Question 2
Give an overview of the following:
Australian/New Zealand Standard AS/NZS ISO 31000-2009 Risk Management
Australian/New Zealand Standard Handbook AS/NZS HB221:2004
Question 3
Research 4 relevant legislation and regulations that impact on business continuity
PART B -CASE STUDY
This was a large scale fire that started late at night create a disaster zone involving a major shopping complex with multiple tenants.
What happened?
The cause was unknown but the fire spread rapidly through the ceiling to envelop the entire block. Nearby premises were extensively damaged not by fire but smoke & water
- Electrical & air-conditioning systems were also destroyed
- The whole area was shut down by Fire Services
- Security guards were called in by property owners to control access
- Staff of businesses affected who tried to visit the site next morning were distraught at what they saw
- Media were quickly on the scene to write their stories for next day papers & were looking for any comments
What went wrong?
1. The building sprinkler system was activated but did little to stop the fire
2. Most media comment was negative for the businesses involved. There was no mention of crisis and continuity plans to quickly restore business activity
3. One tenant who wanted to be anonymous, said "we don't know what will happen & this will affect our business massively"
4. No "business as usual" statements appeared in the press for subsequent days
What should have happened?
1. The possibility of such a happening should have been foreseen from a simple risk management process involving answers on a) probability, b) severity c) controls 2. Each business should have had a crisis & business continuity plan that had been tested before the event & then relied upon to deal immediately with the crisis 3. Staff should be asked to stay at home & not be allowed to visit the site, distraught staff will only hinder recovery & possibly make emotional statements to press 4. A competent spokesperson should issue a brief and positive message of positivism to the media, speculation should not commented on 5. The existence of adequate insurance should be commented on 6. Alternative premises with adequate resources e.g. computer systems & data back-up should have been considered and resolved in advance of the fire
Please answer the following question
Please read the above case study and utilising the Six Steps to Building a Business Continuity and Disaster Recovery Plan.
Design and develop a Business Continuity and Disaster Recovery Plan, to minimise the risk of the above case study happening again.
PART C- PROJECT
"A disaster doesn't have to be a catastrophe if your business is well prepared,"
In recent months we've witnessed the full range of natural disasters in Australia, from flash flooding to bushfires. Man-made disasters such as virus attacks, accidentally wiping data and power outages can also affect businesses. Having a disaster recovery plan in place is one thing small business owners should consider. What would happen if everything that relied on IT suddenly vanished? Would you have the ability to continue running the business? How long could you do it without IT before it begins to affect performance? It is almost impossible to prepare for the worst but planning is critical to ensure your business has the ability to get through in the worst-case scenario. A Telstra-commissioned survey revealed more than half of all Australian small businesses don't have a disaster recovery plan in place. It indicates about 52 per cent of businesses have not thought ahead and given more consideration towards a disaster recovery plan. When a storm struck the call centre of national delivery company Couriers Please in Homebush, it had no communication links for up to eight days. The storm struck during the Christmas period, one of the busiest times of the year for most businesses. Without any solid indication on when its systems would be back in full swing, the company had to think quickly of how it was going to keep its call centre operations running without affecting customers. "The downpour flooded the exchange pit that holds all of our telecoms," says the chief information officer of Couriers Please, Alistair Alderson. "At the time we thought it was going to be a one- or two-hour outage, nothing to the point of what we were going to be out for. It was hard to make calls on how we would deal with it." The company has other call centres throughout the country in Perth, Brisbane and Melbourne and for the first few hours it was able to flick a switch to divert calls to those centres so they could still be answered, Alderson says. Couriers Please uses a hosted contact centre application called Genesys. "It is all well and good for a short period but if you're talking two to eight days, the customer service kind of gets degraded in those areas as well because those staff can't take on that call volume for a sustained period," Alderson says. "We had to make a call on how we would deal with the NSW area and luckily we had a network connection in our head office and we were able to move hardware and staff there. It kind of saved our bacon a bit. "It's hard to gauge the damage on the business but overall it was a successful disaster recovery plan." Alderson says Couriers Please has about 70 office staff and about 500 contracted couriers who were left without a data connection but were still managing to get bookings and dispatch for jobs in NSW.
Please answer the following scenario:
You are employed by a small distribution/warehousing organisation in Queensland with 30 staff in various capacities from junior warehouse person to sales manager your CEO has been made aware of the above situation, you have been requested to put in place a business continuity management plan to minimise risks associated with loss of IT and communication with staff in the field and customers. You are to include the following:
- The establishment of a business continuity framework with consultation with staff and management.
- A monitoring system to ensure that the business continuity plan is compliant and relevant with scenarios and role plays to enable staff and management to be familiar with the business continuity plan. Develop tools to verify and validate the business continuity management framework.
- Review and evaluate business continuity management framework to update the overall business continuity management framework learning and development exercises, communication strategies and implement changes.
- Implement and conduct business continuity management system for auditing purposes for complian