Happy New Year 2008
I would like to take this opportunity to wish all our readers, friends and associates, as well as our enemies, a very happy & prosperous New Year 2008.
Warwickshire St John Ambulance's new emergency response bicycles
In August 2006, St John Ambulance (SJA) in Warwickshire started to raise money to purchase Smith + Wesson bikes and all the medical kit as a means of responding to emergencies by their Warwickshire Cycle Response Unit. The bikes were delivered in July this year. Each bike carries first aid kit, oxygen, suction and an Automated External Defibrillator (AED). It has been known for one bike to carry entonox, an analgesic often called gas and air, rather than oxygen at sports events.
Eddie Stephenson, Unit Co-ordinator for Warwickshire Cycle Unit, has been speaking to the Emergency Management Portal.
"Normally we operate as a pair", he said. "We tried using our own bikes, but it didn't look good, different types of bike with various colours; we could only carry first aid kit around our waist, no AED, suction or oxygen."
It has been known for the unit to reach a casualty before a county ambulance. Earlier this year they attended a Marathon, two vehicles, a doctor and an ambulance, were sent to an unconscious patient. He couldn't be found, the cycle unit turned up and located the casualty, who couldn't be seen from the road. He was placed on oxygen after which the unit called for transport.
The cycle can also be set up as a first aid post; it doesn't have to be a mobile unit.
Mr Stephenson told us: "At the moment Warwickshire have 3 bikes, but we intend to make it 4 within 18 months."
Walking the Office Party Tightrope – A Risk-Assessment Checklist
The Christmas office party is a traditional element of many businesses but what potential risks do these annual events present and what guidelines should be in place to ensure that revelry doesn’t turn into regret?
David Honour - a risk expert and editor of continuitycentral.com together with Business Continuity Expo 2008 have put together a useful risk assessment checklist for risk aware managers wanting to keep their jobs in 2008!
Strange as it may seem, the office Christmas party is probably one of the biggest avoidable risks that many companies take. Many of the most risk-aware and best protected companies in the world seem prepared to throw an office party without conducting the sort of risk assessment that they would for any other aspect of their business.
WHAT ARE THE RISKS?
Litigation
Even if an organised office party takes place outside of working hours and away from company premises, the normal laws that protect workers and their rights still apply. If an employee is injured or abused in any way during an office party the company may well be legally liable. High risk areas include injuries, abuse and even death, due to alcohol and substance abuse. Additionally, the risks associated with date rape drugs, where a victim’s drinks are unknowingly spiked with tranquilising and memory impairing drugs such as Rohypnol, are an increasing concern.
There are various sensible mitigation measures that companies can take:
- Ensure that the company human resource policies and handbooks address these areas. Documents should state when and under what circumstances staff remain under employment conditions when away from company premises and out of office hours. It may prove useful to develop a specific HR policy that relates to office parties. Policies need to spell out the disciplinary measures that will be taken against staff who abuse alcohol or drugs during the event and who carry out other activities deemed as unacceptable.
- Send a friendly memo around staff prior to the party reminding them of their responsibilities and of what is acceptable and unacceptable behaviour.
- Remind managers that they have responsibilities for implementing the company's alcohol and substance abuse policy and that they should be ready to have a friendly word with any person who is becoming intoxicated.
- Consider making arrangements to get employees home after the event. A taxi-fare is a much cheaper option than a law-suit alleging that your company failed in its duty-of-care because a drunken employee had an accident making his/her own way home.
- Companies should conduct a formal risk assessment of the office party and document the mitigation measures that have been taken. If the company should face litigation following a party-related incident this will offer evidence that the company has acted responsibly and taken all reasonable measures to prevent the incident occurring.
- Ensure that your company insurance policies cover your Christmas party activities, including the legal liability pitfalls.
Premises damage
Parties that are held on office premises are prone to office equipment damage. Simple accidents can be very costly. For example, a glass of wine dropped onto computer equipment could result in expensive damage to the equipment but could also result in lost data and significant downtime.
In general, it is to be recommended that parties are held off-site. This avoids any additional work place risks associated with the event and may result in reduced, or joint, liability should a premises-related accident occur. It also often results in a better atmosphere, enhancing the positive effects that the party aims to engender. However, parties held off-site also bring the risk of damage and subsequent compensation payments. The risk is highest where an overnight hotel stay is offered to staff who have travelled from further afield. Emptied mini-bars and trashed hotel rooms are an expensive luxury.
Employee relations
This is perhaps the highest risk area and one of the most important for the smooth-running of the company. The better that employee-to-employee relationships and employer-to-employee relationships are, the stronger a company tends to be. Activities which damage these relationships need to be avoided and the office party is a minefield when it comes to this area. Potential long-term conflicts can arise from common office party behaviour such as one-night stands; sexual harassment; verbal abuse and staff fights.
Such issues are difficult to mitigate against, but again, a clear human resource policy outlining what is unacceptable behaviour and the sanctions that will be brought into force against offenders will help in some of these areas. Good human resource management after any incident will also help reduce the personal and corporate impact.
Issues can also arise if an office party is planned insensitively. For example, a party which follows a period of cost-cutting and redundancies may be seen by the remaining staff as in bad taste.
Religion can cause problems and sensitivity needs to be shown, especially when a party is linked to a religious event such as Christmas and Easter. It may be better to rename the Christmas Party as simply the ‘Office Party’ or the ‘Holiday Party’, and it is best to avoid any use of decorations with religious themes or messages. Making the party optional is a sensible policy, allowing staff who may feel uncomfortable celebrating a festival based-upon another religion to avoid the situation.
Reputational damage
This is another minefield, especially where clients and prospects are invited to office parties. Such guests will get to see the company’s employees without their professional ‘hats on’ and the resultant informality, when mixed with the lack of inhibition that alcohol consumption brings, can result in insulted clients and lost contracts.
Once again a well-crafted human resource policy will help in this area and a reminder memo beforehand can help place staff on-guard. Better still, consider making the party staff-only, keeping customers well away from the ‘danger zone’.
The most obvious, and bluntest form of risk reduction is simply not to have an office Christmas party, but despite the risks, there are also positive benefits to the festive event. It shows staff that they are important and that the company does not have a ‘Scrooge’ mentality. They can also be strong networking events. This coupled with the simple the fact that staff are enjoying themselves together and socialising outside their normal working environment can have positive benefits on morale and employee relations. The trick is to be able to manage the liabilities and the reputational risks without negating any positive morale benefits.
For more pearls of wisdom visit www.continuitycentral.com and be sure to visit Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident. For further information visit www.businesscontinuityexpo.co.uk
David Honour - a risk expert and editor of continuitycentral.com together with Business Continuity Expo 2008 have put together a useful risk assessment checklist for risk aware managers wanting to keep their jobs in 2008!
Strange as it may seem, the office Christmas party is probably one of the biggest avoidable risks that many companies take. Many of the most risk-aware and best protected companies in the world seem prepared to throw an office party without conducting the sort of risk assessment that they would for any other aspect of their business.
WHAT ARE THE RISKS?
Litigation
Even if an organised office party takes place outside of working hours and away from company premises, the normal laws that protect workers and their rights still apply. If an employee is injured or abused in any way during an office party the company may well be legally liable. High risk areas include injuries, abuse and even death, due to alcohol and substance abuse. Additionally, the risks associated with date rape drugs, where a victim’s drinks are unknowingly spiked with tranquilising and memory impairing drugs such as Rohypnol, are an increasing concern.
There are various sensible mitigation measures that companies can take:
- Ensure that the company human resource policies and handbooks address these areas. Documents should state when and under what circumstances staff remain under employment conditions when away from company premises and out of office hours. It may prove useful to develop a specific HR policy that relates to office parties. Policies need to spell out the disciplinary measures that will be taken against staff who abuse alcohol or drugs during the event and who carry out other activities deemed as unacceptable.
- Send a friendly memo around staff prior to the party reminding them of their responsibilities and of what is acceptable and unacceptable behaviour.
- Remind managers that they have responsibilities for implementing the company's alcohol and substance abuse policy and that they should be ready to have a friendly word with any person who is becoming intoxicated.
- Consider making arrangements to get employees home after the event. A taxi-fare is a much cheaper option than a law-suit alleging that your company failed in its duty-of-care because a drunken employee had an accident making his/her own way home.
- Companies should conduct a formal risk assessment of the office party and document the mitigation measures that have been taken. If the company should face litigation following a party-related incident this will offer evidence that the company has acted responsibly and taken all reasonable measures to prevent the incident occurring.
- Ensure that your company insurance policies cover your Christmas party activities, including the legal liability pitfalls.
Premises damage
Parties that are held on office premises are prone to office equipment damage. Simple accidents can be very costly. For example, a glass of wine dropped onto computer equipment could result in expensive damage to the equipment but could also result in lost data and significant downtime.
In general, it is to be recommended that parties are held off-site. This avoids any additional work place risks associated with the event and may result in reduced, or joint, liability should a premises-related accident occur. It also often results in a better atmosphere, enhancing the positive effects that the party aims to engender. However, parties held off-site also bring the risk of damage and subsequent compensation payments. The risk is highest where an overnight hotel stay is offered to staff who have travelled from further afield. Emptied mini-bars and trashed hotel rooms are an expensive luxury.
Employee relations
This is perhaps the highest risk area and one of the most important for the smooth-running of the company. The better that employee-to-employee relationships and employer-to-employee relationships are, the stronger a company tends to be. Activities which damage these relationships need to be avoided and the office party is a minefield when it comes to this area. Potential long-term conflicts can arise from common office party behaviour such as one-night stands; sexual harassment; verbal abuse and staff fights.
Such issues are difficult to mitigate against, but again, a clear human resource policy outlining what is unacceptable behaviour and the sanctions that will be brought into force against offenders will help in some of these areas. Good human resource management after any incident will also help reduce the personal and corporate impact.
Issues can also arise if an office party is planned insensitively. For example, a party which follows a period of cost-cutting and redundancies may be seen by the remaining staff as in bad taste.
Religion can cause problems and sensitivity needs to be shown, especially when a party is linked to a religious event such as Christmas and Easter. It may be better to rename the Christmas Party as simply the ‘Office Party’ or the ‘Holiday Party’, and it is best to avoid any use of decorations with religious themes or messages. Making the party optional is a sensible policy, allowing staff who may feel uncomfortable celebrating a festival based-upon another religion to avoid the situation.
Reputational damage
This is another minefield, especially where clients and prospects are invited to office parties. Such guests will get to see the company’s employees without their professional ‘hats on’ and the resultant informality, when mixed with the lack of inhibition that alcohol consumption brings, can result in insulted clients and lost contracts.
Once again a well-crafted human resource policy will help in this area and a reminder memo beforehand can help place staff on-guard. Better still, consider making the party staff-only, keeping customers well away from the ‘danger zone’.
The most obvious, and bluntest form of risk reduction is simply not to have an office Christmas party, but despite the risks, there are also positive benefits to the festive event. It shows staff that they are important and that the company does not have a ‘Scrooge’ mentality. They can also be strong networking events. This coupled with the simple the fact that staff are enjoying themselves together and socialising outside their normal working environment can have positive benefits on morale and employee relations. The trick is to be able to manage the liabilities and the reputational risks without negating any positive morale benefits.
For more pearls of wisdom visit www.continuitycentral.com and be sure to visit Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident. For further information visit www.businesscontinuityexpo.co.uk
Gloucestershire Constabulary rolls out Unifi software
Author: Antony Savvas
Gloucestershire Constabulary is deploying a new criminal justice system to help improve efficiency.
The force has chosen the Unifi system from SunGard Vivista as part of an upgrade to its previous SunGard system.
The Unifi system will bring the force up to date with the latest standards and technologies in the field and will be supported by a five-year support contract.
Unifi is a suite of integrated modules within a single application covering an array of police business processes, from crime, custody and case preparation through to the management of driving document productions, vehicle defect rectifications and road traffic collisions.
The system also collects intelligence derived from these activities and from other sources.
Built upon a single database, the application requires no interfacing between its own modules, which streamlines the solution and helps ensure uncomplicated support and easy maintenance.
All recorded data can be shared between modules without the need for multiple data entry, thus helping to make it more user-friendly and less time-consuming.
Gloucestershire Constabulary assistant chief constable, Mick Matthews, said, "We have successfully used SunGard's Unity system for the past ten years in support of operational policing functions.
"It has proved to be a robust and reliable system and we now look forward to using UNIFI, with its enhanced functionality and updated technology, in support of providing more effective and efficient services."
Source: Computer Weekly
Gloucestershire Constabulary is deploying a new criminal justice system to help improve efficiency.
The force has chosen the Unifi system from SunGard Vivista as part of an upgrade to its previous SunGard system.
The Unifi system will bring the force up to date with the latest standards and technologies in the field and will be supported by a five-year support contract.
Unifi is a suite of integrated modules within a single application covering an array of police business processes, from crime, custody and case preparation through to the management of driving document productions, vehicle defect rectifications and road traffic collisions.
The system also collects intelligence derived from these activities and from other sources.
Built upon a single database, the application requires no interfacing between its own modules, which streamlines the solution and helps ensure uncomplicated support and easy maintenance.
All recorded data can be shared between modules without the need for multiple data entry, thus helping to make it more user-friendly and less time-consuming.
Gloucestershire Constabulary assistant chief constable, Mick Matthews, said, "We have successfully used SunGard's Unity system for the past ten years in support of operational policing functions.
"It has proved to be a robust and reliable system and we now look forward to using UNIFI, with its enhanced functionality and updated technology, in support of providing more effective and efficient services."
Source: Computer Weekly
Business Continuity – or is it? Are we missing the point??
By Dominic Hill, Consultant, Siemens Enterprise Communications Limited
There have been a number of papers and presentations recently looking at the nature of Business Continuity (BC) and tools used to deliver it – from the future of the BIA to the importance of building evacuations. With the imminent arrival of Part 2 of the British Standard for Business Continuity Management (BS 25999-2), there will be a defined management system – the BCMS - and a means of measuring performance of Business Continuity capabilities, should organisations choose to do so. But are we missing something? Have we created our own definition of continuity?
The Oxford English Dictionary (1999 edition) defines continuity as “the unbroken and consistent existence or operation of something over a period of time”.
In BS 25999-1:2006, business continuity is defined as “strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level”.
In this definition, the “unbroken and consistent existence” has been replaced with “plan for and respond to” and “continue”, words which imply reaction and recovery. If we look at the services offered within the BC/DR arena today, it is easy to see the focus on responding to incidents and recovering capabilities in:
This is laudable, nay essential, as the BC manager’s maxim should be “Expect the unexpected”! But do these services really provide continuity for the business? It could be argued that this is really business recovery, although for some that term has its own distinct meaning. Are we missing something? Would it not be even better to avoid the incident or business interruption in the first place, leaving the recovery for when there is no other option?
Why have a disaster if you can avoid it?
Many organisations spend a significant amount of money and effort on recovery capabilities and the associated plans, but neglect to address the issues that would make the operation more resilient and less in need of recovery in the first place. Could that money be better spent on disaster avoidance in the first place? To a degree the answer is going to be dependent upon the state of the organisation, its ability to change and the willingness, of those in charge, to accept risk.
A key tenet of BS 25999 is “embedding the BCM culture within the organisation” and this is probably the single most important thing when it comes to being pro-active about disasters. When a system, regardless of whether it is business or IT, is designed and operated with continuity in mind, the subsequent need to mitigate risks with recovery capabilities can be reduced.
Resilience: The unbroken operation
In order for a system to have unbroken operation, the threats to that operation must be reduced or removed. When BCM is a recognised part of the daily processes, and not something that gets retrofitted in the later stages of the system lifecycle, it is easy to consider these potential threats at the start of that lifecycle. Typically the causes of threats include:
Location of the system – This has a wide scope and should consider location at all levels – both physically (geographically and within the campus and building) and logically (within the organisation). Taking as an example a new IT system, are there opportunities to implement it in a location discrete from main user population as well as from physical risks arising from location and environmental factors.
From the business viewpoint, the who and how should be considered. Does the system require input from certain members of staff whose roles make them unlikely to be available at the same time? Is specialist knowledge vested in a single individual, thus creating a potential single point of failure?
Access to the system – Again this works at both physical and logical levels. Again considering an IT example, there is little point in implementing a new system and a corresponding recovery capability if the system is situated in a location that does not afford it appropriate protection – environmentally or from a physical security point of view. A classic technology example is siting critical equipment in an IT suite that is used by members of IT staff as a shortcut to other parts of the building. A large number of incidents arise from human error in some shape or form, accidents do happen.
Similarly from a business viewpoint – especially in these days of increased concerns over the safety of data – who has access to what, by what means and for what purpose must be considered. For example, are personnel records only available as paper copies – if so where are they held, is it secure?
Design of the system – A single IT system can look cheaper than a design that addresses potential single points of failure with some sort of redundancy of functionality. On paper that is. When the cost of the corresponding recovery capability is included the picture may be very different. Similar arguments exist for non-IT tasks, where the ability for multiple teams (possibly on different sites) to carry out the same activity can address not only loss of site scenarios but also loss of staff – whether through pandemic or other cause.
Systems documentation - or the lack of it - In today’s fast moving world it is not uncommon for less than ideal documentation to be produced during the development phases, as the pressure to deploy the system increases. Limited documentation leads to a potential lack of understanding of how things work, which increases the threat of mistakes. Furthermore it is very hard to maintain and protect the system if it is not clearly understood where the interdependencies lie and the possible impacts when changes occur around it.
Understanding the business is one of the four stages in B2 25999 and is as essential to the resilience aspects of BC as to the recovery aspects. Good systems documentation has a major part to play in this.
Control of changes to the system – most systems will, after an initial period, operate in a steady state, until something changes! This is especially true in IT, which due to the ever developing nature of the technology is probably subject to more change than most business processes – the changes occurring in the form of software patches, upgrades, hardware enhancements for capacity improvements etc. The same can also be seen in the non-IT space, where changes to business process manifest as the results of mergers and acquisitions or the outsourcing of parts of the operation. By controlling the way change occurs – especially considering the impacts from all aspects – the threat from change can be minimised.
When these areas are considered throughout the whole lifecycle of a system and appropriate decisions made, the result will be a more resilient system that is fit for the purpose for which it was intended. As with anything in the BC space, this is not rocket science, just common sense, but it appears to be something that is often ignored in favour of cheaper or short-term solutions or because the challenges are too great.
Challenges associated with implementing resilience
Implementing resilience can have significant challenges associated with it, including:
Total Cost of Continuity
This is a variant of the well known “Total cost of ownership” concept and is proposed here as a means to understand exactly what costs are incurred in providing true continuity for an organisation.
Typically organisations look at their recovery contracts, sum the costs and label the result as the cost of BC. This is misleading as it takes no account of the cost involved in setting up and maintaining BC within the organisation. In particular it ignores the cost of resources required for the exercising (testing) of recovery plans, both IT and non-IT. These costs can be quite considerable when the effort required for preparation and carrying out exercises across the different departments is considered, but they are often lost within the operational costs of the departments involved. Also. the more specialist the recovery processes the more resource is required, in addition to a potential for greater frequency of exercising (to ensure that all appropriate staff gain the necessary experience).
If a more realistic approach is taken and the resource and exercising costs (in particular) are included, the total cost of continuity may well look very different. This may provide sufficient justification for implementing a more robust design that negates the need for much recovery.
Outsourcing
More and more the outsourcing of discrete parts of operation is seen as a cost saving exercise. While this may be true, there may also be benefits in the form of decoupling those parts of the operation physically as well as logically. Resilience may be improved, but out of sight is out of mind as the saying goes – so the emphasis shifts to one of supplier management, which must be supported by carefully prepared and suitably detailed legal contracts. This is an area of BC that is experiencing rapid growth as organisations mature in their own continuity capabilities and start to look more closely at those suppliers (outsourcers included) on which they depend.
Change as a mechanism for delivering resilience (and hence continuity)
Applying changes to an existing system in order to improve resilience is rarely easy – especially if it involves withdrawing previous access. It is easy to argue that things “have always been done that way” and that disasters had not occurred so change is unnecessary. The point can be illustrated with statistics, but not conclusively, for either side! The governing factor must be what is best for the unbroken operation of the business in a fit for purpose solution.
Fortunately, change can work in favour of these attempts to achieve resilience. In the area of technology (not exclusive to IT) the need to refresh equipment every three or four years provides an opportunity to implement measures to improve resilience. Similarly in the business space, changes in process, whether brought about by technology or changes in business practice, can be used to improve resilience here too.
Summary
While the typical focus of BC today is arguably on recovery activities, there is much to be gained from the pro-active side of continuity – providing the unbroken operation in a way that is fit for purpose. Maybe the time has now come for attention to be paid to this much neglected area of BC; maybe it will be the next to mature? After all, why have a disaster if you don’t need to?
Siemens Enterprise Communications Limited will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
There have been a number of papers and presentations recently looking at the nature of Business Continuity (BC) and tools used to deliver it – from the future of the BIA to the importance of building evacuations. With the imminent arrival of Part 2 of the British Standard for Business Continuity Management (BS 25999-2), there will be a defined management system – the BCMS - and a means of measuring performance of Business Continuity capabilities, should organisations choose to do so. But are we missing something? Have we created our own definition of continuity?
The Oxford English Dictionary (1999 edition) defines continuity as “the unbroken and consistent existence or operation of something over a period of time”.
In BS 25999-1:2006, business continuity is defined as “strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level”.
In this definition, the “unbroken and consistent existence” has been replaced with “plan for and respond to” and “continue”, words which imply reaction and recovery. If we look at the services offered within the BC/DR arena today, it is easy to see the focus on responding to incidents and recovering capabilities in:
- The provision of disaster recovery services;
- The provision of work area recovery services;
- The variety of software to generate, maintain and disseminate plans;
- A plethora of communications tools allowing call cascades and other abilities.
This is laudable, nay essential, as the BC manager’s maxim should be “Expect the unexpected”! But do these services really provide continuity for the business? It could be argued that this is really business recovery, although for some that term has its own distinct meaning. Are we missing something? Would it not be even better to avoid the incident or business interruption in the first place, leaving the recovery for when there is no other option?
Why have a disaster if you can avoid it?
Many organisations spend a significant amount of money and effort on recovery capabilities and the associated plans, but neglect to address the issues that would make the operation more resilient and less in need of recovery in the first place. Could that money be better spent on disaster avoidance in the first place? To a degree the answer is going to be dependent upon the state of the organisation, its ability to change and the willingness, of those in charge, to accept risk.
A key tenet of BS 25999 is “embedding the BCM culture within the organisation” and this is probably the single most important thing when it comes to being pro-active about disasters. When a system, regardless of whether it is business or IT, is designed and operated with continuity in mind, the subsequent need to mitigate risks with recovery capabilities can be reduced.
Resilience: The unbroken operation
In order for a system to have unbroken operation, the threats to that operation must be reduced or removed. When BCM is a recognised part of the daily processes, and not something that gets retrofitted in the later stages of the system lifecycle, it is easy to consider these potential threats at the start of that lifecycle. Typically the causes of threats include:
Location of the system – This has a wide scope and should consider location at all levels – both physically (geographically and within the campus and building) and logically (within the organisation). Taking as an example a new IT system, are there opportunities to implement it in a location discrete from main user population as well as from physical risks arising from location and environmental factors.
From the business viewpoint, the who and how should be considered. Does the system require input from certain members of staff whose roles make them unlikely to be available at the same time? Is specialist knowledge vested in a single individual, thus creating a potential single point of failure?
Access to the system – Again this works at both physical and logical levels. Again considering an IT example, there is little point in implementing a new system and a corresponding recovery capability if the system is situated in a location that does not afford it appropriate protection – environmentally or from a physical security point of view. A classic technology example is siting critical equipment in an IT suite that is used by members of IT staff as a shortcut to other parts of the building. A large number of incidents arise from human error in some shape or form, accidents do happen.
Similarly from a business viewpoint – especially in these days of increased concerns over the safety of data – who has access to what, by what means and for what purpose must be considered. For example, are personnel records only available as paper copies – if so where are they held, is it secure?
Design of the system – A single IT system can look cheaper than a design that addresses potential single points of failure with some sort of redundancy of functionality. On paper that is. When the cost of the corresponding recovery capability is included the picture may be very different. Similar arguments exist for non-IT tasks, where the ability for multiple teams (possibly on different sites) to carry out the same activity can address not only loss of site scenarios but also loss of staff – whether through pandemic or other cause.
Systems documentation - or the lack of it - In today’s fast moving world it is not uncommon for less than ideal documentation to be produced during the development phases, as the pressure to deploy the system increases. Limited documentation leads to a potential lack of understanding of how things work, which increases the threat of mistakes. Furthermore it is very hard to maintain and protect the system if it is not clearly understood where the interdependencies lie and the possible impacts when changes occur around it.
Understanding the business is one of the four stages in B2 25999 and is as essential to the resilience aspects of BC as to the recovery aspects. Good systems documentation has a major part to play in this.
Control of changes to the system – most systems will, after an initial period, operate in a steady state, until something changes! This is especially true in IT, which due to the ever developing nature of the technology is probably subject to more change than most business processes – the changes occurring in the form of software patches, upgrades, hardware enhancements for capacity improvements etc. The same can also be seen in the non-IT space, where changes to business process manifest as the results of mergers and acquisitions or the outsourcing of parts of the operation. By controlling the way change occurs – especially considering the impacts from all aspects – the threat from change can be minimised.
When these areas are considered throughout the whole lifecycle of a system and appropriate decisions made, the result will be a more resilient system that is fit for the purpose for which it was intended. As with anything in the BC space, this is not rocket science, just common sense, but it appears to be something that is often ignored in favour of cheaper or short-term solutions or because the challenges are too great.
Challenges associated with implementing resilience
Implementing resilience can have significant challenges associated with it, including:
- Cost;
- Outsourcing/Supply chain management;
- How to get there from here
Total Cost of Continuity
This is a variant of the well known “Total cost of ownership” concept and is proposed here as a means to understand exactly what costs are incurred in providing true continuity for an organisation.
Typically organisations look at their recovery contracts, sum the costs and label the result as the cost of BC. This is misleading as it takes no account of the cost involved in setting up and maintaining BC within the organisation. In particular it ignores the cost of resources required for the exercising (testing) of recovery plans, both IT and non-IT. These costs can be quite considerable when the effort required for preparation and carrying out exercises across the different departments is considered, but they are often lost within the operational costs of the departments involved. Also. the more specialist the recovery processes the more resource is required, in addition to a potential for greater frequency of exercising (to ensure that all appropriate staff gain the necessary experience).
If a more realistic approach is taken and the resource and exercising costs (in particular) are included, the total cost of continuity may well look very different. This may provide sufficient justification for implementing a more robust design that negates the need for much recovery.
Outsourcing
More and more the outsourcing of discrete parts of operation is seen as a cost saving exercise. While this may be true, there may also be benefits in the form of decoupling those parts of the operation physically as well as logically. Resilience may be improved, but out of sight is out of mind as the saying goes – so the emphasis shifts to one of supplier management, which must be supported by carefully prepared and suitably detailed legal contracts. This is an area of BC that is experiencing rapid growth as organisations mature in their own continuity capabilities and start to look more closely at those suppliers (outsourcers included) on which they depend.
Change as a mechanism for delivering resilience (and hence continuity)
Applying changes to an existing system in order to improve resilience is rarely easy – especially if it involves withdrawing previous access. It is easy to argue that things “have always been done that way” and that disasters had not occurred so change is unnecessary. The point can be illustrated with statistics, but not conclusively, for either side! The governing factor must be what is best for the unbroken operation of the business in a fit for purpose solution.
Fortunately, change can work in favour of these attempts to achieve resilience. In the area of technology (not exclusive to IT) the need to refresh equipment every three or four years provides an opportunity to implement measures to improve resilience. Similarly in the business space, changes in process, whether brought about by technology or changes in business practice, can be used to improve resilience here too.
Summary
While the typical focus of BC today is arguably on recovery activities, there is much to be gained from the pro-active side of continuity – providing the unbroken operation in a way that is fit for purpose. Maybe the time has now come for attention to be paid to this much neglected area of BC; maybe it will be the next to mature? After all, why have a disaster if you don’t need to?
Siemens Enterprise Communications Limited will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
CDP – Buzz Vs Benefit
Ian Masters, UK sales and marketing director at Double-Take Software, discusses Continuous Data Protection (CDP) to separate the buzz from the benefits. For organisations focused on solving real-world problems, understanding the distinction will help them make the best choice to safeguard their electronic assets.
There is some uncertainty in the market over what defines CDP. The Storage Networking Industry Association (SNIA) defines CDP as “a methodology that continuously captures or tracks data modifications and stores changes independent of the primary data, enabling recovery from any point in the past. CDP systems can provide fine granularity of restorable objects to infinitely variable recovery points”.
The capabilities described by the SNIA definition of CDP are not trivial. They require a technology solution that stores all data changes as they happen and can arbitrarily return to infinite points in time to recover previous versions of data. This makes true CDP a very expensive proposition for customers. This expense may be difficult to justify when an organisation’s data isn’t perceived as sufficiently valuable and even where the value is recognised, most can’t afford these types of CDP solutions. In this sense, true true-CDP products are a solution to a problem that customers cannot afford to solve.
Companies are instead opting for near-CDP solutions or backup and recovery solutions that integrate CDP-like capabilities. While solutions based on the strictest definitions of CDP may eventually gain momentum in the market as the enabling technology comes down in price, the majority of businesses don't have a Recovery Point Objective (RPO) that requires, and justifies, this type of CDP. There is clearly a need for something that provides better recoverability than tape but is simple and affordable enough to deploy across the enterprise, not just on a few systems.
Another issue affecting take up of CDP is that it has traditionally taken a very narrow approach to business continuity. Solutions have mainly focused on file-level recovery and not application data like that created by Microsoft Exchange Server or Microsoft SQL Server. If the first line of defense in a disaster recovery solution is protecting the data, the second is undoubtedly protecting the application. Providing a real-time copy of the data and availability of the application associated with it, enables a Recovery Time Objective (RTO) significantly better than that provided by solutions like tape backup or CDP. CDP provides no provision for RTO and focuses solely on RPO, which is only half of the customer challenge.
While true-CDP solutions have not gained widespread traction, the promise of CDP, despite its problems, thrives. It does so in the form known as near-CDP. Many traditional backup vendors have differentiated themselves from their competitors by integrating CDP capabilities into existing solutions rather than attacking the concept head-on. These solutions provide many, but not infinite, points of recovery. This satisfies most customers’ RPO goals far more readily than relying on retrieval from tape-based solutions by providing snapshot copies of important data for recovery purposes.
Though near-CDP promises to be an easy way to augment the backup solutions that customers use today, it still doesn’t account for the complete recovery of a company’s business critical systems. To the end-user, recovery isn’t complete until they are able to resume their work where they left off. This means not only restoring a previous version of the data but also the operating systems and applications and all the other aspects that are required to give users access to that information. Double-Take Software believes the future of CDP lies in hybrid solutions that incorporate an overall recovery management strategy combining data replication and protection, application availability and point-in-time recovery.
Alternatives exist today that provide this unified approach to recovery. In these solutions, asynchronous file-based replication is combined with application availability and snapshot technologies to fulfill at least the spirit, if not the definition, of CDP. In terms of data protection, real-time replication provides for the continuous capture of changes to protected data and the storage of those changes separate from the production data. If needed, a company can recover to this real-time copy of the data in the event of a major disaster. Because these solutions are typically based on byte-level replication, including features such as compression and bandwidth throttling, they are more efficient at moving data across long distances when compared to the data movement technologies employed by purebred CDP solutions.
For recovery from unwanted changes such as those caused by human error, viruses, or corruption, disk-based snapshot capabilities allow rollback to multiple (albeit not infinite) copies of the protected data. Disk-based snapshots are usually difference-based (copy on write technology) and consume less storage space. Their periodic nature also further reduces storage requirements when compared to keeping infinitely accessible copies of data changes. A combination of data replication and disk-based snapshots ensure that the RPO goals for a company’s data can be met.
Where these solutions truly exceed the promise of CDP is their ability to ensure RTO goals as well as RPO goals. By continuously monitoring the availability of the production systems and failing over to a secondary system in the event of an outage, they provide an RTO of minutes rather than hours or days. Most true-CDP solutions today do not provide any high availability for the applications creating the data and instead leave recovery to the IT administrator who is most likely using a complex, manual, time consuming process.
Evaluating the Options
No solution is ‘one size fits all’. Each company’s business is unique so each business continuity recovery plan will be different. However, the high-level approach to business continuity planning is generally the same. The key to business continuity and recovery planning is to first understand the impact an outage, loss or major disaster would have on your ability to provide a product or service and then pick the right procedures and tools to minimise that impact.
The first recommendation we make is to assess and rank each of the business systems within your organisation and assign the appropriate level of protection to them. Not all systems require the same levels of protection; in fact, some may not need protection at all. Successful plans account for this and are able to restore systems defined as business-critical as rapidly as possible while making the most of limited resources. The challenge for most companies in prioritizing these systems and choosing the right solution is simply a matter of quantifying the value of the data the solutions protect and calculating the Return on Investment (ROI).
Summary
The reality of CDP is that it has not lived up to the buzz it generated. This is not because the promise of CDP isn’t appealing to customers but because CDP, as narrowly defined by industry organisations, was not permitted the opportunity to integrate with other data protection and recovery capabilities. A hybrid solution combines the best of CDP with the best of continuous data replication and application availability while keeping costs down. Successful vendors will continue to build CDP into their products where it is appropriate and successful IT organisations will learn to use the technology in a way that best addresses all of its recovery goals while staying within budget and without sacrificing capabilities.
Double-Take Software will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
There is some uncertainty in the market over what defines CDP. The Storage Networking Industry Association (SNIA) defines CDP as “a methodology that continuously captures or tracks data modifications and stores changes independent of the primary data, enabling recovery from any point in the past. CDP systems can provide fine granularity of restorable objects to infinitely variable recovery points”.
The capabilities described by the SNIA definition of CDP are not trivial. They require a technology solution that stores all data changes as they happen and can arbitrarily return to infinite points in time to recover previous versions of data. This makes true CDP a very expensive proposition for customers. This expense may be difficult to justify when an organisation’s data isn’t perceived as sufficiently valuable and even where the value is recognised, most can’t afford these types of CDP solutions. In this sense, true true-CDP products are a solution to a problem that customers cannot afford to solve.
Companies are instead opting for near-CDP solutions or backup and recovery solutions that integrate CDP-like capabilities. While solutions based on the strictest definitions of CDP may eventually gain momentum in the market as the enabling technology comes down in price, the majority of businesses don't have a Recovery Point Objective (RPO) that requires, and justifies, this type of CDP. There is clearly a need for something that provides better recoverability than tape but is simple and affordable enough to deploy across the enterprise, not just on a few systems.
Another issue affecting take up of CDP is that it has traditionally taken a very narrow approach to business continuity. Solutions have mainly focused on file-level recovery and not application data like that created by Microsoft Exchange Server or Microsoft SQL Server. If the first line of defense in a disaster recovery solution is protecting the data, the second is undoubtedly protecting the application. Providing a real-time copy of the data and availability of the application associated with it, enables a Recovery Time Objective (RTO) significantly better than that provided by solutions like tape backup or CDP. CDP provides no provision for RTO and focuses solely on RPO, which is only half of the customer challenge.
While true-CDP solutions have not gained widespread traction, the promise of CDP, despite its problems, thrives. It does so in the form known as near-CDP. Many traditional backup vendors have differentiated themselves from their competitors by integrating CDP capabilities into existing solutions rather than attacking the concept head-on. These solutions provide many, but not infinite, points of recovery. This satisfies most customers’ RPO goals far more readily than relying on retrieval from tape-based solutions by providing snapshot copies of important data for recovery purposes.
Though near-CDP promises to be an easy way to augment the backup solutions that customers use today, it still doesn’t account for the complete recovery of a company’s business critical systems. To the end-user, recovery isn’t complete until they are able to resume their work where they left off. This means not only restoring a previous version of the data but also the operating systems and applications and all the other aspects that are required to give users access to that information. Double-Take Software believes the future of CDP lies in hybrid solutions that incorporate an overall recovery management strategy combining data replication and protection, application availability and point-in-time recovery.
Alternatives exist today that provide this unified approach to recovery. In these solutions, asynchronous file-based replication is combined with application availability and snapshot technologies to fulfill at least the spirit, if not the definition, of CDP. In terms of data protection, real-time replication provides for the continuous capture of changes to protected data and the storage of those changes separate from the production data. If needed, a company can recover to this real-time copy of the data in the event of a major disaster. Because these solutions are typically based on byte-level replication, including features such as compression and bandwidth throttling, they are more efficient at moving data across long distances when compared to the data movement technologies employed by purebred CDP solutions.
For recovery from unwanted changes such as those caused by human error, viruses, or corruption, disk-based snapshot capabilities allow rollback to multiple (albeit not infinite) copies of the protected data. Disk-based snapshots are usually difference-based (copy on write technology) and consume less storage space. Their periodic nature also further reduces storage requirements when compared to keeping infinitely accessible copies of data changes. A combination of data replication and disk-based snapshots ensure that the RPO goals for a company’s data can be met.
Where these solutions truly exceed the promise of CDP is their ability to ensure RTO goals as well as RPO goals. By continuously monitoring the availability of the production systems and failing over to a secondary system in the event of an outage, they provide an RTO of minutes rather than hours or days. Most true-CDP solutions today do not provide any high availability for the applications creating the data and instead leave recovery to the IT administrator who is most likely using a complex, manual, time consuming process.
Evaluating the Options
No solution is ‘one size fits all’. Each company’s business is unique so each business continuity recovery plan will be different. However, the high-level approach to business continuity planning is generally the same. The key to business continuity and recovery planning is to first understand the impact an outage, loss or major disaster would have on your ability to provide a product or service and then pick the right procedures and tools to minimise that impact.
The first recommendation we make is to assess and rank each of the business systems within your organisation and assign the appropriate level of protection to them. Not all systems require the same levels of protection; in fact, some may not need protection at all. Successful plans account for this and are able to restore systems defined as business-critical as rapidly as possible while making the most of limited resources. The challenge for most companies in prioritizing these systems and choosing the right solution is simply a matter of quantifying the value of the data the solutions protect and calculating the Return on Investment (ROI).
Summary
The reality of CDP is that it has not lived up to the buzz it generated. This is not because the promise of CDP isn’t appealing to customers but because CDP, as narrowly defined by industry organisations, was not permitted the opportunity to integrate with other data protection and recovery capabilities. A hybrid solution combines the best of CDP with the best of continuous data replication and application availability while keeping costs down. Successful vendors will continue to build CDP into their products where it is appropriate and successful IT organisations will learn to use the technology in a way that best addresses all of its recovery goals while staying within budget and without sacrificing capabilities.
Double-Take Software will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
BAA uses text messaging in emergencies
BAA Gatwick, like all major international airports and airlines, has a crisis management team on standby 24 hours a day. Every year, around 30 million passengers travel through Gatwick and the Crisis Team is on hand to ensure that any event with the potential to cause major disruption is kept to a minimum.
Until now the team were contacted via pagers, but as they all now have mobile phones the airport’s Contingency Planning Manager, Barry Owen, began looking for a way to communicate by text message instead. Esendex’s simple, reliable and cost-effective ‘desktop messenger’ service offered the solution.
It enables Gatwick’s Call Centre, which is responsible for contacting the Crisis Team, to send out a short message from a network computer to the mobile phones of various user group members simultaneously and within seconds. Barry Owen says:
"The pager service we were using offered us a text message facility but it didn’t allow recipients to text back - so in an emergency we’d have a group of people all trying to call one telephone number to confirm they’d received the message.
The team’s emergency response is regularly tested through training exercises - getting the communication right at the start is key. During the busy summer months we also made use of the new system to keep the team up-to-date on how the day-to-day airport operation was running and this proved invaluable"
Until now the team were contacted via pagers, but as they all now have mobile phones the airport’s Contingency Planning Manager, Barry Owen, began looking for a way to communicate by text message instead. Esendex’s simple, reliable and cost-effective ‘desktop messenger’ service offered the solution.
It enables Gatwick’s Call Centre, which is responsible for contacting the Crisis Team, to send out a short message from a network computer to the mobile phones of various user group members simultaneously and within seconds. Barry Owen says:
"The pager service we were using offered us a text message facility but it didn’t allow recipients to text back - so in an emergency we’d have a group of people all trying to call one telephone number to confirm they’d received the message.
The team’s emergency response is regularly tested through training exercises - getting the communication right at the start is key. During the busy summer months we also made use of the new system to keep the team up-to-date on how the day-to-day airport operation was running and this proved invaluable"
Are You Getting Value from Your BIA?
James R. Mitchell, CBCP
Director, eBRP Solutions, Inc.
Cost vs. Benefit
The standard practice of conducting a Business Impact Analysis (BIA) to determine the basic recovery requirements (Mission Critical Processes, RTO’s, RPO’s, Critical Applications, Suppliers, and other Resources) is a vital phase of every Business Continuity Management program.
The BIA process can be long and difficult – no matter what data collection method is used. Is the return on your BIA investment (time, manpower and resources) offset by the value of the results?
If a BIA is a fundamental part of BCM, the underlying cost may simply be a necessary evil. But, when a BIA is a one-time ‘project’ – as in many organizations – is the cost realistically proportional to the value?
Some organizations conduct a BIA expecting to repeat the process at regular intervals. However, once the initial BIA is completed and the true cost known, such expectations are often abandoned.
Focus on change
Failure to update a BIA is a leading cause of Recovery Plan failure. Change is the only constant in business. A BCM program lacking up-to-date BIA data yields Plans that don’t reflect the organization’s true requirements.
Intending to update a BIA is easy; yet the update process often fails.
Consider the effort required to complete the original BIA: questionnaire preparation, distribution and collection; interviews to “normalize” the results, plus the cost of analysis and report generation.
Often, the original BIA process “project”, may take three to eight months. Significant business changes make the prospect of repeating that lengthy process daunting. Postponing the update may be rationalized. Like most things in life, postponing difficult tasks allows them to grow more unwieldy
To streamline the process, the updated BIA must focus on the changes – rather than repeat the entire process. It is likely that much of the information from the earlier BIA is still valid. The update process simply entails drilling down to which business processes have changed, and how those changes affect the original BIA results. Of course, the method used to conduct the earlier BIA will determine just how easy – or how difficult – the update process becomes.
In Information Technology, an updating process is generally ongoing (Change Management) because IT changes have a direct impact on daily operations. In business operations, changes occur regularly, but are seldom, if ever, documented. (To be fair, no matter how robust the IT program, not every organization consistently correlates its Change Management information with its DR Plan.)
The Whole is Greater than the sum of its Parts
Is it sufficient for individual business process “Owners” or function leaders to update their own critical resource requirements? Yes, if the update method allows for the capture of changes in enterprise-wide dependencies (on other processes, applications, etc.). But no effective update can be conducted in a vacuum; any change to critical dependencies or resources is likely to have a corresponding affect upon those dependent processes.
While it may be efficient for a process team to update its own BIA, only by collecting and integrating changes across the enterprise can the true impact of business changes emerge.
The Path of Least Resistance
Frequently, the cost of updating a BIA (in manpower and time) is perceived as unjustifiably high. Not updating a BIA may become an accepted risk. BCM management may opt to focus on BC/DR Plan updating (assuming most process owners understand the impacts of change and will modify their Plans appropriately) without revising the BIA. The more burdensome the BIA process, the higher the propensity not to repeat it.
Once made, such a decision often becomes institutionalized. Later, the failure to reflect fundamental changes in the organization’s structure may result in flawed Plans and a failed recovery. With luck, flaws show up in a test or exercise – not a real life incident.
What’s in your Toolbox?
Does your existing BIA format lend itself to manipulation? Or do you have to start from scratch? Do you use software that integrates BIA and Plan development?
Does the BIA format lend itself to the use of collaborative tools? Can business process owners gain access to the original BIA survey? Network- or Web-based collaborative tools reduce the pain of updating a BIA, while enabling monitoring and auditing of the process by the BCM leaders or planners.
Assess your options, and pick a BIA updating method that works best for your situation. It may not be free, it may be time-consuming, and it may not be painless. But it will pay dividends if you have a disruptive event.
An out-of-date BIA exponentially increases the chances of Plan failure. The BIA provides the core upon which an organization’s Plans depend. Without up-to-date BIA information, the validity of Plans should be questioned, and their successful execution must be suspect.
eBRP Solutions, Inc will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
Director, eBRP Solutions, Inc.
Cost vs. Benefit
The standard practice of conducting a Business Impact Analysis (BIA) to determine the basic recovery requirements (Mission Critical Processes, RTO’s, RPO’s, Critical Applications, Suppliers, and other Resources) is a vital phase of every Business Continuity Management program.
The BIA process can be long and difficult – no matter what data collection method is used. Is the return on your BIA investment (time, manpower and resources) offset by the value of the results?
If a BIA is a fundamental part of BCM, the underlying cost may simply be a necessary evil. But, when a BIA is a one-time ‘project’ – as in many organizations – is the cost realistically proportional to the value?
Some organizations conduct a BIA expecting to repeat the process at regular intervals. However, once the initial BIA is completed and the true cost known, such expectations are often abandoned.
Focus on change
Failure to update a BIA is a leading cause of Recovery Plan failure. Change is the only constant in business. A BCM program lacking up-to-date BIA data yields Plans that don’t reflect the organization’s true requirements.
Intending to update a BIA is easy; yet the update process often fails.
Consider the effort required to complete the original BIA: questionnaire preparation, distribution and collection; interviews to “normalize” the results, plus the cost of analysis and report generation.
Often, the original BIA process “project”, may take three to eight months. Significant business changes make the prospect of repeating that lengthy process daunting. Postponing the update may be rationalized. Like most things in life, postponing difficult tasks allows them to grow more unwieldy
To streamline the process, the updated BIA must focus on the changes – rather than repeat the entire process. It is likely that much of the information from the earlier BIA is still valid. The update process simply entails drilling down to which business processes have changed, and how those changes affect the original BIA results. Of course, the method used to conduct the earlier BIA will determine just how easy – or how difficult – the update process becomes.
In Information Technology, an updating process is generally ongoing (Change Management) because IT changes have a direct impact on daily operations. In business operations, changes occur regularly, but are seldom, if ever, documented. (To be fair, no matter how robust the IT program, not every organization consistently correlates its Change Management information with its DR Plan.)
The Whole is Greater than the sum of its Parts
Is it sufficient for individual business process “Owners” or function leaders to update their own critical resource requirements? Yes, if the update method allows for the capture of changes in enterprise-wide dependencies (on other processes, applications, etc.). But no effective update can be conducted in a vacuum; any change to critical dependencies or resources is likely to have a corresponding affect upon those dependent processes.
While it may be efficient for a process team to update its own BIA, only by collecting and integrating changes across the enterprise can the true impact of business changes emerge.
The Path of Least Resistance
Frequently, the cost of updating a BIA (in manpower and time) is perceived as unjustifiably high. Not updating a BIA may become an accepted risk. BCM management may opt to focus on BC/DR Plan updating (assuming most process owners understand the impacts of change and will modify their Plans appropriately) without revising the BIA. The more burdensome the BIA process, the higher the propensity not to repeat it.
Once made, such a decision often becomes institutionalized. Later, the failure to reflect fundamental changes in the organization’s structure may result in flawed Plans and a failed recovery. With luck, flaws show up in a test or exercise – not a real life incident.
What’s in your Toolbox?
Does your existing BIA format lend itself to manipulation? Or do you have to start from scratch? Do you use software that integrates BIA and Plan development?
Does the BIA format lend itself to the use of collaborative tools? Can business process owners gain access to the original BIA survey? Network- or Web-based collaborative tools reduce the pain of updating a BIA, while enabling monitoring and auditing of the process by the BCM leaders or planners.
Assess your options, and pick a BIA updating method that works best for your situation. It may not be free, it may be time-consuming, and it may not be painless. But it will pay dividends if you have a disruptive event.
An out-of-date BIA exponentially increases the chances of Plan failure. The BIA provides the core upon which an organization’s Plans depend. Without up-to-date BIA information, the validity of Plans should be questioned, and their successful execution must be suspect.
eBRP Solutions, Inc will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
NATIONAL AND INTERNATIONAL SECURITY – THE THREATS, THE RESPONSES, THE OPPORTUNITIES
Insights into US homeland security science and technology priorities, expert analysis of a range of threats from terrorism to pandemics, and examination of major security programmes in the UK and overseas are all features of the International Security & National Resilience (ISNR London) conference, which will be held at London’s Olympia from 3-5 December 2007. ISNR London incorporates the former APTS show.DAY 1
Top US Department of Homeland Security official to give insights
Day One of ISNR London is designated the US Department of Homeland Security 2007 Science & Technology Stakeholders International Conference – the first ever initiative of its type to be staged in the UK. The S&T Directorate is the gateway to the US Department of Homeland Security for private sector and academic solutions providers and this event will provide a unique opportunity for conference delegates from the UK and other European countries to meet with senior DHS leaders.
The Honourable Jay M Cohen, the Department’s Under Secretary, Science & Technology, will lead the plenary level insights into how the DHS S&T Directorate is employing science and technology to enhance security and safety. Participants will include the S&T Directors of Transition, Research and Innovation.
DAYS 2 AND 3
Highlights include:
Matching capability with threats
The plenary session will be led by Admiral Sir Alan West, Parliamentary Under-Secretary of State for Security and Counter-terrorism; Dr Paul Weissenberg, Director, Aerospace, GMES, Security and Defence, Enterprise and Industry Directorate General, EU Commission and the Honourable Jay Cohen. Three of the world’s most senior government representatives will discuss how new strategies and technologies are being adopted to enhance security on a national and international level.
Terrorist attack scenarios
The key issues concerning critical infrastructure protection will be put under the microscope by leading experts. Global and generic threats, including terrorism and pandemics, will be examined, and insights provided into UK and wider European CIP policy. A significant new feature for a conference of this type is two table-top exercise scenarios on defeating the terrorist threat to CIP. The subjects are an attack on a major event and a city centre.
Illegal migration threat
E-borders is a key component of UK Government’s border transformation programme and central to its strategy for immigration and asylum. The conference stream on integrated border management will feature a session examining the major milestones of this multi-billion pound programme. There will also be analysis of the security consequences of illegal migration, a factor which is changing the social, economic and political landscapes of communities on a global basis.
The challenge of Al Qaeda
Internal security, policing and intelligence are high on virtually every government’s agenda. The challenges addressed in this stream include changing Al Qaeda operational patterns in Europe, the recruitment of terrorists via the web and the impact of global insecurity on the UK. Also examined is the role that the media can play in the event of a major crisis and how it can be used more effectively to disrupt a threat.
NATO – an opportunity
The role of the NATO Technology Development Programme is to identify national capability gaps and achieve common approaches to technology requirements. A dedicated session will highlight the requirement gaps in the NATO programme and how they can be exploited by potential suppliers.
For further information please contact Victoria Bailey or Nick Johnstone at CMS Strategic on Tel: +44 (0)20 8748 9797 or email: info@cmsstrategic.com
For more information about ISNR London please visit: www.isnrlondon.com or contact Richard Clarke, Event Director, Tel: +44 (0) 208 910 7142 or email: richard.clarke@reedexpo.co.uk
Pedalite Pedals – We are on Again
& so are new pedals...Having reported to you in the pages of this journal the other day, that is to say on Tuesday, November 20, 2007, the failure of one of the Pedalite Pedals of my review set and my assumption that water might have been the culprit I would like to update you on what it happening.
Firstly, it seems that it is some sort of mechanical problem rather than water and something in fact appears to have come adrift inside the pedal affected. More details on that as soon as I get the information back from the good folks at Pedalite International who now have the set of old pedals to carry out investigations up them.
I now have a brand new set of pedals on my bike and, as before, I am thrilled with the powerful flashes of light from the LEDs in the pedals. I feel so much safer riding my bicycle in the dark, and often for me this is a must; the riding of it in the dark, that is.
The nice folks from Pedalite International in fact came personally, but then I do not live a million miles away from their offices, to change the pedals on the night of Wednesday, November 21, 2007, so that investigation into the failure of the pedal could begin the next day. Now that is what I call customer relation management.
There is a chance that the set that I was given on the Cycle 2007 Show was in fact a “Pre-Production Model” and now a proper production run of the pedals and the failure could be due to that fact. We shall find out in due course I hope and think.
I have to say that I am very happy that the last report and verdict on the Pedalite Pedals is not going to be the final one as I am, in general, very fond of those pedals. We all hope that this is but a freak incident and all will be well in the end. As Simon Theobald, the Managing Director of Pedalite International, said to me on the phone, Murphy and Sod are alive and well and their law often still has bearing on things.
I doubt that there is anything out there on the market that gives the same visible protection to the cyclist as do those pedals and they are an “always on” system, with no batteries to worry about and no chance of forgetting to turning them on.
I shall keep you updated as to the outcome of the investigation and as to the further riding experience of mine with the Pedalites.
© M Smith (Veshengro), November 2007
Pedalite Pedals – The Final Verdict?
Further to my previous article about the Pedalite Pedals here is the final? – I think – verdict on them, and it is not as good as previously thought.
After having now used the Pedalite Pedals for less a month I must say that my first impression of “Wow! I am bowled over” has rather changed.
This is due to the fact that one of the pedals, the right side one has, probably due to the amount of rain and associated mud we have had in the last couple of days, basically, ceased working, as regards to the lights. The white diode only now works – as a stationary light and non-flashing – when the pedals are actually in motion – and that only, it would appear, as and when it feels like it – and the other two diodes, the amber and the red are no longer working at all. The strobe effect is gone and there is no longer any energy left after the pedalling has stopped while the left side one, so far, is working still as well as before.
I must say that had this not been a review sample and had I actually paid good money in the form of £34.95 for it I would not only be rather disappointed but in actual fact would be demanding my money back
That these pedals, or at least one of them, should have ceased working after only such a short period of time is not a good omen.
Therefore I have to say, in all honesty now, that I have to withdraw all my previous good reviews of the Pedalite pedals, as I owe it to my integrity and especially to my readers to speak the truth.
I can therefore no longer recommend Pedalite pedals. Improvements certainly will have to be made by the manufacturer in that moisture, rain, etc. do not adversely affect the electronics and other workings of those pedals.
Considering, as said, that the pedals have only been in use with me for about a month – they were fitted on October 17, 2007 and it is November 20, 2007 at time of writing – I must now give this product a definite and absolute thumbs down.
At the retail price of £35 those pedals should be entirely moisture proof – for I can only explain the failure to the fact that I have had to cycle thru water in the recent day or so – and should not be failing like the review set that I was supplied with did.
If it is a water-related failure of the pedals then I can only say that this is not a good sign and this product falls into the same category as the “Bikehut” three-LED front-lamp that failed on me in less that 5 months due to water having gotten into the workings and shortened out the LED chip and leaching out the acid of the batteries. I was told in that instance – that light I had actually purchased and it was no review sample – that the light must be kept out of direct rain by both the retailer and manufacturer's agents. Sorry? Pardon? Do they really expect anyone NOT to use the lights on the cycles in the rain? They cannot be serious, to paraphrase a certain tennis player.
© M V Smith, November 2007
After having now used the Pedalite Pedals for less a month I must say that my first impression of “Wow! I am bowled over” has rather changed.
This is due to the fact that one of the pedals, the right side one has, probably due to the amount of rain and associated mud we have had in the last couple of days, basically, ceased working, as regards to the lights. The white diode only now works – as a stationary light and non-flashing – when the pedals are actually in motion – and that only, it would appear, as and when it feels like it – and the other two diodes, the amber and the red are no longer working at all. The strobe effect is gone and there is no longer any energy left after the pedalling has stopped while the left side one, so far, is working still as well as before.
I must say that had this not been a review sample and had I actually paid good money in the form of £34.95 for it I would not only be rather disappointed but in actual fact would be demanding my money back
That these pedals, or at least one of them, should have ceased working after only such a short period of time is not a good omen.
Therefore I have to say, in all honesty now, that I have to withdraw all my previous good reviews of the Pedalite pedals, as I owe it to my integrity and especially to my readers to speak the truth.
I can therefore no longer recommend Pedalite pedals. Improvements certainly will have to be made by the manufacturer in that moisture, rain, etc. do not adversely affect the electronics and other workings of those pedals.
Considering, as said, that the pedals have only been in use with me for about a month – they were fitted on October 17, 2007 and it is November 20, 2007 at time of writing – I must now give this product a definite and absolute thumbs down.
At the retail price of £35 those pedals should be entirely moisture proof – for I can only explain the failure to the fact that I have had to cycle thru water in the recent day or so – and should not be failing like the review set that I was supplied with did.
If it is a water-related failure of the pedals then I can only say that this is not a good sign and this product falls into the same category as the “Bikehut” three-LED front-lamp that failed on me in less that 5 months due to water having gotten into the workings and shortened out the LED chip and leaching out the acid of the batteries. I was told in that instance – that light I had actually purchased and it was no review sample – that the light must be kept out of direct rain by both the retailer and manufacturer's agents. Sorry? Pardon? Do they really expect anyone NOT to use the lights on the cycles in the rain? They cannot be serious, to paraphrase a certain tennis player.
© M V Smith, November 2007
The Finger on the Trigger
Time and time again when I see armed police officers, particularly in the UK and here especially those patrolling airports with Heckler & Koch MP 5's, for instance, slung across their chests, and the new G36 Heckler & Koch military assault rifle that, too, is being carried, having their fingers, literally, on the trigger with the weapon's safety, as it would appear in many cases, if not indeed most, in the “off” position, that is to say, ready to fire.
While this is, due to the heightened terrorist threat, understandable so as, as it seems they seem to think, to be able to respond to any perceived threat immediately, it is, nevertheless, an accident waiting to happen.
There is never, and I repeat this, NEVER, and I do speak here from experience, the need to ever have the finger on the trigger of a readied firearm while patrolling – Never! The finger belongs onto the trigger guard in front of the trigger but not, ever, on the trigger in such situations. There is enough time to move from trigger guard to trigger as and when needed.
While I am aware of the fact that this may delay the actual firing of the gun by a jiffy, and I do mean hear jiffy as to actual unit of time, which it is, it prevents the accidental and uncontrolled discharge of a gun due to a jitter from a perceived threat or such.
Even in a raid situation on a property and/or person/persons the finger still belongs onto the trigger guard just in front of the trigger and not actually touching the trigger or hovering about in the trigger guard just in front of the trigger. Only if and when the target has been positively identified and acquired does the trigger finger ever head for the trigger proper. No ifs or buts.
It actually surprise me that nothing has gone wrong so far in this and no serious accidental discharges have actually occurred.
The shooting of the Brazilian electrician incorrectly identified as a terrorist suspect and probable suicide bomber about to detonate and IED is not something that I am aiming at here (pardon the pun about aiming), as it has nothing to do with control of a weapon in the way we are discussing here. That is a different matter and does not stand to discussion here. And I have just added this as a king of a disclaimer.
However, accidental discharges like the one that his the news many years back when a small boy way shot by an officer during a raid on a house. The officer carried a .38 revolver with the hammer cocked and the finger on the then basically hair trigger of said revolver. The child under the blanket stirred, the officer perceived a non-existent threat and whether actually inadvertently, in a shock reaction touched the trigger setting off the round that killed the child simply because his finger as too close to the trigger, or because he thought it was a threat to be eliminated, though he did not actually see a proper target, and therefore fired, we do not know. The result, however, is one dead innocent child; the victim of bad firearms practice.
We all know that cock ups can and will happen; such is Murphy's Law, but good practice can reduce that risk, though it may never be able to totally nullify it.
And, to reiterate yet again, the best practice is: finger resting on the trigger guard not by or on the trigger itself, thus accidents can be avoided.
© M V Smith, 2007
While this is, due to the heightened terrorist threat, understandable so as, as it seems they seem to think, to be able to respond to any perceived threat immediately, it is, nevertheless, an accident waiting to happen.
There is never, and I repeat this, NEVER, and I do speak here from experience, the need to ever have the finger on the trigger of a readied firearm while patrolling – Never! The finger belongs onto the trigger guard in front of the trigger but not, ever, on the trigger in such situations. There is enough time to move from trigger guard to trigger as and when needed.
While I am aware of the fact that this may delay the actual firing of the gun by a jiffy, and I do mean hear jiffy as to actual unit of time, which it is, it prevents the accidental and uncontrolled discharge of a gun due to a jitter from a perceived threat or such.
Even in a raid situation on a property and/or person/persons the finger still belongs onto the trigger guard just in front of the trigger and not actually touching the trigger or hovering about in the trigger guard just in front of the trigger. Only if and when the target has been positively identified and acquired does the trigger finger ever head for the trigger proper. No ifs or buts.
It actually surprise me that nothing has gone wrong so far in this and no serious accidental discharges have actually occurred.
The shooting of the Brazilian electrician incorrectly identified as a terrorist suspect and probable suicide bomber about to detonate and IED is not something that I am aiming at here (pardon the pun about aiming), as it has nothing to do with control of a weapon in the way we are discussing here. That is a different matter and does not stand to discussion here. And I have just added this as a king of a disclaimer.
However, accidental discharges like the one that his the news many years back when a small boy way shot by an officer during a raid on a house. The officer carried a .38 revolver with the hammer cocked and the finger on the then basically hair trigger of said revolver. The child under the blanket stirred, the officer perceived a non-existent threat and whether actually inadvertently, in a shock reaction touched the trigger setting off the round that killed the child simply because his finger as too close to the trigger, or because he thought it was a threat to be eliminated, though he did not actually see a proper target, and therefore fired, we do not know. The result, however, is one dead innocent child; the victim of bad firearms practice.
We all know that cock ups can and will happen; such is Murphy's Law, but good practice can reduce that risk, though it may never be able to totally nullify it.
And, to reiterate yet again, the best practice is: finger resting on the trigger guard not by or on the trigger itself, thus accidents can be avoided.
© M V Smith, 2007
Pedalite Pedals -
- Flashing Pedals for the Cycle Cop
More and more we are seeing again the bicycle-mounted police officer on our streets, especially in cites and towns – though even in the villages he seems to be making a reappearance – and about time too. In addition to the police constables we now have ambulance paramedics and other first responders on mountain bikes, and then there si the humble Park Ranger and Countryside Ranger, also using bicycles for patrol and for getting about on duty.
Being seen for all of those, like for all cyclists, and not only after dark – even though it is more important when it is dark – is of prime importance. While most officers who use bicycles wear high-visibility jackets of one kind or another, more often than not with reflective strips, I would assume that any additional aids that enhance their visibility must be a bonus.
I first encountered Pedalite flashing pedals at the Pedalite stand on the Cycle 2007 Show at London's Earls Court in October 2007, which I attended with my other Editor's hat, namely that of editor of the Green (Living) Review.
One of the Directors of Pedalite, present at that stand, Mr. Chris Stimpson, kindly gave me a set of the Pedalite pedals for review and I lust say that I am impressed. Let me stress here that I do not impress easily and it normally takes a great deal to impress me and make me go “wow”, but those pedals, so far, certainly have done just that.
Pedalite Pedals are used in 22 countries around the world. They are used by emergency services, including multiple police forces, commuters, school children, students, cycle clubs, government departments, and cycling enthusiasts.
I do understand that some police forces already use Pedalite pedals routinely in their bicycles but I should think that those pedals should become mandatory for all bicycles in use by emergency service personnel, including Parks & Countryside Rangers, Town Wardens, Community Wardens and Community Support Officers.
Fitting those pedals to my general bicycle, a Raleigh Pioneer Classic, was very simple indeed once that I had managed to get the old, and by now well past use-by date, pedals that I was in fact still using on that bike off. I know I should have had new ones fitted a long time ago as the reflectors had all, bar one, broken off but I never got around to doing so. So, thanks again to Pedalite and Mr. Stimpson, the bike now has brilliant (no pun intended) pedals fitted.
Having now used the Pedalite pedals for some time now already in the dark or semi-dark I must say that I feel so much better riding my bicycle with those pedals, as the flashes are so bright and easily seen. Other people also have commented on them rather positively with interest and maybe I should be carrying some kind of information cards on me to give people a link to purchasing them.
The flashes are very bright and powerful while riding and continue for about three to five minutes once pedal movement has ceased, such as when the cycle is in a stationary position.
It would appear – with my review sample set at least – that the white, forward facing LED switches off after about three minutes when stationary while the amber colored one (side) and the red one (rear facing) continue for another one to two minutes.
In addition to that I find that the ride with the Pedalite pedals appear to be smoother underfoot – so to speak – that it has been with the previous set of pedals that I have had one that bike.
One recommendation I would make though to anyone using those pedals and that is to – definitely – also purchase the toe clips that go with them. This avoids the slips that can occur when one puts one's foot on the wrong side of the pedal, namely the one that does not have the metal studs. On wet pedals a slip could turn out nasty.
The lights retail online at www.pedalite.com at £34.99 and they are also available from good cycle shops in the UK and overseas. For more information see the company's website at www.pedalite.com.
Review by Michael Smith (Veshengro), November 2007
A Product Review
More and more we are seeing again the bicycle-mounted police officer on our streets, especially in cites and towns – though even in the villages he seems to be making a reappearance – and about time too. In addition to the police constables we now have ambulance paramedics and other first responders on mountain bikes, and then there si the humble Park Ranger and Countryside Ranger, also using bicycles for patrol and for getting about on duty.
Being seen for all of those, like for all cyclists, and not only after dark – even though it is more important when it is dark – is of prime importance. While most officers who use bicycles wear high-visibility jackets of one kind or another, more often than not with reflective strips, I would assume that any additional aids that enhance their visibility must be a bonus.
I first encountered Pedalite flashing pedals at the Pedalite stand on the Cycle 2007 Show at London's Earls Court in October 2007, which I attended with my other Editor's hat, namely that of editor of the Green (Living) Review.
One of the Directors of Pedalite, present at that stand, Mr. Chris Stimpson, kindly gave me a set of the Pedalite pedals for review and I lust say that I am impressed. Let me stress here that I do not impress easily and it normally takes a great deal to impress me and make me go “wow”, but those pedals, so far, certainly have done just that.
Pedalite Pedals are used in 22 countries around the world. They are used by emergency services, including multiple police forces, commuters, school children, students, cycle clubs, government departments, and cycling enthusiasts.
I do understand that some police forces already use Pedalite pedals routinely in their bicycles but I should think that those pedals should become mandatory for all bicycles in use by emergency service personnel, including Parks & Countryside Rangers, Town Wardens, Community Wardens and Community Support Officers.
Fitting those pedals to my general bicycle, a Raleigh Pioneer Classic, was very simple indeed once that I had managed to get the old, and by now well past use-by date, pedals that I was in fact still using on that bike off. I know I should have had new ones fitted a long time ago as the reflectors had all, bar one, broken off but I never got around to doing so. So, thanks again to Pedalite and Mr. Stimpson, the bike now has brilliant (no pun intended) pedals fitted.
Having now used the Pedalite pedals for some time now already in the dark or semi-dark I must say that I feel so much better riding my bicycle with those pedals, as the flashes are so bright and easily seen. Other people also have commented on them rather positively with interest and maybe I should be carrying some kind of information cards on me to give people a link to purchasing them.
The flashes are very bright and powerful while riding and continue for about three to five minutes once pedal movement has ceased, such as when the cycle is in a stationary position.
It would appear – with my review sample set at least – that the white, forward facing LED switches off after about three minutes when stationary while the amber colored one (side) and the red one (rear facing) continue for another one to two minutes.
In addition to that I find that the ride with the Pedalite pedals appear to be smoother underfoot – so to speak – that it has been with the previous set of pedals that I have had one that bike.
One recommendation I would make though to anyone using those pedals and that is to – definitely – also purchase the toe clips that go with them. This avoids the slips that can occur when one puts one's foot on the wrong side of the pedal, namely the one that does not have the metal studs. On wet pedals a slip could turn out nasty.
The lights retail online at www.pedalite.com at £34.99 and they are also available from good cycle shops in the UK and overseas. For more information see the company's website at www.pedalite.com.
Review by Michael Smith (Veshengro), November 2007
Awareness for the professionals
Being totally aware of one's surroundings at all times is most important when it comes to personal safety and personal security, and this is not only so on unfamiliar ground.
In our sister publication, the “Safety & Security Review” online, I have tackled this earlier in 2007, from the aspect and angle of individual, non-professional personnel, level. I shall now repeat this, so to speak, with some advice for the professionals, having noticed that amongst those similar problems seem to be present.
Your security is only as good as you are. You must always remember that. This applies to your home security, base security as well as and especially your personal security.
Nothing, not even the best technology, can ever substitute for your own vigilance.
I have seen security officer dawdling about, engaged in conversation with a partner, or on a cell phone or radio – and not just standard industry security officers – being nigh on oblivious to their surroundings, like so many civilians.
Step out of your vehicle only when you are sure there is no one lurking around in such a way that he or she could be a threat to you when exiting your vehicle. The same when you step out of a building or complex that you are guarding when going to check on the outside. It would, I am sure, not be the first time that, unbeknown to an officer, someone was lurking outside and, by pushing a guard back into the building, for instance, gains entry to a, supposedly, secure area. Check and double check your surroundings before you do anything.
You are more in danger, in my view, in surroundings that are familiar to you, such as your “home turf”, what the villains in England would call “manor”, at your place of work, than in a strange neighborhood or even town or country. This also applies to the officer on the beat. Why is that? Because on your home manor, the area that you move in every day you are more relaxed, as a rule, and your personal security perimeter is closer and you let people come closer to you than that would be the case if you were moving thru an area unfamiliar to you. On our home patch we very often let our guard down and don't perceive the threats that may be lurking as quickly as we would in other instances. But this guard must not slip. Towards people you know personally and with who you are on friendly terms even if as acquaintances only the guard can be lowered, probably, for even friends and family can and will betray you, but anyone in your own area that you do not know must be perceived as a potential threat.
For the professional vigilance in your own garden, on your landing, if you live in an apartment, in your own roads, has to be as acute and sharp as in unfamiliar territory and/or when on duty. The professional law enforcer, security officer, doorman, and the like, can be a target, because of his job on the job as well as off the job, and the family of such can be targets for the villains too. Many know that only too well, especially those that served in the then Ulster Constabulary, now Police Service of Northern Ireland, who found themselves and their families and homes targets for bombs and attacks by small arms, rocket launchers and targets for kidnap. We can never allow our vigilance to slip, not even for a moment.
Always watch your six o'clock!, as they say. Make it a habit to look behind you every so often, develop good peripheral vision and learn to be totally aware of your surroundings at all times.
I have personally made it to a habit, whether on-duty or off-duty, to come to a semi-stop and to turn around rather sharp and abruptly frequently, though in an unpredictable manner and pattern, to ensure than I am not being followed, stalked and targeted, and that not only in unfamiliar surroundings but even in places that I know and where I live. I probably do this more so when it is getting darker or in the mornings before it is fully light but I also do do that rather as a norm during daylight hours. I am sure people must think me rather strange for doing this but, if I do it for my protection and security; not to please people and I am not concerned as to what they may think.
Too many people who do become victims of a crime are not aware (enough) of their surroundings and especially nowadays are rather distracted, mostly by the fact that they have earphones on listening to their MP3 players, which are often turned up way too loud with the high volume making them deaf to their surroundings, or are chatting on the cell phones. Not only are those people deaf to their surroundings but they are in fact most of the time entirely oblivious to what is going on around them and move, it seems, entirely in a little world of their own. Anyone behaving like that might as well be wearing a sign saying, “target” on their back.
Not only is anyone who is distracted by having an MP3 player plugged into his or her ears or engrossed in a cell phone conversation a potential victim of a crime, he or she is also an accident waiting to happen. Often one can see those people totally oblivious to their surrounding stepping into the road into the traffic.
I have seen this also with LEOs jogging off-duty in the parks. They too are “plugged in” and “wired for sound” and become then entirely oblivious to what is going on around then, just like ordinary “civilians”.
Do not make yourself a victim – and this also applies to the professional. Be aware of what is going on around you at all times.
Ambulance and Fire crews too must be aware of this. We have encountered situation before where they have been targeted simple because they were there and also because they were more concerned about the incident they were attending than there own personal safety when exiting their vehicles for instance.
The ordinary First Aider gets taught in training to first check his or her surrounding before going and dealing with the victim. Why? Because personal safety and security must be paramount. You cannot help the victim, in any way, shape or form, if you yourself become a victim.
So, let's be careful out there, as they used to say in our briefings.
© M V Smith, 2007
In our sister publication, the “Safety & Security Review” online, I have tackled this earlier in 2007, from the aspect and angle of individual, non-professional personnel, level. I shall now repeat this, so to speak, with some advice for the professionals, having noticed that amongst those similar problems seem to be present.
Your security is only as good as you are. You must always remember that. This applies to your home security, base security as well as and especially your personal security.
Nothing, not even the best technology, can ever substitute for your own vigilance.
I have seen security officer dawdling about, engaged in conversation with a partner, or on a cell phone or radio – and not just standard industry security officers – being nigh on oblivious to their surroundings, like so many civilians.
Step out of your vehicle only when you are sure there is no one lurking around in such a way that he or she could be a threat to you when exiting your vehicle. The same when you step out of a building or complex that you are guarding when going to check on the outside. It would, I am sure, not be the first time that, unbeknown to an officer, someone was lurking outside and, by pushing a guard back into the building, for instance, gains entry to a, supposedly, secure area. Check and double check your surroundings before you do anything.
You are more in danger, in my view, in surroundings that are familiar to you, such as your “home turf”, what the villains in England would call “manor”, at your place of work, than in a strange neighborhood or even town or country. This also applies to the officer on the beat. Why is that? Because on your home manor, the area that you move in every day you are more relaxed, as a rule, and your personal security perimeter is closer and you let people come closer to you than that would be the case if you were moving thru an area unfamiliar to you. On our home patch we very often let our guard down and don't perceive the threats that may be lurking as quickly as we would in other instances. But this guard must not slip. Towards people you know personally and with who you are on friendly terms even if as acquaintances only the guard can be lowered, probably, for even friends and family can and will betray you, but anyone in your own area that you do not know must be perceived as a potential threat.
For the professional vigilance in your own garden, on your landing, if you live in an apartment, in your own roads, has to be as acute and sharp as in unfamiliar territory and/or when on duty. The professional law enforcer, security officer, doorman, and the like, can be a target, because of his job on the job as well as off the job, and the family of such can be targets for the villains too. Many know that only too well, especially those that served in the then Ulster Constabulary, now Police Service of Northern Ireland, who found themselves and their families and homes targets for bombs and attacks by small arms, rocket launchers and targets for kidnap. We can never allow our vigilance to slip, not even for a moment.
Always watch your six o'clock!, as they say. Make it a habit to look behind you every so often, develop good peripheral vision and learn to be totally aware of your surroundings at all times.
I have personally made it to a habit, whether on-duty or off-duty, to come to a semi-stop and to turn around rather sharp and abruptly frequently, though in an unpredictable manner and pattern, to ensure than I am not being followed, stalked and targeted, and that not only in unfamiliar surroundings but even in places that I know and where I live. I probably do this more so when it is getting darker or in the mornings before it is fully light but I also do do that rather as a norm during daylight hours. I am sure people must think me rather strange for doing this but, if I do it for my protection and security; not to please people and I am not concerned as to what they may think.
Too many people who do become victims of a crime are not aware (enough) of their surroundings and especially nowadays are rather distracted, mostly by the fact that they have earphones on listening to their MP3 players, which are often turned up way too loud with the high volume making them deaf to their surroundings, or are chatting on the cell phones. Not only are those people deaf to their surroundings but they are in fact most of the time entirely oblivious to what is going on around them and move, it seems, entirely in a little world of their own. Anyone behaving like that might as well be wearing a sign saying, “target” on their back.
Not only is anyone who is distracted by having an MP3 player plugged into his or her ears or engrossed in a cell phone conversation a potential victim of a crime, he or she is also an accident waiting to happen. Often one can see those people totally oblivious to their surrounding stepping into the road into the traffic.
I have seen this also with LEOs jogging off-duty in the parks. They too are “plugged in” and “wired for sound” and become then entirely oblivious to what is going on around then, just like ordinary “civilians”.
Do not make yourself a victim – and this also applies to the professional. Be aware of what is going on around you at all times.
Ambulance and Fire crews too must be aware of this. We have encountered situation before where they have been targeted simple because they were there and also because they were more concerned about the incident they were attending than there own personal safety when exiting their vehicles for instance.
The ordinary First Aider gets taught in training to first check his or her surrounding before going and dealing with the victim. Why? Because personal safety and security must be paramount. You cannot help the victim, in any way, shape or form, if you yourself become a victim.
So, let's be careful out there, as they used to say in our briefings.
© M V Smith, 2007
Hidden Weapons – A Lack of Awareness
It is amazing, and I shall only use two little items here as an example, how many professional security officers, law enforcers, airport screeners, etc. do not recognize those two little knives, that shall be using as an example here, as what they are, namely knives.
There are many more such hidden weapons, in the blank weapon, e.g. bladed weapon, category, and there are also other hidden weapons about up to and including firearms and IEDs. Often hidden again in such away that they are nigh on impossible to spot. That, we know, is the idea. While it may not be thus, theoretically, with those little knives used here, they nevertheless, fall under the category of “hidden weapons”.
Now let's look at those two little pen knives in question, part of my little collection.
The pictures above show a “key ring knife” that was given away at a trade fair. While, obviously, there is nothing wrong with that per se, that is to say the knife and the fact that it was given away at a trade fair as a business gift, this is one that even this author, who was the recipient, did not immediately recognize as being a small folding knife (the picture below shows the same knife in the open position).I wondered why it said “Key Ring Knife” on the box. Yes, even professionals can be thick at times and even those that write journals such as this, and such as this writer. I must say I looked at it then twice before I twigged it. As said, happens to all of us at times.
When attached together with a bunch of keys it is even harder to spot than when on its own.
I have shown this particular item to a number of professional security officers, doormen and police officers and – even without being attached to a bunch of keys – asked them, “what do you see”. Obviously my question and the phrasing of it put them immediately on guard. As one of them said, “it is a keyring fob but, as you ask me in the way that you did, there is something special about it”, and all were rather surprised that they did not, immediately, check it out as a knife, however small, and, therefore, a potential threat. Have someone with something like that in your cruiser to ask him questions or to take him in and there could be rather a nasty scenario.
While the person carrying one of those may not, necessarily, be carrying it with a criminal intent and may not be a terrorist what I would like to point out is how easy they can be overlooked.
While even someone barding or wishing to board a plane with this keyring on his or her person should not be seen immediately as a threat and as a potential terrorist but we must be aware that those little items exist.
The other one is a small pen knife/paper knife – again a business gift – that is made to look like a key.
While the Key Knife, as I have called it, is a lot easier to spot on its own (this one, in fact, came with its own little vinyl pouch), as the folded blade is quite visible and should get one's attention, together with a bunch of keys, on a key ring, it becomes virtually invisible to anyone, even the trained professional, unless the same is aware of such items that could be hidden there. This, however, does mean that one would have to, physically, pick up, say, a bunch of keys and actually check through them as to whether something like that may be hidden amongst the keys. That, however, takes time and, therefore, slows down check ins and such like, and thus is not done routinely, methinks.
© M V Smith, 2007
There are many more such hidden weapons, in the blank weapon, e.g. bladed weapon, category, and there are also other hidden weapons about up to and including firearms and IEDs. Often hidden again in such away that they are nigh on impossible to spot. That, we know, is the idea. While it may not be thus, theoretically, with those little knives used here, they nevertheless, fall under the category of “hidden weapons”.
Now let's look at those two little pen knives in question, part of my little collection.
The pictures above show a “key ring knife” that was given away at a trade fair. While, obviously, there is nothing wrong with that per se, that is to say the knife and the fact that it was given away at a trade fair as a business gift, this is one that even this author, who was the recipient, did not immediately recognize as being a small folding knife (the picture below shows the same knife in the open position).I wondered why it said “Key Ring Knife” on the box. Yes, even professionals can be thick at times and even those that write journals such as this, and such as this writer. I must say I looked at it then twice before I twigged it. As said, happens to all of us at times.
When attached together with a bunch of keys it is even harder to spot than when on its own.
I have shown this particular item to a number of professional security officers, doormen and police officers and – even without being attached to a bunch of keys – asked them, “what do you see”. Obviously my question and the phrasing of it put them immediately on guard. As one of them said, “it is a keyring fob but, as you ask me in the way that you did, there is something special about it”, and all were rather surprised that they did not, immediately, check it out as a knife, however small, and, therefore, a potential threat. Have someone with something like that in your cruiser to ask him questions or to take him in and there could be rather a nasty scenario.
While the person carrying one of those may not, necessarily, be carrying it with a criminal intent and may not be a terrorist what I would like to point out is how easy they can be overlooked.
While even someone barding or wishing to board a plane with this keyring on his or her person should not be seen immediately as a threat and as a potential terrorist but we must be aware that those little items exist.
The other one is a small pen knife/paper knife – again a business gift – that is made to look like a key.
While the Key Knife, as I have called it, is a lot easier to spot on its own (this one, in fact, came with its own little vinyl pouch), as the folded blade is quite visible and should get one's attention, together with a bunch of keys, on a key ring, it becomes virtually invisible to anyone, even the trained professional, unless the same is aware of such items that could be hidden there. This, however, does mean that one would have to, physically, pick up, say, a bunch of keys and actually check through them as to whether something like that may be hidden amongst the keys. That, however, takes time and, therefore, slows down check ins and such like, and thus is not done routinely, methinks.
© M V Smith, 2007
Airport security is 'little better' after 9/11
27 Jun 07
By Steven Vickers
A top security analyst is expected to launch a damning attack on airport security when he chairs the TranSec World Expo Aviation Security Conference in Amsterdam today.
Chris Yates, the Principal of Yates Consulting, believes that the current regulatory framework is stifling important advances in the global aviation security regime.
Speaking before the event, he said: “Six years on from the September 11 attacks on New York and Washington DC security is little better. The cosmetic changes, including the nonsensical ban on sharps which has now thankfully been lifted, the equally ridiculous present restriction on cabin baggage which should be lifted and the vaguely ludicrous limitation on the quantity of liquid, gel or paste products which gives rise to much confusion and ire amongst the travelling public, has and continues to cost this industry dear.”
He continued, “These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats”.
“These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats.”
Chris Yates, Principal of Yates Consulting
According to statistics from the International Air Transport Association, worldwide expenditure on airport security has risen by US$5.6 billion annually since September 11th 2001.
The IATA and Airports Council International have raised concerns that despite investment, national regulators have continued to thwart appropriate responses to the threats the industry faces. Instead they believe that the regulators are favouring a one size fits all policy which hurts passengers, airlines and airports.
Yates, who is also due to chair the expo’s workshop on biometrics and access control said, “Regulators must take onboard technological advances, harness those advances and deploy or require deployment accordingly.”
By Steven Vickers
A top security analyst is expected to launch a damning attack on airport security when he chairs the TranSec World Expo Aviation Security Conference in Amsterdam today.
Chris Yates, the Principal of Yates Consulting, believes that the current regulatory framework is stifling important advances in the global aviation security regime.
Speaking before the event, he said: “Six years on from the September 11 attacks on New York and Washington DC security is little better. The cosmetic changes, including the nonsensical ban on sharps which has now thankfully been lifted, the equally ridiculous present restriction on cabin baggage which should be lifted and the vaguely ludicrous limitation on the quantity of liquid, gel or paste products which gives rise to much confusion and ire amongst the travelling public, has and continues to cost this industry dear.”
He continued, “These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats”.
“These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats.”
Chris Yates, Principal of Yates Consulting
According to statistics from the International Air Transport Association, worldwide expenditure on airport security has risen by US$5.6 billion annually since September 11th 2001.
The IATA and Airports Council International have raised concerns that despite investment, national regulators have continued to thwart appropriate responses to the threats the industry faces. Instead they believe that the regulators are favouring a one size fits all policy which hurts passengers, airlines and airports.
Yates, who is also due to chair the expo’s workshop on biometrics and access control said, “Regulators must take onboard technological advances, harness those advances and deploy or require deployment accordingly.”
Security Services Visit Chichester To Advise Businesses On Protecting Against Terrorism
Introduction
The National Counter Terrorism Security Office, which is part of MI5, will be simulating a terrorism attack in Chichester on Tuesday 12 June 2007, in order to advise businesses on how to prevent, handle and recover from an attack.
The event, named Project Argus, which is being organised by Chichester District Council in partnership with Chichester City Council and Sussex Police, is free to all businesses on a 'first come, first served' basis. It will take place at the Assembly Rooms, North Street, Chichester (City Council Offices) at 6.00 pm.
The simulation, using audio-visual effects as well as film footage, will take businesses through the immediate aftermath of an attack and how they can plan to respond to ensure the safety of their staff and customers. It will cover the response by the emergency services and how this, and the subsequent investigation, may give rise to business continuity issues – issues which following the bomb in Manchester City Centre caused 80% of the businesses who had no plans in place, to cease trading within 18 months of the attack.
Those taking part will be given a series of questions and challenges throughout the session to tackle both individually and in groups. There will be a panel of senior representatives available, including Emergency Planning Officers, from the Security Service, Emergency Services and District Council, to answer questions and offer advice.
Whilst centred around a terrorist incident, the evening will provide valuable information and advice that can be equally useful to prevent local crime and to recover, and be able to continue to trade, following a fire, serious crime, flooding or other more common incidents than could affect the city centre.
John Cherry, Deputy Leader and Portfolio Holder for Resources at Chichester District Council, said,
'This is a unique opportunity for proprietors and managers of businesses of all sizes to get together to prepare for any serious emergency, regardless of the cause, that could affect Chichester and their ability to trade normally. There are still some places left and so we would encourage local businesses to contact the Council and book onto this valuable course.'
Managers or proprietors wishing to attend, can book a place by contacting the City Centre Manager, Kim Long, on 01243 534677, or email klong@chichester.gov.uk Refreshments and sandwiches will be available for those people coming directly from work.
Date of Release: 3 June 2007
The National Counter Terrorism Security Office, which is part of MI5, will be simulating a terrorism attack in Chichester on Tuesday 12 June 2007, in order to advise businesses on how to prevent, handle and recover from an attack.
The event, named Project Argus, which is being organised by Chichester District Council in partnership with Chichester City Council and Sussex Police, is free to all businesses on a 'first come, first served' basis. It will take place at the Assembly Rooms, North Street, Chichester (City Council Offices) at 6.00 pm.
The simulation, using audio-visual effects as well as film footage, will take businesses through the immediate aftermath of an attack and how they can plan to respond to ensure the safety of their staff and customers. It will cover the response by the emergency services and how this, and the subsequent investigation, may give rise to business continuity issues – issues which following the bomb in Manchester City Centre caused 80% of the businesses who had no plans in place, to cease trading within 18 months of the attack.
Those taking part will be given a series of questions and challenges throughout the session to tackle both individually and in groups. There will be a panel of senior representatives available, including Emergency Planning Officers, from the Security Service, Emergency Services and District Council, to answer questions and offer advice.
Whilst centred around a terrorist incident, the evening will provide valuable information and advice that can be equally useful to prevent local crime and to recover, and be able to continue to trade, following a fire, serious crime, flooding or other more common incidents than could affect the city centre.
John Cherry, Deputy Leader and Portfolio Holder for Resources at Chichester District Council, said,
'This is a unique opportunity for proprietors and managers of businesses of all sizes to get together to prepare for any serious emergency, regardless of the cause, that could affect Chichester and their ability to trade normally. There are still some places left and so we would encourage local businesses to contact the Council and book onto this valuable course.'
Managers or proprietors wishing to attend, can book a place by contacting the City Centre Manager, Kim Long, on 01243 534677, or email klong@chichester.gov.uk Refreshments and sandwiches will be available for those people coming directly from work.
Date of Release: 3 June 2007
China confirms bird flu outbreak
China has confirmed a new outbreak of the deadly H5N1 strain of the bird flu virus in the central province of Hunan, state media has reported.
More than 11,000 poultry died of the virus in Shijiping village near Yiyang city, the Agriculture Ministry said.
Some 53,000 birds have since been culled and officials say that the outbreak is now under control.
China's last reported case was in March, when chickens died at a poultry market near the Tibetan capital, Lhasa.
There were no reports of human infection in the latest outbreak.
A total of 15 people have died in China from the H5N1 virus and millions of birds have been culled.
Officials are working to vaccinate billions of domestic poultry by the end of May in preparation for the northward migration of wild birds in the summer, Xinhua news agency has said.
Since the H5N1 virus emerged in South East Asia in late 2003, it has claimed more than 180 lives around the world. Indonesia has been hardest hit, with more than 70 deaths.
Scientists fear the virus could mutate to a form which could be easily passed from human to human, triggering a pandemic and potentially putting millions of lives at risk.
Systemcare's Avian Flu/Anti Virus Developments - PRESS RELEASE
Systemcare's Avian Flu/Anti Virus Developments
In response to the emergency contingency planning by major blue chip companies to protect against global pandemics.
Systemcare has been very quick to respond to dealer requests by launching a core range of Personal – Office hygiene and virus protection products.
Doug Skeggs, Marketing Director states - “Major global companies and institutions have been giving enquiries to their dealers for this type of product for several months now and we are able to offer a variety of products that comply with the relevant official guidelines to help with protection. The West appears to have been lucky so far this year not to have had a voracious virus that the World Health Organisation is tracking the development of Avian Flu.
No one knows whether the preparedness is sufficient to avert significant human and economic damage. What history teaches us is with a virus, and in particularly Flu expect the unexpected.
With this type of product quality standards are more important than cost.
The indications are since the Sars and recent Avian Flu threats that many large blue chip companies where they have large numbers of staff working together are already taking precautions as part of their emergency contingency planning to protect staff and the business continuity should an outbreak occur.
The superbugs like MRSA in hospitals are also creating similar opportunities for the Office Products Dealers where the media ensures that personal hygiene on hands and surfaces is kept clearly on the agenda creating consumer awareness and sales.
Systemcare can be contacted at:
www.systemcare.co.uk
Enquiries@systemcare.co.uk
The Address of their head office is:
6-7 Maybrook Industrial Estate, Walsall Wood, Walsall, WS8 7DG, UK
Tel: +44 (0) 1543 454 872 Fax: +44 (0) 1543 454 184
In response to the emergency contingency planning by major blue chip companies to protect against global pandemics.
Systemcare has been very quick to respond to dealer requests by launching a core range of Personal – Office hygiene and virus protection products.
Doug Skeggs, Marketing Director states - “Major global companies and institutions have been giving enquiries to their dealers for this type of product for several months now and we are able to offer a variety of products that comply with the relevant official guidelines to help with protection. The West appears to have been lucky so far this year not to have had a voracious virus that the World Health Organisation is tracking the development of Avian Flu.No one knows whether the preparedness is sufficient to avert significant human and economic damage. What history teaches us is with a virus, and in particularly Flu expect the unexpected.
With this type of product quality standards are more important than cost.The indications are since the Sars and recent Avian Flu threats that many large blue chip companies where they have large numbers of staff working together are already taking precautions as part of their emergency contingency planning to protect staff and the business continuity should an outbreak occur.
The superbugs like MRSA in hospitals are also creating similar opportunities for the Office Products Dealers where the media ensures that personal hygiene on hands and surfaces is kept clearly on the agenda creating consumer awareness and sales.
Systemcare can be contacted at:
www.systemcare.co.uk
Enquiries@systemcare.co.uk
The Address of their head office is:
6-7 Maybrook Industrial Estate, Walsall Wood, Walsall, WS8 7DG, UK
Tel: +44 (0) 1543 454 872 Fax: +44 (0) 1543 454 184
Subscribe to:
Posts (Atom)
