| I wonder how many companies were faced with | | | | The main areas are: |
| the same problem that I faced following the | | | | - Identify what potential risks could affect the |
| Christmas and New Year shutdown: my office | | | | company; |
| landlord decided that he would turn off the heating | | | | - Know what equipment would be needed in the |
| during this period in order to save money. The | | | | event of a loss of building/facility; |
| net result was that the office, and more | | | | - Keep copies of staff information off-site to be |
| importantly the computer equipment, became | | | | able to contact key personnel if required; |
| very cold. Upon turning the heating back on, | | | | - Plan who will do what and when; |
| condensation formed and this caused the | | | | - Make contingency plans for staff if buildings are |
| equipment to short out. | | | | unavailable; |
| The resulting bang not only did my constitution no | | | | - Keep copies of important information off-site; |
| good, it meant that the computer equipment had | | | | - Review and train everyone in the continuity plan |
| to be repaired. Fortunately our company has a | | | | and IT disaster recovery routine; |
| business continuity plan which was put into action | | | | - Test the plan regularly; |
| and none of our clients were put to any | | | | - Learn lessons from any tests; |
| inconvenience. | | | | - Ensure the plan is kept up to date. |
| At the end of 2007 The British Standards | | | | Having a business continuity plan in place will not |
| Institute produced an new standard BS 25999-2 | | | | stop a disaster happening, but it certainly will |
| Business Continuity Management and its code of | | | | ensure that its effect can be mitigated and will |
| practice BS25999-1. This can be either a | | | | ensure that the company can be up and running in |
| stand-alone system or as part of ISO27001 | | | | the shortest possible time. |
| (Information Security Management Standard). | | | | It is important to note that many companies that |
| BS25999-2 sets out the requirements for BCM | | | | have been subject to a major disaster and do |
| (business continuity management) and how any | | | | not have a business continuity plan have gone out |
| organisation can reduce or mitigate any incident | | | | of business. |
| which interrupts or degrades the company or its | | | | Be prepared. It is not only for boy scouts. |
| operations. | | | | |