact on your operations.

Don’t wait for disaster to strike – be proactive in adopting these trends and building a robust business continuity plan to safeguard your organisation’s future.

Speak to Ci Continuity and hear about our expertise in business continuity and how, with our CiCloud, we can provide a cloud-based solution that can give you that competitive edge.

Book a 30-minute call now

The Future Of Backup Is In The Cloud

by Blog

The future of backing-up data is in the Cloud. There are already many reasons why more organisations are looking to move their workloads by storing them offsite, and we can expect to see further advancements in cloud-based backup solutions that will make them even more efficient, secure, and cost-effective. Here are some of the trends and developments that we can expect to see in the future:

  • Increased use of artificial intelligence (AI)

AI is already transforming the backup and recovery processes. It can automate many of the routine tasks involved in backup and recovery, such as automated test recoveries, improved efficiency and recovery times, and reduced error risk. In the future, we can expect to see AI used more extensively in cloud backup solutions, allowing for faster, more accurate backups and data restores.

  • Improved cybersecurity

As cyber threats evolve and become more sophisticated, cloud backup solutions are being constantly developed to stay ahead of the curve by offering the latest and most advanced cybersecurity features. Such as,

  • Real-time threat detection and response and
  • Advanced encryption techniques to protect data both in transit and at rest.

At Ci Continuity, we provide BaaS and DRaaS solutions using Veeam, the market leader. Their latest release, V12, embodies these improvements—it now has enhanced detection and encryption features, plus the introduction of Two-Factor Authentication (2FA) to further secure data access.

  • Greater integration with other technologies

Cloud backup solutions will likely become more tightly integrated with other technologies, such as cloud storage, file sharing, and collaboration tools. This will make it easier for businesses and individuals to manage their data seamlessly and efficiently without needing multiple tools and platforms. Ci Continuity will provide this by utilising our integrated CiCloud platform (as part of a Multi-Cloud architecture) that delivers multi-tenanted public cloud and integrated BaaS & DRaaS solutions.

  • More personalised solutions

The ability to back up data into a cloud platform allows flexibility and greater choices about what and where your data is stored to allow the best value solution and, importantly, be able to recover your data when required securely. It also allows a more personalised solution for specific industries and user cases. At Ci Continuity, our backup and recovery solutions can be tailored to meet the needs of healthcare providers, financial institutions, and other businesses with specific data privacy and security requirements. We are highly certified and present on most frameworks, which means we are easy to engage with and can provide solutions to meet all regulatory stipulations.

  • Greater focus on data analytics

Data volumes continue to grow exponentially, and their inherent value must be unlocked. Backup and recovery solutions are key to this process. They are becoming far more advanced at presenting the data, allowing it to be easily managed and analysed. A cloud solution can assist this capability by providing the ability to burst into temporary infrastructure, data mine/analyse the information, and then clear down the systems to minimise time and expenditure. Therefore a cloud backup solution will be a very important enabler to an organisation’s future strategic decision-making processes.

To conclude, backing up your data into the cloud will become essential to your future IT strategy. It will provide a more efficient, secure, and personalised experience than the current on-premise options. It will also offer an organisation more flexibility in managing and analysing this data, which will maximise future potential.

Speak to Ci Continuity and hear about our expertise in all things Cloud Backup and Resilience and how, with our CiCloud, we can provide a solution that can give you that competitive edge.

 

In 2023 Cloud Backup is more important than ever!

by Blog

In 2023, cloud-based backups have become an essential part of data storage and recovery strategies for businesses of all sizes and industries. As the world continues to rely more and more on digital technology then the amount of data we produce, and store, is growing at an unprecedented rate. This makes it more important than ever to have a secure and reliable backup solution in case of data loss or system failures. Here are some reasons why our Backup as a Service (BaaS) are becoming increasingly important in 2023.

  • Data security and sovereignty

One of the most important considerations when it comes to data backups is security. The Ci Continuity BaaS solution offers multiple layers of protection to ensure that your data is safe and protected. The data is encrypted during transmission and at rest, in addition there is inherent multi-factor authentication, managed access controls, and intrusion detection. This level of expertise is difficult and expensive to achieve individually within an organisation, and most small and medium businesses simply cannot afford to do it properly, and this is why the complimentary services that Ci Continuity can provide are so vital. In addition, unlike Azure and AWS, Ci Continuity are able to fully guarantee UK data sovereignty with our two data centres, located in the Southwest of England and South Wales.

  • Cost-effective and scalable

Ci Continuity’s BaaS solution is a better value solution for data storage and recovery. Our cloud provides an affordable, pay-as-you-go model, which means you only pay for what you use. This is especially valuable during these current cost-saving times where there is a preference to pay on an ongoing basis for what’s consumed, rather than the upfront capex for buying new hardware that could sit mostly underutilised throughout its life. Additionally, cloud-based backup solutions can easily, and quickly, scale up and down to meet your changing data storage needs.

  • Disaster recovery

In the event of a cyberattack, having a cloud-based backup solution could be the difference between your organisation’s future viability, or not. Cloud-based backups are stored offsite, the data is air-gapped and can be immutable, therefore making it far more resilient to cyber-attacks, or any other operational failure. This is far more resilient to having data purely being replicated between two environments within a single organisation’s infrastructure. We also have the capability to quickly restore the data either directly back to your equipment, or onto our own cloud DRaaS platform, or onto physical equipment that is then shipped to your preferred location.

At Ci Continuity we have a team of dedicated recovery engineers who are on hand 24x7x365 to assist with the recovery of your data. With nearly 30-years of disaster recovery experience, and a large selection of solutions, you can be confident that we would keep your data secure and be able to recover you safely and quickly following an unexpected incident.

  • Accessibility and mobility

Cloud-based backup solutions offer a higher level of accessibility and mobility of your data and associated solutions. This means that you can access your data from anywhere, at any time, as long as you have an internet connection. This is particularly valuable for individuals and businesses with remote or distributed workforces, as it allows them to access the same data and work collaboratively, regardless of their location. This also means that if, after a major unforeseen event, your data is recovered into our Cloud DRaaS platform, your employees should be able to continue with their work with minimal disruption.

  • Regulatory compliance

All companies are subject to strict data privacy and security regulations, such as GDPR, and certain sectors have their own specific legislation that they must comply to. Ci Continuity’s BaaS solution can help your business meet these requirements by providing a secure and compliant way to store and backup data. We hold a number of physical and cyber security accreditations such as, ISO 27001 and Cyber Security PLUS which can help businesses demonstrate their commitment to data security and privacy. A full list of our accreditations can be found here.

In conclusion, a cloud-based backup is essential in 2023 for businesses who want to protect their data from loss, theft, or damage. With the increasing reliance on digital technology, the need for secure and reliable backup solutions has never been greater. Ci Continuity provide a safe pair of hands to not only protect your data, but get you back up and running again quickly, should your business suffer a disruption.

For more information on our Backup and Recovery services please get in touch directly on 01256 378001, or email us at advice@cicontinuity.co.uk

 

The Importance of Operational Resilience

by Blog

So, just how important is operational resilience?

A recent report produced by Allianz set out their Risk Barometer for the highly regulated finance sector. From their research, they have ranked the biggest risks as:

 

When we speak to our customers, we often hear that they believe their operational workstreams and associated data are ‘fine because it’s in the cloud’. While their environment may be more secure with a major US cloud provider, many associated risks have just moved rather than prevented.

In addition, potentially more questions come to light because there are fundamental uncertainties around what this environment is right now and, as it is owned by another corporate body, how this may change. So, how sure are you about the following?

  • Do I know where my data is being held, which exact country, or countries?
  • How easily can I move or retrieve my data, if needed?
  • Who else has access to my data? Can a regulatory or governmental organisation (maybe from another country) get access without your authorisation?
  • Have you moved to just one Cloud supplier? If so, what would happen if that supplier cannot deliver their service?
  • If you have data across more than one Cloud platform, what would be the impact of one or more suppliers not being able to provide their service? Are there any interdependencies that could have a far wider impact?

So we’ve identified where your workloads reside as also being a potential risk to the business, so then how do we make our business more resilient?

Ci Continuity can assist with this through our UK based Public Cloud and, through our 25-years’ worth of experience in data security, offering the services and solutions to ensure that your workstreams are safe, available, and recoverable. Firstly, our cloud has 100% uptime SLA, unlike Azure’s and AWS’s 99.99%, meaning that your data will always be accessible.

In addition, wherever your data sits, on-prem, in a cloud, or multi-cloud environment Ci Continuity can take a copy of essential data and workstreams and securely copy them to our Cloud. This allows us to provide an air-gapped and immutable (WORM) data set, which cannot be affected by cyber-attacks and allows the ability to recover back to your original destination or into our cloud DRaaS platform.

Our services and expertise allow us to help you identify ways to make your cloud instances more resilient, highlight any gaps in recovery plans that might impact how your business reacts to disruption, and finally, provide recovery specialists to be on hand should you suffer any downtime.

This solution is underpinned by our Cloud offering, CenterpriseCloud. We can provide the ideal location for both your primary and backup data. Here are some important take-away facts:

  • We are Located within the UK only, so you know where your data is at all times
  • We have zero egress charges, allowing the flexibility to move and use your workstreams.
  • Our BaaS service provides a secure location for your hybrid/multi-cloud data.
  • Our DRaaS service is PAYG cloud infrastructure, so it is much cheaper and ready to deploy quickly should you need to recover your important data.

If you want to understand more about how we can help you make your data more secure, check out our extensive library of blogs, contact us here, or pick up the phone and speak to one of the team today by calling 01256 378001

Cryptocurrency isn’t the Answer – Backup is!

by Blog

Cryptocurrency is a word that has become more commonplace in conversation, especially over the last few years as the crypto market has expanded and hit the mainstream news. It all began back in 2009 with Bitcoin, and now there is estimated to be over 10,000 different digital currencies, of which around 50 have a market capitalization of over $1 billion (as of writing this today, 03/11/2022).

So, it is fair to say that this medium of currency exchange is here to stay. There are even a couple of countries, namely Sierra Leon and Central African Republic, that have accepted Bitcoin as an official legal tender.

But can these digital currencies be truly trusted? Unlike more traditional/physical currencies that are generally backed by the governments of their respective countries, cryptocurrencies is a digital platform operated by a decentralized private system – and this can lead to some problems, for example:

  • Stability – Cryptocurrencies are volatile and can fluctuate greatly in value. For example, Ethereum (the second largest crypto) roughly doubled in price between July and December 2021. Also, it was well documented how Tesla affected Bitcoins’ value when they bought £1.5B in February 2020, only for them to make a U-turn on this investment by Elon Musk’s Tweet in May 2021. During this period it rose from the initial purchase price of $36k to $44k (a few days later). It then went on to peak at $58k before reducing back to the mid-$40k’s. It is currently trading at $20k.
  • Security – Although cryptocurrencies are underpinned by blockchain technologies they have been prone to large cyber-attacks, frauds and hacks which have led to individuals losing their private digital keys, and essentially allowing unscrupulous others to gain access to their holdings.

Then there is matter of how cryptocurrency has greatly assisted the growth of the Black Market and the Dark Web. In short, criminals love it. For example, in the last 3-months of 2019 the illegal activities of buying drugs and credit card information rose by 60% to $600m. Now, in 2022, this market is estimated to be in excess of $2B. This is fuelled because cryptocurrency wallet is something that can be possessed and controlled without going through a third party (like a bank). It is therefore the choice for underworld and scammers – and Bitcoin is the criminal cryptocurrency of choice.

This then brings me on to how cryptocurrency can have a direct effect on organisations around the world, specifically due to cyberattacks. If a business has had a serious malware breach, and the only access to their data is now encrypted, then the Boardroom may suddenly be forced into talking about Bitcoins. Also, the chances of this type of conversation happening is becoming more frequent due to the increase in the volume and severity of cyberattacks:

  • 7 out of 10 SMB’s had a cyberattack incident between 2018-20, and according to ‘Cyber Security Breaches Survey 2022’, 40% of UK businesses identified at least one in the past 12-months.
  • Ransomwares are 60-times more destructive now than they were 5-years ago
  • A successfully destructive malware attack is estimated to cost company on average £2m – due to loss of earnings, goodwill, and ransom fee (if paid)

Of course the expert advisors in this field state that a ransom fee should never be paid. They rightly say that it ‘increases the likelihood of repeat attacks’, and also that it is ‘incentivising criminals to run more attacks due to the financial benefits’. This is all good-and-well in theory, but in reality if your company’s activities grind to a halt then the impact to you customers could be huge, and every day in downtime could have a significant impact on your organisations’ future going concern. So what do you do?

Well, with any luck your FD may have hedged against the inevitable cyberattack by buying Bitcoin back in 2018 when they were trading at around $4k. I remember reading an article at the time that some large corporations were undertaking this activity. But of course this isn’t the answer, it may now look good on the balance sheet, but paying a ransom should never be encouraged. The answer is actually far simpler – Securely back-up your data.

Realistically there is no excuse in this day and age for an organisation having a cyberattack that encrypts their data so that it can no longer be accessed. There are continuity solutions that exist that will be able to recover data, ensure it is ‘clean’ of any virus, and then quickly restore it. Will this be instantaneous? Possibly not. There will be a managed period to ensure that the recovery is done safely and correctly, but an organisation could be up-and-running again within minutes/hours, depending on the timelines that are needed to be met. But, rather than having to revert to pen and paper for weeks-on-end, any risk can be mitigated so that any interruptions from a cyberattack are minimal.

So, a major cyberattack has occurred, you now have 3 choices:

  • Do you buy into a volatile cryptocurrency, fund criminal activities, and have no guarantee that you will get your data back?
  • Your business stops, you can no longer serve your customers, and you risk the long-term consequences of this to your organisation?
  • You get a secure data backup solution in place with a reputable third-party organisation that will provide off-site immutable data instances that can be quickly recovered into a DRaaS platform and accessed over the internet?

The answer is a simple one. In short, cryptocurrency is here to stay, but do not rely upon it to get you company out of trouble!

With over 25-years of providing cloud and continuity services in the UK, Ci Continuity are the safe pair of hands to ensure that you should never have the dilemma of having to pay a ransomware fee. Speak to us, the experts, and let us safely manage your data and ensure your businesses lights stay on!

The Importance of Air-Gapping for Ransomware Recovery

by Blog

Ransomware differs from traditional threats to information security in that the attacker’s goal is not to steal the data, but rather to prevent the victim from accessing his or her own data. In most cases, the data affected by ransomware never actually leaves the organisation.

Many forms of ransomware encrypt a victim’s data using an encryption key known only to the attacker. After a specified length of time, the attacker deletes the encryption key, and the victim’s data is lost forever. Even if the victim pays the attacker prior to this deadline, the attacker may or may not provide the victim with the required decryption key. Maintaining a storage air gap can provide an effective recovery solution to these types of information attack.

An air gap is the maximum protection between two or more different systems – other than physically turning them off. If your files are encrypted by ransomware, your “air-gapped” data isn’t affected and is available as a “last resort” restore. However, depending on when the malware impact was discovered, some versions of the air Gapped data may be affected.

What’s required is an architecture that incorporates four main capabilities:

  • Early warning of infection. Ransomware infections are often not noticed for some time. The scope of the infection may have a direct bearing on recovery times – and whether recovery can be realistically achieved at all.
    To counter this specific risk, back-up strategies need to incorporate early warning of potential data “denial of service” situations to avoid infected data proliferating through back-up cycles
  • Rapid assessment of impact on data integrity – when we know we have been impacted we need to be able to rapidly establish a trusted restore point. This may not be the latest back-up, it may be one or more version earlier.
  • Fast restore from off-line storage media: a method of rapidly locating and mounting back-up media and restoring from is necessary to ensure that the period of disruption is minimized.
  • Establishing a back-up strategy is just the first step, regular testing of recovery capabilities and processes needs to be conducted to ensure that they remain fit for purpose.

Many industries have regulation about how they store and manage their data, to minimise the effects of a ransomware attack. At Ci Continuity we have over 25 years of experience providing secure off-site data backup. Most recently we have worked closely with some of the industries leading software vendors to provide secure air gapped copies of your data in our Tier 3 Cloud, please click here for more about our CiCloud.

To find out how we can help you, get in touch, or call 01256 37800.

BCP – Stage 5 – Oversight & Assurance

by Blog

This is the final stage of the Business Continuity Planning documents, by now you should have:

1Understood your organisation’s priorities
2Captured the Current Capabilities & Core Resources
3Developed the Response & Recovery Plans
4Built the Business Continuity Organisation

Thankfully, most of the hard work has now been completed! Now it is important to ensure that there is a management structure in place, and associated responsibilities assigned, to ensure the ongoing integrity of the BCP’s planning and arrangements. In order to achieve this there needs to be ongoing feedback and assurances, and these can be provided by performing the following tasks:

  • Periodically re-confirming the understanding of business priorities and tolerances.
  • Ensuring capabilities and available resources remain in line with recovery needs. Examples of this are:
    • to Undertaking IT failover tests to ensure that systems can be recovered within the required timeframes, and
    • to Performing remote working ‘stress tests’ to ensure that the off-site access capabilities can support your users.
  • Ensuring that key role holders are proficient in their respective posts and can operate any required processes (such as notification systems).
  • Delivering general awareness training to familiarise the wider organisation with actions that are likely to be taken if plans are invoked and what actions, if any, they will be required to perform. These need to be captured in a predefined Assurance Schedule that details the activities, how frequently they should be reviewed, and a process for correcting any issues identified. Managing this schedule is one of the key responsibilities of the Steering Group, as discussed in Stage 4.

Example: Assurance Schedule

The activities defined in this schedule can be can be categorised into three types:

1. Confirmation
This is to ensure that the business priorities and tolerances remain as originally envisaged, and periodically updated to meet the company’s needs, as they evolve.

2. Review & Test
Core capabilities, such as IT and Facilities should be assured by performing recovery plans in a test environment. Examples of these are a) backed-up data must be proved to be integral and recoverable within expected timelines, and b) the processes governing alternative working practises and locations are in place. Both of these will ensure that any company downtime is minimised, if invoked.

3. Exercising & Walkthrough
It is necessary that a high-level walkthrough of the plans are performed to ensure that the key role holders understand their tasks, and processes remain relevant. Different scenarios, for example a cyber-attack or pandemic, should be practised where participants are expected to adopt their roles as if it were a real incident.

The final part of the Oversight and Assurance Framework focusses on communication and educating the whole organisation. This ensures that if an unexpected event occurs those affected know that continuity plans exist and an understanding in what they need to do, which could be to just be to await instruction. This Awareness Initiative should inform staff of the following:

  • Where to get information
  • How to receive updates and notifications
  • What transport arrangements are made in the event of relocation
  • How to use remote access facilities
  • How to remain safe in particular situations

As with all stages of a Business Continuity Plan, the Oversight and Assurance process needs to be reassessed on a regular basis to make sure that the correct documentation is in place and up to date, and the aligned personnel fully understand their role(s). Remember, the BCP is not just a box-ticking exercise, it is about creating continuity capabilities to ensure that your business remains agile if an unexpected incident occurs.

The final takeaway: if you feel need for some assistance in putting together a BCP, then contact Ci Continuity. With over 25-years of experience in supporting hundreds of organisations, we are the trusted experts that you can rely upon. Click here for more information.

Building the Business Continuity Organisation

by Blog

BCP – Stage 4 – Building the Business Continuity Organisation

The initial three articles of this series focused on the process of Developing Business Continuity plans. Now, we move the discussion on to how these are deployed and maintained to ensure they stay relevant to the needs of the organisation.

Many business continuity initiatives ‘wither on the vine’ because the development of the preparation and response actions are seen as the end game. Importantly, this is not the case and a management team needs to be implemented to establish ongoing responsibilities. A typical management team would consist of:

  • A Steering Group – to ensure that the BCP remains relevant to the organisation’s current needs and strategy.
  • A Review Team – who return to the plans periodically to ensure that they can be relied upon if activated. And lastly,
  • An Invocation Team – who will collectively respond when an incident occurs, and adopt specific roles to manage the event.

A typical Business Continuity Team could be represented in the organisation chart, below.  It shows representatives from each of a company’s business units that provide critical infrastructure into the company. Each member has a role to play both for the Business Continuity Plan maintenance, and for undertaking specific actions if the plans are invoked.

Example 1: A Business Management Team

This organisation is typically underpinned by a Business Continuity Policy that defines roles and responsibilities for the specific groups within the Management Team.  This policy also sets out requirements for testing, training, and for general awareness of the BCP strategy throughout the company. Here is an example of a typical Business Continuity Policy.

Example 2: Business Continuity Policy

As shown, the policy covers the whole scope of the BCP, providing a management and organisation framework for maintaining it going forward.  Its purpose is to communicate to those responsible for each aspect of the plan what needs to be completed, defining the roles and responsibilities, and the assurance activities that will need to be actioned.

That concludes Stage 4 of the BCP process. The next article shall focus on the last step, ‘Oversight & Assurance’, where we will be discussing reviewing, testing and change management procedures. If you have any questions concerning this article or any of the previous stages (a summary of which can be found here) then please contact us.

BCP – Stage 3 – Develop Response & Recovery Plans

by Blog

In this, the third of five articles giving a detailed view into each step of the “5 Key Stages to Business Continuity Planning” we are now focusing on the Response and Recovery Plans of a BCP. These relate to the priority functions, and the specific steps needed to recover each of the individual activities.  Evidence, and more importantly experience, clearly demonstrate that most employees cannot easily use an unfamiliar and complicated plan at time of disaster and use it for an effective and efficient response. Therefore, the plans should be written in a way to easily guide a person through each of the key activities to aid recovery.

For most organisations detailed plans are only required for the most critical of functions, and these are mainly written for highlighted people who will have specific roles and responsibilities during incident or recovery management. These individuals will be expected to review their allocated plans on a regular basis to ensure that they are familiar with them.

So, what does the structure of a recovery plan look like? Below is an example of a brief but comprehensive plan for a specific department or activity. It would normally will consist of only a couple of pages.

Example, Page – 1:

For ease of reference, we have divided the first page of the plan into three sections.

  • Part 1 – defines the Leadership Team, their roles and contact details.
  • Part 2 – details the communications facilities available to the team, and how to access and utilise them.
  • Part 3 – contains key contacts. These may be internal or external to the company.

Next, the second page of the plan defines what happens at key milestones of the recovery process, and who is responsible for performing them.

This part of the plan is organised by scenario, and in this example shown below, we have identified three:

  • Loss of workplace
  • IT systems failure
  • Loss of staff mobility and /or mobility

Example, Page – 2:

The roles identified in the Leadership Team, in Page-1, are now allocated to their specific duties should there be an invocation of the BCP. There is also the space to describe the actions that need to be undertaken to assist recovery.

Some examples of the actions that could be invoked are:

  • To advise specific colleagues to go to a Workarea Recovery location, or to commence remote working.
  • Ensuring data integrity and completeness, and checking the restoration of IT systems.
  • Operating support lines for customers who may be impacted by the incident.

Plans formatted like the one shown here are designed for conciseness and ease of reference. They need to be thought of as a series of prompts that should be used at certain stages, and during particular scenarios.  Bear in mind though, that the success is wholly reliant on having other core capabilities in place, such as alternative workplace provision, relocation logistics, and a proven IT recovery capability.

That concludes Stage 3 of the BCP development. Ci Continuity can help provide these core capabilities and provide you the services and assurances to be able to recover from an unexpected incident. If you have any questions concerning this, or any or business continuity solution, please contact us.

In the next article, we shall be reviewing the penultimate step, Stage 4 – Build the Business Continuity Organisation.