Tags |
|
|
Links |
|
|
Digg it UP - Business Continuity Testing Starts with the Risks
"To have respect for ourselves guides our morals; and to have a deference for others governs our manners." Lawrence Sterne, Irish novelist & satirist (1713 - 1768)Etiquette, or good manners, is an important part of our day to day lives. Whether we realise it or not we are always subconsciously adhering to rules of etiquette. Much of the time these are unwritten; for example giving up your seat to a lady or elderly perso
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialise
The mobile car wash business is a great business because it is mostly in cash and the customers pay you on the spot for your work. You have low overhead as you have no real inventory and no location to have to deal with. Management is easy because generally you would be right there with the other worker or may 2-other workers and can watch to make sure they are working and doing their jobs correctly. All this sounds great righ
1. Reduce the risk. Reducing the risk falls into 2 categories – reducing the likelihood of the problem occurring and reducing the impact of the problem if it does happen. A simple example is that by having a fire alarm you are reducing the likelihood of a fire spreading unseen and by installing a sprinkler system you are reducing the impact of fire.
Reducing the risk is often referred to as mitigation. For example, data backups are a form of mitigation. They reduce the impact if a problem occurs which affects the primary data source. Any mitigating actions require testing to provide assurance they work when required.
2. Transfer the risk. This is an interesting option which may be seen as a get-out, but which is a perfectly valid thing to do. By transferring a risk it becomes someone else’s problem and you therefore have the risk covered. We are not talking about blaming someone else, or even transferring the risk to someone else in the company.
For example, there could be a risk that office space will not be available in the case of a disaster in the main location. Therefore the risk can be transferred to a third party company which organises office space for disaster recovery and keeps offices available for companies who need such a recovery service.
3. Accept the risk. By accepting the risk of a potential problem you are at least aware of its existence and can plan for it happening. If it is a risk that would have no impact for an acceptable period of time it should still be noted but you may decide to take no action until it occurs.
Almost by definition, accepting a risk is also reducing the impact of the risk as you are aware of the potential problem and can write it into your business continuity plan.
4. Ignore the risk. This option should never be selected. There is never a reason for ignoring a risk once it has been identified. A risk can be accepted (acknowledged) but must never be ignored.
Once the actions for each risk have been identified, then anything put in place to help cope with a risk needs testing. However, many companies either test nothing at all or try testing every facet of a business continuity plan. Both methods are doomed to failure. The answer is to adopt a risk based testing approach from two perspectives: the business continuity plan is fit for purpose and it will work when invoked.
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialises
How many entrepreneurs have you met who have gone out of business, simply because they failed to keep up with the times and with their competition? Those who refuse to innovate, update and improve, those who fail to reinvent themselves, are doomed to join the ranks of that sad, pathetic group of has-beens that often label themselves as “consultants” and “coaches” and haunt the “networking” meetings. They tell wonderful stories
Reducing the risk is often referred to as mitigation. For example, data backups are a form of mitigation. They reduce the impact if a problem occurs which affects the primary data source. Any mitigating actions require testing to provide assurance they work when required.
2. Transfer the risk. This is an interesting option which may be seen as a get-out, but which is a perfectly valid thing to do. By transferring a risk it becomes someone else’s problem and you therefore have the risk covered. We are not talking about blaming someone else, or even transferring the risk to someone else in the company.
For example, there could be a risk that office space will not be available in the case of a disaster in the main location. Therefore the risk can be transferred to a third party company which organises office space for disaster recovery and keeps offices available for companies who need such a recovery service.
3. Accept the risk. By accepting the risk of a potential problem you are at least aware of its existence and can plan for it happening. If it is a risk that would have no impact for an acceptable period of time it should still be noted but you may decide to take no action until it occurs.
Almost by definition, accepting a risk is also reducing the impact of the risk as you are aware of the potential problem and can write it into your business continuity plan.
4. Ignore the risk. This option should never be selected. There is never a reason for ignoring a risk once it has been identified. A risk can be accepted (acknowledged) but must never be ignored.
Once the actions for each risk have been identified, then anything put in place to help cope with a risk needs testing. However, many companies either test nothing at all or try testing every facet of a business continuity plan. Both methods are doomed to failure. The answer is to adopt a risk based testing approach from two perspectives: the business continuity plan is fit for purpose and it will work when invoked.
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialise
What you say and how you say it reveals many things. One thing it should not reveal is your stress level. Simple techniques can control your delivery and make sure that your message gets across in the manner you intend. Inner stress should not interfere with your message and how it is received.Breathe. When we are under high levels of stress the first thing that betrays us is the way we inhale and exha
For example, there could be a risk that office space will not be available in the case of a disaster in the main location. Therefore the risk can be transferred to a third party company which organises office space for disaster recovery and keeps offices available for companies who need such a recovery service.
3. Accept the risk. By accepting the risk of a potential problem you are at least aware of its existence and can plan for it happening. If it is a risk that would have no impact for an acceptable period of time it should still be noted but you may decide to take no action until it occurs.
Almost by definition, accepting a risk is also reducing the impact of the risk as you are aware of the potential problem and can write it into your business continuity plan.
4. Ignore the risk. This option should never be selected. There is never a reason for ignoring a risk once it has been identified. A risk can be accepted (acknowledged) but must never be ignored.
Once the actions for each risk have been identified, then anything put in place to help cope with a risk needs testing. However, many companies either test nothing at all or try testing every facet of a business continuity plan. Both methods are doomed to failure. The answer is to adopt a risk based testing approach from two perspectives: the business continuity plan is fit for purpose and it will work when invoked.
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialise
Increasingly, traditional benefits packages are disappearing from the Canadian business landscape. As the face of the Canadian workforce continually changes, companies are finding it necessary to address these shifts. The reality for many employers is that it is becoming more and more difficult to recruit workers if they are not able to offer an attractive benefits package. It is not simply enough to offer affordable health in
Almost by definition, accepting a risk is also reducing the impact of the risk as you are aware of the potential problem and can write it into your business continuity plan.
4. Ignore the risk. This option should never be selected. There is never a reason for ignoring a risk once it has been identified. A risk can be accepted (acknowledged) but must never be ignored.
Once the actions for each risk have been identified, then anything put in place to help cope with a risk needs testing. However, many companies either test nothing at all or try testing every facet of a business continuity plan. Both methods are doomed to failure. The answer is to adopt a risk based testing approach from two perspectives: the business continuity plan is fit for purpose and it will work when invoked.
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialise
I’m not a team sports guy. So, this time of year my head isn’t spinning with Super Bowl afterthoughts or dreams of missed calls and dropped passes. But I did watch the Super Bowl. And I enjoyed it.See, there is a not-so-obvious element of individual competition there that I like. In fact, it’s probably the part that most of us casual observers enjoy most – the commercials. While Super Bowl commercials may not be the mos
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it’s performed by an independent third party that specialises in testing business continuity plans, but it could be a disinterested party from another part of the company. Independence is essential here for an objective assessment.
Testing the plan will work when invoked, must be viewed in a business context and the elements of the plan prioritised so that the risks with the most business impact and likelihood are tested first. This approach and the techniques to perform business continuity testing in a cost effective manner are the subject of other articles.
Copyright Acutest UK 2005
HTTP = HTML link (for blogs, profiles,phorums):
<a href="http://www.diggitup.net/article/45190/diggitup-Business-Continuity-Testing-Starts-with-the-Risks.html">Business Continuity Testing Starts with the Risks</a>
BB link (for phorums):
[url=http://www.diggitup.net/article/45190/diggitup-Business-Continuity-Testing-Starts-with-the-Risks.html]Business Continuity Testing Starts with the Risks[/url]
Related Articles:
How to Make Customers Stick Like Fly Paper
GPS Tracking For The Small Business
Bookmark it:
|