Posts in Newsletter
Newsletter February 2021

Re-assess your risks in 2021

The Trump presidency and more recently the COVID-19 pandemic has intensified competition between the US and China. It is likely that both countries will seek superiority in the digital realm and restructure their supply chains.

According to the Global Risks Report 2021, Middle powers like Australia are likely to be squeezed. We are already suffering from China’s decisions to limit imports of a number of important commodities. Hopefully, we will not be put in a position where we have to pick a side.

 
106fd45d-bd66-420e-9674-33226a8b4fb0.jpg
 

 We all hope that the Biden presidency can quickly repair the damage caused by the impact of the pandemic on the US. One of the salient lessons from the pandemic is the fragility of our supply chains and the prevalence of critical products being supplied from countries far from Australia – often a single source.

Use your 2020 experience to re-asses the resilience of your supply chains. If you have staff monitoring your modern slavery obligations, they may be able to assist.

The WEF Global Risks Report 2021 also identifies the ever increasing threat posed by hackers. The sophistication, number and funding of hackers (both criminals and nation states) continues unabated.

It is difficult for organisations to decide the extent of resources they should devote to this risk. The good news is that (like washing hands and wearing a mask) basic hygiene greatly reduces the risk from being the victim of a successful attack. The Australian Cyber Security Centre has an excellent guide to assist you implement these basic hygiene actions.

Is it time to review your cyber security approach in light of the ACSC guide?

The third and most prevalent risk identified was climate change. In the top seven global risks – climate change risks occupy four positions for impact and four for likelihood.

The seven hottest years on record globally all occurred in the past seven years.

 
LYFGG2JJ2FZ3WZWJEIFUXPQR6E.jpg
 

Although most of us will remember 2020 as the year of COVID, the impact of climate change on Australia was exceptional – starting with the bushfires that engulfed SE Australia.

Australia is particularly exposed to climate change. On January 4th 2020, Penrith was the hottest place on Earth at 48.9˚C!

These physical risks, caused by extreme heat, storms and floods will increasingly impact the operations of Australian business.

If your organisation has widely distributed operations, has large critical assets, is heavily dependent on a reliable power supply or has long supply chains, we strongly advise that you re-visit your Risk Register in light of the warnings from the Global Risks Report and locally from the Climate Council 
 
92ac22fe-2de3-4097-a6fa-d4c447e12339.png
 

The Biden presidency has wasted no time in aggressively re-setting the strategy the US intends to employ to tackle climate change. In addition, the UK and the EU have already warned trading partners that they will use carbon tariffs to punish countries that they deem are not acting on climate change. This is a large risk for any Australian company that exports to the UK, EU or the US.

As a result, the Australian Government may need to implement policies that impact the operations of Australian companies.


Please consider these transition risks in light of your business operations. The Australian Government may move quickly in light of pressure from its trading partners. Policy action by the government may have a substantial impact on some of these risks.

Please also remember that throughout the pandemic, critical decisions were made by Governments. The primary obligation of your Crisis Management Teams was to comply with the instructions issued by the various Health Department and Chief Medical Officers.

If your business suffers a major hack, a fire to the building or sells a product that makes your customer sick, there will be no Government to give instructions on how you should manage the crisis. Furthermore, your competitors and customers may actively seek to profit from your misfortune.

Please contact Continuity Matters if we can help you re-assess your resilience, develop a business resilience program or validate your plans by conducting an exercise. 
Now is the time to tackle your business resilience.
sean-pollock-PhYq704ffdA-unsplash.jpg

With the annual budgeting setting time just around the corner, this is a good time to start preparations to build a case to have budget allocated to increase your organisation’s resilience.

Leaders often say “Don’t waste a crisis” in the wake of a disaster. The month of January in Australia has been extraordinary by any measure – and the crises continues into February. Whether it’s floods, fires, hail, unbreathable air, dust storms, extreme heat, drought (and drinking water scarcity), extreme wind and now the emerging coronavirus – we’ve had them all in Australia. The impact of the fires on our flora and fauna will take months to just assess. The impact on our social infrastructure, homes and businesses will be huge.

With these issues being discussed every day in the media, executives must be considering the possibility that a similar crisis could impact the viability of the organisation they lead. Who in Tennis Australia could have anticipated that the Australian Open would have been impacted by smoke coming from bushfires 1,000KM away?

If your organisation currently does not have an annual budget for business resilience – now is the time to have one approved! Increasing your organisation’s business resilience must be treated as an on-going program. It is not a project! You may need to re-establish a business continuity and crisis management plan initially and as a consequence there will be a project to carry out this work. You will also need to budget for its improvement over time and its on-going maintenance. As a minimum, you should seek budget approval over three years. Five years is preferable! The Business Resilience Program budget request should contain allocation for the following activities:

  • Allocation of an FTE (or part FTE) to be the person responsible for the Program.
  • Establishment of a Program Policy and Program Steering Committee.
  • Funds for projects to develop a Crisis Management Plan (CMP) and a Business Continuity Plan (BCP). If these already exist, estimate the effort involved in updating them – if required.
  • Allowance for the provision of workplace recovery offices – if required.
  • Budget for crisis communications software – if required.
  • Allocation of a legal person to review your organisation’s contracts with critical third party suppliers (particularly cloud providers).
  • Once the CMP and BCP are established, initiate an exercising schedule (at least annually) where key participants in the Program exercise their skills.
  • Improvement of the Program over time.
  • Annual review of your Business Impact Analysis (BIA) to ensure your Prioritised Activities have not changed since you last completed the BIA.

Please contact Continuity Matters if you need assistance in completing this work. We can also assist in the development of a business case to help justify the allocation of the funds. Your organisation could also consider using Continuity Matters to implement the Program “as a service”.

The April budget setting period is not far away – now is the time to start!

Considerations for workplace recovery | Ben Scheltus

There can be many reasons why your staff won't be able to work from their "normal" place of work ... flooding, power outage, internet disruption, fire and so on .... So, where will they go? Can they work from home? What are their technology needs? Here's a helpful article to get you started.

This article addresses the issues that business continuity professionals should consider when sourcing workplace recovery facilities as part of a business continuity plan. It addresses the needs of a medium sized office (several hundred staff) and that there is one office in the city. We are also assuming that the organisation has removed their IT infrastructure from their office and are now housing their computer systems in a datacentre or in the cloud.

Read more



Impact of risks from climate change on business resilience | Ben Scheltus

At the recent BCI Summit in Sydney, Ben Scheltus gave a presentation on the impact of risks from climate change on business resilience.

A combination of factors makes climate change a particularly notable risk for Australian businesses. On a global basis, the World Economic Forum’s Global Risk Report has identified climate change as a “High Impact” and “High Likelihood” risk. Australian businesses should treat this serious risk in the same manner as any other business risk.

Australia is particularly exposed because it is already subject to extremes in weather; its distance from other global markets increases the fragility of our supply chains; the age of our power generation infrastructure and our heavy dependence on sea transport (for imports and exports). Recently there was a discussion as to whether climate change risks were becoming too great in Australia for the insurance industry to insure.

Read more


Newsletter September 2018

Welcome to the September edition of the Continuity Matters Newsletter!

As Florence bears down on the coast of North and South Carolina, it is a salutary reminder of the power of nature. There are 56 data centres in North Carolina and 11 in South Carolina. Apple, AWS, Google, IBM all have data centres in the area. Facebook has a 30,000m2 data centre (that’s 7.5 acres!). See here for a listing. The full impact of the storm is unknown – but the predictions are ominous. Authorities are expecting lengthy power outages and extensive flooding.

We have compiled some very interesting articles that discuss the key resilience issues facing data centre and cloud providers in the face of this enormous storm.

Don't forget to reserve you seat for our upcoming seminar in October!


Continuity Matters' Upcoming Seminar – “Compliance Without Control”

The increasing dependence of organisations on applications in the cloud has made it more challenging for risk and business continuity executives to satisfy themselves that the applications will be recoverable in the event of a disruption.

If your organisation has deployed critical applications to the cloud, how will you assure yourself (and possibly the regulator) that your systems are recoverable in the time and manner you require?

Hear from experts address this issue and work their way through a realistic scenario. We will present the perspective of an APRA regulated user, a provider and the regulator.

There will be plenty of opportunity for questions and networking at this interactive and stimulating session. Drinks will be served at the conclusion of the session.

Hit by the Azure outage? Watch out for Hurricane Florence!

“With Hurricane Florence bearing down on the Southeast US as I write this post, I certainly hope if your data center is in the path of the hurricane you are taking proactive measures to gracefully move your workloads out of the impacted region. The benefit of a proactive disaster recovery vs a reactive disaster recovery are numerous, including no data loss, ample time to address unexpected issues, and managing human resources such that employees can worry about taking care of their families, rather than spending the night at a keyboard trying to put the pieces back together.”

Lessons learned from past disasters

Robby Hill, founder and CEO of HillSouth, a Florence, S.C.-based managed services provider, told CRN: "During Matthew, we found we didn't have enough backup power for our office building, since then, we have implemented and tested our power. After Matthew, we were stuck with portable generators. Now we have one installed in our building. Matthew tested us. We were out of power for a week." 

Weather report

We can’t say we were not warned. Earlier this year, the World Economic Forum published the Global Risk Report 2018. On page 3 of the report, the Global Risks Landscape 2018 chart had 6 out of the 7 most likely and impactful risks attributable to climate change. This assessment has proved to be scarily accurate.

Why using the Potluck approach is a risky strategy

Many organisations make no formal workplace recovery arrangements for crisis management and the recovery staff. Many hope that their offices will never suffer a disaster and even if they do – intend to use the “Potluck” approach and go to a hotel if the need arrives.  
We believe this is a risky strategy - and here's why.