Continuity & Resilience Q1 2019 by Redactive Media Group

THE MAGAZINE OF THE BUSINESS CONTINUITY INSTITUTE | Q1 2019

BCI Research steps up a gear with improved insights Evacuation versus invacuation – should I stay or should I go? Betting on blockchain – a BC/R ‘must’ or is it all hype?

ENGAGED ON ALL FRONTS Grainia Long: Planning a Resilient Belfast

Cover_Q1 2019_Continuity & Resilience Magazine 1

04/03/2019 11:49

BCI.Q12019.002.indd Continuity SA FP.indd 22

25/02/2019 08/02/2019 15:18 16:03

Q1 2019 | ISSUE 5

12 REGULARS 04 Welcome 06 News

Horizon Scan Report warns of threats to BC, Tokenization vital for security, Google ﬁned £44m

10 Debate

SPECIAL REPORT

F E AT U R E S

16 Reverse gear A look at how some emergency response teams are reverse evacuating to provide safe options in fast-moving crisis management situations

20 SPECIAL REPORT: Betting on blockchain

Opinion: Being prepared for when the BC boom ends Expert View: Making the right choice in a competitive recruitment market

News from: rom: Box, Earth Networks, Absolute, te, University of Brighton, hton, Cohesity

28 PROFILE: Grainia Long

32 Research in focus

12 Interaction

14 Tech Round-up

More than a decade has passed since blockchain was founded, but as Business Continuity and Resilience (BC/R) professionals are ﬁnding out, questions remain about its application

Belfast’s ﬁrst Commissioner for Resilience on how a resilient city is one in which all communities are connected

What does the BCI mean to you?

36 BCI News Contribute to BCI’s anniversary, BCAW theme announced, BCI wins at UK Association Awards

37 Next Generation Rohit Chaurasia, Willis Towers Watson

38 My Lightbulb Moment BCI Canada Chapter President MarieHélène Primeau on dealing with information overload

The BCI is plotting a path to provide greater insights for the BC/R community through consultation, thought leadership and action COVER PHOTO: ELAINE HILL

Contents_Q1 2019_Continuity & Resilience Magazine 3

04/03/2019 11:59

LEADERS’ MESSAGES

WELCOME Continuity & Resilience is the magazine of the Business Continuity Institute and is published four times a year. BUSINESS CONTINUITY INSTITUTE 10-11 Southview Park, Marsack Street, Caversham, Berkshire, RG4 5AF tel: +44 (0) 118 947 8215 bci@thebci.org | www.thebci.org EDITOR DeeDee Doke deedee.doke@redactive.co.uk A S S I STA N T E D I TO R Patrick Appleton patrick.appleton@redactive.co.uk REPORTERS Colin Cottell colin.cottell@redactive.co.uk Graham Simons graham.simons@redactive.co.uk CONTRIBUTING WRITERS Sue Weekes LEAD DESIGNER Carrie Bremner

TIM JANES

Scanning the horizon

ack in 2011, the BCI published the ﬁrst Horizon Scan Report, giving members and the Business Continuity community a valuable insight into the fundamental drivers of disruption. Since its inception, Horizon Scan has trebled in scale and detail. The 2019 edition, eighth in the series, draws on the input of nearly 600 global professionals to provide a review of trends over the last 12 months and a forecast of the disruptive forces anticipated in 2019. The BCI Good Practice Guidelines 2018 explains: ‘Horizon scanning is used

to monitor and identify potential threats to an organization and considers longerterm change and underlying trends.’ Put another way, Horizon Scan offers virtual eyes in the front and back of your head along with complementary binoculars to help see further and in more detail. Every Horizon Scan report produces notable results, along with reassuring trends and the occasional surprise. The annual analysis has always reﬂected the changing global environment combined with evolving technologies that drive and adapt economic activity. In 2019, all BC/R

PRODUCTION EDITOR Vanessa Townsend PICTURE EDITOR Claire Echavarry SENIOR SALES EXECUTIVE Andrew Penny Tel: +44 (0) 20 7880 7661 andrew.penny@redactive.co.uk

D AV I D T H O R P

Engaging the Millennials

PRODUCTION DIRECTOR Jane Easterman Tel: +44 (0) 20 7880 6248 jane.easterman@redactive.co.uk PUBLISHING DIRECTOR Aaron Nicholls Tel: +44 (0) 20 7880 8547 aaron.nicholls@redactive.co.uk

his year we celebrate our 25th Anniversary. Founded in the UK with a handful of members, membership has now grown to 9,000 members in over 100 countries. The BCI has transformed itself from a small but influential networking organization into a recognisable professional body – offering education, standards, thought leadership and events alongside our membership services. Our postnominals and professional certification are recognised globally, our world conference is arguably the leader in the field, and some of the world’s biggest organizations are amongst our corporate partners. We’ve come a long way, and it’s proper that we celebrate our history. But we’re also looking forward. An anniversary such as this requires us to focus on our legacy to the next generation of practitioners as much as to honour our founders’ achievements – in fact, it’s vital, if the BCI is going

PRINTER The Manson Group, St. Albans PUBLISHED BY Redactive Publishing Ltd Level 5, 78 Chamber Street, London, E1 8BL Tel: +44 (0) 20 7880 6200 www.redactive.co.uk

© Business Continuity Institute 2019 The views expressed in C&R are not necessarily those of the Business Continuity Institute. All efforts have been taken to ensure the accuracy of the information published in C&R. However, the publisher accepts no responsibility for any inaccuracies or errors and omissions in the information produced in this publication. No information contained in this publication may be used or reproduced without the prior permission of the Business Continuity Institute. ISSN 2517-8148

Recycle your magazine’s plastic wrap. Check your local facilities to ﬁnd out how.

4 C O N TIN UITY & R E S IL IE N C E | Q1 2019

Chairman's Message_Q1 2019_Continuity & Resilience Magazine 4

04/03/2019 10:25

P H OTO G RA P H Y: A K I N FALOP E

professionals should think about these three trends: First, technology, old and new, continues to be the primary driver of past disruption and future threats. Technical innovations such as blockchain and artiﬁcial intelligence are now identiﬁed as a rising source of risk. Secondly, environmental threats loom large, as climate change imposes erratic and extreme weather events that increase in frequency and intensity. Third, political uncertainty is a returning concern as tariffs go up between major trading partners, and unpredictable politicians leave organizations and individuals in a state of bewilderment. Tim Janes Hon FBCI, MBA, BCI Chairman, Vice Chair of BCI Board

to be around to celebrate its 50th Anniversary in 2044. Two factors will make life increasingly difﬁcult for professional associations over the next 25 years. The multiplicity of online resources has taken away from the professional body its role as the source of information and learning for their profession. The high walls around the professions with carefully managed gateways into the secrets of the craft have been broken down by numerous alternatives. Social networks have been democratised and belong now to the many, delivering easy access to fellow professionals, allowing constant exchange of ideas. Technology and generational shift are eroding the USPs of professional associations. Millennial workers place less value on traditional means of networking, preferring to establish relationships and access information in their own ways.

DEEDEE DOKE

Editor’s comment

A respected professional body is important for any industry or profession but tomorrow, such associations will not look like today’s. Tomorrow’s associations will be widely networked, nimble, responsive, swift to react but also quick to lead. Bringing their organizational abilities to the fore they will remain the leaders and visionaries within their communities. They place versatility at their core, developing new ways to serve a generation who knows nothing but instant gratiﬁcation and easy access, and adapt their offerings to reﬂect the step-changes anticipated for most professions. Our next 25 years will be radically different. But we already recognise the steps we need to take to thrive in this changing professional environment.

n savvy business circles around the world, ‘Resilience’ is the word of 2019. How to achieve it, putting top people on its case, and resolving to strengthen resources and adaptability for any circumstance or incident that might come one’s way. It’s a goal, an aim and aspiration for every facet of a business or body. Its very universality has the potential to drive greater engagement between organizational divisions, when worthy Business Continuity (BC) concepts have sometimes failed to ignite a fire of urgency throughout the layers of leadership. Where BC might imply ‘process’, ‘continuum’ and ‘reaction’, Resilience reflects ‘strength’, ‘standing tall’ and ‘pride’. Those characteristics associated with Resilience are also reflected in Women in Resilience (WiR), a new group launched recently by the BCI (see p9). Aiming to connect and empower females already in the industry as well as attracting new ones, WiR should deliver a focused, fresh power source of rechargeable energy to the business of building strength and pride. And in this issue, we profile Grainia Long, holder of a new Resilience role in Belfast, Northern Ireland. Strength, pride – these are the desired outcomes of Long’s efforts in identifying and securing the building blocks for an economically and culturally successful community (see p28). Resilience: there’s something in it for everyone.

DeeDee Doke Editor

David Thorp Executive Director, BCI

5 CONTINUITY & RESILIENCE | Q1 2019

Chairman's Message_Q1 2019_Continuity & Resilience Magazine 5

04/03/2019 12:22

G LO BA L N E W S U P D AT E

1.03bn Reputation incidents cost respondents £1.03bn (based on disruptions resulting in ﬁnancial losses of more than 7% of annual turnover)

CYBER SECURITY

Encryption holds the key to secure online identities, says cyber expert By DeeDee Doke Tokenization is the future of online identity security, one of the UK’s top cyber security experts predicted on 19 Feb to an Edinburgh audience of Business Continuity and Resilience professionals. At the same time, the future of identity online is a ‘private key’, said Professor Bill Buchanan OBE, professor in the School of Computing at Edinburgh Napier University, in a wideranging talk that covered encryption and the role of the Dark Web in cyber crime. Tokenization is often explained as the process of protecting sensitive data by replacing it with unique identiﬁcation symbols, or an algorithmically generated number, that retains all the essential information about the data without compromising its security. A public key is visible to anyone through a publicly accessible repository

or directory, while a mathematically-related private key is known by only its owner. If material is encrypted and sent to someone via that person’s public key, then it can only be decrypted back into its original form by the individual’s corresponding private key. Buchanan also spoke of how large businesses still use antiquated methods for securing information online, and he warned of present and future internet dangers. For instance, he said, vacationers who install smart feeders to keep their pets fed while they are away “depend

on the reliability of your home internet connection and the availability of online services” to ensure the animals don’t go hungry. Paraphrasing Gottfried Leibbrandt, CEO of ﬁnancial messaging service SWIFT, Buchanan joked about how cyber criminals can be spotted: “Male, runs Linux on their computer, writes some Python code, has a hoodie and can be seen hunkering over a keyboard.” Joking aside, Buchanan reinforced that humans are the threat behind cyber crime, with money being a strong motivation and vast amounts of money available

through computer hacking and data theft. Part of the risk of having online identity information available is that the data is generally easily understood, such as names, bank details, and addresses. While businesses as diverse as British Airways and law firms have suffered significant financial damage through hacking, the gaming industry is the “number one target” for hackers using Ransomware DDoS as a tool to blackmail organizations to hand over large amounts of money.

Gaming industry is the “number one target” for hackers using Ransomware DDoS as a tool to blackmail organizations to hand over large amounts of money 6 CONTINUITY & RESILIENCE | Q1 2019

News_Q1 2019_Continuity & Resilience Magazine 6

04/03/2019 10:47

VISIT THE WEBSITE FOR MORE NEWS: WWW.THEBCI.ORG

£925m Unplanned IT/telecom outages

Health and safety

was the top cause of business disruption over the past 12 months

incidents cost £925m in disruptions over the past 12 months

“Resilience is skill, will and grit to succeed” Dr Sandra Bell, Head of Resilience (Europe), Sungard Availability Services, speaking at Resilient Scotland in Edinburgh (see p6 for more from the conference)

RESEARCH

He cited the anticipated passage of Liechtenstein’s Blockchain Act (see p20) as a step forward in regulating the security of tokenization. “It’s about time,” he said. “We need to be creating [identity] details that are not understandable by anyone.” Buchanan was speaking at the Resilient Scotland Conference in Edinburgh.

Horizon Scan Report: Businesses ﬁxated on wrong type of threats

IMAGES:ISTOCK/SHUTTERSTOCK

By Colin Cottell Business Continuity and Resilience professionals are having their attention diverted towards high-impact ‘black swan’ threats, and are underestimating the threat from costly and frequently occurring disruptions such as those caused by health & safety incidents, according to The BCI’s Horizon Scan Report 2019. The report, based on the responses of 569 industry professionals across 70 countries, and supported by the British Standards Institution, reveals that ‘black swan’ events like critical infrastructure failure and natural disasters are among the most anticipated threats in the next 12 months, even though they occur relatively infrequently. In contrast although health and safety incidents rank second in the top 10 disruptions in the past 12 months – costing respondents to the survey $1.9bn (£925m) – they only rank 12th in

terms of what industry professionals see as the leading threats in 2019, behind the top three of ‘data breach’, ‘IT/telecom outages’ and ‘adverse weather events’.

51% say organizational resilience is an essential element in longterm business survival

28%

associate organizational resilience as strictly a Business Continuity issue

Speaking at the launch of the report to an audience of industry professionals in London, the BCI’s Head of Thought Leadership, Rachael Elliott, said that despite the evidence these ‘black swan’ incidents “are unlikely to happen, people still worry about them”. Elliott went on to suggest that media coverage and the concerns of company boards played a role in shaping perceptions, pointing to the threat of a data breach – seen as number one for 2019, even though it was only fourth in the 2018 disruption table – as a prime example. For more on the BCI’s research operations, read our feature on p32

7 CONTINUITY & RESILIENCE | Q1 2019

News_Q1 2019_Continuity & Resilience Magazine 7

04/03/2019 12:01

IN BRIEF

NEWS

Google receives £44m ﬁne for GDPR breaches

Understand key risks, report says Safety preparedness relies on developing a plan based on understanding where the risks and threats are, a report has said. The American Society of Safety Professionals’ ‘How to Develop and Implement an Active Shooter/Armed Assailant Plan’ said that once developed, staff should be trained and drill frequently. Developing key relationships within the police and ﬁre departments was also recommended by the report.

Google has been hit with the biggest fine to date for GDPR breach following an investigation by French data regulator CNIL. The technology firm was fined E50m (£44m) in January, with the regulator saying the penalty was handed down due to “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. The decision came following complaints filed by privacy groups.

C R I S I S M A N AG E M E N T

By Colin Cottell Airports bring their own unique challenges for emergency planners, particularly when it comes to how to manage the movement of passengers when a threat arises, according to the general manager, enterprise risk & corporate resilience at Bangalore International Airport. Dr KJ Devasia, told Continuity & Resilience (C&R) that the complex rules and regulations in force at airports limited the options available to emergency planners. In particular, he explained: “the nearest escape route is not always possible or ideal in a passenger terminal building, as the passengers who already completed immigration clearance cannot go back to the departing port even during emergencies as it’s against the border security regulations.” These regulations have to be taken into account by emergency planners, said Devasia: “Airport terminal evacuation planning – be it structural planning, non-structural planning, or process planning – needs to classify the whole building in to ‘airside’ and ‘landside’ zones, where passengers who cleared security/immigration would be evacuated only to the ‘airside points’ while others to ‘landside assembly

points’. The myriad of regulations and laws, be they border security, customs, national security laws and fire safety laws pertaining to passenger terminal buildings, also mean that designing emergency evacuation plans “requires specialised knowledge and skills”, said Devasia. Devasia said that because of “the specific kinds of risk attached with airports, and restrictions and limitations of space”, it was important that the evacuation strategy for a terminal building “should have flexible options” both pre-planned and those that could be decided on at the time of the crisis.

IMAGES:GETTY/S H U T T ERSTO C K/A LA M Y

Threatening incidents pose ‘ﬁght or ﬂight’ problem for airports

For more on evacuating in challenging situations, read our feature on p16

Other strategies that could be useful include:

“But this is only possible if the building is not under

Evacuees being shifted to specially-designed lowﬂoor buses/coaches on the airside and shifting faster to the assembly areas. “This will ensure that passengers don’t proceed further to the apron and aircraft movement area posing risk to life by aircraft movement,” Devasia said. Passengers who clear processing but are awaiting

boarding can be allowed to board the aircraft, with it then being towed-off to the apron away from the affected building. If a full evacuation of the airport terminal building is not critical, passengers of the affected zone can be shifted to another unaffected zone of the building with a clear and speciﬁc cordon.

threat due to bomb blast/ building ﬁre/earth quake, etc,” said Devasia. Sometimes the boarding g bridges can be deﬁned as exitways to the ‘safe zones’, while in some otherr situations the escalators and travellators can also to be used as exit routes, e something that is otherwise not recommended.

8 CONTINUITY & RESILIENCE | Q1 2019

News_Q1 2019_Continuity & Resilience Magazine 8

04/03/2019 13:21

VISIT THE WEBSITE FOR MORE NEWS: WWW.THEBCI.ORG

$1.872tn

Wells Fargo has $1.872tn (£1.434tn) in total assets, making it the fourth largest bank in the US by assets

CYBER SECURITY

Power outage causes chaos for Wells Fargo

IMAGES:GETTY/SHUTTERSTOCK/ALAMY

By Patrick Appleton Wells Fargo CEO Tim Sloan has apologised to customers after the US bank suffered an outage that halted operations for days in February. “I apologise to our customers and team members for the inconvenience caused by the system issues we experienced,” Sloan said in a public statement. “While we were able to restore operations

throughout the day and continue to address customer concerns, our recovery from these issues was not as rapid as we or our customers would have expected.” The incident was a result of power shutdown at one of the bank’s facilities following routine maintenance and not due to a cyber security event, Wells Fargo said in an online post. However, customers were unable to access their accounts via ATMs,

computers or smartphones for days, with internal payroll also affected. Bitcoin and cryptocurrency supporters were quick to jump on the incident, with dedicated blogs, websites and social media users claiming Bitcoin would never suffer such problems. According to Bitcoinexchangeguide.com, the currency is “impossible

to be shut down”. “Even if a country turns off the internet for a few hours, there are other countries that can turn on their mining rigs and set up nodes to keep the network running,” it wrote on its website. “Moreover, if there is a problem, nodes can be set up via satellite, thus making it almost impossible to shut the whole network down.”

DIVERSITY

BCI forms group to increase opportunities for women opport By Patrick Appleton Apple The BCI has lau launched a new group aimed at connecting and women in Business empowering wo Continuity and Resilience (BC/R). Resilience (WiR) will Women in Res “seek to attract m more women into the industry” and promote those in BC/R pr to “become leaders leade and advance in their careers”. caree The WiR W committee will be chaired by Gianna

Detoni, with Kate Needham-Bennett (pictured) as Vice Chair. Ruth Massie, Esra Gulﬁdan, Sandra Bell and Julia Graham make up the remaining committee members. Commenting on diversity in Resilience, Belfast’s Commissioner for Resilience Grainia Long said that any industry must reﬂect the community it serves, but change will take time. “My experience of Resilience within the 100 Resilient Cities (100RC) network is one of an extremely diverse

nature, but the 100RC is a global network so that is to be expected,” Long told C&R. “In a general sense, it is critical that those people who are leading industries reﬂect the communities we serve. No single action will suddenly make an industry more diverse – a range of changes are required. “Despite that, huge progress can be made quickly if leaders are prepared to step up and make a commitment to diversity and demonstrate why it is so important to an industry.” For more on the work Grainia Long does at 100RC and Resilient Belfast, read our Proﬁle on p28

9 CONTINUITY & RESILIENCE | Q1 2019

News_Q1 2019_Continuity & Resilience Magazine 9

04/03/2019 10:49

D E BAT E

THE BIG QUESTION

T R E V O R PA R T R I D G E , U K

Be a part of it For me, the world of the BCI is a place which provides us with a wealth of resources at our fingertips. A ‘go-to’ location, virtual or actual, to share in, prepare in, train in and even play in. It is somewhere to guide us and provide for us, with qualifications, information, publications and consultations. The organization also encourages us to be collaborative and demonstrate a mutual understanding to the common good, helping to create that ‘resilience for the future’. Notwithstanding all the above, it has been my involvement on the committee of the London BCI Forum that, in my view, encapsulates the essence of what the BCI means to me. Volunteering our time to meet on a regular basis, with specific roles to fulfil, and achieving the primary aim of developing, organizing, promoting and delivering events on a twice-yearly basis. Over the past number of years, this particular forum has been organizing really successful, well attended events in order to share good practice, get people involved in the Business Continuity Management (BCM) community, encourage lively debate, and develop relationships along the way. To borrow from a lyric from a Stevie Wonder festive song, “That’s what the BCI means to me my love”. Trevor Partridge MBCI Director, 2 b Continued

What does the BCI mean to you? Y U I C H I R O M AT S U I , J A PA N

Knowledge is key The BCI is an absolutely irreplaceable organization for me as a Business Continuity (BC) consultant for three aspects. Firstly, it is a great source of information and knowledge. We obtain a variety of information including the latest news and trends in various countries/industries, and

a wide range of knowledge related to BC through the BCI. By using such information and knowledge in our consulting business, I am able to improve the quality of our service and keep our clients satisﬁed. Secondly, the BCI is a precious place for networking. We exchange information and experience with experts and practitioners from various countries at the conferences. Also, the BCI is a prestigious organization for

10 CCONTINUITY O N TIN T INN UIT ITYY & RESILIENCE R EESS IL I IE NNCC E | Q11 2019 2 0 199 201

Big Question_Q1 2019_Continuity & Resilience Magazine 10

01/03/2019 12:42

D E B AT E

DR CLIFF FERGUSON, SOUTH AFRICA

Network for change As far back as 2010 when BCM was not well known or functioning well in the South African government, I called on the BCI for assistance to do the first BCM boot camp in Bela-Bela, north of Pretoria. The BCI London office sent Jane Howe, an FBCI from Canada, to facilitate the aforementioned request. After the four days of good practice guidance training the CBCI certification exam for South Africa was written by about four executive and 11 senior managers. From this date onwards, the Government Pensions Administration Agency (GPAA) built its BCM practice on the expert knowledge gained at this event. Hereafter, since 2014, the BC programme for the South African government has been modelled off the pilot studies done at the GPAA. BCI membership brought with it the following advantages: international resilience networks and best practice, an

VICKY MCKIM, US

IMAGE: SHUTTERSTOCK

A place to connect evaluating the achievements of BC professionals with the BCI Awards. It was with great honour that I made the Hall of Fame in 2018. It is the greatest achievement of my career at this moment, and it drives my motivation in my work as a BC consultant and chief executive. I will keep challenging myself to make our service excellent as a BC consultant, and also keep contributing proactively to the BCI’s varied activities. Yuichiro Matsui AMBCI President, Minerva Veritas Co

To me, the BCI means connection! The BCI connects its members to its many excellent resources. It connects us to each other, to training, education, mentoring and to opportunities. Their many articles, classes and conferences deliver these connections to us. Our knowledge and the relationships gained through the connections provided by the BCI then connect our companies, organizations, industries, communities and nations across the globe. When considering further the lives improved because of our connection to the BCI, the number becomes staggering. There are hundreds

ever-increasing body of knowledge, and group and personal development. In my tenure as forum leader and South African Development Community (SADC) Chapter board member I can relate to my growth as a BC practitioner in both the private and public sectors. The different SADC and international conferences, development programmes and practical implementation have all played their part in this. I enjoy the profession because the principles work, they are easy to understand and are advantageous to business and also one’s private life. This is a very positive way to give back knowledge and practice to make society a safer place. Dr Cliff Ferguson MBCI Director – Strategy, Policy and BCM | Strategic Support, Government Pensions Administration Agency

of thousands, perhaps millions of people, who work for the companies directly beneﬁting from those connected to the BCI. These individual employees become more resilient because their jobs are more secure, meaning their families are better protected ﬁnancially. Then the business’ stability and resilience touches its clients, too, increasing the pool of lives improved because of one connection the BCI made. While it seems like a small thing to connect a single person to knowledge and relationships, the effects of those connections over a quarter of a century are truly momentous. Congratulations to the BCI for being the connection we all need. Here’s to the next quarter century. Vicky McKim, AFBCI, MBCP, CRMP, Risk Management and Business Resilience Director, Aureon Consulting

11 CONTINUITY & RESILIENCE | Q1 2019

Big Question_Q1 2019_Continuity & Resilience Magazine 11

04/03/2019 11:49

INTERACTION

OPINION D OV G A R D I N

We must be prepared when the BC boom ends

hen I came to write this article, I set to work trying to figure out what our top challenge was going to be this year as an industry. Topics included: Brexit, trade tensions, climate change, weakening financial systems, polarisation of political parties, supply chain complexity and cyber security risk, among others. However, with such a range of issues, how could just one deserve the top spot? So, as I thought about the one issue that would relate to everyone, I stumbled across a topic that will impact almost all of us. The Business Continuity (BC/R) and Resilience business is booming, but for how long, and what comes after the boom? I previously spent almost a decade in the BC/crisis management consulting industry. It was often a struggle to find clients willing to spend money on sustainable BC/R programmes. But then came a change, and the resiliency resource floodgates opened. From the BC/R industry perspective, this is a fantastic development. Firms are investing in Resilience. It means we can do more to protect our businesses, to create new and better methods, and tools to support our programmes. It means our jobs are a little more stable. But what happens after the boom? As we well know, plans must be maintained, BC teams must train and exercise, and employee engagement

By stripping away excess and creating a simpler programme, you should be able to weather a downturn in resources

activities must continue. While we all should welcome this boom, we should also plan for when it ends. What happens when resources become scarce and funding dries up? Here are a few thoughts for how to begin planning for this eventuality.

Follow the KISS rule (keep it short and simple). BC tends to use terminology and jargon that is foreign to the business, relies on boring data-collection methodology, and spends a lot of energy collecting data in overlyprescriptive recovery plans. With careful reviewing, streamline those plans. By stripping away excess and creating a simpler programme to run, you should be able to weather a downturn in resources.

THIS QUARTER’S BEST TWEETS TWITTER @THEBCEYE

Alissa Farina @FarinaAlissa Dec 27 One of the guys from IT just told me I’m their “#1 customer” for asking for access to websites blocked by the ﬁrewall. Not sure if that’s a good or bad thing...

Tomicah Tillemann @TomicahTD Jan 23 How do you reach consensus among disparate actors in the struggle for blockchain interoperability? @brianbehlendorf says you need to have “proof of work” (real work) among participants in the system. #BlockchainCentral #Davos @Hyperledger

Jim Mitchell @JMitchell52 Feb 18

Empower the business to own the programme. At Allergan we set up BC teams at every site, led by BC coordinators (BCCs). Through training, these are responsible, empowered, motivated and incentivised to maintain their programmes. And, in coordination with the above, you do not overburden your BCCs. Aim for a maximum 20 hours per year of work for any BC participants.

Focus on driving awareness, engagement and a culture of resiliency, beginning with senior leadership.

Dov Gardin is Director and Head of Global Risk Management and Continuity at Allergan.

Data collection isn’t the goal of #BusinessContinuity Planning. You’ve got to be able to connect the dots! ow.ly/bJMb30dL7YI #BCMP #BCMData

Panta Ray @ﬁnallypantaray Feb 19 The @TheBCEye Horizon Scan Report 2019 is ﬁnally out with some good news. Organizations adopting #businesscontinuity plans experience lower losses than the average from disruptions in the last twelve months. This is why investments in BC are increasing. https://bit. ly/2DU05ze/2FqP2l7

12 CONTINUITY & RESILIENCE | Q1 2019

Interaction - Opinion_Q1 2019_Continuity & Resilience Magazine 12

01/03/2019 12:43

INTERACTION

EXPERT VIEW CHEYENE MARLING

Making the right choice in a competitive employment market

ith more than 20 years of recruitment expertise in the Business Continuity (BC) profession, I have experienced the evolving trends within the profession, along with the peaks and pitfalls of the employment market. Currently, the employment market is surging, and through research and experience, I provide advice to organizations looking to hire in an ever-increasing candidate market. The pool of aggressive jobseekers has dwindled substantially with a drop in CV/résumé submittals and current job openings seeing fewer application responses; conversely, more companies are looking to hire. Data ﬁndings at Firestorm Solutions indicate that 14% of organizations will be seeking to hire personnel to support their Business Continuity/Resiliency planning initiatives in the next year; however, professionals accepting new positions with another company have been decreasing from 13% in 2015 to 9% in 2018. Additionally, 58% of Business Continuity Management (BCM) professionals have been with the same employer and working in the same role for three years or less, while 30% have been with the same employer in the same role for 4-10 years. These trends create a challenging employment

market. Here are four key strategies to keep in mind when seeking to hire:

Organizations should deﬁne the programme personnel needs for today and three years out Think about how your organization might be changing in the coming years, and the culture ﬁt or competencies needed to complement your current team and organization.

Does your job description communicate the right message? It is crucial to ensure that the job description is communicating the right message. One of the biggest struggles within the BC profession is terminology! Not only do we mix and match BC, disaster recovery, Resilience, crisis management and emergency management, but job titles are all over the board. A well-written job description should include appropriate job functions, reporting structures, required credentials and preferred skills.

If you are open to candidates not meeting all of your defined credentials, communicate your preferences and wishlist correctly to your recruiters

Research compensations/ salaries Benchmarking an appropriate compensation or salary range will help eliminate an exhaustive search that keeps running in circles,

with multiple offers being declined or discovering that the pool of qualified candidates needed for your role are all priced out of your defined range. Many hiring managers are unaware that some of the most challenging roles to recruit for are positions seeking three-to-five years’ BCM planning expertise. Our data shows that the candidate pool of those with less than five years’ total work experience represents less than 2% of the BCM profession. Another important element to determine an appropriate salary range is researching the hiring trends within the geographical area of the person you seek to appoint. A knowledgeable, global recruiter who keeps tabs on the candidate/hiring market will be aware of these trends.

Define the hiring process, but avoid common obstacles When determining the interview timeline and individuals involved in the process, ensure your hiring process isn’t too lengthy. Candidates are receiving offers at a pace that almost compare to the dotcom days. Don’t fool yourself if your internal or external recruiter sourced your number one candidate as a passive seeker. Every professional will start to assess the job market after one company approaches them. If you’re open to candidates not meeting all of your defined credentials, communicate your preferences and wishlist correctly. Many recruiters will make a list of candidates meeting all the credentials and only screen those professionals. Candidates without a certification or degree may never receive a first-stage interview and that individual could have been the diamond in the rough. Cheyene Marling is Founder, President and Executive Vice President of People Solutions & Programme Analytics at Firestorm People Solutions.

13 CONTINUITY & RESILIENCE | Q1 2019

Interaction - Expert_Q1 2019_Continuity & Resilience Magazine 13

04/03/2019 12:02

TECHNOLOGY

Box launches UK zone to ease Brexit data concerns Cloud content management company Box has launched a UK in-country zone ahead of Brexit, which will enable organizations to keep their content securely in the UK. Box Zones aim to give businesses the ability to manage and store data in the region of their choice. The UK zone allows customers to keep encrypted, ‘at-rest’ content in the UK and enable them to prepare for and address any data residency, sovereignty and privacy concerns that might arise as the country leaves the European Union. There is a primary data centre in London and a secondary one in Cardiff. There are also zones in Australia, Canada, Germany, Ireland, Japan, Singapore and the US. Multizone support introduced last year allows users to collaborate across any of these zones. Box has been independently reviewed by multiple European Data Protection Authorities for its privacy and cloud protection practices. www.box.com

Data governance platform in developmentt

Mapping future weather Earth Networks has launched Sferic Maps 2.0, its latest advanced weather alerting and decision-support platform, which provides users with a broader set of features to minimise risk and disruption. It features more than 80 map layers such as snow amount and probability forecasts, freezing rain probability forecast, ﬂash ﬂood guidance, rain water accumulation, tropical and historical storms, and US state and county boundaries. It also provides userlocation-based mobile alerts, radar forecasting (which can track incoming weather hours in advance), and improved animations. Sferic Maps 2.0 is also integrated into Sferic Protect, which is a subscription-based suite of weather management tools, lightning-triggered outdoor alerting, and meteorological support for operations directors, Business Continuity professionals, and others who require a fullweather solution to protect high-value assets. Earth Networks is active in more than 80 countries. www.earthnetworks.com

TECH ROUND UP Best new tech this m onth month

The University of Brighton is leading a nce project to develop a data privacy governance platform that will help organizations in different sectors to assess and address the challenges of complying with General Data Protection Regulation (GDPR) as welll as increasing their operational capacity. The EU-funded Data Governance for e Supporting GDPR project (DEFeND) will be tested in four EU countries and across healthcare, banks, energy and local government. Participants include digital services provider Atos in Spain, international law firm Bird & Bird, IT system Back-up solution vendor Cohesity has launched a broad set of new company Maticmind in Italy, capabilities to directly combat ransomware attacks on its DataPlatform. software company GridPocket in The new features aim to prevent, detect and respond to attacks. France and Bulgaria’s Peshtera Cohesity’s immutable file system SpanFS serves as the core defence municipality. DEFeND focuses on mechanism by keeping back-up jobs in an unchangeable view. If an the planning and operational side attacker tries to modify the back-up, the Cohesity DataPlatform will of GDPR across the areas of data write the data to a new instance, preserving the original snapshot. scope, process and data breach. Cohesity DataLock allows security officers to lock a back-up snapshot The university’s Centre for Secure, so even an individual with the highest level of access can’t modify Intelligent and Usable Systems is or delete it. The software also allows customers to locate and delete undertaking the work. infected files across their global data footprint, including in the cloud. brighton.ac.uk/csius/index.aspx www.cohesity.com

BEST NEW TECH

IMAGES: SHUTTERSTOCK/ISTOCK

Backing-up core defence to ransomware attacks

Absolute peace of mind for remote workers Personal computer and smartphone company Vaio is helping organizations build in more Resilience for remote workers by integrating Absolute’s Persistence technology into its devices. The increasing mobility of remote workers is creating “exponential risk” for organizations when it comes to data because the tradtional network perimeter has been “diminished” as a primary defence against threats, says Absolute. The company’s Persistence technology creates a “digital tether” to keep IT teams informed about the security of their device populations and in control of their endpoints. A self-healing connection eliminates the need for users to disable vital security controls mandated by IT teams. The technology is being integrated in the Vaio Pro PA and A12 models that have recently been introduced in Japan. www.absolute.com

14 CONTINUITY & RESILIENCE | Q1 2019

Tech Round Up_Q1 2019_Continuity & Resilience Magazine 14

04/03/2019 12:02

An award-winning two-way mass communication platform R

PRE

M M U N IC AT E

APP FAILURE

Incidents

Ping Messages

FLOOD Tasks

Emergency

FIRE

Incidents Ping

CYBER ATTACK

Mobile platform built from the user upwards Easy for organizations to deploy Delivering unified, dependable and secure communications Most Innovative BC Product of the Year

Cloud DR & Continuity Product of the Year

WINNER

2016

2018

Go to www.crises-control.com/request-a-demo.html and quote “C&R” to get £100 in telecoms credit .

BCI.Q12019.015.indd 15

26/02/2019 09:19

BY COLIN COTTELL

REVERSE GEAR

Sometimes advice on evacuation as a response to a violent incident may be inappropriate. Emergency planners are now talking about ‘reverse evacuation’ or ‘invacuation’, whereby people shelter in a safe place in a building 16

CONTINUITY & RESILIENCE | Q1 2019

Feature 1 - Evacuation Invacuation_Q1 2019_Continuity & Resilience Magazine 16

01/03/2019 12:44

EMERGENCY RESPONSE

n the past six years, Guy Grace, Director of Security and Emergency Preparedness for Littleton Public Schools in Colorado, US, has been through two active shooter incidents. In December 2013, student Karl Pierson walked into Arapahoe High School and shot dead fellow student Claire Davis before turning his gun on himself. And in August 2017, a young man went into another local school and shot himself in the head. Other more routine threats to staff and students of the 30 schools Grace has responsibility for are mountain lions, bears and coyotes, as well as bank robberies and police activity close to schools. For those involved in emergency planning and crisis management, such incidents pose an enormous dilemma. Standard protocol backed up by ofﬁcial guidance – such as the UK’s ‘Run, hide, tell’ – for what to do in a terrorist incident, suggests the ﬁrst response is to get away from the threat, but the question is which way? That is why, along with focusing on the standard evacuation protocol for dealing with emergencies, equal attention is paid to invacuation, also called ‘reverse evacuation’ or ‘shelter in place’, says Grace. “Whereas evacuation protects staff and students by getting them out of the building by a route designed to avoid contact

“To invacuate, lock the building down, stay where you are and wait for the police to come and deal with the situation” Barry Moss, Managing Director of UK-based BWM Consulting

with a potential threat, a reverse evacuation gets staff and students into the safety of a building,” he explains. Depending on the nature of the threat, this basic protocol can then be modiﬁed by what is called ‘a directed response’ – for example, by moving staff and students from outer classrooms to the interior of the building. According to Grace, in the past two years, there have been 17 reverse evacuations in Littleton Public Schools. Barry Moss, Managing Director of UK-based BWM Consulting, which advises organizations on how to plan for and respond to emergency incidents, says deciding whether to evacuate or invacuate should always be “threat- and location-speciﬁc”. “If there is a threat from an angry parent with a mental health problem in a school, the idea of running away when there are three and four-year-olds involved is not a good idea,” he says. In those circumstances Moss says his advice to clients would be “to invacuate, lock the building down, stay where you are and wait for the police to come and deal with the situation”. Conversely, a location where there is lots of CCTV in operation, giving good ‘eyes on’ a threat, together with good communications with decision makers, provides optimum conditions for evacuation, he says.

Getting people out of a building by a route designed to avoid contact with a threatening individual can provide a robust form of civil protection while emergency services deal with the incident

17 CONTINUITY & RESILIENCE | Q1 2019

Feature 1 - Evacuation Invacuation_Q1 2019_Continuity & Resilience Magazine 17

01/03/2019 12:44

EMERGENCY RESPONSE

Crowded Places, guidance produced by NaCTSO, the UK’s National Counter Terrorism Security Office in 2017, includes invacuation as one of eight different responses that organizations and those managing ‘crowded places’ should prepare for to counter the evolving terrorist threat. These responses include a full-site evacuation, a partial or zonal evacuation, a directional evacuation, where people are directed to specific exits or routes, as well as a full or units, maternity wards and children’s wards is tightly partial invacuation. controlled, with electronic locks and people having to be Moss says the first step is to ask yourself, ‘What are the buzzed in, he says. problems that would require you to evacuate, invacuate James McAlister, who runs Crisis Prepared, a UKor lockdown?’ “Do a bit of threat analysis. Work out who based organizational resilience consultancy and is a the bad people are, what are they likely to do to you, and former chairman of the BCI, says the problem is breaking how could they do it,” he advises. the evacuation habit that for many organizations Ian Taylor, Emergency Planning and Resilience has become the default response developed over Manager at Surrey and Borders Partnership several decades. It has literally been drilled into NHS Foundation Trust, and Chair of the them, he says. “There is no thought process – South East Branch of the Emergency the alarm goes off, they go to a fixed point, they Planning Society, says the general principle take a cup of coffee with them, it’s a drill they within the health sector is horizontal have done every year.” evacuation. “If there is a fire, you move Furthermore, he says that patients so there are two sets while it is relatively easy to drill of fire doors between them and for evacuation, commercial the fire.” He explains that most organizations are less prepared to NHS hospitals have fire alarms go through the disruption of regular with one tone indicating you ‘hibernation’ exercises, where staff are in the danger zone and need are invacuated to ‘safe areas’ within to move, and another tone that their building. “Nobody has done it indicates you are in ‘a safe zone’. properly, because it is difficult to do More generally, he says, “You and time-consuming,” he says. don’t leave the building unless Another challenge is that many you absolutely have to… You organizations do not own their own can’t go running outside with buildings, he says. “The essence of people who are wired up, on good invacuation is lockdown, and oxygen and on ventilators.” it is hard to plan how you would If there is a marauding invacuate when you have no idea terrorist attack, Taylor says, whether you would be on lockdown “Generally, the response is a or not.” lockdown and stay in situ for The close proximity of the public the most seriously ill.” In such can be a complicating factor, too, a scenario, a big advantage is Robert Jensen, Chairman and Co-Owner of Kenyon says McAlister. “They aren’t drilled, that access to intensive care International Emergency Services

“What you have to do is to train some good incident response crisis managers throughout your organization, so that you can then respond quickly” 18 CONTINUITY & RESILIENCE | Q1 2019

Feature 1 - Evacuation Invacuation_Q1 2019_Continuity & Resilience Magazine 18

01/03/2019 12:45

EMERGENCY RESPONSE

A mass shooting in Parkland, Florida saw 17 killed in 2018 Moving children during an incident can prove problematic

they have no idea what they’re doing, they will panic, and they don’t necessarily respond to security guards or customer service advisers’ requests to go to the back of the shop, hide under a desk or keep quiet.” Robert Jensen, Chairman and Co-Owner of Kenyon International Emergency Services, which has ofﬁces in the US, Middle East and Dominican Republic, says the decision on how to respond is further complicated by the sophistication and level of planning that those willing to harm others go to. “The thing you have to be careful with is that some bombers, terrorists and murderers will work out what they expect people to do, so they will set off smaller devices to channel people to a different area, where they can inﬂict more damage.” Although deciding on an appropriate response in a fast-moving incident and arriving at the optimum plan is clearly fraught with challenges, McAlister says there are many things that can be done. He advises that those in charge of emergency

response “should put themselves in the shoes of the bad person, and ask what they would do”. Also, consider plans with a range of options, for example, “to go towards the roof, or towards the basement, or stay where you are, are far better than ‘you will go to this point’ plan”. But he adds: “What you have to do is to train some good incident response crisis managers throughout your organization, so that you can then respond quickly.” SAFE HAVEN Grace says that in the case of US Having a protected place within schools, it is teachers and other staff who a building or on a site can be play that vital role. “They are the real an additional factor in making responders to an emergency in a school, invacuation a more viable and that is why we focus on empowering option. Such a space can have them.” This was his biggest learning from a wide variety of uses, from the 2012 Sandy Hook (Connecticut) providing shelter in a hurricane Elementary School shooting, in which or some other natural event, to 20 children and seven adults, including protection from bomb blasts and marauding attackers and the shooter, died: “We looked at giving from outside contamination. teachers the ability to make their own decisions in a lockdown, whether they are The US Centers for Disease going to shelter behind the door, escape Control and Prevention and the or care for their students, or as a last Occupational Safety and Health resort – defend themselves.” Administration have produced He says the key lessons from the the following guidelines for Arapahoe High School shooting was the such places: importance of teaching kids, alongside their teachers, the basics of protecting Choose an interior or interior rooms above the ground floor, themselves – sheltering behind a locked choosing one with the fewest door, and using the structure and windows and vents contours of the building for protection. The walls should be made of “When we look at the history of school solid materials such as concrete shootings, not one has breached a locked and steel plasterboard school door,” he says. Make sure there is a hardGrace is a big supporter of the wired telephone as, in an American Red Cross’s ‘Ready Rating’, emergency, mobile networks a free service that helps organizations can be overwhelmed become better prepared for disasters Ensure there is a strong lock on the door and that it can be and emergencies. “This emphasises that locked from the inside when you have a disaster or an active Keep some emergency shooter event, the biggest thing before supplies in the room such as they react is for the people in the event bottled water to use their senses – sight, sound, smell Depending on the threat, and touch. Having a plan about how you seal all windows, doors and would evacuate if there is a bomb threat vents with duct tape and is good, but what if it is a diversion to get plastic sheeting us out of the school?” he says. Whether planning for evacuation, Protected spaces should also be away from stairwells or lift invacuation, or something in between, shafts where these open at perhaps the most important lesson for ground level onto the street. emergency planners and crisis managers This will reduce the chances is the need for them to empower their of bomb blast damage. Check people at all levels to have the skills and whether the safe room meets confidence to react to what is happening official guidelines. in front of them.

19 CONTINUITY & RESILIENCE | Q1 2019

Feature 1 - Evacuation Invacuation_Q1 2019_Continuity & Resilience Magazine 19

01/03/2019 12:45

SPECIAL REPORT

BLOCKCHAIN

More than a decade has passed since the technology was founded, but as Business Continuity and Resilience professionals are ďŹ nding out, it could pay off in the long-term to invest

SPECIAL REPORT

BETTING ON BY SUE WEEKES

BLOC 20

CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 20

04/03/2019 10:52

BLOCKCHAIN

KCHAIN 21 CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 21

04/03/2019 10:52

SPECIAL REPORT

BLOCKCHAIN

ata underpins every business function – so a technology that claims to be able to store and distribute data safely and securely, as well as verify and authenticate it, has to be on the radar of every Business Continuity and Resilience (BC/R) professional. While experts say most current blockchain projects in the field of BC/R are said to be in a “proof of concept” or “experimental” phase, with the primary focus on efficiency, they also say that resiliency is emerging as a “side benefit” of this technology. “Blockchains, like social media, need the network effect; the more people who use them, the more valuable they become. As they mature, I believe that we will see a greater realisation and use of blockchain as part of organizations’ resiliency strategy,” says Darren Wray, CEO of consultancy FifthStep, with offices in London, New York and Bermuda, whose specialist areas include cyber security, governance and compliance. Put simply, blockchain is a database, but its inherent characteristics mark it out from our traditional understanding of databases (See box p23). For a start, blockchain doesn’t reside in one place but is rather a distributed database run by a peer-to-peer network that could, for example, represent everyone involved in a supply chain. Its main unique selling point is that this decentralisation means that anything held on the blockchain cannot be altered without consensus of the network. Blockchain was originally developed in 2008 by Satoshi Nakamoto as a public ledger for the cryptocurrency Bitcoin. Recent years have seen it build momentum outside of the cryptocurrency and fintech world, and now BC professionals have to consider getting the right blockchain in place for successful implementation in the long-term. “All [different blockchain programmes] have some specific characteristics that make them more suitable for certain transactions than others,” explains Peter Snoeckx, Senior Project Manager and Consultant at Belgium-based IT, innovation and strategy consulting firm Quovis, warning that he foresees a shakeout in the coming years. “Some technologies will become the leaders. A Business Continuity risk is hence that when you start a blockchain project now, you have to ‘bet’ on the right technology so that this still exists in another five or 10 years.” Peter Snoeckx, Senior Project Manager and Consultant, Quovis

“A Business Continuity risk is… when you start a blockchain project now, you have to ‘bet’ on the right technology so that this still exists in another five or 10 years”

22 CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 22

04/03/2019 10:52

BLOCKCHAIN

59%

BELIEVE BLOCKCHAIN WILL DISRUPT THEIR INDUSTRY (Deloitte 2018 Global Blockchain Survey)

“It is basically an immutable ledger of transactional data. So, whatever happens to your Each blockchain is made up of systems, you can always ‘blocks’ of data that are linked recover the data stored in together and run by a peer-to-peer the blockchain provided network. Its immutability comes you have the keys. You can from each block having inherent also use the blockchain characteristics. These include a as a proof that certain cryptographic hash of the previous electronic documents are block, a timestamp and transaction indeed the authentic ones, data. Blocks cannot be added or altered retrospectively without thus preventing fraud.” the consensus of the network. If As Snoeckx points anyone tries to change a block out, with blockchain it is without consensus the hash and often hard to distinguish timestamp will change and expose between the marketing the tampering. buzz and reality. He describes most of the projects in the ﬁeld of BC/R as being in a ‘proof of concept’ phase and those that are live are at a small scale. FifthStep’s Wray explains that it is unlikely that blockchain will become the primary way for

HOW DOES BLOCKCHAIN WORK?

an organization to back up its data because it currently isn’t designed to hold large amounts. However, it can be extremely valuable as a backup for an organization’s transactional data and asset register, storing details of, for example, its property, vehicles, investments and physical assets. “Such internal blockchains would provide an immutable record of all the movements and changes, providing a far greater level of resiliency than is possible with a traditional database approach,” Wray says. “The volumes of data typically stored in a blockchain are unlikely to contain a company’s full data compliment, but recovery from blockchain should certainly be part of an organization’s Business Continuity and recovery planning.” Blockchains also offer significant benefits in terms of risk mitigation. “They are less susceptible to hacking than many extant solutions,” explains Dr Windsor Holden, Head of Forecasting and Consultancy at analyst Juniper Research, whose Blockchain Enterprise Survey found that three-fifths (57%) of large corporations were either actively considering, or are in the

23 CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 23

04/03/2019 10:52

SPECIAL REPORT

BLOCKCHAIN

process of deploying blockchain. He adds: “The combination of transparency and smart contract capabilities can reduce time spent on contractual disputes. And a decentralised model, with no single point of failure, can also reduce the risk of business disruption.” In terms of building in more Resilience to business-critical systems, blockchain would seem to promise a great deal – but it is important to understand its strengths and limitations. Like any emerging technology, it shouldn’t be seen as a cure-all and its use must be properly assessed for economic and technical feasibility. Blockchain was originally developed for peer-to-peer transactions, negating the need for a bank and so is typically used to remove an intermediary. “But you have to ask, how important is that intermediary?” says Tayo Dada, CEO and Founder of Uncloak.io, a nextgeneration cyber security company that uses blockchain. “It is sometimes important to have that middleman to ensure compliance, for example.” Organizations should also ask how many users need to see or verify the data. “If it is only two or three, using blockchain is probably overkill,” Dada says. “And how important is it for people not to be able to LAYING DOWN change the information? THE LAW These are some of the Liechtenstein, a tiny principality questions that make up located between Austria the acid test for whether and Switzerland, has drafted to use blockchain. legislation for a Blockchain Act “If a BC professional to “strengthen the legal certainty has created a set of for users and service providers”, processes for what to do according to professional in the event of a failover, services ﬁrm PwC. Published in August 2018, the Act and the integrity of them Lichtenstein’s geopolitical is really important. If position are predicted to make they are altered, this the German-speaking country could cause issues so you “a leading light for blockchain could have a blockchain regulation”, says website that supports these CryptoBrieﬁng. Lichtenstein is documents and ensure not a member of the European they cannot be changed.” Union, but is part of the Blockchains could European Economic Area. have a key part to play Passage of the Act is anticipated in Q1 this year. in making supply chains

more robust and secure in the future, given the number of people involved in them and the importance of data integrity and compliance. Last year, shipping company Maersk and IBM formed a joint venture to provide more efficient and secure methods for conducting global trade using blockchain. It addresses the need for greater transparency and simplicity in the movement of goods across borders and trading zones. The companies said a new form of “command and consent” could be introduced into the flow of information and it would allow multiple trading partners to collaborate and establish a single shared view of a transaction without compromising details, privacy or confidentiality. If considering the use of blockchain, a number of issues must be considered, not least how it throws up a major challenge in the area of Europe’s General Data Protection Regulation (GDPR), simply because data cannot be deleted. Snoeckx explains that this can be surmounted by storing each data element on the blockchain with its own key, but he adds: “However, you need a place to store those keys and then that

24 CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 24

04/03/2019 10:53

BLOCKCHAIN

33m

B L O C KC H A I N

THREE EXAMPLES OF BLOCKCHAIN IN ACTION

IMAGES:ISTOCK

AT THE LATEST COUNT IN FEBRUARY 2019, MORE THAN 33M PEOPLE WERE REGISTERED AS BLOCKCHAIN WALLET USERS

Dubai: the ﬁrst blockpowered government?

In collaboration with IBM, Smart Dubai is aiming to run all applicable government transactions on blockchain. A settlement and reconciliation system was one of the ﬁrst projects to go live on its Dubai Blockchain Platform and has reduced the 45 days previously taken to reconcile and settle payments with other government agencies and banks and ﬁnancial institutions to real-time. Aligned with its drive to be blockchain-powered, the Dubai government is also aiming to go paperless. The platform will also serve as a stepping stone for organizations in the United Arab Emirates and globally to move their blockchain testing and development into full production.

A city in Nevada built on blockchain

place might become vulnerable for hacking or cryptolocking.” In addition to complying with an individual’s ‘right to be forgotten’ in GDPR, Holden stresses the importance of data accuracy. “While the data uploaded to the blockchain cannot be tampered with, there will still be the issue of ensuring that the correct data is uploaded in the ﬁrst instance.” Then there’s the issue of password management. Snoeckx warns that if an individual forgets the key to decrypt the information, it is lost, and gives the chilling example of the Canadian cryptocurrency exchange whose founder and only password holder died unexpectedly. The Hufﬁngton Post reported Vancouver-based Quadriga was seeking creditor protection in the wake of the sudden death of its Founder and CEO Gerald Cotten in December, which has left cryptocurrency worth roughly $190m (£145.3m) in limbo. The latest estimates are that the blockchain market will experience a compound annual growth rate of almost three-quarters between 2018, making it worth around $28bn (£21.7bn) by 2025, according to analyst Meticulous Research. Recent years has seen a proliferation in the number of different blockchains available. They fall into two categories: public and private. The former can be viewed by the public while

The US state of Nevada will host the first entire city built on blockchain. The technology will provide the underlying infrastructure for all interactions on Innovation Park, which occupies 67,000 acres in northern Nevada, featuring a high-tech park, developer campus and a residential area. Projects will focus on combining blockchain and artificial intelligence technology as well as explore 3D printing and nano-technology. It is the vision of lawyer and cryptocurrency millionaire Jeffrey Berns, CEO of Blockchains LLC, which is recruiting a number of partners to work on projects. The first of these is energy firm NV Energy. The two sides have a shared vision to use blockchain to place the customer in control of energy creation, consumption, storage and transactions.

Driving sustainability in South Korea

Energy is one of the sectors blockchain has gained traction in. The blockchain-based Swytch platform, which tracks, veriﬁes and rewards those reducing the global carbon footprint, is being used in Chuncheon, South Korea to accelerate the consumption of renewable energy and drive economic and environmental sustainability. The deal will see participating organizations jointly pursue sustainable alternatives to traditional energy sources through the development and adoption of solar energy and implementation of the Swytch network. Several other cities in South Korea have already developed partnerships with Swytch and it is under discussion regarding agreements with cities and organizations in Asia, Europe and the Caribbean.

25 CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 25

04/03/2019 10:53

SPECIAL REPORT

BLOCKCHAIN

69%

OF ORGANIZATIONS ARE PLANNING TO REPLACE TRADITIONAL RECORD SYSTEMS WITH BLOCKCHAIN (Deloitte 2018 Global Blockchain Survey)

the latter can only be used by those with permission. “Private, permissioned chains allow different permissions to be given to different parties, making them far more attractive for most businesses,” explains Holden. “These chains are highly secure, highly flexible and scalable; they allow a level of trust across a group that may not trust each other’s members.” Among the most popular blockchains are: Ethereum, created by a worldwide team of developers; EOS.IO, which claims to be one of the fastest protocols on the market; and Hyperledger, another global collaboration hosted by the Linux Foundation, but there are hundreds competing for dominance. Given the current hype surrounding blockchain, it might seem absurd to say that in 10 years’ time many people won’t have ever heard of the word. But while there is little doubt that blockchain will become a key enabling technology of the digital age, a time will come when it is not necessary to understand what it is or how it works as it will sit as a trusted underpinning layer of our digital infrastructure. “Technology is adopted when people don’t talk about it anymore and when it becomes part of life,” says Dada. “Blockchain will become a verification standard. For example, if you have a country or a government that is able to say ‘We use a blockchain system for voting’, people will know the integrity will be there and it can’t be falsified.”

“While the [GDPR] data uploaded to the blockchain cannot be tampered with, there will still be the issue of ensuring that the correct data is uploaded in the first instance” Dr Windsor Holden, Head of Forecasting and Consultancy, Juniper Research

26 CONTINUITY & RESILIENCE | Q1 2019

Special Report_Q1 2019_Continuity & Resilience Magazine 26

04/03/2019 12:02

Super Early Bird Tickets for BCI World 2019 are now available from thebci.org/bciworld2019 5-6th November 2019 Register now to secure your place at the lowest price

www.thebci.org BCI.Q12019.027.indd 27

28/02/2019 13:07

PROFILE

Finding Belfast’s ‘multiple problem solvers’ is top of the list for Grainia Long, as the city’s Commissioner for Resilience works towards a connected future

INTERVIEW BY PATRICK APPLETON

ENGAGED ON ALL FRONTS 28 CONTINUITY & RESILIENCE | Q1 2019

Profile Grainia Long_Q1 2019_Continuity & Resilience Magazine 28

01/03/2019 12:45

PROFILE

s Belfast’s first Commissioner for Resilience, Grainia Long doesn’t have the benefit of learning from or avoiding the pitfalls of her predecessors. But she’s had to constantly learn important lessons on how to best prepare Northern Ireland’s capital for the myriad challenges that lie ahead during a whirlwind opening few months in the role. Appointed last April, Long’s tenure to date has included dealing with a major fire at a leading Belfast department store and its long-lasting aftermath, complete with widespread economic impact, and learning from other cities about local improvements that pay dividends for building community resilience. Belfast is the only city on the island of Ireland to have been selected to participate in the 100 Resilient Cities (100RC) network, in which the Rockefeller Foundation has invested more than £164m (£126m). Long’s role within Belfast City Council is funded by 100RC for two years. “The role is so cross-cutting, it could be placed within any of the major institutions in the city,” says Long, adding that incorporating more risk awareness into decision making is important, so the city is prepared when the threats arrive. “And they will,” she says. “We can’t put our heads in the sand on that.” Long grew up in Dublin during a period of rapid social change that eventually blossomed into a sustained economic boom known as the ‘Celtic Tiger’. She wants the same for Belfast, but as Chief Resilience Officer (CRO), avoiding the aftermath – a debilitating recession – is a fundamental aspect of her role. So too is keeping an eye on the problems of political violence that have plagued Northern Ireland (NI) since the late 1960s. Although The Troubles was not looked at in depth in Phase I of the city’s Resilient Strategy, Long points out “connection is key” to a peaceful future. Belfast’s CRO defends the omission, saying that it isn’t about “leaving it for others to deal with” and explains that liaising with the PSNI (police service) on general Resilience is an integral part of her job. “It’s about having a plan for the whole city, and that

issue of connectivity – or on the flipside, division – has to be a part of it. Resilient Belfast means a city in which all communities are connected,” she says. Keeping an eye on how communities such as the Shankill and Falls – on opposite sides of the political divide, but parallel to one another in the west of the city – remain connected with all areas of the city is just as significant an issue for Resilient Belfast as cyber security or supply chain matters. “Building on what has been done [since the 1998 peace agreement] is important. Belfast is a very ambitious city, and 20 years on from the Good Friday Agreement it has a very clear purpose and plan of where it wants to go,” Long says. That plan is Belfast Agenda. Published in 2017 by the council, it is the city’s first-ever community plan, with an end goal of the creation of 48,000 jobs and the addition of 66,000 new residents in the city by 2035. Making sure Resilience is laced throughout its delivery falls to Long and her team, who work within the 100RC framework, identifying the underlying risks to Belfast and then drawing up plans on how best to mitigate these. Belfast Agenda is an ambitious plan for NI’s economic heartland, and with it comes varied risks: environmental, political or economic. Being ready for the “shocks and stresses” is key. “It is important to have a sense of where the big strategic risks are,” Long says as she opens her laptop to demonstrate the point. On the screen is a graph showing UK productivity from 1970 to the present, the spiked lines detailing the country’s last four recession periods. Long says that in Belfast, some areas still suffer from the impact of downturns that affected the UK from 1973-74 and 1975. “There’s a dynamic at play there,” she explains. “Our job is to understand what makes that happen, where do we struggle to recover? Once identified, that vulnerability needs to be addressed and reduced, with a plan in place for the next time it happens. Which it will.”

“It’s about having a Resilience plan for the whole city, and that issue of connectivity – or on the flipside, division – has to be a part of it”

PHOTOGRAPHY BY ELAINE HILL

29 CONTINUITY & RESILIENCE | Q1 2019

Profile Grainia Long_Q1 2019_Continuity & Resilience Magazine 29

01/03/2019 12:46

PROFILE

Long’s approach to the risks facing Belfast is less pessimism, more pragmatism. “It’s important that we don’t get knocked off course and that we achieve what we set out to do,” she says. Long knows a thing or two about getting knocked off course. She was just over two months into her role when a very real disaster hit Belfast. Sitting in her office in City Hall in late August 2018, Long heard a commotion filtering throughout the floors of the 19th century building. “Primark’s on fire!” shouted a colleague. “It became clear pretty quickly that this was a major incident,” Long says of the blaze. Having spent the last decade working in housing and child protection, Long was in at the Business Continuity and Resilience deep end as a fire swept through the department store, ravaging the historic Bank Buildings just 200 metres away from her office. There were no fatalities, but the risk of a building collapse was real. Springing into action once the imminent danger had receded, Belfast City Council’s emergency planning team secured the building and put up a cordon one-anda-half times the size of the building to allow for a potential collapse. Multinational companies including Tesco and McDonald’s were among 14 businesses affected by the cordon, with uncertainty rife as one of the city’s busiest areas went into lockdown. “There’s a phrase here – ‘Meet you at Primark’. The store is hugely popular, and sits on a major thoroughfare in the heart of the city,” says Long. “After the fire, we had to cut that into four culde-sacs in the months running up to the busiest retail period of the year.” Long became Senior Responsible Officer two-and-ahalf weeks after the fire, taking over from the emergency planning department and the fire service, and says she is now “addicted” to the building and its recovery operation. The initial focus prioritised accessibility to the area, “to get people moving around the city as speedily and swiftly as possible”, she says. “We had to make sure people could get to work and businesses

“Resilience is about adaptability... There is no clear answer on how to prepare for Brexit, but what you can do is prepare, and that is the important bit”

could operate; we had to let the public know Belfast was open for business.” Once the buses had been rerouted, campaigns aimed at re-engaging people with the area which explained the incident, aftermath and recovery operation followed. News outlet Belfast Live reported that the area turned into a ‘ghost town’ following the ﬁre, but with a physical walkway in place ahead of Christmas, Long says the city centre became “a vibrant place” again. “That was done with plenty of co-operation across the city groups,” she says, noting that “there are businesses still closed” due to the cordon, but that the majority of streets all around the building would be open by April following the implementation of a façade retention system, with concreteﬁlled steel containers holding the foundations in place. “Being a Resilient City is about changing how we think; it’s about putting strategies and systems in place so we’re better able to identify risks and so we’re prepared when they occur and emerge.”

30 CONTINUITY & RESILIENCE | Q1 2019

Profile Grainia Long_Q1 2019_Continuity & Resilience Magazine 30

01/03/2019 12:46

PROFILE

Those ‘multiple problem solvers’ are solutions to the research and data gained during Phase I of the Resilient City plan, which all 100RC cities go through. After speaking to numerous stakeholders, and through the mapping of physical and social assets, Belfast will begin to address the risks, but “that’s just the start of the hard work”, quips Long. Through the 100RC network, civil engineering company Arup has been enlisted to map out the assets and pull together data on whether those assets CAREER contribute to or inhibit a city’s Resilience. GRAINIA LONG An example Long offers is the River Lagan, upon which the city sits. In some 2018 - PRESENT areas, the river contributes to the city Commissioner for Resilience, Belfast City Council both economically and socially, while in other areas it can be deemed a risk due to 2017 - PRESENT insufficient flood defences. Chair, Thames Valley Housing Having created a long list of risks at the Association end of Phase I, the next step is what to do with that information, and developing a 2015 - 2018 CEO, Irish Society for the plan of action using the knowledge gained. Prevention of Cruelty to Children “We can do anything, but we can’t (ISPCC) do everything,” warns Long. “It is very important that we map out all of those 2011 - 2017 risks, but it isn’t my job to solve all of Commissioner, Northern Ireland Human Rights Commission them – there are a lot of people working on that already.” 2007 - 2015 However, Long does relish the thought CEO, Northern Ireland Director; of finding the ‘multiple problem solvers’ Long recalls an EU-funded learning Director of Strategy, Chartered and discovering “levers that we can push exchange trip to Medellin, Colombia in Institute of Housing (CIH) or pull to see all those problems solved at 2018 as a perfect example of the type of 2005 - 2007 once, in a cross-cutting fashion”. integration in systems and processes that Director of Policy, Equality “As CROs, it’s really important that you she would like to help bring to Belfast. Commission for Northern Ireland have an ability to look, think and work On arrival in the Andes, Belfast’s CRO laterally across systems and processes,” she was hearing report after report about the says. “Resilience is fundamentally about city’s integrated transport system. “It was reducing vulnerability and enhancing the ability of the city rolling off everyone’s tongue, and I was thinking ‘Gosh, what to prepare for shocks and stresses. That requires lateral is this?’.” Once in the city, Long saw the benefits for herself. thinking, to understand how one set of strategies and A transport system of metro trains serving the city policies could impact on the other. It requires an ability to and cable cars leading into the hills, Medellin’s transport use data and understand it really effectively.” system ensures that people living in deprived communities And with Brexit throwing up a unique set of challenges can access the city easily, affordably and quickly, acting for Belfast, including issues surrounding a hard border with as a positive driver for social and economic change. Long the Republic of Ireland and the prospect of being a capital was impressed. city in a region of an ‘EU third country’ UK, Long says such “Our job as CROs is to find what I call ‘multiple problem lateral thinking surrounding the continuation of alreadysolvers’, and this was it in perfect action,” she enthuses. forged links is vital in achieving resilience. “This system was built and improved upon so that people “Resilience is about adaptability, so whatever Brexit gives from every community could access the benefits of the city, us, in terms of how the border will function, then we have such as employment. Their transport system is enabling to be able to adapt to that,” Long says. “There is no clear their economic priorities, and vice versa. That is what a answer to how a city prepares for Brexit, but what you can resilient system is, and that is what Phase II is about – do is prepare, and it’s the preparing that is important.” putting that together.”

31 CONTINUITY & RESILIENCE | Q1 2019

Profile Grainia Long_Q1 2019_Continuity & Resilience Magazine 31

01/03/2019 12:46

RESEARCH

BY COLIN COTTELL

Following wide consultation within the industry and academia, the BCI is taking steps to provide greater insight on best practice Business Continuity and Resilience

RESEARCH IN FOCUS 32 CONTINUITY & RESILIENCE | Q1 2019

Feature 2 - BCI Research_Q1 2019_Continuity & Resilience Magazine 32

04/03/2019 10:53

RESEARCH

IMAGE:ALAMY

ith documents such as The Horizon Scan Report, The Emergency Communications Report and The Supply Chain Report, the BCI has built up a solid reputation as the leading research organization in the Business Continuity and Resilience (BC/R) industry. However, when Rachael Elliott joined the BCI in September last year as its new Head of Thought Leadership, she says she realised “there was far more scope for these reports to offer more”. “We have some of the most powerful statistics in the industry, but we currently only provide a statistical analysis of statistical results.” Elliott draws on an analogy with a statistic from a famous advertising campaign. “The phrase ‘eight out of 10 cats prefer Whiskas’ doesn’t really say much about the data, and it is quite static and not particularly interesting,” she says. “We can move reports on from saying what a statistic says (as we do now) to not only placing that statistic in context, but also perhaps by drawing on historical surveys saying what that statistic means to practitioners in the industry, and how they can use it to enhance their own working practices.” According to Elliott, changes are already afoot, with the Brexit Preparedness Report based on a survey

“Central to our strategy is to grow the size of our community and content is the bait” David Thorp, Executive Director, The BCI

carried out in December delivering “the first glimpse” of the changing face of BCI research. Elliott explains this was in response to BCI Executive Director David Thorp’s suggestion that “it would be really interesting to see how prepared businesses were”. Among the insights the report revealed were how the NHS and SMEs were behind the curve in their preparations. According to Elliott, The Supply Chain Report due in March, which goes back 10 years to provide some historical analysis, will provide the first evidence of the ‘Gold Standard’ she is aiming for and that BCI members can expect. Thorp says the value of good research and thought leadership cannot be over-emphasised. “Research and thought leadership is crucial to enable members to keep abreast of developments, not just things they are interested in, but some of the wider background information as well. When you have research that gives pretty much a helicopter view of what is going on across the piece that is clearly of inestimable value. You are not working in a vacuum; you are picking up on trends that others are facing and that you yourself may be facing in the not too distant future.” In addition, he says good research is fundamental to the BCI’s engagement with its members, as well as to its growth strategy. “Central to our strategy is to grow the overall size of our community, and content is the bait that will draw people in, which we hope will lead to a sustained relationship with the BCI.” Thorp says the aim is to move the focus from research “to developing insights into the issues people face”. He explains: “There was a tendency to produce a graph or statistical data with a commentary on it that wasn’t necessarily in-depth. What we are looking to do now is to bring the information out with an expert eye, to identify the trends and explain the trends and produce some actionable suggestions. That’s really the difference between research and insight. Research is factual, insight is action-orientated.” Combined with this more insightful and actionoriented focus, future BCI research and thought leadership will have an increasingly international flavour, says Elliott. This reflects how the membership is becoming increasingly global, with UK members now making up less than 50% of the total, and fast-growing chapters, especially in the US and Asia. Thorp says this international perspective is vital, with the Next Practice Groups playing an important role in developing insights that will help practitioners “develop tomorrow’s practices today”. Thorp says the transfer of learning from one territory to another and cross-fertilisation of ideas is one of the most important benefits of BCI research having a more international focus.

33 CONTINUITY & RESILIENCE | Q1 2019

Feature 2 - BCI Research_Q1 2019_Continuity & Resilience Magazine 33

04/03/2019 10:53

RESEARCH

proper academic journal, with academic standards, that aims to fill a gap in the market that has been there for quite a while. “There is a huge amount going on particularly in the Resilience arena in academia, so how can we get some of that into the practitioner world, and how can academics link to the practitioners?” While adhering to the highest academic standards, such as referencing, the aim of the journal is “to add a little bit of reality”, says Massie. “Sometimes academics will do interesting research but it has no resemblance to the real world, so how can we bridge some of that gap?” Massie says that as editor she “will be doing a bit more of saying to authors, ‘So what does this mean in practice and so what?’”. According to Massie, there is scope for the journal to cover “a huge variety of subjects”. Dr Ruth Massie, Editor of Continuity & Resilience Review These range from BC and organizational resilience, risk management, information and physical security, facilities management as it relates to BC and emergency The future face of BCI research will A NEW APPROACH management. Each journal will contain also include closer links between the Other aspects of the changing face 6-8 papers, with papers from academics Institute and academia, says Elliott. This of research and thought leadership expected to be 6,000 to 10,000 words, will feature the launch of an academic at the BCI and those by practitioners 3,000-6,000. journal called Continuity & Resilience Two issues are expected this year. Review later this year. More member-led research. With initiatives like this and the other BCI Non-Executive Director Dr Paul “I spend a lot of time phoning people up and listening to what they changes mentioned in this article either Baines, Professor of Political Marketing want to see in research,” says Elliott. already underway or in the pipeline, at the University of Leicester, and a This will include more interaction Elliott says she is clear that “that over noted expert in research, has played a with local forum groups. the next two years our members will see key role in setting up the new journal. a positive change in our research. While And more widely, he is set to play a Reports looking at different most were happy with what we were pivotal part as the BCI looks to develop sectors in more detail. According already producing, they will begin to and deepen its relationship with the to Elliott, there is particular interest see reports that are both more relevant academic world. Baines is clear that from members for more on crisis to them and with more actionable and up-to-date and market-leading research management, as well as “more usable insight”. must be at the heart of the BCI’s offer to detailed insights from the financial service sector”. its members. “What people are buying from a professional body like the BCI is GLOBAL GROWTH Corporate partnerships. An the latest knowledge in the field, what expected outcome from one such WITHIN THE BCI things are changing and what is going on partnership is a series of reports on HAS SEEN THE in BC/R,” he says. hurricanes, earthquakes and other Baines says he wants to help the BCI ORGANIZATION natural disasters. become a broker between academia and INCREASE ITS businesses that want particular research Tracking social media trends. NETWORK ACROSS carried out. “This would be paid for THE WORLD, WITH by business, but carried out using the Benchmarking including an MORE THAN airports hub tracker to gauge the rigorous methods of a university or any resilience of airports. other credible research organization,” he explains. Baines says that while this is The BCI will do more direct still in the design stage, “a very good way” consultancy and commissioned work. would be for the BCI to set up a crowd funding platform, which would provide Harnessing the ideas and research organizations with funding for information from students who OF CURRENT specific research projects. are studying Business Continuity MEMBERS FROM Dr Ruth Massie, Editor of Continuity & at university, and including their Resilience Review, says the journal “is a OUTSIDE THE UK content in some of the BCI’s reports.

“It is a proper academic journal, that aims to fill a gap in the market that has been there for quite a while”

50%

34 CONTINUITY & RESILIENCE | Q1 2019

Feature 2 - BCI Research_Q1 2019_Continuity & Resilience Magazine 34

04/03/2019 10:54

1 7 t h M ay 2 0

–1

ss Week

What does “Investing in Resilience” mean to you? @TheBCEye using #InvestingInResilience

inuity Awar e

#BCAW2019

From investing in people and training, to looking ahead and considering how we can invest in the future of resilience, join us during Business Continuity Awareness Week (BCAW) 2019 as we seek to empower our community through raising awareness of the profession.

This year we’re inviting the resilience community to explore different interpretations of “investing” to generate discussions around how we can best support business continuity professionals and resilience functions.

Business C o

Investing in Resilience

13th - 17th May www.thebci.org/bcaw2019 #BCAW2019

www.thebci.org BCI.Q12019.035.indd 35

28/02/2019 13:09

NEWS FROM THE BCI

BCINEWS B C I AT 2 5

C A M PA I G N S

Contribute to the BCI’s 25th Anniversary!

Theme for BCAW 2019 revealed

2019 marks our 25th Anniversary, and as part of this initiative the BCI will share some exciting content throughout the year as we take a glance at the history of the Institute and how far we have come. We would like your participation. Contribute to our 25th Anniversary Here is what we are looking for: We would like our Chapters/ Forums to contribute blogs on some of their signiﬁcant achievements from the day the BCI was founded up until the present. (600 words max.) We would like our active members to send us any relevant images/content from 1994 to 2019 as we start building our history timeline. More

information can be found at https://tinyurl.com/yxphpdb6. We would like our longstanding members to provide us with case studies from where they started off with the BCI and where they are today. (600 words max.) Please also check out our 25th anniversary web page and submit your memories for us to include: https://www.thebci.org/BCI25/ Email Jeyda Karamehmet, BCI Content Manager at jeyda.karamehmet@thebci.org to ﬁnd out more on how to contribute.

EVENTS

April/May 17th Annual Continuity Insights Management Conference 15 April New Orleans, US International Crisis Management Conference 30 April Newport, US BCAW 2019 13-17 May Continuity and Resilience Today 29 May Toronto, Canada

AWA R D W I N N E R S

IMAGE:ISTOCK

The BCI wins ‘Best Association Video’ at UK Association Awards The BCI is delighted to have won ‘Best Association Video’ at the UK Association Awards in London on 18 December 2018 for the ‘What is Business Continuity?’ video (https:// tinyurl.com/y3x5vk6w). Originally launched during BCAW 2018, the video was developed as a result of

a gap in BCI content for easy-to-digest introductory material. This video was created to fulﬁl that need. It was then championed by many members of the Business Continuity and Resilience (BC/R) community as a go-to introduction to BC/R and adopted by

academic institutions and organizations. The judges commented: “The video does exactly what the team said it did. Compelling information that helps you understand the importance of good continuity planning. Covers the brief of introducing BC to a wideranging audience. Excellent production values and would engage a younger audience in terms of membership attraction.”

Business Continuity Awareness Week (BCAW) 2019 from 13-17 May will focus on the theme ‘Investing in Resilience’, which will be the same theme for BCI World 2019. This year’s theme will explore different interpretations of ‘investing’ to generate discussions around how we can best support Business Continuity professionals and Resilience functions. From investing in people and training, to looking ahead and considering how we can invest in the future of Resilience, this year’s BCAW activities seek to empower our community through raising awareness of the profession. We are currently calling for papers for our webinar programme. Our regular BCAW webinar programme features speakers discussing topics such as: The challenges faced by professionals and when trying to get investment in Resilience How you can support your BC Manager in getting investment in Resilience They many forms investment in Resilience can take (e.g. Training, Finance, Resource, etc) Why it is important to invest in Resilience What other types of investment might we have to consider in future? To ﬁnd out more about the activities to get involved in and to start raising awareness of BCAW with our downloadable posters and screensavers, visit: thebci.org/bcaw2019.

36 CONTINUITY & RESILIENCE | Q1 2019

Feature 2 - BCI Research_Q1 2019_Continuity & Resilience Magazine 36

04/03/2019 10:54

Q&A

NEXT GENERATION PRACTITIONER

N E X T G E N E R AT I O N

Rohit Chaurasia NATIONALITY: Indian TIME IN THE PROFESSION: Two-and-a-half years FIRST JOB IN BUSINESS CONTINUITY/ RESILIENCE: I volunteered with BCI India’s Next Practice Think Tank CURRENT EMPLOYER: Willis Towers Watson CURRENT ROLE: Cyber Security Improvements Ofﬁcer FAVOURITE ASPECT OF THE WORK: Cyber security as a domain is extremely dynamic to say the least. Although it’s a bit of a cliché, facing a new set of challenges is something to look forward to. There’s never a dull day in the cyber security world!

What attracted you to the industry and how did you get into it? The most alluring aspect about the industry is its interdisciplinary nature, which allows people from varied backgrounds to both contribute and learn. Although I’ve primarily been associated on the information security (IS) side, the Business Continuity and Resilience (BC/R) world intrigued me. I got involved due to my work as a volunteer with the BCI India Next Practice Think Tank. What is your biggest learning to date? I have two. One is ‘Your pursuit for perfection will limit your horizon’. While everyone wants to deliver the perfect solution, single-minded focus on achievement of ﬂawlessness will take from you the ability to be open for creative solutions and fresh perspectives. The other is that ‘Everyone learns on the job’. While a great education will most deﬁnitely give you the tools to excel at your profession of choice, being on the frontline teaches you to harness those tools to their full potential. That is something only the classroom of the world can gear you up for. What is your career ambition? My foray into IS comes as part of my goal to be an Enterprise Systems

Architect. An initial role I took up involved client assurance associated to the information security side of the organization, from where I’ve had the opportunity to move in a new direction that is more aligned to my goal. The new role involves supporting and delivering on key cyber security projects to strengthen the organization.

What is the best career advice you have received? Always keep reading; there is always room to absorb more, learn more and grow more. What is your preferred mode of learning? While online training can provide a great degree of ﬂexibility and enable a lot more people to learn, personally I prefer to roll up my sleeves and do things practically. What changes would you like to see in the profession? It’s not aimed at the profession directly, but generating more awareness about careers in the Resilience domain at the undergraduate and graduate level to attract fresh talent is something to be considered. In your opinion, why should more people join the BC community? With the advent of the Internet of Things and

the concept of ‘smart cities’ coming up, these are interesting times for the BC/R industry. Being at the forefront will provide an unprecedented learning opportunity. From my perspective, the opportunity of learning what this change brings is invaluable. I think this is a USP not only to a professional starting out in the industry, but also to a seasoned one.

Who would be your mentor? Mentorship has a different meaning to everyone; to some it may be handholding, but to others it may just mean a nudge in the right direction. I’m blessed by having multiple mentors. My father Anil Chaurasia shall always be my ﬁrst mentor and role model for being the personiﬁcation of grit and determination, and instilling in me the discipline and right attitude. The BCI India Next Practice Think Tank provided me with the unique opportunity to work with thought leaders such as Arunabh Mitra, Vikrant Varshney and R. Vaidyanathan. They put their belief in me when I signed up to be a volunteer. Parth D. Maniar has also been a great friend and mentor, motivating me to do better and to never stop learning. He is an inspiration to me with his thirst for knowledge, and an ability to face challenges with a calm and strategic mindset.

37 CONTINUITY & RESILIENCE | Q1 2019

Next Gen_Q1 2019_Continuity & Resilience Magazine 37

01/03/2019 12:47

W H A T A G R E AT I D E A

“Will this information be useful to increase the level of Resilience of the organization?”

MY U LIGHTBULB MOMENT O

Marie-Hélène Primeau MBCI President, Premier Continuum Consulting Services, BCI Canada Chapter President

When W hen I started working in Business Continuity Management in the ﬁnancial sector 15 years ago, I was impressed by how much information the business was gathering from stakeholders such as resource requirements, detailed strategies, etc. It seemed attractive, enabling thorough analysis. At ﬁrst, I let them tailor the forms in our software to o o satisfy their needs, but I had a hunch they were gathering too much information. My hunch was right: instead of focusing on obtaining impactful, quality information to generate meaningful solutions, the BC team was spending too much time chasing individuals for low-impact information or t’ trying to sort all the data available. So my ‘lightbulb moment’ was a new strategy: what we should do is always ask, “Will this information be useful to increase our Resilience?” and “How is it linked to our strategic objectives”, using a topdown approach. Also, if we want to engage all stakeholders, we should also seek to automate the gathering of some information by pulling it from existing external sources such as contact lists and sharing data between BIA and BCP, avoiding asking people for the same information twice. 38 CONTINUITY & RESILIENCE | Q1 Q 2019

Lightbulb_Q1 2019_Continuity & Resilience Magazine 38

IMAGES: ISTOCK, SHUTTERSTOCK

Less is more

04/03/2019 12:03

Keeping your people safe, informed and connected ... Why choose Alert Cascade? åŸĜĬĜåĹƋ× Ƶå Ņýåų ± ĵĜĹĜĵƚĵ ĿĿţĿĿĿŢ Xe ±ÏųŅŸŸ ±ĬĬ ŸåųƴĜÏåŸ

åÏƚųå× Ƶåűųå ųåčĜŸƋåųåÚ ƵĜƋĘ ƋĘå F k ±ĹÚ küÏŅĵØ ŞĬƚŸ F k ±ÏÏųåÚĜƋåÚ

:ĬŅÆ±Ĭ× ÏĘŅŅŸå üųŅĵ UØ ) Ņų Ú±Ƌ± ĘŅŸƋĜĹč

Ƌų±ĜčĘƋüŅųƵ±ųÚ× Ņƚų Ú±ŸĘÆŅ±ųÚ ĜŸ ĜÏŅĹ ±ĹÚ }¼e ĬåÚØ ĹŅ Ƌų±ĜĹĜĹč ĹååÚåÚ

eýŅųÚ±ÆĬå× kƚų ŞųĜÏĜĹč ĜŸ āåƻĜÆĬåØ ÏĘŅŅŸå ± ŞĬ±Ĺ ƋĘ±Ƌ ĀƋŸ ƼŅƚų ĹååÚŸ

8ĬåƻĜÆĬå× Ņƚų ŸŅĬƚƋĜŅĹŸ ƵŅųĩ ±ųŅƚĹÚ ƼŅƚØ ĹŅƋ ƋĘå ŅƋĘåų Ƶ±Ƽ ±ųŅƚĹÚú

2EWW 3SXMǻGEXMSR aƚĬƋĜ ÏĘ±ĹĹåĬ ÏŅĵĵƚĹĜÏ±ƋĜŅĹ ƵĜƋĘ ĜĹƋåčų±ƋåÚ ÏŅĹüåųåĹÏå ÆųĜÚčå ±ĹÚ ĵåÚĜ± ĬĜÆų±ųƼ

4R (EPP

ĘĜüƋØ ŸÏĘåÚƚĬå ±ĹÚ Ï±ĬåĹÚ±ų Æ±ŸåÚ ĹŅƋĜĀÏ±ƋĜŅĹŸ ě ųå±ÏĘ ƋĘå ųĜčĘƋ ŞåŅŞĬåØ ±Ƌ ƋĘå ųĜčĘƋ ƋĜĵå

MXYEXMSR 8VEGOIV XŅčØ Ƌų±ÏĩØ ƋųåĹÚØ ĵ±Ĺ±čå ±ĹÚ ųåŞŅųƋ ŅĹ ĜĹÏĜÚåĹƋŸ ±ĹÚ ÏųĜƋĜÏ±Ĭ ŸĜƋƚ±ƋĜŅĹŸ

&YHMS 3SXMGIFSEVH

FĹÆŅƚĹÚ ĘŅƋĬĜĹå ƵĜƋĘ ÚåÚĜÏ±ƋåÚ ĬĜĹå Ï±Ş±ÏĜƋƼØ čƚ±ų±ĹƋååĜĹč ĹŅ åĹč±čåÚ ƋŅĹåŸ üŅų Ï±ĬĬåųŸ

MRJS%EPIVXGEWGEHI GS YO

BCI.Q12019.039.indd 39

26/02/2019 09:14

RISK ERADICATOR

YOU are ready for anything. You’re poisedˏ

WE are Sungard Availability Services.ˏWe

to anticipate risk, mitigate the impact and capitali/e on the outcomes. You’re revamping production and recovery processes to keep IT systems in sync and cyberthreats at bay. But the risk and complexity of IT transition can run companies ragged.

help transform IT and deliver resilient, recoverable production environments— protecting risk eradicators from the perils of IT disruption every day. Lead with resilience at www.sungardas.coȐ1'.

Transforming IT for resilient businessTM

BCI.Q12019.040.indd 40

26/02/2019 09:17