1

Issue No. 3 August 2016

YOU’RE INVITED! GALA DINNER EVENT - SYDNEY, 8 SEPTEMBER 2016

The 2016 Annual BCI Australasian Awards recognise the outstanding contribution of business continuity

professionals, and organisations living in or operating in Australia, New Guinea, New Zealand, New Caledonia, Lombok, Sulawesi Eastward, Borneo and Bali.

All winners from the Australasian Awards will be automatically entered into the 2016 Global Awards that take place in November in London.

This year the awards evening will be a formal dinner event held at the Museum of Contemporary Art (MCA) in Sydney. The luxurious Harbour Room and terrace venue is located on the MCA rooftop and provides an uninterrupted view across Sydney Harbour, the Opera House and the city skyline. With its breath-taking views this stylish venue is one of the most desirable event locations in Sydney. The event will include pre-dinner drinks on the terrace, entertainment and dance floor.

The 2016 Award categories are: Continuity and Resilience Consultant 2016, Continuity and Resilience Professional (Private Sector) 2016, Continuity and Resilience Professional (Private Sector) 2016, Most Effective Recovery 2016, Continuity and Resilience Newcomer 2016, Continuity and Resilience Team 2016, Continuity and Resilience Provider (Service/Product) 2016, Continuity and Resilience Innovation 2016, Continuity and Resilience Personality 2016. Unfortunately entries have closed for nominations but you’re welcome to come along and see who takes out the top prizes!

When: Thursday 8 September 2016, commencing 7.00pm

Where: Museum of Contemporary Art (MCA), 140 George Street, The Rocks

Event registration: [Click Here] or go to events.thebci.org.au

Dress: Lounge Suit

Cost: BCI Statutory Members are free (thanks to our sponsors)

Affiliates and Corporate Affiliates: $75.00 per person

Guests of Statutory or Affiliate Members: $75.00 per person (limit of 1 guest per member)

Sponsor guests > their allocated 10 or members guests: $100.00 per person

2

The BCI Australasia wish to thank its members

and sponsors who contributed to this edition of

Continuity & Resilience Australasia

If you would like to contribute, have feedback or

have ideas for our future editions please contact

us via email info@thebci.org.au

4

03 Letter from the President

04 EQ - The Key Ingredient for a Successful BC Practitioner & Organisational Resilience Development

06 Harnessing Risk for Business Continuity

07 The Road a Little Less Travelled

09 Business Cyber-attack Plan

11 Wellington Expo Update

12 Business Continuity & the Changing Face of Terror

14 Forget about Cyber-security, What about Human Bio-security

16 BCI Education Month

17 Upcoming Training Schedule

18 Forum Focus - BCI Queensland

19 Standards

20 Gartner Security & Risk Management Summit 2016

6

In this edition

August 2016

7 9

14 12

About this Publication Continuity & Resilience Australasia Magazine

is a publication of the Australasian BCI

Chapter. The magazine is published three

times per year and is an excellent source for

all things Business Continuity and Resilience

related. Articles include thought leadership

pieces, case study presentations, discussion

papers, top tips, upcoming events and

professional advice on a wide range of

business continuity topics designed to keep

you in the loop as well and get you thinking.

Continuity & Resilience Australasia

Business Continuity Institute Australasia

L33, 264 George Street

Sydney NSW 2001

Corporate Service Manager & Editor: Lisa Riordan

The views expressed in this magazine are not

necessarily those of the Business Continuity

Institute Australasia. All efforts have been taken to

ensure the accuracy of information published. The

publisher accepts no responsibility for any

inaccuracies or error and omission in the

information provided in this publication. All

original content in this magazine is protected by

copyright and cannot be used, reprinted,

distributed, or republished for any commercial use

without prior written consent. Continuity and

Resilience Australasia Magazine is only responsible

for the copyright of original material published in

this newsletter. In the case of materials submitted

by members it is assumed that the original source

has secured copyright and/or obtained permission

to publish the materials.

Coloured “Continuity Band” Logo created by Joel

Foffani for enquires please email

joelfoffani@gmail.com

3

Letter from the President

Well, doesn’t time fly! It’s interesting that we spend so much time developing

strategies and plans for loss of buildings, loss of people, loss of technology etc.,

but not for the biggest risk of all – loss of time! If only, eh? Then we’d be popular

if we could solve that one!

Amazingly, we are already 2/3rds of the way through this year, with many

organisations already planning their programs and activities for 2017. But there’s still a lot of life left in

2016, and lots of important events and activities to come.

As can be seen from the front page of this edition, its BCI Awards season – with September 8th the most

important date in the annual calendar for BC and Resilience professionals and associated organisations

across Australasia! The Awards provide the vehicle and an opportunity for anyone associated with

Business Continuity or Resilience, either as a practitioner, a consultant or an organisation that provides

products or services to the industry, to be recognised and honoured as best in class. And with automatic

entry of winners into the BCI Global Awards, there’s an excellent opportunity for global recognition and

exposure. Just ask the ATO BCM team or Linus Revive, both who were inducted into the BCI Global

Awards Hall of Fame in 2015 – Australasia really does hold its own on the global stage. I do hope you got

your entries in – if you didn’t, then start preparing for 2017! And that still doesn’t stop you from

attending the Gala Dinner and Awards presentations at the MCA – it will be a fabulous night and your

support of the industry and the finalists on the night will be very much appreciated.

This is the 3rd Edition of C&RA, and I feel confident you will see how this eMag is maturing and

developing. Since the first edition less than a year ago as a replacement for the old Continuity Forum

“Continuity News” magazine, the content of C&RA has almost doubled, and the quality of articles being

submitted by members and other stakeholders is proving to be of a very high calibre. This edition sees an

article on Cyber-attacks and the importance of understanding its potential impacts – a very topical piece

- as well as an article by David Thompson AMBCI reminding us that BCM is about more than one thing at

a time, so forget about just Cyber! What an interesting discipline this is!

Eugene Taylor FBCI also provides an article reiterating a lot of what was discussed at the Summit earlier

in the year – that other “soft” skills are just as important as the hard technical skills we use daily to

perform our specialist roles. Like BC and Resilience itself, it is important that the continuity and resilience

practitioner has holistic and well-rounded capabilities. Speaking of which, September is Education

Month, so watch out for some special offers from our Training Partners!

As a final note, I would just like to remind all BCI Members, regardless of your membership level, that

there are lots and lots of activities, events and opportunities available to you, not just locally in the

Australasian region, but globally. From attending Forum meetings and participating in both the learning

proposition and the networking arranged in each local area, the Awards and the Summit on a regional

basis, to writing articles for either C&RA or the global Continuity magazine and accessing some great

resources available in the Member Only area of the BCI website, there really is a myriad of benefits for

you to leverage. Don’t be shy, get involved and get the most from your membership of the global peak

body for BC and Resilience professionals!

Howard Kenny FBCI MAICD

President & Chair BCI Australasia

4

We spend a considerable amount of time and resources on "technical training" in our professional lives. In terms of

Business Continuity there is the Business Continuity Institute's CBCI course focussing on accepted good practice,

there are also other training options including ISO22301 Management System Lead Implementer, ISO22301

Management System Lead Auditor, Business Impact Analysis, Crisis Management, Contingency planning, Project

Management and a host of others which Business Continuity professionals are encouraged to undertake to build

their overall competencies.

The objective of “technical training” is to understand training short-falls and the development opportunities,

aligning objectives and requirements to meet conformity to require skills and competency evaluations. Regretfully,

very few evaluations require a measurement of Emotional Intelligence (EQ) - often consciously ignoring the

importance - more from a lack of understanding than anything else.

So what is Emotional Intelligence (EQ)?

There are generally 7 domains of intelligence - summarised below;

Linguistic (Language - speaking, writing, etc.)

Logical or Mathematical (Einstein had lots of that)

Spatial (See things and move them in your head)

Musical (Repetition and discipline)

Bodily or Kinaesthetic (Natural hand-eye co-ordination)

Intrapersonal (Communication with one's self)

Interpersonal (Communication with other people)

The last two (combined) make up Emotional Intelligence (EQ), which is a "learned ability to identify, experience and

express human emotions in healthy and productive ways".

THE KEY FOR A SUCCESSFUL BUSINESS

CONTINUITY PRACTITIONER &

ORGANISATIONAL RESILIENCE DEVELOPMENT E

Q Life in the Business Continuity and Resilience profession clearly does not plateau. In fact

the demanding need for rounded professionals is now far more intense. This article will

look at Emotional Intelligence (EQ) and how you can use it in conjunction with training to

improve skills & develop new ones to make you a better business continuity professional.

Eugene Taylor FBCI

5

So how can we use EQ in Business Continuity?

EQ is not meant to be measured against "old standards" such as general intelligence and experience, and has little

to do with what is taught in schools and universities. Instead, EQ takes into account personal qualities like:

interpersonal awareness, empathy, drive strength, motivation, adaptability, persistence and the willingness to do

whatever needs to be done to finish the job.

EQ is the single most important variable influencing personal achievement, career success, leadership and life

satisfaction. It consists of specific skills, behaviours and attitudes that can be learned, applied and modelled by

individuals to improve self worth, achievement and career effectiveness. There are many EQ evidence-based

assessment tools which provide comprehensive EQ-scoring, data-tracking, complex interpretations and

subsequent identification of training needs additionally promoting practical solutions to develop these skills.

Some are complex to use and others very easy (the hard work being done for you), but please complete thorough

research when looking to go down this route. Good emotions can be learned and EQ development is essential for

developing resilience.

Business Continuity professionals passionately explore and utilise

data for adopting and maturing Business Continuity capabilities

within organisations. Typically, it takes the form of "x% of

companies who did not have a Business Continuity Management

System closed following a major impact" - and so on.

There is, however a dimension of Big Data which should

encourage executives who love efficiency savings, focus on the

"bottom line" and promote an ideal (and resilient) work force. Big

Data is forcing proactive executives to sit up and take note.

Here is a glimpse of some reported (and reliable) insights:

Over 30% of hiring managers place increased emphasis on EQ in their hiring/promotion decisions

71% of managers say EQ is more important than IQ

34% higher profit growth in firms with high-EQ managers

63% less turnover of people because of staff selected on high-EQ

50% reduction in lost time accidents as a result of EQ development and training

Significant increase beyond goals in plant productivity as a result of EQ training

If the above data is to be believed, then recognition of an individual's EQ and subsequent development might be

considered more vital than "technical training".

Well it is certainly food for thought isn’t it? Have you ever completed an EQ assessment on yourself or has one been completed on your organisation? Is EQ training something you have seen in business continuity/organisational resilience programs before? Should organisational resilience programs include EQ training?

Certainly a worthwhile consideration don’t you think?

About the Author Eugene Taylor FBCI is an accomplished professional amongst global leaders driving the focus on organisational resilience. His articles

convert complicated and voluminous references into layman's terms. Eugene's articles are aimed to clear the myths, encourage debate

and suggest possible approaches which businesses, discipline specialists and compliance professionals might adopt.

EQ significantly plays an important part in "protecting" people and the bottom

line and tangibly enhances the resilience capabilities of an organisation

6

First, define what risk is. Cyber risk encompasses a wider range of events that lead to potential of loss or harm related to technical infrastructure of the use of technology within an organisation. However, cyber risk events could be the result of deliberately malicious attacks, such as an attack by hackers, or unintentional, such as user error that makes a system unavailable.

Second, take a comprehensive inventory of these cyber risks and quantify their potential impact. This means asking the right questions, such as what losses would be catastrophic, and what information absolutely cannot fall into the wrong hands or be made public.

Finally, prioritize the risk according to impact. Mission and business-critical systems should be ranked ahead of facets like core infrastructure to ensure a return to normal business, rather than spending critical time on issues that could be addressed later.

As a starting point, Deloitte Advisory Risk Services, together with security organisation RSA, have jointly developed a framework based on these principles which gives organisations a way to not only factor cyber risk into their overall risk appetite, but to also define the level of cyber risk they are willing to accept in the context of their overall business strategy.

By taking a risk-based approach to threats to business continuity, organisations will have the ability to quantify cyber risks, make informed decisions about their overall cyber risk appetite, and put them in a position to succeed.

As organisations become increasingly more

innovative, the drive for performance places business continuity at risk, encountering issues they've never seen before, or necessarily know how to handle. Such is the price of being a pioneer, but rather than staying rooted to the safety of the past, businesses can still innovate and be more competitive if they understand how to manage risk.

To do this, organisations need a systematic process for defining and comprehensively categorizing sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite.

Do you need to tackle risk in a more formalised way?

An easy way to determine is to ask yourself a few questions:

To what extent do you believe your organisation has a clear understanding of its exposure to cyber risk?

Does the organisation view cyber risk beyond the headline grabbing data breaches and security threats?

At what point does your organisation escalate cyber events (breaches, disruptions, etc.) to the most significant level?

These kinds of questions can help you assess your organisation's risk maturity and put in place a proper process.

Harnessing Risk for Business Continuity

Michael Lee, RSA APJ Security Evangelist

7

In late 2013, a team at NAB were looking for a

volunteer opportunity where they could make a

difference, when they happened upon Sacred Heart

Mission. Every day of the year, Sacred Heart Mission

assists hundreds of people who are homeless or living

in poverty to find shelter, food, care and support

effectively assisting the most disadvantaged members

of our community to rebuild their lives. Since opening

their doors in 1982, The Mission, a Victorian based

community service organisation, focused on addressing

the issues of homelessness, social isolation and

disadvantage. The NAB team found that this cause

ticked all the boxes for their employees and started a

partnership with them.

Around the same time, The Mission needed to meet the new government funding eligibility criteria that was coming into force in 2014 requiring an organisation-wide Business Continuity Plan. This was a unique chance for Business Continuity experts to use their skills for something a little different to the office environment, by provide support and guidance and develop a process to work through the six stages of the BCM lifecycle.

The work went on throughout 2014 under a Divisional BCM Manger covering analysis, design, implementation and their first validation in May 2014. Throughout 2015 and 2016 BCM became more embedded into the organisation, with annual review activities to reassess the threats and impact on The Mission in the event of a significant disruption (technology failure, natural disaster or pandemic event) complimented with an exercise program developed by NAB and continued education on the discipline.

To ensure NAB’s involvement with The Mission could be sustained NAB provided the opportunity for any employee to volunteer over the journey.

With an organisation like The Mission you know they are committed to making a sustainable difference in people’s lives, and in a small way NAB could be part of that journey. With NAB’s help, The Mission now has a toolkit including Risk Assessment, BIA template, BCP template, Exercise scenarios and reports, to help them apply BCM to ensure they can come through a significant disruption and continue to be around into the future.

“Some of my team developed strong leadership capabilities,

while others enjoyed the chance to innovate and apply their skills in a different environment.” - Martin

Biggins (NAB)

“It was quite clear everyone who volunteered had an

instilled set of values to act and strong beliefs about the importance of helping others and giving back to society.” –

Dale Cochrane (NAB)

8

Volunteers involved across the journey benefited from taking on different roles from facilitators, exercise observer and report writing, with some having skills in BCM while others were getting involved for the first time in educating and supporting The Mission on the discipline.

Over the last 4 years The Mission has estimated if it engaged an external consultant to perform this support, they would have conservatively been charged circa $80,000 to establish their BCM Program and an additional $11,000 year on year, a significant cost for a not-for-profit organisation.

Whilst all this work is great, the true test is to see if it could perform in a disruption. Unfortunately, in 2015 one of The Missions plans was activated in anger due to electricity running through the water supply of one of their shared client accommodation buildings. Due to the embedding of the BCM program, and the annual validation exercises clients were all accounted for, documented alternate accommodation was successfully activated and at the resolution of the incident all clients could be rehoused with negligible impact on The Mission.

This level of skilled/unskilled volunteering adds to their organisation and NAB. At the end of 2015, NAB employees completed over 700 volunteering days at The Mission or $281,382 in salaries across multiple activities including BCM.

In addition to the personal development, shared values of the volunteers and financial savings, The Mission’s relationship and ongoing partnership with NAB BCM is really the first of its kind and the only one we know of that’s working so well.

Key learning’s

Commitment at an executive level is a must - an organisation and governance essential prerequisite for developing a successful programme;

A single point of contact on both sides of the project is necessary - appointing of one or more persons to be responsible for business continuity with the appropriate authority for the implementation and maintenance of the programme;

Tap into the volunteer base both skilled and unskilled - adequate staffing must be made available for successful operation;

Ensure the overall process is sustainable - the BCM Programme is an ongoing process and needs to be actively managed with the long-term goal of the BCM programme to improve organisational resilience.

This joint piece of work now gives The Mission a BCM framework for building a resilience to safeguard the interests of stakeholders, reputation, brand and value creating activities, for their critical processes and services. “NAB volunteers have saved us

over $80,000. That's a lot of meals for people seeking our support!” –

Catherine Harris (The Mission)

DALE COCHRANE AMBCI Dale Cochrane is a Business Continuity professional who has worked in financial services for 22 years and additionally the not-for-profit sector for the last 4 years. Dale holds an AMBCI, in 2014 and 2015 he was a finalist in the BCI Australasia Awards, in 2015 completed his DBCI and in 2016 holds the positions of a BCI Victoria/Tasmania forum committee member.

Would you like to contribute an article to Continuity

& Resilience Australasia? If you do, please send an

email to info@thebci.org.au

9

The communication methods used as part of a

BCP, and information that makes up the BCP

may not be available - from anywhere. For

example, a DDOS attack may impact phones,

email and messaging across all sites.

The testing regime may also differ. A site based

failover test is not necessarily a valid test for a

cyber-attack, given that a production site and a DR

site may be simultaneously affected. It is far more

likely that a table-top walkthrough will be used,

given the impracticality of simulating a cyber-attack.

Testing scenarios may also need to be more specific.

For example, a ransomware scenario will have far

different impact to a DDOS attack. So it may be

necessary to perform different walkthroughs

depending on the cyber risks an organisation is most

susceptible to.

Continued over the page

Business

Cyber-attack

Plan

Business continuity is dealing with outage and attack

scenarios that are far less visible than the past.

Off-site cloud based systems, DDOS attacks, and

ransomware are all changing the way business

continuity is viewed and the role it plays. The

traditional bricks and mortar, site failure scenario, is

no longer the sole focus for business continuity

planning. And while the likelihood of a site outage has

been relatively low, many organisations are now at a

higher risk of a cyber-attack. How does the Business

Continuity Plan to address this?

There are a number of ways a business disruption

from a cyber-attack differs from a site outage:

It may be technology based, rather than site

based, and may cross multiple sites, including the

DR site

The initial response may be far more focussed on

limiting further damage, than it is to begin

recovery.

Business Continuity Planning has traditionally focussed on site outages. Storms,

floods, power failures, fires have been the typical scenarios. But over recent years,

the scenarios an organisation should test have changed.

10

Regardless of cyber-attack or site outage, some things remain the

same:

Decisions will need to be made. And those decisions will need

senior decision makers, and a way of bringing them together -

quickly. Regardless of the cause, a crisis management team will

still need to make significant decisions on behalf of the

organisation.

Communications will be required to all major stakeholders. The

methods used to perform the communications may need to

change under a cyber-attack, and the methods used should be

evaluated as part of planning. But effective communications is

always a key component of the continuity plan.

Benefits of practice continuity and crisis management pay

dividends in an actual event regardless of the scenarios used.

A robust Business Continuity test that includes cyber-attack is an ideal

way to ensure risks are recognised, and understood, and mitigations

in place. It will require technical expertise to both build the test

scenario, and to recognise the technical impact, and business

involvement to recognise the business impact. But the benefits are a

greater awareness and ability to manage the risk of cyber-attacks;

scenarios that are almost certain to occur.

David Buerckner

GM Internal IT

INTERACTIVE

Business Continuity

Quotes

“A business continuity planner is

more powerful than all the king's horses and all the king's men,

because with a plan in place we can put Humpty Dumpty back

together again!” Doug Rezner

~

“Court disaster long enough and it will accept your proposal”

Mason Cooley

~

“A good plan today is better than a perfect plan tomorrow”

George Patton, 1885-1945

~

“I have found that in battle, plans are useless, planning however is

indispensable” Dwight D. Eisenhower

~

“In a crisis you will not rise to your (stakeholders) expectations, but

fall to your level of preparedness - how prepared are you?”

Wayne Harrop

11

WELLINGTON EXPO UPDATE Well another Business Continuity Awareness Week has come and gone. I hope your efforts have brought some success!

In Wellington, in addition to the usual members meetings, we again ran a public expo for BCAW. This year we ramped things up. In 2015 it was just the BCI exhibiting but this year we invited a number of vendors involved in the Business Continuity industry to join the BCI at the expo.

Plan-B, RiskLogic, WREMO, joined us on-site and Solity, BCPL, Resultex and Critchlow had a presence with banners and brochures.

The weather was not kind to us for the first two days of the three day event. Whilst we were indoors at the Asteron Centre, many people were more interested in just getting into their dry, warm offices. On the Friday the weather improved and the number of people visiting us went up proportionally.

To create greater awareness of and visitation to the expo we created a ‘Guest Pass’ which was distributed to all BCI members for them to redistribute to those that they wanted to have greater awareness of BCM. The ‘Guest Pass’ had a prize draw associated with it.

First prize, which was sponsored by Solity, was a "Get Away Kit" bag. This was won by Peter Davies from NEC. Second prize from the BCI Wel-lington Forum was a “BCM for Dummies” book and it was won by Cara Gordon, Ministry of Civil Defence and Emergency Management. Plan-B also ran a prize draw for those who visited their stand. First Aid Kits where won by; Margaret Thomson and Kirsty Bennett from IRD and Pra-deep Navalkar, MBIE.

With the number of people involved in this year’s expo we learnt some interesting things. As a result we are now looking forward to some possible improvements including changes in delivery the type of some of the deliverables for 2017.

The Wellington Forum Management Committee would like to thank the Asteron Centre Owners the exhibitors, those members who manned the stands and everyone who visited us for making another successful BCAW Expo.

Remember BCAW should not be primarily for our own edification but for the enlightenment of those who need to know about BCM.

So I encourage to start thinking about and planning what you are going for the 2017 BCAW. If you would like to know more please contact me at david.thompson@thebci.org.nz

Glen Redstall, Peter Davies, Amanda Scott

Steve Streefkerk, Cara Gordon, Glen Redstall

Glen Redstall, Pradeep Navalkar, Margaret Thomson &Ken McWilliams

DAVID THOMPSON

Wellington Forum Team

12

The role of police and anti-terrorism units

in thwarting terror attacks has always been a difficult job. Their job has become even more problematic as terrorist groups have devised new ways to create “weapons of mass destruction.”

On September 11, 2001 we saw what would be the start of modern terrorism when a coordinated group of highly trained terrorists hijacked commercial aircraft and turned them into weapons. In Mumbai, Bali, and Paris terrorists stuck again but with more conventional weapons. The tools used were simple yet deadly explosives and small arms, but the planning was still complex, the result mass casualties and worldwide panic.

With the rise of ISIS, attacks are occurring all too often. But ISIS has also given rise to another form of attack, the ‘lone wolf’ assault. This attack is characterised by the use of unsophisticated weapons, but without a highly coordinated team carrying out the attack. The introduction of such attacks, marked with allegiance to various terror groups, has made the jobs of law enforcement, security, and risk managers that much harder. In many situations, these attacks may not be able to be foreseen or prevented so a well-exercised emergency response plan is vital.

Attacks such as on the nightclub in Orlando was not planned by a command team or higher authority. It was simply undertaken by a lone wolf who used his attack for notoriety, pledging allegiance to ISIS in the midst of carrying out his violence. He still used military-style weapons and masses of ammunition in a traditional hostage or mass shooting situation.

The recent attack in Nice, France, carried out by a lone wolf actor using a garden variety truck rather than any form of weapon designed for killing, is both particularly shocking and representative of yet another evolution in terrorist tactics. In many ways, the blunt force trauma caused by a speeding truck was worse than a large, sophisticated explosive device.

Risk, Security and Continuity Managers, can’t be there to keep your people safe every second of the day. However, it’s part of your duty of care obligation to understand the risks faced by your people while they are overseas for work and mitigate those risks appropriately.

Organisations need to scan the horizon for new risks and threats, and this new form of terror attack should definitely be on the radar. In addition to crisis and emergency management plans, there needs to be systems in place to ensure your business can continue operations after a crisis occurs.

Dynamiq develops and reviews Business Continuity plans for major organisations around the world. As a part of our sponsorship of Business Continuity Institute (BCI), Dynamiq is offering a complimentary Business Continuity Health Check to BCI members.

Dynamiq Founder and Director of Strategy, Anthony Moorhouse

Business Continuity and the changing face of terror

The aftermath of the Nice terror attack. Image: Sasha Goldsmith, Daily Mail.

Dynamiq Founder and Director of Strategy, Anthony Moorhouse

13

The Business Continuity Health Check is a review of your organisation’s Business Continuity Management System. We provide feedback on your organisation’s business continuity maturity level, identify areas for improvement and provide a roadmap for development.

The health check is conducted by a Dynamiq consultant through face-to-face meetings. Each meeting involves 21 questions across 8 areas of the Business Continuity Management System. As an essential component of any resilience program, it’s vitally important to ensure that your business continuity planning reflects reality and relevancy.

Topics include: The Organisation and its context, Scope of the BCMS, Business Continuity Management (BCM) Policy, Business Impact Analysis (BIA), Business Continuity Response and Recovery Plans, Incident communications and warnings, Training, Exercising and Tests, Monitoring, Measurement and Evaluation

Following the meetings, recommendations are discussed and presented in a report. The results from the health check are mapped by sector, providing a visual guide to areas of strength and areas for improvement.

To book or discuss a free Business Continuity Health Check, please contact Jason Gotch at Jason.gotch@dynamiq.com.au or on +61 (0) 2 9154 2609.

14

Forget about cyber-security, what about human bio-Security? Cyber-Security currently sits at the top, or near the top of any list on risks that the modern organisation faces.

However there is another risk that raises its head at this time every year - that is colds and flu’s.

Especially in the winter these illnesses can seriously impact an organisation’s productivity, yet this human bio-security risk is one which the majority of people, managers and organisations pay little attention to and thereby underestimate the risk to their operations due to the loss of staff.

The New Zealand Government’s Wellness in the Workplace survey reports that influenza-like illnesses are worse than just bad colds, and account for 45% of illness days for unvaccinated people each winter. This means that sick leave absences cost New Zealand more than six million work days throughout 2014 - an average 4.7 days for each employee - at a cost of $1.4 billion.

In a pandemic our plans often state that we will get people to stay at home when they become ill.

Yet when it comes to the common cold and seasonal influenza organisations let their staff come and go as they please.

So, if we are prepared to manage people in a pandemic situation, why are we so reluctant to manage people in the “cold & flu season”?

Should we consider, in conjunction with our Human Resource teams, creating a process that more comprehensively manages people who turn up at work when they are ill, and if so what does this mean?

Implementing or improving and empowering a “Stay Home” policy

The most effective way to protect your business against the spreading of bacterial and viral infections is to encourage sick staff to take time off. This may seem contrary, but these infections can be highly contagious - one person taking a day or two of sick leave will help prevent passing it on to other employees, so that those other employees who then would need time off to recover as well.

We need to strongly present the following argument:

“You might feel guilty for not going to work when you are ill and fear everything will grind to halt if you’re not on deck. It’s time for a rethink: By going to work you infect others thereby disrupting work more than you just taking the time off to get well. If you don’t feel you can take time off, can you work from home while contagious.”

Vaccinate against influenza

Vaccinations are a vital part of the overall strategy for protecting your staff and reducing the working time lost to illness. Therefore organisations must consider paying for their staff to be vaccinated, either through their medical centre or organise a group vaccination session at the workplace.

Encourage good health habits

Healthier people are less likely to get sick. Therefore we should be encouraging our staff to:

Wash hands: Encourage staff to wash and dry their hands often to stop bugs spreading.

Sneezing & coughing protocols: Understand the correct way to cough or sneeze to reduce the spread of germs.

15

Keep fit: Fitter people get sick less often. Think about staff health challenges, like fun runs and social sports teams.

Eat well: Encourage staff to eat healthily at work to give their immune systems a boost. Think about having a communal fruit bowl and offering snacks like nuts over chips at work drinks.

Get outside: Exposure to sun for even short periods every day boosts vitamin D levels, an important nutrient for immunity. If you’re office-based, encourage lunchtime walks in the sun.

Sick leave rules Sick leave relies on a good faith relationship. An employer must be confident an employee is sick, while employees need to know they’ll be supported to get well. Therefore organisations should review their leave policies including:

Carrying over unused sick leave to the next year.

Letting employees use sick leave to care for a spouse, partner, child, elderly parent or other dependent.

Paying staff their normal pay for days they’re on sick leave.

Allowing sick leave in advance.

Ability to access annual leave.

Using unpaid leave.

Requirements for proof of illness.

By actively managing our staff through a period such as the winter cold and flu season organisations have the opportunity to:

Maintain or increase their productivity during this time,

Give greater protection to their staff from illness,

Improve the health of our organisations overall.

So let’s take charge of managing the health of our people and organisations.

DAVID THOMPSON

Wellington Forum Team

Click on the advertisement above to be taken to the white paper plus info

16

What is Education Month?

Education Month is about reflecting on your professional development within business continuity and resilience. It is about understanding the necessity to keep up-to-date with the changes happening in your industry, to then learn and move with these changes and developments. Education Month takes places each September.

Who is it for?

Education Month is for everybody! The theme for this year is Lifelong Learning, this encapsulates the need to always be looking to improve your knowledge and understanding no matter what stage of your career. For newer professionals to the industry there is always so much to learn, but is it also important for more experienced professionals to keep updated with new terminology, new processes, new technology and new threats facing organizations.

How can I get involved?

This is the easy bit. There are so many ways for you to improve and update your knowledge, you can attend an event or seminar, read a report, join a webinar, take a certification or training course, join a mentoring programme, write a paper, present at a conference, network … the list is endless. It is up to each individual to assess their personal needs and preferences. To help, the BCI will be providing discounts and webinars throughout September.

Self-study

50% off Good Practice Guidelines

50% off CBCI Exam Mock Questions

30% off BCI How to Guides …

Free BCI Training DVD’s – Practice makes Perfect / How to do a BIA Free BCI Research Reports Free e-Learning Module One – What is business continuity

Formal Learning

10% off BCI Diploma 10% off CBCI Online Training Course 50% off e-Learning – Building Resilience 20% off selected Training Partner courses 20% off Corporate e-Learning licence

Professional Activity

Join a webinar. The BCI will be running a series of free webinars throughout September. Attend a conference or seminar. BCI currently has two events you may wish to attend - BCI World (London) and BCI Africa Conference (Johannesburg). There are also many BCI chapter and forums events. BCI members can sign up to the Mentoring Programme. This is a great opportunity to learn from experienced professionals and make new contacts.

BCI members can join the CPD programme and document your learning, this is also a pre-requisite to upgrading to some BCI membership grades.

17

The BCI is pleased to work in partnership with the organisations outlined below. Good Practice Guidelines Training Course (CBCI) - RiskLogic

From August 16, 2016 09:00 until August 19, 2016 12:00 At New Zealand, Christchurch

Incident Response and Crisis Management - RiskWest

From August 25, 2016 09:00 until August 26, 2016 17:00 At Australia, Perth

Incident Response and Crisis Management - Riskwest

From September 08, 2016 09:00 until September 09, 2016 17:00 At Australia, Sydney

Good Practice Guidelines Training Course (CBCI) JBT Global Corporate Advisory

From September 12, 2016 09:00 until September 16, 2016 17:00 At Australia, Melbourne

Good Practice Guidelines Training Course (CBCI) JBT Global Corporate Advisory

From October 10, 2016 09:00 until October 14, 2016 17:00 At Australia, Brisbane

Good Practice Guidelines Training Course (CBCI) - RiskLogic

From October 18, 2016 09:00 until October 21, 2016 12:00 At Australia, Sydney

BCI ISO 22301 Lead Auditor Training - in Partnership with ICOR - ANSI Accredited JBT Global Corporate Advisory From October 24, 2016 09:00 until October 28, 2016 17:00. At Australia, Sydney

Good Practice Guidelines Training Course (CBCI) JBT Global Corporate Advisory

From November 07, 2016 09:00 until November 11, 2016 17:00 At Australia, Canberra

Good Practice Guidelines Training Course (CBCI) JBT Global Corporate Advisory

From November 21, 2016 09:00 until November 25, 2016 17:00 At Australia, Sydney

Good Practice Guidelines Training Course (CBCI) - RiskLogic

From November 22, 2016 09:00 until November 25, 2016 12:00 At Australia, Melbourne

Incident Response and Crisis Management - Riskwest

From November 22, 2016 09:00 until November 23, 2016 17:00 At Australia, Melbourne

Good Practice Guidelines Training Course (CBCI Certification) - Riskwest

From December 01, 2016 09:00 until December 06, 2016 17:00 At Australia, Perth

Good Practice Guidelines Training Course (CBCI) JBT Global Corporate Advisory

From December 05, 2016 09:00 until December 09, 2016 17:00 At New Zealand, Wellington

UPCOMING TRAINNG SCHEDULE

18

Special Interest

Group in the Spot-

light

ITSCM Spe-

BCI Queensland

The Queensland BCI Forum has seen a real renaissance over the past 12 months, with renewed interest and increased attendance at scheduled events. Key changes to the format have resulted from a review of current Forum practices, a fresh approach, and the establishment of a dedicated and enthusiastic member sub-committee.

The expansion of the Forum Team to include the sub-committee has been instrumental in reducing the onus on the Forum Leader and Secretary to do the lion’s share of the work. It has also allowed an increased focus by the team on meeting member expectations with regards networking opportunities and presentations relating to current industry best practices.

There has been a noticeable increase in the number of registrations for scheduled events when compared to previous recent years. Presentation topics have included: surviving a Tsunami; a guided tour of Interactives DR site and BC recovery centre; a technical talk from RSA on cyber threats; a Crisis Management workshop; and a summary of the BCI Summit in May. The Forum has more interesting and varied sessions planned for this calendar year.

Unfortunately, due to an interstate move at short notice, Andrew Darby has had to relinquish his role as Forum Leader. An excellent replacement in Glen Edwards has been appointed. Glen was on the Organising sub-committee, and has agreed to step up to fill Andrew’s rather large shoes! Glen will continue to develop and work within the new operating model, in consultation with Paul Trebilcock, the BCI Qld Area Director, the Forum Secretary and the organising sub-committee.

The Qld membership extends its sincere thanks and appreciation to Andrew for his dedication and commitment to the Forum over many years, and especially for stepping into the Forum Leader role last year. Andrew would also like to thank and recognise the efforts of all the Qld Forum volunteers, including Glen Edwards, Ian Martin, Nerrida Graham, Lisa

Cameron de Vries, Sheena Downey, Adele Finch, Lyn Richards, Lisa Sos, Clint Seagrave, Marty Stewart, Steve Power, as well as all the members and their guests who have attended recent Forum events.

This renaissance and reinvigoration of a BCI Forum is clear indication of what can be achieved when a group of like-minded committed individuals come together, and work together, for a common purpose. The BCI has always been an organisation built on volunteer activity, and has grown into the global peak body for BC and Resilience professionals as a result. The Queensland team have shown what can be done, in a relatively short time, and are proud of their mighty achievements – as they well should be! And with this new model of leveraging an enhanced team with an enlarged membership, there are plenty of opportunities for any BCI member to participate at whatever level they feel comfortable with. To find out contact details for your Area Director and your local Forum Leader, check out the BCI Australasia web site under Australasian Area Forums.

Andrew Darby (MBCI) & the Queensland Forum Team

19

WA Area Forum Meeting 18 Aug Wellington Forum Meeting 12 Oct

Gartner Security & Risk 22-23 Aug Brisbane Area Forum Meeting 18 Oct

Auckland Forum Event 24 Aug Auckland Forum Event 19 Oct

BCI Australasian Awards 8 Sep Wellington Forum Meeting 16 Nov

Wellington Forum 14 Sep Brisbane Area Forum Meeting 16 Nov

VIC/TAS Forum Meeting 15 Sep WA Area Forum Meeting 17 Nov

NSW Area Forum Meeting 20 Sep Auckland Forum Event 23 Nov

Auckland Forum Event 21 Sep VIC/TAS 24 Nov

Upcoming Events - Forum Activities & Events in Your Area

To view all upcoming events go to

http://events.thebci.org.au

Planning is well underway for the next key activity on the standards calendar. The third International Standards Organisation (ISO) Symposium will be held in Edinburgh, Scotland from the 5th to the 9th of September.

There are six working groups, each with many work activities (streams) plus a number of additional work activities.

The following list represents the key BCM and BCM related work activities:

ISO DIS 22316 – Organizational Resilience, ISO WD 22320 - Crisis Management, ISO TS 22330 - People Aspects of BCM, ISO TS 22331 - Strategy Development of BCM, BCM for Small, Medium Sized Enterprises (SMEs), Sector specific guidance on BCM.

Unfortunately, most of these work activities will run in parallel, but fortunately, the Australian delegation is large enough to provide enough coverage to make sure the Australian voice is heard. My specific areas of interest are:

ISO 22331 - Strategy Development of BCM, ISO 22330 - People Aspects of BCM, and BCM for SMEs.

Hopefully the agenda will allow me to devote quality time to each of these three work items.

On the Australian front, Howard Kenny and I attended a joint working group meeting with the Risk Management Technical Committee and authors of AS5050. We've agreed on the way forward, with the objective of allowing Australia to adopt ISO 223XX by amending AS5050.

By Saul Midler FBCI

20

SPECIAL DISCOUNT OFFER AVAILABLE TO BCI MEMBERS

Special Discount Offer for BCI Members!