Introduction: One of the world's leading cheese manufacturers approached Fernao Business Resilience to ensure their operations remained resilient in the face of disruptions. This case study delves into the practical journey of developing an IT-Service Continuity Management (IT-SCM) system to meet this challenge. The Challenge: Our client, a global cheese manufacturer, operates across Europe and in countries such as Australia and the United States. They rely on their IT department for critical functions, including production site management, laboratory quality control, internal IT support, SAP systems, and more. Downtime, for them, wasn't just a matter of inconvenience—it directly threatened production, revenue, and the brand's reputation. They realized the need for a structured approach to resilience. Prior attempts to establish an IT-SCM in-house revealed resource limitations, the complexity of navigating technical aspects without a clear strategy, and limited internal expertise. With nearly 6000 employees globally, they sought a smooth, expert-guided [...]
How to deal with a ransomware attack: a quick guide A ransomware attack can be an existential threat to any organization. Dealing with an attack takes weeks and months of hard work and leads to a significant loss of earnings: The attack on Norsk Hydro in 2019 cost around $71 million, the Maersk attack affected global supply chains and lead to losses of around $300 million. Preventing Ransomware attacks is possible and should be the aim of any cyber security strategy, but every organisation should also have a plan for dealing with an attack when it does occur despite best efforts at preventing it. The points below are a basic guide on dealing with a ransomware attack. You can use the 'ask yourself' prompts to help develop or improve a response plan. Technical / organisational Isolate and contain the infection: It is essential to isolate the infected device [...]
How can we deal with a critical number of employees not showing up for work, maybe because their houses are flooded, there is a transport strike or their children fall ill in an outbreak of flu or the measles? (Do we want them to show up in these cases?) How can we make sure employees perform at their best while at work? How do we help them in being personally resilient to stress, both in their private and professional lives? When thinking about the human factor in organisational resilience, the line between their professional lives and personal lives becomes blurred. An employee dealing with a personal crisis will not be available or as on-point as they usually are. Personal crises can be individual (e.g. marital problems) or collective (transport or school strikes, natural disasters) and how we respond to them will determine our organisation’s success. First, we [...]
The growing importance of Business Continuity Management in the context of a TISAX certification Introducing TISAX & BCMS TISAX (Trusted Information Security Assessment Exchange) is a certifiable standard for information security, specific to the automotive industry. It was developed by the members of the German Association of the Automotive Industry (Verband der Automobilindustrie e.V.) based on the ISO/IEC 27001 standard for information security management systems (ISMS) and adapted to their specific needs. It covers the secure processing of confidential information, prototype protection, and data protection in the business relationships between automotive manufacturers and their service providers and suppliers. A Business Continuity Management System (BCMS) is designed to ensure the continued existence of the company and the maintenance of important business processes in crisis and emergency situations through holistic crisis management. The associated ISO 22301 requires a risk assessment to ensure that all important processes and procedures are [...]
High availability and disaster recovery: What lies ahead for IT in 2022 In 2021, IT teams had to cope with enormous changes and protect their critical operations against unprecedented threats from Covid, natural disasters, supply chain disruptions and staff shortages. Many moved mission-critical systems to the cloud and hybrid cloud and implemented advanced, application-specific high-availability clustering and disaster recovery solutions. The impact of global change and looming threats continues. What do these changes mean for IT in the coming year? Here are some predictions to consider. Multi-cloud infrastructures will become mainstream With the widespread adoption of cloud computing as a core component of today’s IT infrastructures, organizations will no longer consider a single cloud for their cloud needs. Despite the added complexity of running different workloads on different clouds, a multi-cloud model will allow enterprises to select cloud offerings that are best suited for their unique application environments, [...]
Leadership - business continuity management and crisis management Business continuity management can also mean “emergency and crisis management”. We also find this term in the administrative sector, as in the work of civil protection. But is leadership in the event of crises really the same? This short article is intended to highlight individual differences and similarities between these two emergency and crisis management approaches so that a distinction can be made and differentiation simplified. Causes of crises The causes of crises or disasters in the field of civil protection are almost exclusively external. This means, for example, natural disasters, terrorist attacks or a technical/human failure, which leads to high risks. In the case of companies, there are two additional causes: inadequate attention to operational fluctuations up to the point of escalation and the occurrence of latent problems, which lead to high reputational damage. The crisis is therefore not [...]
When speaking to small business owners, I often hear that a lot of them are aware of business continuity / resilience but don't apply it to their own organisations. Asked 'why?', their answer is invariably either 'we can't afford that', 'it's too complex', or 'we don't have time for that'. Let's look at that - and go beyond the old adage "if you think being resilient is expensive, try not being resilient." 'We can't afford that' and 'It's too complex' Resilience does not need to be expensive. In most cases, the best solution is the simplest and cheapest solution. When a fire department looked at building resilience for their IT dispatch system, they asked their pensioners how things worked before IT and simply brought back the paper-based system as a fall-back. It did involve training staff and regular exercises, but not a penny was spent on fancy [...]
In this podcast, we talk to Angela Clendenin PhD, MA from Texas, USA about trust and engagement in crisis management and communication. How do we send impactful and consistent messages to diverse communities and organisations? How do we ensure the audience trusts and engages with our messages and takes action? Listen to find out!
When London hosted the Olympic games in 2012, the number of people using the tube and busses increased dramatically. To help visitors and residents navigate the city's transport network in these unusual times, Transport for London (TfL) had recruited around 3000 'Travel Ambassadors' from their office staff. These volunteers were trained and licensed to help and complement full-time operational staff in Underground stations, at bus stations, and other hot spots during the event. This is a concept which we call 'operational flexibility' - using trained and briefed staff in a different capacity when required during a crisis, emergency, or other disruptive events. Other examples of this concept could be using marketing, finance, or project-management staff to answer phones when a crisis causes increased inbound call volumes or using waiters to deliver food locally when the restaurant can't cater to patrons on-site. Sounds great, but would that work for [...]
On today's episode of the business resilience podcast, I have the pleasure of talking to Angela Clendenin PhD, MA from Texas, USA. We discuss risk communication, decision analysis, emergency management and cultural influences on communication and decision-making and what we can learn from Covid-19 and other crisis around the world. Special thanks for that outstanding interview!