PlanB Consulting

Knowledge Zone

Here you will find articles, archive blogs and case studies that PlanB have used or created over the years. To find information please type a keyword into the search box or click on the relevant tag.

We publish weekly updates from the business continuity world, covering recent news items or reflecting on our travels and experiences with clients.

Charlie addresses topics from a Business Continuity perspective and you might be surprised how much of today’s news relates to BC! Providing valuable insight, Charlie raises critical questions which will surely encourage you to reconsider your Business Continuity plans.

Why Do We Not Believe…?

This week, Charlie discusses the big question…why do we not trust warnings, that we believe to be completely outrageous? Also, why business continuity professionals need to implement this crucial fact into our plans. I recently watched the Jimmy Saville documentary, ‘Jimmy Saville a British Horror Story’ on Netflix, and was fascinated by the idea of why he took

Defining RTOs – Help Needed

This week, Charlie needs your help and advice when it comes to RTOs! Read on to learn more about his questions and thoughts regarding the changing world of business continuity. This week, I will be sharing some of my thoughts regarding RTOs as I am slightly struggling, and hope some readers of the bulletin may be able to

Business Continuity in Saudi Arabia – It’s Good!

In this bulletin, Charlie discusses business continuity in Saudi, where he has been conducting exercises and workshops. This week, I have been in Riyadh delivering a series of workshops, exercises, and business continuity reviews. Therefore, I will be sharing some thoughts on what I have learned. I have been to the country many times before COVID however, this

Working in a Hybrid World – The Future of Incident & Crisis Management Rooms

Business Continuity Awareness Week (BCAW) has been running this past week to raise awareness about the new hybrid work environment and how organisations need to rethink the way they embed, validate, and raise awareness amongst their staff of Business Continuity Plans. The theme for BCAW 2022 is Building Resilience in the Hybrid World and for this reason, we are

Cyber UK 2022 – What Did We Learn?

Charlie shares his thoughts on the recent CYBERUK 2022 conference. This week Dawn, the Business Development Manager from PlanB Consulting, and I, attended CYBERUK 2022 at the ICC Conference Centre in Newport Wales. Therefore, for today’s bulletin, I will be sharing some of the highlights and my thoughts on the event. The event is the National Cyber Security Centre’s (NCSC)

Rota Power Cuts and an Old Incident Revisited – Auckland Power Outage, 1998

This week, Charlie discusses his experience with power cuts in Johannesburg, and previous famous power cuts, such as in Auckland. I am currently in Johannesburg, South Africa, delivering an MSc module to a client from Glasgow University; the module is on “Work-Based Resilience, Continuity and Crisis Management”. After a day of lecturing, I took a little stroll near

Product Recall: A Checklist of Actions

This week, Charlie creates a checklist for you to follow in case of a product recall situation. This week I carried out a product recall exercise for a pharmaceutical company. I do not claim to be an expert in the finer processes of a product recall, but some of the issues associated with product recalls are very similar

Looking After Your People During a Cyber Incident

This week, Charlie discusses why it is so important to look after your staff after a cyber incident. Yesterday, I taught the pilot of a new Cyber Incident Management course. This course is a day-long course which I developed for a client to use internally to ensure that the managers within the organisation have a greater understanding of

Scenario-specific Crisis Level Plans

This week, Charlie discusses why scenario-specific plans are an important addition to business continuity plans. Over the last couple of months, I have been part of the team working on two different standards. Firstly, rewriting the Business Continuity Institutes’, ‘Good Practice Guidelines’ (GPG). Secondly, the ISO 22361, which will be titled ‘Crisis Management – Guidelines for a Strategic

A Conversation about Resilience during the Ukrainian War

Charlie Maclean-Bristol FBCI and Gianluca Riglietti CBCI discuss resilience at a time where the conflict in Ukraine dominates the global scene.  During this informal conversation, Charlie and Gianluca address arising issues from the war in Ukraine such as cyber security and supply chain disruptions, as well as discussing related topics including the power of fake news and propaganda,

Hints and Tips for Delivering Online Business Continuity Training and Exercises

Find out what tips Charlie has taken away from two years of training delegates online and remotely. It’s around the two year anniversary of the pandemic, therefore, this week I will be sharing some personal points I have learnt during this time. Having worked throughout the whole of the pandemic, I have had to adapt from always having

Common Crisis Lessons Visible Within the Ukraine Conflict

While in the midst of an international conflict, Charlie comments on the lessons we can all learn from the crisis in Ukraine. I couldn’t go through this week without reflecting on the conflict in Ukraine. What I will be doing is identifying some of the features in the response which are common to many disasters and incidents. 1.

Crisis Communications – Do You Have a Team?

Charlie lists his suggestions for organising your incident management to include communications roles, and what that may look like. I thought I would leave events in Ukraine to the newspapers and TV this week, and talk about crisis communications teams. Over the last six months, we have been conducting lots of exercises, cyber being one of the main

9 Risks and an Opportunity in Response to Events in Ukraine

With the news today of Russian troops moving into the regions of Luhansk and Donetsk I thought I would share some thoughts with readers of the PlanB Consulting newsletter, on some risks to consider and to plan for. The risk to consider are:1. If you still have employees in the region, have you planned to evacuate them safely

Hurry Up and Wait…

Waiting is an underrated skill. In the army, one of the concepts we were always working towards was “hurry up and wait”. The concept is that we should be rapidly moving from one location to the next, usually very early in the morning. Then when we have arrived at the next location, wait around for hours for something

Case Study Zouma: Don’t Mess With Cats…

This week, Charlie comments on how Raith Rovers and West Ham (Zouma) have handled their recent PR incidents, and what we as business continuity professionals can take away from that. I am not a big fan of football being a rugby man myself, so I am a little surprised to find myself writing about football two weeks in

Boris, Watt and the Footballer

Charlie discusses the three biggest headlines dominating the news this past week! He covers topics from Boris to BrewDog and football. Kim and I went to Cheltenham last week to help our daughter settle into her new flat. Since we travelled on Friday, I decided to take a week off writing the bulletin. One thing we listened to

February Newsletter

PLANB FEBRUARY NEWSLETTER Cyber Scotland Week: Free PlanB Ransomware Webinar ‘To pay or not to pay?’, that is the question…What should you do after a ransomware cyber incident? Charlie will talk through the pros and cons of paying a ransom and what factors senior managers should take into account when making the decision in his webinar as part of

Travel Disruptions

Travel disruptions seem to be almost commonplace now – between countries closing at a moment’s notice due to pandemic restrictions, to natural disasters like the Tonga volcano eruption halting air travel.  As the world ‘reopens’ for business, many of our executives are dusting off their passports and heading out once more, but how prepared is your business for travel?

Ransomware Negotiation Tactics

Charlie highlights the best advice from a great podcast all about ransomware negotiation. Read on to learn all about the best practices when it comes to negotiation. At lunchtime, I try to go out for a walk to get some exercise and fresh air, otherwise, I find that I can go for days without leaving the house. During

Verisimilitude and its Importance in Exercises

In today’s bulletin, Charlie explains how he creates excellent exercises for organisations to use and play out using verisimilitude. Learn how to engage your employees and create memorable business continuity exercises. This week I have been running a SIMEX exercise, and over the past three days, I have been producing collateral, injects and simulated media and social media

Reflecting & Looking Ahead

This year has certainly felt far too like 2020 for my liking!  The challenges of COVID, travel disruption, and hybrid working have become ‘normal’ for us all, but as is my tradition at this time of year, I would like to focus on the opportunities that 2021 has brought us, as we spend too much time focusing on the worst

Storm Arwen: Lessons Re-Identified?

This week Charlie discusses Storm Arwen, the cycle of lessons following an incident and why business continuity professionals need to keep an eye on incidents at all times. I almost managed to completely miss Storm Arwen. Firstly, as I live on the West Coast of Scotland, which was not as badly hit as the East Coast and secondly,

Hints and Tips for Running SIMEX Exercises

After delivering a number of SIMEX exercises in the past three months, Charlie shares the learning points from these, along with helpful tips for effective SIMEX exercises. What is a SIMEX? A SIMEX is a type of exercise which involves an incident management team or teams responding to an unfolding scenario. This exercise is unique in that it

Crisis Support Teams – What are they & do I need one?

Creating an effective crisis management team can be complex as you have to take many factors into consideration. In this bulletin, Charlie outlines his thoughts on creating a crisis support team, and what their functions and roles could be. Four years ago I started working on my PhD with the University of Glasgow. After a few false starts

Learning Points From the SEPA Cyber-Attack

Charlie lists the key points that you can learn, from the SEPA cyber-attack that occurred last year. He discusses what is important and how to ask yourself these questions to make sure you and your organisation are always prepared. Keen readers of the bulletin will remember when I wrote a number of bulletins commenting on the SEPA cyber-attack

Comments on the Yorkshire Cricket Club Racism Crisis

Have you given any thought to what your company would do if they were accused of wrongdoing and suddenly in a reputational crisis? This week, Charlie discusses what business continuity professionals should take away from the Yorkshire Cricket Club scandal, and points to consider when thinking about your own company. For the past year and a half, most

Wicked Problems – What Do I Need To Know?

Charlie discusses the theory of wicked problems, what it means for business continuity professionals and how we are able to implement this idea into our plans. This week I wanted to share with you all an academic theory around wicked problems. I came across this term during my reading on crisis management, but until very recently I wasn’t

The Future of Incident & Crisis Management Rooms Post COVID – In a Hybrid Working World

Need a more effective way of conducting video meetings in this new hybrid world? Charlie discusses the pros, cons and solutions for utilising Microsoft Teams within your team and company. With most organisations adopting hybrid working, it is becoming more likely that incidents will be managed by a combination of people in the office and those at home.

Is Business Continuity One of the Victims of COVID?

In today’s bulletin, Charlie discusses his thoughts on the industry that is business continuity and how he believes COVID has negatively impacted it. Nothing particular in the news piqued my interest this week, therefore, I decided to give my thoughts on ‘Is Business Continuity One of the Victims of COVID?’. I think in a number of areas, business

Our Work with Aruba’s Water Suppliers

We have been proudly working with WEB Aruba to help them create crisis management plans and run exercises. Here is their press release on our latest exercise. WEB Aruba organises ‘water rationing plan’ exercise How prepared are we in the event that water production and distribution comes to a stop at WEB? This week, the Crisis Management Department

PlanB Consulting Finalists for Best Cyber Breakthrough

We are pleased to announce that we have been shortlisted in the ‘Best Cyber Breakthrough’ category for the 2021 Scottish Cyber Awards. Organised by The Scottish Business Resilience Centre (SBRC) and now in its fifth year, the awards recognise and celebrate stand-out individuals and organisations making a positive impact in Scotland’s cyber security sector. Jude McCorry, CEO of

Fantasy Crisis Communications – Prince Andrew

In today’s bulletin, Charlie dives into the Prince Andrew court case and the communication issues surrounding it. Discussing the importance of branding, strategy and response, not only in this case, but in all crisis management cases. My daughter, Phoebe, is rather good at knowing who’s who in rugby and in last year’s 6 Nations she organised the family’s

Embedding BC for a More Resilient Future

As it is BCI Education Month, this week Charlie discusses the need for embedding business continuity to create a more resilient future, using examples of scenarios that are happening right now across the world. ‘Embedding Business Continuity for a more Resilient Future’ was a title given to us for BCI Education Month and I promised Kitt in the

Dealing with Anniversaries

Charlie discusses how companies should be commemorating and including the anniversaries of traumatic events within their business continuity plans, whilst keeping in mind how anniversaries such as these will also affect your employees. Last week it was 20 years since the 9/11 terrorist attacks in New York. The commemorations that followed got me thinking about anniversaries and how

Preparation for Protest

In this week’s bulletin, Charlie discusses how to prepare your company against protesters. Taking into consideration the safety of your staff, protesters and your company’s reputation. With the Extinction Rebellion in London last week and the COP26 (Conference of the Parties) happening in Glasgow, in 6 weeks. I thought it might be a good time to think about

Low-Level Cyber Attacks

Charlie looks at the lessons you need to take away from a low-level cyber attack. I am going to leave the New York flooding, storm and the hurricane in Louisiana for another day and just write a short piece on this incident I came across on phishing emails. More details on the incident can be found here > The

What Can We Learn from Afghanistan 2021

In today’s bulletin, Charlie discusses the devastating events unfolding in Afghanistan and what we need to learn from this as business continuity professionals. I have been watching the events unfold in Afghanistan over the last couple of weeks with the Taliban taking over the country, the air evacuation taking place, and yesterday the two suicide bomber attacks that

A Guide to Writing Contingency Plans and Playbooks

This week, Charlie goes into depth about different contingency plans, how to know which plan suits which incident, and how to create a framework that works for you! I have spoken about the requirement for writing generic response plans in a previous bulletin. This is a framework that covers all responses to any type of incident. The concept

‘Countdown to Zero Day’ By Kim Zetter – Book Review

This week Charlie reviews ‘Countdown to Zero Day’ by Kim Zetter. The book is all about the virus that sabotaged Iran’s nuclear efforts and shows how the existence of this malware can have the same destructive capability as a kinetic attack! Last night I finished the book ‘Countdown to Zero Day’ by Kim Zetter and I thought I would

Cyber Podcasts You Need To Listen To!

As podcasts are becoming the new ‘thing’, Charlie shares his three favourites. Keep up-to-date with business continuity by listening to these incredibly interesting and thought-provoking podcasts. As many of you may have plans to go on holiday soon, I thought I would share three cyber podcasts I really enjoy listening to regarding business continuity. I highly advise you

Location, Location, Location! With What3words

In this week’s bulletin, Charlie talks about why determining an accurate location during an emergency is important, and how you can incorporate this into your emergency plan. When responding to an incident it’s critically important to understand the location of the incident, so that internal support and the emergency services know exactly where to go. During an incident,

A Checklist for the Loss of People

This week, Charlie discusses the NHS COVID-19 tracking app, getting ‘pinged’ and the consequences of self-isolation on businesses. I’ve been seeking inspiration for this week’s bulletin, and it came to me about 20 minutes ago while listening to the news this morning. The news piece in question discussed how many businesses were struggling due to the loss of

Kaseya Attack: What is a supply chain cyber attack?

The Kaseya cyber-attack has been in the news for the last few days and I thought this was an opportunity not to look at the detail of the attack itself but to look at the issue of supply chain cyber attacks. Supply chain cyber attacks are where criminals target software vendors or IT services companies in order to

Is Crisis Management Only For “Unprecedented and Extraordinary Events”?

In this week’s bulletin, Charlie discusses the debate around the definition of crisis management and what he thinks crisis management should cover. I was chatting with one of my clients in Renfrewshire and we talked through his crisis management plan, which he had taken from the book ‘prTS 17091, Crisis Management – Guidance for Developing a Strategic Capability’

Process Controls, SCADA and Cyber Security

This week, Charlie discusses the effects a cyber attack can have on an organisation’s process control and SCADA systems. For the last three weeks, I have been working for a power and water company in the Caribbean with my wife, Kim. We delivered a programme to improve their response to a wide range of incidents and started by

BrewDog Crisis Communications: Case Study Review

This week I take a look at the BrewDog crisis communications, including how well they handled accusations against them and how your company can use the lessons learnt. I am partial to a Punk IPA and some of the company’s rather gooseberry tasting beers. So I thought now that the incident is out of the news, I would

Hypercomplexity: Which Incidents Should We Be Preparing For?

In this week’s bulletin, I discuss the idea of a hypercomplex world and preparing for different scenarios in it. A few weeks ago, I wrote a bulletin on scenario planning and how under the new requirement of Operational Resilience for FCA and PRA, regulated organisations now have a requirement to determine ‘extreme but plausible scenarios’ to see if

Isle of Coll Fire – A view from the frontline

This week I talk about the recent fire on the remote island of the Isle of Coll. I discuss how the professionals and community responded and how this incident compares to others he has read about. I tell people how to manage disasters not actually take part in one! As a consultant, I tell people how to manage disasters and

Communications with Stakeholders after a Ransomware Attack

This week I discuss the issues associated with communications after a cyber-attack, and how to develop a plan that will make a huge difference in an organisation’s ability to survive and keep their reputation after a data breach. To be able to cover multiple time zones, yesterday I was up at seven o’clock for a cyber exercise with

The Hidden Costs of Ransomware

Updated 29 May 2021 This week I talk about costs that are often overlooked when dealing with ransomware attacks. I am signed up to many newsletters and Google alerts on cyber incidents, and I never cease to be amazed by the sheer number of organisations that have ransomware attacks. I did my PhD in Emergency Planning and Disaster Management

Writing Incident Scenarios: An Operational Resilience Trend Returns

This week I talk about writing incident scenarios and how different business continuity plans have come back in style. The return of the mullet What was once fashionable always tends to come back into fashion at some point. Flared trousers seem to come and go quite regularly. Fashion from my youth has come round again, as we are seeing

It’s OK, it’s in the Cloud: Lessons from the OVH Cloud Data Centre Fire

This week, I talk about the issues associated with the fire in the OVH cloud data centre and how ‘putting your IT in the cloud’ is not a risk-free solution. Working from home: Is your business continuity problem solved? There seemed to be a moment sometime last year, when many issues associated with business continuity were solved, and

Credential Stuffing – A different type of cyber attack

This week I discuss credential stuffing, a type of cyber attack which you should be looking out for! “The irony of credential stuffing is that organisations that have not suffered a direct data breach often become indirect victims when their users’ accounts are compromised due to someone else’s data breach” Debbie Walkowski, F5 Labs. Look after your passwords I

The changing face of journalism and how it should be reflected in our plans

This week I shares my thoughts on the evolution of journalism and how crisis communication plans should be adapted to keep up with the changes. I have been working on some strategic/crisis level plans and have been thinking about what should go into the crisis communication section of the plans. In quite a number of plans I have

Demonstrating business continuity’s return on investment

ROI on budget? Worried about your business continuity budget? This week I discuss how to demonstrate BC’s return on investment within your organisation. Every year you get a budget of £20,000 (some of you are already saying “I wish”) and you have this money to deliver your business continuity programme. Your organisation buys into business continuity as it feels

Operational Resilience: Is it just business continuity done properly?

What Operational Resilience really means, and how it compares with business continuity. This week a couple of things have come together to inspire this bulletin. I have been working on an operational resilience exercise for a client, which is based around taking a ‘severe but plausible scenario’ and then checking whether the scenario breaches the organisation’s impact tolerances.

Beware of the self-wiggling mouse – Water industry & Cyber

This week I look at the risk of a cyber-attack and the importance of reviewing your vulnerability to water, wastewater and electricity loss. Cyber attack on the water treatment plant in Oldsmar, Florida  One of the big news stories from the last couple of weeks has been the hacking of the water treatment plant in Oldsmar, Florida on the 5th

Business Continuity Capability – What is it and do I need it?

This week I look at why building capability is important for implementing your business continuity plan. Building an Incident Team Competence Framework This week I have been working on building an Incident Team Competence Framework for a client. It is two parts, the first part is a self-assessment of an incident team member’s knowledge of their organisation’s plans and

Failing to plan is… The importance of contingency planning – The quarantine

This week I discuss the importance of contingency planning. I try not to criticise the government In this bulletin I try not to criticise the government, firstly, as they are doing a difficult job under challenging circumstances and secondly, it is easy for commentators like myself to carp from the slide lines when I am not involved in

Cyber Incident Response: A preparation framework

The SUNBURST hack in 2020 of the SolarWinds Orion Software showed that any organisation could be vulnerable to a cyber breach. The hack compromised 18,000 of the organisation’s systems’ including many USA Government organisations. No matter how well prepared an organisation is, there is always a risk, so the key is to prepare your response as well. Large organisations like Equifax, Marriot and Travelex have demonstrated the

The SEPA Cyber Attack a Case Study

Update 29th January 2021 The Yin and Yang of a SEPA’s Cyber Incident Response  On Christmas Eve, the Scottish Environment Protection Agency was hacked and many of their systems were taken offline, including their emails, and they are yet to recover them. They have also said that they lost 1.2 GB of data “this is equivalent to a small fraction

Is the response to COVID-19 a business continuity issue?

Is it time for Business Continuity Managers to step away from the COVID-19 response? I share by thoughts on how organisations should move forward in dealing with the virus. I have been thinking about the response to COVID-19 for a while, especially as we have been conducting a number of debriefs on the incident for different organisations. The initial

The future of business continuity, post COVID-19

This is my last bulletin of the year so I thought I would share some ideas with you about a subject I have been thinking about a lot. In line with last week’s bulletin, ‘Is the response to COVID-19 a business continuity issue’ I have stopped thinking about our response to the existing pandemic and have moved my

Ransomware attack: Who ya gonna call, Mike?

This week I share some key learning points on ransomware negotiation. This week I am going to share with you what I learned from speaking to Mike Fowler, VP of Intelligence Services at GroupSense, a specialist cyber response company. One of the services they offer is ransomware negotiation and I thought in this bulletin I would share what a ransomware

The difference between a generic response and contingency plans

This week I look at the differences between a generic response and contingency plans. This week has been very busy for me, and amongst other tasks, I have been conducting a debrief for a multinational company on their response to date on COVID-19. I have also been helping another organisation rewrite their plans, so I am very focused

Cyber Ransoms – Should I Pay?

This week I discuss the possible benefits of paying a cyber ransom and whether this is illegal. Legality I thought this week I would do a bit of research on a subject that has intrigued me for a while, which is the legality of paying cyber ransoms. In news articles about firms who have been a victim of ransomware, there

What is doxing, and should I be worried about it?

This week I look at doxing, the different ways it can affect your organisation and how you should prepare. Should I be worried about it? The short answer is yes. The long answer is also yes, but after seeing the word in a cyber article I was reading this week, I thought I would do a little more research

Marks out of 100 for the NZ Stock Exchange Cyber Incident Response

This week I look at at the recent cyber incident involving New Zealand’s Stock Exchange and marks their response out of 100. I thought this week I would write about an incident which I have been following for the last month, the Distributed Denial of Service (DDoS) attack on the New Zealand stock exchange, which took place at the

My Thoughts On Online Exercises

In today’s bulletin, I share some thoughts on conducting exercises online. This week I conducted an online exercise and it got me thinking about what the benefits and downsides are of running exercises online: It is very easy to conduct one as most incident management teams are virtual at the moment and responding to COVID-19, so carrying out

Logging in a Digital Age

In today’s bulletin, I discuss how logging incidents has changed in the shift to remote working and online meetings. “If it wasn’t written down, it didn’t happen” – Michael Mansfield QC At BC Training and PlanB Consulting, we have done a lot of Loggist Training, both before and after COVID-19. A couple of days ago I was talking to

What types of incident is business continuity meant to deal with?

This week I discuss why having a clear scope of the incidents that business continuity is designed to deal with is important within your organisation. Scope of incidents Yesterday I had a good chat with a member of the Business Continuity Board, who is also an FBCI and has been involved in writing many of the ISO standards, so he

Dealing with emotion in crisis communications – the UK results fiasco

Following the release of A-level and GCSE results in the UK, I discuss how to counter an incident which has invoked a lot of emotion. The algorithm seemed flawed This week my daughter Phoebe was one of the students anxiously awaiting her GCSE exam results. You couldn’t fail to see the government flailing around trying to produce a set

What types of incident is business continuity meant to deal with?

This week I discuss why having a clear scope of the incidents that business continuity is designed to deal with is important within your organisation. Scope of incidents Yesterday I had a good chat with a member of the Business Continuity Board, who is also an FBCI and has been involved in writing many of the ISO standards, so he

The Effects of Stress on Incident Management Teams

This week I look at stress and the impact it can have on teams and individuals during incidents. I am busy reading a paper by Mica Endsley titled ‘Towards a Theory of Situational Awareness in Dynamic Systems’, which I have been looking forward to reading for a while! I find the whole process of incident management and how

A Model for Situational Awareness

This week I shares a model of situational awareness from the Endsley paper and discusses how this can be applied to incident management. This week I carried out my first Live Online Advanced Incident Response and Crisis Management public training course, and I decided to add some information from the Endsley paper I was reading on situational awareness. I promised

Achieving situational awareness during an incident

Following last week’s bulletin, I share some ideas on how to implement and carry out situational awareness when responding to an incident. Last week we talked about the process of situational awareness during an incident and how all the activities come together to achieve good awareness of the situation we are managing an incident within. Today I thought I would

The Effects of Stress on Incident Management Teams

This week I look at stress and the impact it can have on teams and individuals during incidents. I am busy reading a paper by Mica Endsley titled ‘Towards a Theory of Situational Awareness in Dynamic Systems’, which I have been looking forward to reading for a while! I find the whole process of incident management and how

Building an Incident Team Competency Framework

Charlie outlines his ideas on building an incident team competency framework. This week I thought I would share some ideas I have been developing on incident management. They are not fully solidified yet, so I would welcome any thoughts or comments on what I have written. There are many lessons organisations will learn from COVID-19, but one of

Why we are entering the most dangerous period of coronavirus.

Why, for many organisations, we are entering the most dangerous period of coronavirus. This week Charlie discusses why we are entering the most dangerous period of coronavirus for many businesses. In the first few months of the coronavirus outbreak, everyone was ‘in it together’ and people understood why organisations were not able to deliver their services or be

The Business Continuity Manager’s role in the recovery phase of coronavirus

This week I discuss the role of the Business Continuity Manager in dealing with the recovery phrase of coronavirus. Many of the lockdown restrictions have been lifted and are moving on apace, even in Scotland we are able to do more today and even more on Monday, although I haven’t quite worked out what that is. So I thought

COVID-19 – A massive failure of risk management?

This week I look at risk management in response to the ongoing COVID-19 outbreak and Black Lives Matter movement. I wanted to write about risk management and what I perceive is a massive failure of the process and implementation in ensuring that organisations were ready for a pandemic. The continuing momentum of the Black Lives Matter movement and

Dominic Cummings – A crisis management case study

This week I discuss the crisis communications lessons to be learnt from Dominic Cummings’ recent ‘rule-breaking’ incident in lockdown. As the ‘Dominic Cummings Affair’ is coming to an end I thought I would comment on what we can learn about crisis communications from the circus surrounding his visit to Durham, during lockdown. I think it is a perfect

Marks out of 100 for Easyjet’s Cyber Incident Response

Charlie scores Easyjet’s response to their recent cyber attack out of 100. “Thankfully, we now live in a world where it is accepted that data breaches happen, and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how

20/20 Vision: Comments on Exercise Cygnus (UK’s pandemic exercise in 2016)

Today Charlie discusses how Exercise Cygnus, the UK’s pandemic exercise in 2016, holds up against the ongoing outbreak of COVID-19. UK the “most prepared country”? The UK government has had a lot of criticism in the press about them being unprepared to respond to COVID-19, despite the 2019 Global Health Security Index Report in which we were rated

Crisis Communications – Skype to the rescue

This week Charlie looks at an article from The Times, ‘Welcome to The Skype Pandemic’, which discusses how journalists and experts tuning in to interviews from their homes is affecting our news consumption. A team of Kim, Gillian and I have been teaching the CBCI course this week and I was thinking of talking about the lessons learned

Coronavirus Response: The Peak-End Rule

This week I discuss the psychological heuristic ‘peak-end rule’ and why this is important for planning your company’s recovery from COVID-19. Hope you have all had a nice bank holiday weekend at home! This week I wanted to look at how an incident is managed at the end, and whether it leaves a disproportionate impression on the successful

Business Continuity and Coronavirus – Marks out of 10

This week I mark the six elements of the business continuity lifecycle out of 10, based on their effectiveness during the COVID-10 outbreak. As coronavirus continues to spread apace and it is announced that schools in the UK will be closed down today, I thought I would do a bit of a review and see how well business continuity

Panic buying toilet roll – lesson identified or learned?

This week I look at panic buying and what lessons we can identify from the ongoing COVID-19 outbreak to help prevent this in the future. When I talk to Jacqui Semple, Head of the EPS and Resilience Lead at Angus Council, about incidents and the lessons learned from them, she always corrects me by saying they are ‘lessons

After coronavirus, what next?

This week I discuss how you can prepare for the recovery and transition back to ‘business as usual’ after the coronavirus. You will have seen in the UK that there has been a change announced and we are moving from ‘containment’ to ‘delay’. It has been made clear that the virus has the potential to affect us all

Coronavirus Public Reaction – ‘Keep calm and carry on’ or bystander effect?

This week I look at how the bystander effect and social pressure is affecting the public’s reaction to Coronavirus. I have been onsite with a client in the South of England for the last two days and conversations have all been about coronavirus, what is happening, the day-by-day increase in numbers and the speculation on how bad it

Decision Making During a Crisis – Decision Making Models

This week I look at what tools and techniques are available to help those leading incident teams on how to make decisions during a crisis. This week I have spent eight hours in conference calls, working with a dedicated team to go through the suggested amendments on ISO 22361 which is going to replace prTS17091 ‘Crisis management – Guidance for

The Minimum Business Continuity Objective: The Cinderella of the BIA

This week I explain what the minimum business continuity objective (MBCO) is and how to use it. The minimum business continuity objective (MBCO) is, in my opinion, an extremely important component of the business impact analysis (BIA). I have always thought that it is the poor cousin to the MTPD (maximum tolerable period of disruption): not used very often

Case study – Dundee and Angus College’s Cyber attack communications review

Following Dundee and Angus College’s recent cyber attack, Charlie looks at why their response is a good example of how to deal with a cyber incident and what we can learn from it. I thought this week we might take a break from talking about the coronavirus (COVID-19), as every man, woman and consultant seems to be posting

Pandemic Planning: What is a Pandemic Operating Regime, and do I need one?

Following the spread of Coronavirus throughout China and surrounding countries, Charlie introduces the idea of a Pandemic Operating Regime and why you should develop one. After returning from Colombia last week and working on the new ISO 22361 standard which will replace ‘PD CEN/TS 17091:2018, Crisis management – Guidance for developing a strategic capability’, I wanted to write

Pandemic Planning: Coronavirus (2019-nCoV) – Should We Panic?

Pandemic Planning: Coronavirus (2019-nCoV) – Should we panic? This week Charlie looks at the ongoing outbreak of Coronavirus, and what precautions your organisation should take to be prepared. You can’t have missed the outbreak of the flu-like disease, Coronavirus, and the China’s response of shutting down travel from the City of Wuhan, as well as several other areas and

Travelex – A Crisis Communications Review

Charlie looks at the recent Travelex incident and what we can learn from their response. Happy New Year to all our readers, I hope you had a great Christmas! The Travelex incident is one I have only just come across; I think over new year I was too busy celebrating on the Isle of Coll and I wasn’t

A Child on a Hospital Floor: A Case Study

Charlie looks at one of the main news stories during the election campaign and considers how social media can be used and misused in incidents. I am writing this on the afternoon of Election Day, so I don’t yet know if this story has impacted the election or whether it has had no impact at all. The story

Managing Incidents In a Post-Truth World

With the election approaching, Charlie discusses its relevance to business continuity professionals and how we should deal with incidents in a post-truth world. As the election stumbles to its conclusion next Thursday, I thought I should comment on its relevance to us business continuity professionals in today’s bulletin. We will leave the consequence of who wins until next

Crisis Communications – A Dark Art?

Charlie looks at Timothy Coombs’ ‘Situational Crisis Communications Theory’ and how you can develop a crisis response strategy from it. For many years I have slightly shied away from crisis communications. I have developed crisis management plans, emergency plans and business continuity plans at all levels, for a multitude of different organisations and industries. I have also run

Prince Andrew – How Not To Draw A Line Under An Incident

Charlie discusses Prince Andrew’s recent interview with Newsnight and what crisis communications lessons we can learn from it. I talked about Prince Andrew in this bulletin on the 20th September 2019, entitled “He knows exactly what he’s done and I hope he comes clean about it”. I ended the article by saying: ‘In the end, this storm will blow over

So You Have Been Deepfaked

This week Charlie looks at deepfakes and why we need to be aware and exercise this risk. Imagine… You are the business continuity manager and responsible for crisis management in a large, very male-dominated organisation. The CEO has decided to resign after 20 years’ service and there are two candidates for the role: the Operations Director, John, and the

What Goes Into a Cyber Data Risk Assessment?

Charlie proposes an inventory of information which your organisation should consider to conduct a cyber data risk assessment. This week, I was conducting an exercise for a government organisation. As we have worked with the company for a number of years we decided to go for a slightly different set-up, so this time we used loss-of-data as the

The Backlog Trap

Following this week’s CBCI Certification Course, Charlie shares his thoughts on the backlog trap. This week I have been teaching the CBCI Certification Course. After the course finished on Thursday evening I went to London City Airport to get my plane home. All went well until I was sitting at the gate and the plane was promptly cancelled. As it

Exercise Programmes – What Are They?

In today’s bulletin Charlie looks at different exercises your organisation can carry out to verify your end-to-end business continuity solution. I am all Brexited out this week and even though I have been running a business continuity exercise in Riyadh, Saudi Arabia, I have been following the twists and turns avidly. Yesterday was almost like watching a real

What is a Brexit Operating Regime and Do I Need One?

With the 31st October approaching, Charlie explores the idea of a Brexit Operating Regime and some preparations that your organisation can put into place. Over the last couple of weeks, I have been doing a number of Brexit workshops and exercises. As the 31st October is rapidly approaching, I thought I would share some of my ideas on

One Disaster Leads to Another: The Loss of Thomas Cook

Following the recent news of Thomas Cook’s collapse, Charlie looks at one possible contribution to their failure. I am always sorry to see the demise of a company, especially a household name such as Thomas Cook. The loss of 9,000 jobs in the UK, another name off the high street, the repatriation of 150,000 holiday makers, and even

“He knows exactly what he’s done and I hope he comes clean about it.”

This week Charlie shares his comments on the crisis communications aspect of the Prince Andrew and Jeffrey Epstein scandal. I have been following the Prince Andrew and Jeffrey Epstein story with interest over the last few weeks and thought I would make some comments on how the crisis communications of this incident have been handled. I assumed that

Where Do ISOs Come From?

After spending a week observing a series of ISO meetings in Bangkok, Charlie shares his experience of how ISOs are developed. Is this a conundrum that has kept you awake at night for years or have you only just thought about it now, after being prompted by this bulletin? I am very familiar with ISO 22301, having helped

Will there be chaos and panic in the Bahamas after Dorian?

Charlie looks at what lessons we can learn about responding to disasters, from Rebecca Solnit’s book: ‘A Paradise Built in Hell: The Extraordinary Communities That Arise in Disaster’ I have a strong interest in hurricanes having worked with a number of organisations in the Caribbean. This week I am on holiday (not in the Caribbean), and I have

Lessons Learned from British Airways: Emergency Landing in Valencia

This week Charlie looks at what lessons we can learn from British Airways’ recent emergency landing at Valencia Airport. One of the problems of being a consultant is that you rarely get the opportunity to actually manage or participate in the response to an incident. Instead you spend your life telling people how they should respond. To learn

Brexit: Baa Humbug

Charlie looks at a different aspect of the effects of a no-deal Brexit. This week my brother Alex got top price for Cheviot Lambs at Stirling Auction Mart. I also went for a run and listened to the BBC Sounds podcast ‘Beyond Today – No deal: what’s going to happen to our food?’. Inspired by these two things,

Part 2: Plans! Huh! Good God! What Are They Good For?

In Part 2 of Charlie’s blogs on Business Continuity Plans, he looks at the different audiences and how we can develop future plans. In last week’s bulletin we looked at what plans are for and the different purposes of business continuity and crisis management plans. Today we will look at who the different audiences are and I will

Plans! Huh! Good God! What Are They Good For?

In today’s bulletin, Charlie looks at the purpose of Business Continuity Plans and what they are really used for. Absolutely nothing? I thought this week I would allow Boris to Boris and leave the captured tanker with the Iranians, so instead I am going to talk about plans. As business continuity people, I think ‘the plan’ is the

‘Notre-Dame Came Far Closer To Collapsing Than People Knew.’

This week, Charlie shares an article which reconstructs the Notre-Dame fire. ‘Notre-Dame still stands only because firefighters decided to risk everything, a New York Times reconstruction has found.’ Take a look at the following article and think about how you would deal with a fire in your own organisation: Read here: ‘Notre-Dame came far closer to collapsing than

Three Crisis Management Lessons from the Resignation of Sir Kim Darroch

Following the recent resignation of the UK’s ambassador to the USA, Charlie discusses what crisis management lessons we can learn from the incident. This week the resignation of the British Ambassador to the USA caught my eye as an interesting news story. Sir Kim Darroch, an extremely senior UK diplomat, resigned after a number of emails were published

Brexit II – Just When You Thought It Was Safe!

As both potential Prime Ministers have shown support for a no-deal Brexit, Charlie looks at decision points and synchro matrices as useful tools for planning for a possible no-deal Brexit. This week the papers are full of articles about the two wannabe Prime Ministers slogging it out in the media and delivering their pitches to Conservative Members. The

I Need A Hero

Following the inquest into the 2017 London Bridge attack, Charlie discusses the heroic actions we see during incidents and why we should champion those that do something extraordinary. The news coverage of the inquest into the London Bridge attack caught my eye this week. Earlier in the week, the newspapers were reporting on the role played by the

All Aboard!

In today’s bulletin, Charlie compares the recent BP oil rig protests on the Paul B Loyd Jr, to those which occurred in 1995 on the Brent Spar. What can we learn from these stories and how can we prepare? On Sunday, I noticed the news story of two Greenpeace protesters who climbed aboard the BP oil rig in

Battle of Arnhem, 1944 – What Are the Business Continuity Lessons?

Charlie looks at what business continuity lessons we can learn from the Battle of Arnhem, and how case studies are a great way of understanding incident management. This week I have been on a battlefield tour of Arnhem; it was the Battle of Arnhem which was depicted in the film ‘A Bridge Too Far’. I am an ex

Is Your Business Continuity Old Skool?

Charlie looks at how business continuity techniques and methodologies have evolved and why we have moved on from some of the classics. “Tainted Love” by Soft Cell and “Love Is a Stranger” by the Eurythmics were classics in their time, but the world of music has moved on with new genres, artists and styles. In the same way, business

Induction Training: What it Should Include

This week, Charlie discusses why induction is a key place to set the tone for business continuity within your organisation. I have just stepped off an overnight flight from Johannesburg, where I spent the last two days teaching crisis management and business continuity as part of a work-based MSc. My brain is not really working, so I thought

Danny Baker – A Lesson In How Not To Manage A Crisis

Following the sacking of BBC Radio 5 Live’s presenter Danny Baker, Charlie discusses his thoughts on the incident and the crisis management lessons to be learnt. The sacking of Danny Baker, a presenter on BBC Radio 5 Live, caught my eye this week as it had a number of both good and bad practice crisis management elements. I

Hurricane Planning – New Learning Points

This week, Charlie looks at what points you should consider when planning for a hurricane. For the last couple of weeks I have been in the Caribbean, helping a power and water company plan for hurricanes, so I thought I would share what I have learnt. I have done a reasonable amount of hurricane planning before, and have

To Recall or Not to Recall

Following the recent Fisher-Price incident in the news, Charlie discusses product recall and the difficult decisions that organisations face. This week’s news has been dominated by the fire in Notre-Dame Cathedral. I have noticed the story has already shifted from the initial shock at seeing such an iconic building on fire, to questioning how if over €800m can

Business Continuity 2025 – What Will Future Incidents Look Like?

In the first bulletin of his new ‘Business Continuity 2025’ series, Charlie discusses what incidents might look like in 2025. There wasn’t a particular incident which took my fancy to write about this week, so I thought I would write about what BC might look like in 2025. On a separate note, I must congratulate and send solidarity

Risky Business: Is Looking at Likelihood a Waste of Time?

In this week’s bulletin, Charlie discusses whether you should consider likelihood when conducting a risk assessment. I thought this week I would talk about risk assessment. I did consider writing something on Brexit, but I thought it would probably end up being out of date, before I had finished writing! For a while, business continuity has always had

Using Dark Websites for Crisis Communication – Three Case Studies

Charlie discusses the use of dark websites for crisis communication. I thought this week I would discuss the use of dark websites for crisis communication. When you hear about a crisis on the news, I always suggest you take a look at the organisation’s website and see how they are portraying the incident. A dark website is a

Ten Years of Teaching the CBCI Certification Course – What Has Changed?

Charlie looks at how the CBCI Certification Course (GPG) has changed over the last ten years. Just before I start this week’s bulletin, our thoughts are with the people of New Zealand after the attack on the two mosques today. This week I have been teaching the CBCI Certification Course (GPG) in Glasgow and I found myself thinking about how

An Old Threat Returns

Charlie looks at the latest spate of parcel bombs and why now might be a good time to review your plans, procedures and awareness. This week I was down in London delivering the Managing and Preparing for Cyber Incidents course. I noticed in the news at lunchtime that parcel bombs had been sent to Heathrow Airport, Waterloo Station and

Cyber Playbooks – Updated & Revisited

Charlie discusses developing a new kind of playbook which could help you plan for different types of cyber-attack. This week I have had a bit of an epic journey. I started off in Shetland and ended the week in Abu Dhabi, having spent a couple of days in Riyadh, Saudi Arabia. I only visited one company in Saudi,

10 Brexit Contingency Actions You Can Do Now

This week Charlie shares 10 actions you can carry out now in preparation of a no-deal Brexit. This week, I have been running workshops for an organisation who are looking at what planning they should carry out in preparation of a no-deal Brexit. So in today’s bulletin, I thought I would share 10 actions you can carry out

It’s Tough At The Top

Charlie looks at how the behaviour of your senior management can have a major impact on your organisation. This week I am going to discuss yet another risk for you to worry about! This potential risk involves the behaviour of your senior management, and whether it could have a major impact on your organisation. There have been numerous

Cyber Incident Management – Looking Through the Wrong End of the Telescope

This week Charlie discusses why it is important for senior managers to be involved in cyber incident management. This week, I thought we might give Brexit a break, I think we all need one! I have been wanting to write this bulletin for a while, and I have now finally got the time to do it. It also

Preparing for Brexit

In preparation of Brexit, Charlie looks at how we can start to identify areas of exposure within our organisation. I imagine a lot of us haven’t yet prepared for Brexit, and our organisations have continued on quite happily doing what they do. The problem is what to prepare for, as there seems to be a different flavour of

Brexit – What Next?

This week Charlie shares his thoughts on Brexit and how to predict and prepare for the future. This week has been a momentous week in the Brexit saga, the massive defeat of the government’s Brexit plan and the no confidence vote, leaves us in a position where there is absolutely no consensus on how to task Brexit, or

Drones & Airports

This week Charlie shares his thoughts on the recent drone incidents at Heathrow and Gatwick airport. Following the incident at Heathrow Airport on Tuesday, with one of the runways having to close, and with the recent shut down at Gatwick Airport I thought I would write this week’s bulletin on drones. When the shutdown of Gatwick occurred on

5 Business Continuity Predictions for 2019

This week Charlie shares his business continuity predictions for 2019. Happy new year to all readers. I hope you have had a good Christmas and New Year. For the first bulletin of the year, I am going to be bold and make five business continuity predictions for 2019. We can then revisit them at the end of the

What lessons can we learn from Marriott’s response to their Cyber Breach?

This week, Charlie discusses the Marriott hotel hack and how you can prepare your organisation for a potential data breach. You couldn’t have missed the Marriott hotel’s cyber breach and the possible loss of up to 500 million customer records in the news last week. There are a number of lessons we can learn from their response and

LA LA LA I am not listening…

Charlie argues that during some crises it is best not to listen to the angry voices attacking you, but to keep quiet and weather the storm, which will quickly dissipate. This week I have been in the Caribbean where the main TV stations are American, so I have been watching a lot of CNN. Not particularly because I

Avoiding Groupthink: Decision Making During A Crisis

This week, Charlie looks at decision making during incidents and offers some tools and techniques that he has picked up through his research. For a while now, I have been thinking about and looking at ways of making decisions during incidents and have been looking at simple tools and techniques that I can teach to incident management teams.

Effects of Stress on Incident Teams

This week Charlie looks at the physical effects which occur when individuals are faced with an incident and the methods that can be used to counteract them. I was in Dubai yesterday and every time I visit the city, I always feel that it is the city of the future, with its fantastic array of skyscrapers, its driverless

You Are On Your Own Mate…

Charlie discusses the the recent earthquake and tsunami in the Indonesian city of Palu and the importance of taking responsibility for protecting yourself as much as possible during incidents. I said last week I would write something on the Palu earthquake and tsunami. As the title suggests, I thought I would talk about taking personal responsibility for looking

Does an Authoritarian Nation State Dictate Your Crisis Communications?

This week Charlie talks about incident management communications within authoritarian regimes. I will leave a bulletin on the terrible events associated with the Palau earthquake and tsunami in Indonesia until next week. This week we were asked to bid for some incident management training in a country which has an authoritarian regime. The work would include delivering training

Don’t Pay By The Inch

Charlie discusses the importance of quality over quantity when it comes to business continuity documents. This week I have been reviewing the level of emergency response, business continuity and crisis management of a utility in the Caribbean. As part of the review, I was asked to look at their security documents and procedures. I came across an inch-thick security

Crisis Communications During Cyber Incidents – What you need to do now!

Charlie looks at crisis communications and the steps you can take now to prepare your organisation for a potential cyber incident in the future. This week I am all cyber-ed up; on Monday and Tuesday I taught a great bunch of people attending our ‘Managing and Preparing for Cyber Incidents’ course, and on Wednesday morning I delivered a Cyber

Talk is Cheap

Following news of a data breach at British Airways, Charlie looks at incidents seen as the fault of the organisation involved, and the actions organisations can take to show that they are taking such incidents seriously. One of the news items today is about a hack and data breach at British Airways. The organisation will no doubt apologise and say

Writing Incident Management Objectives

This week, Charlie shares some advice on how to write incident management objectives. For this week’s bulletin, instead of commenting on an item in the news, I thought I would share some technical information on how to write incident objectives. During an incident, it is seemingly obvious that your objective is to solve the problem and return the

Deal or No Deal

This week Charlie looks at Brexit and the role of the business continuity manager. At lunchtime yesterday, I asked everyone in the office whether there was a specific subject I should be writing this bulletin on. There weren’t any sensible suggestions this week! Whilst packing up to go home, I put the radio on and it became clear

Extreme Business Continuity – Lessons from Hurricane Maria

Reflecting on his time in Puerto Rico, Charlie shares what he learned from the experiences of those impacted by the events of Hurricane Maria. This week I have been delivering training and exercises in Puerto Rico, whilst learning from the experiences of those who were involved in Hurricane Maria. For this bulletin, I thought I would share some of the

London Bridge is Falling Down…

After his journey to Key West, Charlie advises business continuity professionals to look at access to their organisation’s site as a possible single point of failure and consider the impact of any potential road closures. Today I have been taking a short break between running a number of exercises, so I decided to go to Key West. I have heard all about the

“Peace in our time” – Donald and Kim: A Crisis Communications View

Following the first summit meeting between President Trump and Kim Jong-un, Charlie outlines how crisis communications can be used effectively to manage an incident and meet the expectations of stakeholders. There was no doubt that the meeting between President Trump and Supreme Leader Kim Jong-un was historic, but the debate surrounded how successful it was. President Trump had no doubt that

Business Continuity and Culture

After spending this week in South Africa, Charlie shares his thoughts on the impact of culture on business continuity.  This week I have been teaching MSc students in South Africa and I thought I would share my views on how business continuity can be affected by the culture of the country. I was only in the country for four

Is social media changing?

With the recent Facebook–Cambridge Analytica data scandal influencing new restrictions surrounding social media platforms, I consider whether the use of social media during incidents will change. Over the last few weeks we have seen the Facebook and Cambridge Analytica data scandal unfolding. The incident led to Facebook CEO, Mark Zuckerberg, testifying before members of Congress and answering questions on privacy, data

A review of TSB’s communications in response to their failed IT upgrade

In the midst of TSB’s ongoing online banking meltdown, Charlie shares his thoughts on how the organisation has been managing the communications aspect of the incident.  Last night I was doing what I always tell the readers of this bulletin to do and was looking at how TSB bank have been responding to the failed upgrade of their main banking platform. After

Developing a Reputation Risk Management Framework

This week, I apply the PESTLE framework to business continuity, in response to finding other risk management frameworks too restricting.  Over the last few weeks I have been thinking a lot about risk management frameworks for business continuity. The more I look at business continuity, the more I feel that basing the risk and threat assessment on PPRS (people, premises, resources and suppliers)

War, what is it good for…?

With the West on the brink of conflict with Syria and its Russian allies, I suggest business continuity professionals should  be aware of world events and consider the potential impact on their organisations.  At the time of writing this bulletin, nothing has happened since the USA and its allies threatened to bomb Syria. The threat came after Syria’s

Don’t get hung up on the scenario when planning a business continuity exercise

This week I look at the objectives, format and scenario of business continuity exercises, and I explain why scenarios are not the most important factor when planning an exercise. I have seen many a business continuity manager, both experienced and not so experienced, devising the most fiendish and clever scenario they can think of and working the entire exercise around that

Cyber Playbooks Revisited – An Example

This week Charlie revisits cyber playbooks and invites your thoughts on whether his example fits your idea of what they should contain… A while ago, I wrote what I thought were the contents of a cyber playbook, and through my reading I thought I had a consensus of what one should contain. After having delivered a number of cyber public and

There’s no business, like snow business…

Last week the ‘Beast from the East’ combined with Storm Emma to cause the UK’s worst weather in years. In today’s bulletin, Charlie looks at the lessons BC professionals can take from the incident to prepare for future severe weather events. In Scotland there are still dirty black piles of snow left in car parks and I saw

FCK – Comments on the KFC Crisis

This week Charlie shares his thoughts on the on-going KFC incident and the lessons BC professionals can take from how the crisis has been handled. Ignoring the snow outside and despite it being my third day of not leaving the house, I thought I would leave commenting on the severe weather to next week and this week, as

3gBC – Slimming your plans…

In the third instalment of 3gBC, Charlie advises BC professionals how to make their plans slimmer, both immediately and radically. I thought for this week’s bulletin I would continue sharing my ideas on Third Generation BC (3gBC), by looking at how to make your plans slimmer and more agile. Apologies to the two Julie’s who asked for an

Russell Hume Production Shutdown – Some Observations

Charlie looks at the Russell Hume meat scandal, including the organisation’s response and the implications of having a single supplier for one of your key products. This week I thought I would take a break from promoting 3gBC and provide some observations on the Russell Hume meat scandal. Although the incident took place last month, the implications are

3gBC – Sending the BIA to FatFighters

Following on from his concept of ‘Third Generation Business Continuity’, Charlie provides us with his thoughts on how to reduce your BIA and the advantages of doing so. In the words of Marjorie Dawes from Little Britain, “You is fat! You one big fatty thing!” For many, this is an apt description of their BIA. It is a

‘Third Generation Business Continuity’

Charlie shares his notion of ‘Third Generation Business Continuity’ and the reasons why you shouldn’t employ a BC contractor to develop your business continuity.  This week I travelled to London to attend a meeting with a new client who we are conducting a gap analysis for, based on their present level of business continuity. They felt what they

H&M Hoodie Crisis

This week Charlie looks at the H&M hoodie scandal and outlines the lessons BC professionals can take from the incident.  I didn’t hear about the H&M crisis until recently, so I thought for this week’s bulletin I would share my thoughts on what we can learn from the incident. On 7th January, H&M put up a new item

What is the difference between a cyber and a “normal” incident?

This week Charlie looks at the ways in which cyber and “normal” incidents are different and why these differences may affect how the incident is managed. Over the last ten days, I have run both a one and a two day Managing and Preparing for Cyber Incidents training course and, as a result, I am in the cyber incident management “zone”. So, this week

A Review of ‘The Ultimate Business Continuity Success Guide’ by Marty Fox C

This week Charlie shares his thoughts on ‘The Ultimate Business Continuity Success Guide’ by Marty Fox. I am always happy to review a new business continuity book, especially a physical version, for no other reason than to have another BC book to add to my bookshelf! When Marty Fox asked me to review his new book and offered to send

Ask The Expert Webinar: GPG 2018 – What you need to know

A big thank you to Charlie for providing us with an overview of the recently released Good Practice Guidelines 2018. We hope you all enjoyed the webinar as much as we did. To view the recording of the webinar, just click on the YouTube video below. If you have any feedback or requests for particular topics to be covered in future webinars,

Fake news again…

With another scandal surrounding President Trump emerging this week, Charlie looks at how BC professionals should respond if their organisation’s reputation is being damaged by fake news. Most of you will have seen President Trump in the news this week for retweeting a number of anti-Muslim videos, originally posted by the deputy leader of the far-right group Britain First. The videos were of

Why I no longer look at financial impacts when conducting a BIA

Charlie looks at the evolution of the BIA and explains his reasons for no longer looking at financial impacts when conducting a BIA. This week I spent some time teaching the GPG course in-house for a bank. We had a long discussion on BIAs and the advantages and disadvantages of including financial impacts in a BIA. So I thought I would

When is an ISO not an ISO?

This week PlanB Consulting are celebrating passing part 2 of our audit and being certified to ISO 9001. It has been 6 months of hard work and lots of late nights for some, but we achieved it. I am a great believer in ISO standards and at PlanB Consulting we have ISO 9001 and ISO 22301. As BC

10 lessons from the report on the NHS WannaCry cyber attack

This week Charlie reflects on the newly released WannaCry report and outlines key lessons organisations can take from the cyber attack. The National Audit Office investigation into the “WannaCry cyber attack and the NHS” was published this week, so I thought I would share 10 lessons from the report which are relevant to all organisations. 1. In the report, it stated that

Business Continuity in the Caribbean

Returning from his recent business trip to the Caribbean, Charlie reflects on the lessons he learned in relation to natural disasters. For the past week, I have been in the Caribbean delivering a series of business continuity workshops and I thought I would share some of the lessons I learned from my two trips to the area. My first lesson

A beginner’s guide to cyber security’ webinar

Thank you to Sadia Anwar for delivering this month’s webinar, giving us an insight into cyber security and helping raise awareness, as part of European Cyber Security Month. We hope you all enjoyed the webinar as much as we did. If you missed the webinar, you can view the recording by clicking on the YouTube video below. Details about our next webinar will be released in due

Equifax UK – How not to manage the communications of a cyber breach

Raising awareness for European Cyber Security Month, Charlie looks at the Equifax data hack, as an example of how cyber security incidents should not be handled. One of the things I noticed during my research when developing BC Training’s Managing and Preparing for Cyber Incidents course, was the lack of guidance on how to respond to a cyber incident. There was lots of information

Is this the end of Ryanair?

This week Charlie discusses the ongoing incident with Ryanair and whether the damage to the airline’s reputation will result in the failure of the company.  Earlier this week, my wife Kim suggested that the recent Ryanair flight cancellations will lead to the breakdown of the company. There are precedents for major incidents leading to the failure of airlines. Shortly after the Lockerbie

The Dark Side of Incident Recovery

This week Charlie looks at the dark side of major incidents, advising BC professionals to take steps to ensure individuals and organisations are not profiting from disasters, as they have done in the past. In recent disasters, such as Hurricane Harvey and Irma and the Grenfell Tower fire, we have seen the best of human spirit, with neighbours helping each other

Harvey and Irma – What can we learn?

In the midst of hurricane season, Charlie advises business continuity professionals what they can learn from past hurricanes, in preparation for any future incidents. Oscar Wilde once said, “To lose one parent may be regarded as a misfortune; to lose both looks like carelessness.” In the same way, to have one hurricane is bad, but to have one after the other

Cyber Incident Management Training – 10 Lessons Learned

This week Charlie looks at the lessons learned during our first Managing and Preparing for Cyber Incidents course. Yesterday, I ran Managing and Preparing for Cyber Incidents for the first time and I thought I would share ten lessons that were learned during the training. 1. When you have decisions to make that involve 2-3 different potential outcomes, it might be a good

Business Continuity Learning – Where do you start?

Reflecting on the theme for this year’s BCI Education Month, ‘Discover Business Continuity & Resilience’, Charlie looks at how newcomers to the profession can learn from the experience of others and gain the knowledge to succeed in their role. Business continuity is not a profession you can learn out of a book. The BCI quite rightly describes it as an art and

Free Training Courtesy of President Trump

Following President Trump’s response to the far-right rally in Charlottesville, Charlie looks at the lessons business continuity professionals can take from observing crises unravelling in the media. I have always said that some of the best education on business continuity and crisis management, apart from BC Training courses, can be found watching crises unfold on the news. We can learn an immense

What is a playbook and do you need one?

What is a playbook and do you need one? In this blog post, I am going to describe what is a playbook and then give examples of two different types.  What is a playbook? A playbook for me is typically associated with responding to a cyber incident and gives the actions, procedures and communications associated with responding to a

‘Adaptive Business Continuity: A New Approach’

Whilst Charlie was on holiday last week, he read a recently published book about Adaptive Business Continuity. In this bulletin, he presents his thoughts on the new methodology developed by David Lindstedt and Mark Armour. The poor BIA is getting a hard time at the moment, with a number of practitioners questioning its usefulness and there is some debate among business continuity practitioners

Tables Turned – Managing a Reputation Incident

This week Charlie discusses reputation management, in response to the negative reaction he received for his bulletin titled ‘The Grenfell Fire Fallout…’. As a consultant, you spend your time telling others how to manage incidents, but you very rarely get a chance to actually manage one. My chance to manage a reputation incident came a couple of weeks ago. When writing about incidents,

The Grenfell Fire Fallout…

This week Charlie shares some thoughts on how organisations should react if they are caught up, blamed, or implicated in causing a major incident. The full tragedy of the Grenfell Tower fire is slowly unfolding and I am sure all readers of the bulletin join me in sending our thoughts and prayers to those who have been affected by

Recent Terrorist Attacks – Practice Makes Perfect

This week Charlie looks at the response to the recent terror attacks and discusses the importance of exercising plans for these kind of events. Again, like the terrorist attack in Manchester, the response by individuals to the London Bridge terror attack last Saturday made me proud to be British. The off-duty policeman rugby tackling one of the terrorists, the

Incident Micromanagement – Good or bad?

After attending the Scottish Continuity Resilient Scotland Conference, Charlie shares his thoughts on incident micromanagement and the Government’s response to the travel chaos caused by heavy snowfall in 2010. Yesterday I attended the Scottish Continuity Resilient Scotland Conference at the RBS Headquarters in Edinburgh. The opening speaker was John Swinney MSP, Deputy First Minister and Cabinet Secretary for Education and Skills. He began

A Business Continuity Manager’s Guide to Fake News

This week Charlie discusses the ever emerging issue of ‘fake news’ and what impact it can have within Business Continuity. These days, every second article, radio broadcast or TV news bulletin seems to be full of stories of fake news or about fake news. So this week, I thought we could take a look at what fake news actually

Why do we not listen…

This week Charlie looks at the first two weeks of Donald Trump’s Presidency and the lessons that can be learned from a Business Continuity perspective. I am not obsessed with President Trump by any means, but at the moment, he is highly visible and there are lots of lessons to be learned from the situations he is creating. 

The British Airways IT Outage – An Alternative View

This week Charlie discusses the recent British Airways IT disaster and how the incident was handled by the organisation. The pictures of stranded passengers sleeping on the floor at Gatwick and Heathrow are not good for the reputation of British Airways. I noticed, with slight amusement, that every business continuity and IT armchair pundit have taken to social media

United Airlines Incident – Some different thoughts!

This week Charlie looks at how United Airlines handled their recent scandal and whether PR disasters have a long-term effect on the organisations involved.  You cannot have missed the recent coverage of the incident involving a United Airlines passenger. The flight was overbooked, because four United Airlines crew members required last-minute seats. Three passengers went voluntarily, but one passenger, Dr David Dao, refused

Football attacks – are we ready?

This week Charlie looks at attacks at sporting events and wonders whether football, and managers of other sports venues, are ready to respond to a terrorist attack. Reading about the attack on the team bus of Borussia Dortmund this week, got me thinking about incidents and football and whether this could be a new trend in terrorism; the attack

Business Continuity – The Future?

Following his recent bulletins about whether business continuity is in decline and why resilience is not the solution, this week Charlie looks at how BC managers can save the profession. Over the last couple of bulletins I have discussed whether business continuity is in decline, and whilst moving into a resilience role may be a good career choice for the

Why resilience is not the saviour of Business Continuity

Following his recent bulletin on why he thinks the business continuity profession is in decline, Charlie looks at why he does not think resilience is the solution. A couple of weeks ago, I wrote a bulletin on why I think the business continuity profession is in decline. This week I will discuss why I don’t think resilience is the saviour the

Some thoughts on the WannaCry Ransomware Attack

The WannaCry ransomware attack occurred last weekend and caused major disruption to the NHS, and subsequently, many other organisations. Charlie provides his thoughts and introduces our new Managing and Preparing for Cyber Incidents training course. The waters are still again and all appears to be quiet. A few are still busy recovering from the attack, but just because all seems still, as watchers of the

ISO 22301 and the Business Continuity Octopus

This week’s bulletin has been written by guest author, and consultant at PlanB Consulting, Gordon Brown.  Implementing a BCMS which meets and exceeds ISO 22301 is a challenging, but important undertaking for an organisation committed to Business Continuity. I have recently been leading a project for PlanB, where we helped a marketing/logistics firm achieve ISO 22301 (with one minor non-conformity!). This was achieved

Is the business continuity profession in decline?

This week Charlie looks at why he believes the business continuity profession is in decline. In my opinion, business continuity has lost its mojo over the last couple of years, and many in the profession are stumbling about trying to find a purpose for the field and their job role. In the next three bulletins, I will share my thoughts

Defining the Competency Requirements for Incident Teams

This week Charlie looks at the performance of incident management teams and how incident team members can be assessed using competencies.  You get a new job and have been hired by organisation X to roll out business continuity within the company. You have just completed the crisis team exercise; luckily, it’s a small business with only one plan and one incident management

How a BCM should respond on hearing about the London terrorist attack

Following the terrorist attack in London, Charlie considers the actions that business continuity managers should take when dealing with similar incidents. This week I was due to write about my views on resilience, but in light of the terrorist attack in London, I thought I would share some thoughts on how a business continuity manager should respond to this type

Only 32 million people were watching…

This week I have has taken on a piece of work which will involve running a live exercise. I share my thoughts and questions on possible scenarios, and asks for advice from those of you that have run many of these type of live exercises. I have been in London this week, delivering the BCI Introduction to Business Continuity Management course to

Man down – Live exercising some thoughts…

This week I have has taken on a piece of work which will involve running a live exercise. I share my thoughts and questions on possible scenarios, and asks for advice from those of you that have run many of these type of live exercises. I have been in London this week, delivering the BCI Introduction to Business Continuity Management course to

Incident Support Teams

Last week I delivered Incident Support Team Training for an organisation in London and I would share some thoughts on the training! I believe that having one or two people designated as the Incident Support Team (IST) is an essential part of your Incident Management Team (IMT), whether it is a strategic, tactical or operational team. The support

Trump Press Conference – What can we learn?

After watching the news coverage of Donald Trump’s recent press conference, Charlie looks at the President-elect’s communication style in relation to business continuity. On Wednesday night’s news (11th January 2016) there was wall-to-wall coverage of the Trump press conference. The President-elect was asked questions about an intelligence dossier containing lurid sex claims and allegations of compromising ties to Russia. As ever,

The Role of the Business Continuity Manager

This week I look at the role of the BCM within our organisations. As I have been carrying out several exercises over the last few weeks, I thought I would have a look at the role of the business continuity manager during an incident.  The business continuity manager should have a number of skills: 1.     The best knowledge of

Sending staff home after an incident – a checklist!

This week I share some information about staffing during an incident and some of the things that should be planned for prior to incidents taking place. Last week I delivered a series of exercises for a Bank in Portugal. One of the exercises was looking at how their IT development staff would manage an incident if they were to

How people behave in disasters…

Yesterday I attended a seminar on ‘Managing Community Cohesion After Major Terrorist Attacks’ at the Scottish Fire and Rescue Service Headquarters in Glasgow. There were lots of highlights, including a presentation on the use of social media during major incidents, a very frank talk on the issues of managing scenes and also the aftermath of the Lee Rigby murder. One of the items which caught my attention

President Trump… Do you have a plan?

This article was written on the 4 November 2016 prior to the USA election! This week I focuses my attention on the American election that is taking place next week, and its possible effect on our organisations.  My first thought was to title this bulletin, ‘President Trump…..What If…’, however I felt that this was inappropriate and falling into the same trap as many of

Work like an Egyptian…

This week I talk about my experience of working in any other country, providing lessons learned when dealing with different cultures and ways of working. These past two weeks, I have been in Egypt working for a building materials manufacturer, so I thought I would share some thoughts on my time here and the lessons I have learned.

Is the PPRS list fit for purpose?

This week I should be writing about the horrific bombing of the civilians in Aleppo or the unfolding tragedy in Haiti after Hurricane Matthew, but I thought we might bury our heads in the sand and talk about PPRS (People, Premises, Resources and Suppliers)! In teaching the Business Continuity Institute’s (BCI) “Good Practice Guidelines” (GPG), one of the points we stress

Zika revisited

I first wrote about the Zika virus earlier this year in January. In this week’s bulletin I revisit the subject, highlighting what Business Continuity Managers should be aware of within their organisations. This week I thought I would write about the Zika virus as you occasionally hear something about it in the news. As we in the UK are not

The extra 1% of Business Continuity

This week, I thought for this week’s bulletin we should celebrate our country’s success at the Olympics, and see if there is anything we can learn from it. Often as a fan of British sport, and especially Scottish sport, we have the ability to snatch defeat from the jaws of victory and we seemingly do well, and then fail

Increased Resilience – The Missing Strategy

This week I have been doing a lot of thinking about BIAs, so I thought I would write this week’s bulletin on a strategy I think is missing from the Business Continuity Institutes “Good Practice Guidelines” (GPG). At present according to the GPG there are seven strategies you can use to plan your recovery. These are: 1. Diverse

Cyber Incident Management

This week, I want to look at cyber incident management and share my thoughts on how the response to cyber incidnets can differ from managing other incidents. If you look at the internet there is not a lot of guidance and information on managing cyber incidents from an organisational point of view. There is a huge amount on the

Things fall apart…..

This week Charlie talks about some of the events that are happening in the world and provides his thoughts on the actions that BC professionals may want to take in response.  Even at the Tiree Music Festival last week, in between bands, visits to the bar and camping, I was trying find a minute to listen to the news. With Brexit

Selling Business Continuity to the C-Suite: Don’t!

This bulletin week Charlie talks about the importance of senior manager buy-in within business continuity.  In my last job before PlanB Consulting and Business Continuity Training, I was working for a consultancy in Perth. I worked closely with the organisation’s salesman and we were often on the road together selling business continuity. This salesman had sold everything to everyone

Is Kidnapping a Business Continuity Threat?

This bulletin was written before the Egypt air crash and may be the subject of next week’s bulletin. Our thoughts are with the families of the victims.  This week Charlie looks at kidnap as a business continuity threat after his recent travels. Last week I was in Monterrey in Mexico, and as it was my first time in Mexico, apart

Gaff or Crisis…

This week Charlie looks at the importance of ‘thinking before you speak’, especially when your words can affect your organisation and its reputation.  The former Mayor of London, Ken Livingstone, was suspended from the Labour Party earlier this week for making anti-Semitic comments. It got me thinking about how the words of senior managers can have a major affect on their organisation and its

Chinese supply chain risk…

This week Charlie looks at the importance of identifying succession within your supply chain.     I have spent a day working with a manufacturing client this week to provide some supply chain continuity management training. The majority of their products are built or partially built in China and then shipped to the UK for final assembly. During the training

The justification for business continuity…

This week Charlie discusses the justification for business continuity and provides some examples of where his work has improved organisational resilience.    The earthquake in Ecuador earlier this week has left me thinking about how many of the country’s businesses will survive and if many of them had business continuity plans in place? As quickly as details of the incident came

Blue Swans…..

This week Charlie talks about ‘black swan events’ and the possibility of ‘blue swans’ being out there within the world of Business Continuity.   We know that black swans exist so we should not be surprised if we come across one, although many of you, like me, have never seen one. In the same way there have been a couple

Brussels Attack – Same Old…?

This week Charlie talks about the Brussels Attack and thoughts on similar incidents.  This week’s bulletin has to be on the Brussels attack which to date has left at least 31 people killed, and 300 injured. In the news at the moment, further information is coming out about the attacks and the number of raids and arrests by

Is Business Continuity Missing a Trick?

This week Charlie talks about the links between business continuity and cyber security.  Yesterday I went to an excellent seminar, organised by the Scottish Business Resilience Centre, called ‘Trading Security for Business’. It was all about the threats to mobile devices and how to secure them. By the end of the day I felt I could do nothing else then

Business Continuity and ‘Emergency Response’

This week Charlie looks at the relationship between business continuity and emergency response. I have noted within LinkedIn forums, on Pulse, Continuity magazine and on various blog sites and portals that there is a gathering debate on whether business continuity is fit for purpose. Have changes in the threat landscape made it relevant and what direction should the profession take?

Jimmy Saville: Lessons Learned

This week Charlie looks at the report into Jimmy Savile’s activities at the BBC and highlights lessons learned. The leading item on the news this week is the publishing of Dame Janet Smith’s report into Jimmy Savile’s activities at the BBC. The report looks at where they missed opportunities to stop his criminal behaviour. I have looked at

Strikes and Continuity

Down tools everybody out…BC planning for strikes This week Charlie talks about strike action and the effect on Business Continuity. I have my own opinions on the current junior doctor strikes but I will keep them to myself! For many of us, strikes are not a large part of our work experience as we were not in post

Fire Exit Considerations

This week Charlie talks about fire practices and what people should take with them.  I have a favourite exercise ‘outside now’ which involves setting off a fire bell during a business continuity training session and taking students outside, as if they have just been evacuated due to a fire. Once outside we get them to consider the actions

DDoS Attacks: Better Safe than Sorry

DDoS attacks can be fatal for your business – learn to protect yourself This week Milena takes a look at the recent cyber attacks businesses increasingly suffer from.  DDoS attacks have recently been causing upheaval for many businesses. As some try to recover from the attacks and businesses become more aware of this threat, it is time to

Zika Virus Spreads

This week Charlie talks about the Zika virus and what you should be worried about as Business Continuity managers.  Although it is not headline news, there have been quite a few news items on the virus, its effect on pregnant women and its rapid spread through South America and the Caribbean. With a major outbreak occurring in Brazil at the

Culture impacts Business Continuity

The importance of culture when impacting Business Continuity This week I have been at a company in the Netherlands teaching the two day BCI Introduction to Business Continuity course.  The company, based in The Hague, is a subsidiary of a large Middle Eastern company. During the discussions and exercises I became very aware of how the culture of the company

2016 Incident Landscape: Changes and Challenges

Happy New Year to all our readers! There have been a number of incidents in the UK over Christmas and New Year which I think points towards changes in the incident landscape and new challenges for business continuity people. I think these changes are going to affect us in 2016 and for several years to come. The incidents continue.

Resilience – The difference between it and Business Continuity

This week saw the Commons vote by a large majority for British forces to start bombing Syria. Watching the news we didn’t have to wait very long before we heard that the bombing had started. As the coalition has been bombing ISIS for several months now, I am not sure how our contribution is going to make a

Why you need a notification system……

When I was the Business Continuity Manager at Scottish Power one of my roles was to ensure that I could contact staff in an emergency. This would typically be to either call out members of the incident teams, to tell staff to go to their work area recovery location, or to tell them to stay at home. To

Loss of Telecoms: their unexpected impact

Armageddon averted – the unexpected impact from loss of telecoms As we have seen from photographs there has been another huge rainstorm and more flooding in the Carlisle area. Invariably there will be some lessons learned which we can share from this, however I am not sure what else we can say in this blog about flooding. It

Paris attacks: how the BCM should respond

On the Friday night of the incident, I had the TV on all night and watched with horror as the death count rose and the full extent of the attacks was slowly revealed. The ongoing incident, and the manhunt for those who carried out and supported the attacks, is still going on. My first thoughts; why has this

Fool if you think its over……

Two items caught my eye in the news this week. The first was US and Scottish prosecutors have asked Libyan authorities for permission to interview the Libyan men, Mohammed Abouajela Masud and Abdullah al-Senussi, who they believe might have been involved in the Lockerbie bombing. The second was that I noticed the Volkswagen story was no longer being

Maximum Tolerable Period of Disruption (MTPD)

To celebrate Nadiya Hussain winning the ‘Great British Bake Off’ this week, I thought I would look at a way of explaining a ‘technical challenge’ to us business continuity people – the Maximum Tolerable Period of Disruption (MTPD). One of the key parts in the development of business continuity is identifying an organisation’s priority activities; which ones we need

Five Crisis Management Lessons from the VW Incident

With the VW response to the emissions scandal still headline news, I thought I would share some lessons I have identified from their response. 1.     Creeping crises are difficult to handle. In other bulletins we have talked about the difficulties of managing creeping crises. These are incidents which slowly build and suddenly reach tipping point when

A picture paints 1000 words……..

A single photograph taken during an incident can come to define the incident. The picture of Aylan Kurdi lying dead in the surf in Turkey, may come to define the refugee crisis taking place in Europe at present. Listening to some commentary on Radio 4 yesterday, they tried to explain why the picture was so powerful. The little

Ten lessons from a cyber attack response exercise

This week Charlie conducted a cyber attack as the scenario in a response exercise. Here are some lessons learnt from conducting the exercise. 1.     I don’t think you need to be an IT security expert to conduct a cyber attack exercise. The technical element of the exercise is done by IT, and if you are looking at the

Thoughts on the death of Cecil the Lion

I feel that we can’t let this week’s bulletin go by without commenting on the death of Cecil the lion, which has dominated the news and the social media this week. The story so far is that rich, white, American dentist (not usually a combination which evokes public sympathy), Dr Palmer, pays $50,000 to shoot a lion in

Lessons learned from conducting BIA’s in manufacturing

I have been talking about doing a Business Impact Analysis (BIA), on the building manufacturing plants in the Philippines, where I am presently working. Someone asked me why I was spending so much time developing the BIA template and planning the BIA workshop. Surely, ‘as a consultant you have a standard presentation and template which only needs to

Prevention is better than cure

Last weekend, the team working on the Philippines project I talked of last week, went off for the weekend to a resort island off the end of Cebu. We had an excellent weekend diving, swimming and chilling. On the way back our minibus was overtaking a line of cars and hit the edge of the curb, over-corrected and

Business Continuity in the Philippines

This week I am working in the Philippines, developing business continuity for a multinational building materials manufacturer. It is my first time here so I thought I would share some lessons learned from developing business continuity in a different country to my own; the United Kingdom. The first thing I have noticed is that Filipino people are much more

7/7 Lessons Learned

I thought this week with the 10th anniversary of 7/7 I would look back through one of the reports on the incident by the London Assembly (Report of the 7th July Review Committee) and highlight some of the learning points from the incident. If we can learn from incidents and improve our response, then something good has come

Planning for mass fatalities abroad – lessons learned from Tunisia

For this week’s bulletin I couldn’t leave unmentioned the horrific attack on holidaymakers in Tunisia, just over a week ago. I find myself struggling somewhat to know what to say on the attack and relate it meaningfully to business continuity due to the number of victims and the horror of the event. To call this a business continuity

19/0602015 Breaking Up Is Hard To Do…….

In my bulletin on 20 May 2012 I wrote about the possibility of Grexit (Greece leaving the euro), luckily this never happened. I thought as the negotiations between the European Union, International Monetary Fund (IMT) and Greece have stalled, we should revisit the subject in this bulletin. Greece has a large repayment to the IMF at the end

15/06/2015 Alton Towers Rollercoaster Crash

After commenting on so many organisations that get their crisis management wrong, it is refreshing to see an organisation which in the main have got their response to a serious incident right! The handling of the accident by Merlin Entertainments, the owners of Alton Towers, on the Smiler rollercoaster crash has not been quite but it has been

05/06/2015: The Dangers of Outsourcing

Thank you very much to all those who voted for me as the ‘BCI Industry Personality of the Year’ and congratulations to Dave Window who won!  This week I have been in Oman helping a retail organisation develop their business continuity. Having been in Dubai in the autumn and Oman at the moment, it got me thinking about

29/05/2015 The Beautiful Game…?

I don’t think I can write this bulletin without commenting on the arrest of the FIFA officials. I can admit when I heard about the arrests yesterday I did have a certain feeling of joy. There have been so many allegations of corruption swirling round the organisation but so far it has been ignored and it seems they

22/05/2015 Sorry Seems to be the Hardest Word

Occasionally in the news you hear a story and wonder how the organisation can get it so wrong when the solution seems so obvious. Thomas Cook’s handling of the deaths of Robert and Christianne Shepherd nine years ago is an example of a company which got its crisis management very, very wrong and caused major damage to its

08/05/2015 Implementing Business Continuity within Manufacturing

Yesterday Kim (fellow BC professional and wife) and I spent the day touring a cement plant. We did the whole end to end process from the quarry, where the raw materials come from, through to the cement bagging plant; this included a visit to all parts of the process in between. This was an orientation visit to a plant in the

01/05/2015 Why Do Incidents Occur?

Yesterday there was some good news from the Nepal earthquake in that two people were pulled out alive from the rubble five days after the earthquake struck Kathmandu and the surrounding area. The devastation seems immense and at the moment the death toll stands at 5,500. On the news last night, the rescue was shown and it was

27/04/2015 Beware The Creeping Crisis

This week Charlie discusses how crises can be avoided by acknowledging important events leading up to them and acting upon them before it’s too late.  The horrific situation we have seen as headline news over the last week is that of hundreds of migrants being drowned in the Mediterranean. The UN confirmed on 20th April that 800 people had

08/04/2015 How good are your Business Continuity Plans really?

Charlie Maclean-Bristol lists ten areas where many business continuity plans can be improved in. The article can be found at – Charlie’s list is as follows: 1. Scope. On many of the business continuity plans that I see it is not clear what the scope of the plan is. The name of the department may be on the front of the

02/04/2015 Does BC really manage the real risks to your organisation?

This week Charlie discusses the remit of a typical Business Continuity Manager. This week I noticed that there have been large power outages in Holland effecting Schiphol Airport and also it seems, half of Turkey. I feel at times these incidents happen to keep us business continuity managers in a job and remind our senior managers that we

27/03/2015 A Threat From Within

This week Charlie discusses the lessons learned from threats from within an organisation. My blog last month was ‘Beware the cuckoo in the nest!’ which talked about the danger of insider threat. On Wednesday I watched the news reports of the Germanwings aircraft crash in the French Alps. Like with all similar plane crashes there was a lot

19/03/2015 Recovering business reputation following a scandal

This week Charlie discusses the lessons learned from media scandals and how businesses should deal with similar incidents. I thought this week I would comment on an item in the news. The lead item in this lunchtime’s news (Monday 16th March) was the Police Watchdog investigation into alleged corruption in the Metropolitan Police, including claims it covered up child

Defining your RTOs (recovery time objectives)

This week Charlie highlights to Business Continuity Managers the importance of Recovery Time Objectives (RTOs). Defining the RTOs of your activities, I believe is one of the most critical activities the Business Continuity Manager will carry out. Get them wrong and the whole basis for your business continuity recovery is flawed. Often the RTO can be driven by internal politics

18/02/2015 Beware the cuckoo in the nest!

Last week I attended a conference organised by the Scottish Business Resilience Centre called “The cuckoo in the nest: Scotland’s first insider threat conference” and I thought I might share some of the points I learned in the conference. I think for us as business continuity people, we see the threat as coming from outside the organisation and all staff

10 BC Considerations for Severe Weather

This week, Charlie suggests some actions organisations may take to prepare for severe weather. With the severe snow and blizzards in the United States last week and also snow in Scotland, I thought I might put together some thoughts on the actions you could take in advance to plan for a heavy snow fall. As we are not

23/01/2015 How do BC Managers prepare for a terrorist attack?

This week Charlie discusses the recent terror attacks in France and what they mean to business continuity managers. The terrorist attacks in France last week remind us, if we need a reminder, of the dangers and impact of a terrorist attack. The attack on Charlie Hebdo and a Jewish supermarket were quite shocking and the large demonstrations in

12/11/2014 UK Power Supply Crisis

Charlie discusses how the UK power supply crisis could affect your organisation. A couple of weeks ago one of the lead stories in the news was the fire at Didcot B Power Station, a gas power station in the South of England. The station, which within the last couple of days has just been brought back on line,

06/10/2014 Creeping Ebola

This week Charlie discusses how the Ebola crisis is creeping up on all of us.  The situation in West Africa, with the on-going spread of Ebola, bears all the classic symptoms of a ‘creeping’ or ‘rising tide’ crisis. In Tally’s Handbook of Disaster and Emergency Management Principles and Practice (edited by Lakha & Moore, 2004) a rising tide crisis is described

26/09/2014 Can we learn about Business Continuity from the referendum

This week Charlie discusses the Scottish referendum results. I have written about Scottish independence before, but thought I would revisit the topic now that the referendum has been and gone. After a long and hard fought campaign, Scottish voters backed remaining in the union by 2,001,926 votes to 1,617,989. The result has prompted a lot of questions about

19/09/2014 Amplifying a Crisis

Charlie discusses managing a reputation crisis. Last week I was very busy training. First of all I did the two day ‘BIA’ course followed by the one day ‘Writing the Plan’ course, and then finally the two day ‘Crisis and Incident Management course”. We had some excellent people on the course and we all learned from each other.  During the

05/09/2014 The Importance of Debriefing

Charlie discusses how you can make the most of debriefs. Last week two items came together which reminded me of the importance of debriefing.  As an independent party, who was not involved or from the area of the incident, I was asked to debrief a major incident that a company had been involved in. Throughout last week the news was filled

22/08/2014 Using voice and data to manage incidents

Charlie discusses the use of smartphones during incidents. Use of voice and data to manage incidents This week I have been on the Isle of Coll (off the West Coast of Scotland) where there was much excitement at the building of a new mobile phone mast. It can now be seen from different parts of the island and is due

15/08/2014 Working with partners during incidents

Charlie discusses how you can co-operate with clients to achieve the best results. Today I have been training a client’s staff on how to manage an incident. We went through the initial response to the incident, dealing with the immediate aftermath. It was then on to invoking the plan and discussing what sort of incidents would cause it

07/08/2014 Ebola – Don’t Panic!

Charlie discusses the spread of the Ebola virus. The first death caused by Ebola outside Africa caught my eye this week, this was a Saudi national who had been visiting Sierra Leone. Over the last few months the number of deaths from the illness has been growing, infecting people from Guinea, Sierra Leone and Liberia. To date there have been 932

31/07/2014 What can we learn from flight MH17?

Charlie is back in the office this week and discusses the ill-fated Flight MH17. Looking at the pictures of the immediate aftermath of Flight MH17 was quite a shock to the system. Smouldering wreckage intermingled with the strewn personal possessions of those who died in the crash was uncomfortable to watch, particularly as the site was being ‘guarded’

03/07/2014 Seven deadly sins of business continuity plans

This week Charlie gives you some of the key styles to avoid when writing your plans. Last week I helped plan and deliver a workshop for the Scottish Continuity Group. The theme of the day was to give the delegates ideas of ways to improve their plans. Presentations were given on a number of aspects of planning – including short

18/06/2014 Dealing with mass fatalities

This week Charlie Maclean-Bristol discusses mass fatalities. Recently I went to an excellent seminar in Dundee organised by the Tayside Local Resilience Partnership titled “Managing responders needs during a mass fatalities incident”. The day was mainly aimed at the emergency services and the local authority, who would respond to an incident with mass casualties and discussed how to

03/06/2014 How to protect the unique…..

This week Charlie writes about protecting unique cultural artefacts.  This week’s bulletin is about an incident that is close to home for me. The historic Mackintosh Library, at the Glasgow School of Art, was gutted by fire. The blaze destroyed some extremely culturally significant artefacts, along with the artwork of students which was being readied for the end

22/04/2014 Say sorry…….like you mean it!!

The main story that has caught my eye recently was the resignation of Maria Miller, the Secretary of State for Culture, Media and Sport.  A political storm had been whipped up over her expenses, with Mrs Miller accused of funding a home for her parents at the expense of taxpayers. She was cleared of this allegation but told

22/04/2014 – Scottish Independence – For Better For Worse

Throughout Scotland, at the moment, all conversations seem to quite quickly move on to the topic of the independence debate. I was sitting in the lounge bar of the Coll Hotel, on the Island of Coll, and could hear a lively debate going on in the public bar. It was a measured conversation and good points were being

02/04/2014 Mystery of flight MH370

This week Charlie writes about the ill-fated Malaysian airliner flight MH370. I was putting off writing about this incident as I was waiting for this mystery to be solved. Although some progress has been made in the search, it seems that there are still more questions than answers. The sad truth is that we may never get to

27/03/14 How good are your business continuity plans?

Charlie Maclean-Bristol lists ten areas where many business continuity plans can be improved. Charlie’s list is as follows: 1. Scope. On many of the business continuity plans that I see it is not clear what the scope of the plan is. The name of the department may be on the front of the plan but it is not

14/03/14 Business Impact Analyses

The following article was published on the Microsoft website and written by Nick Saalfeld of Wells Park Communications. It’s been a sobering start to the year for many businesses. Much of the Somerset Levels is under water. Great swathes of lowland Britain is soggy, making travel difficult. The gorgeous town of Dawlish has had its railway washed away –

14/3/14 10 Items which should be in a BCP (and are often forgotten!)

1. Scope. On many of the plans I see it is not clear what the scope of the plan is. The name of the department may be on the front of the plan but it is not always obvious whether this is the whole of the department, which may cover many sites, or just the department based in

Weathering the storm – Dealing with a prolonged incident

All of us here in the UK, to a greater or lesser extent, have been affected by the high winds and flooding which seem to have continued relentlessly since Christmas. The last few days seem to have brought some quieter weather but I know there are still a number of flood warnings in place. Floods are not new

10 questions a BCM should ask about staff travelling abroad

One of the news stories that caught my eye this week was the kidnapping in Yemen. According to witnesses, the victim was about to step into his car in the capital Sana’a, when he was hit with the butt of a gun and dragged into a waiting vehicle. The incident happened just hours after three large explosions rocked

Lessons learned from ISO22301 Audit

A couple of weeks ago I was in Sweden with a technology company taking part in a Stage 2 audit for ISO22301 certification. It’s a beautiful country and I thoroughly enjoyed my time there. More importantly I learnt a great deal from the audit and the journey we took to ISO22301. 1.  The more I see organisations going for

Review of New ISO22301 Book by Dejan Kosutic

Review of “Becoming Resilient: The definitive guide to ISO22301 implementation” by Dejan Kosutic In an effort to sell their services, lots of consultants jump on the ISO 22301 bandwagon. However, if you ask them how many organisations they have taken to standard, their answers are a bit vague. For fear of sounding a little smug, I have taken three

Credit card details of 20 million South Koreans stolen!

I noticed this headline on the BBC website this week and it really stood out as a huge breach of security. The data was supposedly stolen by an IT contractor working for a company called the Korea Credit Bureau that produces credit scores.  It appears that he stole the names, social security numbers and credit card details of 20

Clutha police helicopter crash in Glasgow

Last Saturday I was on a night out in Glasgow when I saw the news unfold about a helicopter crash. It was at the Clutha pub, which was just half a mile away from where we were. It is now known that three of the crew lost their lives as did six people who were in the pub

CrypoLocker – It couldn’t possibly happen to you……

You stroll into work one morning without a care in the world, you fire up your computer, get yourself a coffee and then settle down to work. You decide the first task of the day is to finish the report you started yesterday and go to open the file you saved last night.  You find that the file

Worst case scenario….There is no such thing

This week there was a storm in the South of England called Storm St Jude, which killed four people and caused a swathe of damage. There was lots of warning before the storm and so most people made some preparation. The day after the storm I heard from one of our clients, who gleefully told us that he

A force of nature – some thoughts on Typhoon Haiyan

There is no bigger incident to comment on this week than the typhoon in the Philippines. Our thoughts go out to all those who have been affected by it and those who have lost loved ones. The devastation seems immense having seen the pictures on TV. As I watch the news it seems at last that aid is

Computer says no! NHS Glasgow computer outage

This week we have seen a textbook example of a business continuity issue making the mainstream news. NHS Greater Glasgow and Clyde had problems with its server which caused more than 700 patients’ appointments to be cancelled. With staff unable to access records and scans, treatments such as chemotherapy were called off. Staff were having to manually enter

Shutdowns and spiders! Grangemouth dispute

Two incidents have caught my eye this week. One is the closure of the Grangemouth petrochemical site in Scotland. The dispute centres around the owners Ineos claiming that they are losing £10m a month. They want to renegotiate the workers terms and conditions in order to turn around the lossmaking plant and make an investment of £300m to

Taking terrorism seriously – Kenya shopping centre attack

The news this week has been dominated by the horrific events that unfolded at the Nairobi Westgate Shopping Centre in Kenya. At least 72 people died, including many innocent civilians, as a result of a four-day siege by Islamist Militants. The building is now nothing but rubble after three of its floors collapsed following a blaze. Government forces

Greenpeace and Russia Clash in the Arctic

In the Southern Ocean everybody can hear you scream! This morning I heard a news item on the radio about Russia seizing the Greenpeace ship, Arctic Sunrise, which had been protesting about Russian oil drilling in the Arctic. The crew of 26 activists had been held at gunpoint and then detailed by Russian Security Officers… On the BBC

The missing link in the business continuity lifecycle

This week I thought I would discuss what I think is a missing part of the business continuity life cycle. It was brought home to me when I conducted some crisis management training on Monday and then again when I conducted a major exercise on Tuesday. The new business continuity life cycle starts with ‘analysis’ or understanding the

To Frack or Not To Frack?

Over the last couple of weeks I have been watching the protests in the UK at Balcombe. The protest group “No dash for gas” and an assortment of others are protesting against Cuadrillia’s rig which is carrying out frack test drilling. This response to ‘fracking’ and its’ dangers, (or not) seem to be polarized and passions on the subject are

KOSB Lays Up Its’ Colours

Last week, I went to an army reunion of the members of the Kings Own Scottish Borderers (KOSB) which was the infantry regiment I served with while in the regular army. The regiment was formed in 1689 and was amalgamated with the Royal Scots in 2006. The gathering was especially poignant for a number of reasons. It was

“Leaving On A Jet Plane”…..Oh Wait!

I’m on the Isle of Tiree waiting to put my daughter (9) on a plane to Glasgow; she has to return for a dentist appointment. I took a boat to Tiree to catch the plane. Between the boat arriving and the plane taking off, there was 30 minutes, which is tight even for a small island airport. Of

When Cloud Computing goes Wrong….

At a wedding last weekend, the woman sitting on my right told me a fascinating story about some of the perils of cloud computing, and an incident that she had been involved with. The story starts with a big push by the UK Government to save money by encouraging all departments, agencies and institutions to save money by

Pointed Fingers In Quebec

A small Canadian town was devastated last month by a train explosion which killed at least twenty people and left a further 30 missing, presumed dead. The accident happened when a runaway train, carrying 72 cars of crude oil, derailed and burst into flames in Lac-Megnatic in Quebec. The tragedy has had a catastrophic effect on the local

Sorry Seems To Be The Hardest word…..

I was on holiday recently taking advantage of the very good weather we were having in the UK. When you get hot sunny weather in Scotland you have to get out and take advantage of it! I almost missed the news about the horrific train crash in Canada, in which the train rolled down into the centre of the

Send in Eeyore!

Last month, the British Chancellor, George Osborne announced his spending review of Government spending in 2015-16. He had hoped to further reduce the deficit by economy growing and by collecting more taxes but instead has announced a further £11.5bn cut in government spending. Political commentators have been saying the Chancellor “didn’t think” when he took up office that

Smog In The City, A Travel Threat

This week’s news seems to be dominated worldwide by the ongoing protests in Turkey and Brazil. As we have discussed riots in the past, I thought this week we would talk about the smog in Singapore, which was brought to my attention whilst I was browsing round the BBC news website. The smog, caused by slash and burn in nearby Indonesia, has resulted in smog covering the

To ISO22301 or not to ISO22301

As most of you know this is the new International standard for business continuity which was published in May 2012. I have had a reasonable amount of experience with the standard having taken PlanB Consulting and a client, Water Direct, through the process of being awarded the standard. We are now helping a couple of other organisations through

Good Emergency Response . . . It Is Possible!

Last week, I missed the news that yet another cruise ship had set on fire – the Royal Caribbean ship, Grandeur of the Seas, had a fire in her stern and had to return to port. The cruise was subsequently abandoned.I was searching the internet and came across an excellent article in the web edition of “The Baltimore

You Can’t Win!

Highlighted in the news, was an article about BP asking David Cameron to raise the issue of the compensation that they were having to pay to companies for the Deep-Water Horizon disaster with the US government.BP are claiming that the compensation package is being abused, and that they may have to put aside more than the £5.2bn agreed in

A Tale Of Two Cities

There are two stories that I would like to write about today.  The stories are at either side of the Atlantic and have been dominating the news all week. In the USA, the news has been about the tornado, which hit Oklahoma and horrifyingly killed 24 people. In the UK, the news has been about the “terrorist” attack which

The Emperor’s New Clothes

The story that has been dominating the news this week was the release of the three women in the City of Cleveland.   They had been abducted and held captive for ten years! Their story is both joyous and truly disturbing. Joyous for the families who have their daughters back when they had given them up for dead.  It is

Burying Your Head In The Sand

At 8:25 pm on Friday 4 November 2011, 34 vehicles were involved in a pile-up on the northbound carriageway of the M5 Motorway in the UK (which runs from Birmingham to Exeter). Some vehicles exploded while many went up in flames. Fifty one people were injured and seven were later confirmed dead. Police investigations into the cause of

Planning is Everything

This week Charlie writes about major incidents in the UK and Abroad and our thoughts are with the victims and their families of all those affected by these major incidents. There are a number of news stories, which have caught my eye this week. The most horrific was the collapse of the garment factory in Bangladesh. To date,


This week Charlie writes about major incidents in the UK and USA and our thoughts are with the victims and their families of all those affected by these major incidents. This week has been a bad week for incidents in the UK and USA.  As I write this bulletin, the full devastation of the fertiliser factory in Texas

There’s nowt as queer as folk..

I haven’t yet started doing requests, but this week I was asked by my father to write on an incident that occurred in an organisation we are both involved with.  The organisation is a “gap year” organisation, which sends school leavers overseas for a year where they learn about another country.The incident involved one of the gap year students who

You’re on your own mate…………..

Last week I was telephoned by ‘Reporting Scotland’ (a Scottish TV programme) and asked to comment on the recent power loss situation in Arran and the Kintyre Peninsular, both situated on the west coast of Scotland. Last week they had a very heavy snowfall, causing snowdrifts of up to 5 feet in places and they also lost power. This was due

Spring Has Sprung…Or Has it?

This week winter returned to the United Kingdom and Europe. In the South of London  there were severe snow showers and an icy blast of cold air. Many motorists were trapped overnight in their car and public transport was disrupted. Across in Europe the Channel Islands closed their airports and the road networks were badly disrupted. Today the

Saints, Sinners and Scandals

The Cardinal O’Brien accusation, his confession and his removal from Scotland has been a major headline in the news over the last couple of weeks. The Cardinal was a high profile figure in Scotland and had many supporters. He had recently come to prominence outside church circles in speaking out strongly against gay marriage. About two weeks ago

Exercising Is Not Enough. . . .

A horrific image in the news this week was that of the Egyptian balloon which caught fire and plunged to the ground killing 19 of its passengers, only the pilot and one passenger survived. This week I have been on site with a client; we have been running a series of exercises and have been thinking about the

Don’t Push The Red Button . . . .

This week I have been asked to write about an item which you won’t have seen on the news. A “friend” who shall remain nameless (to protect the guilty) wanted to talk about an incident which occurred to him and which he thought was an instance, which business continuity managers could learn from.  My friend went to his

Fire On Board . . . . Where?

One story which has had very little reported about in the news this week was the Carnival Triumph. A cruise ship with 3200 passengers aboard in the Gulf of Mexico which had a fire in their engine room and caused a loss of ALL power to the ship, it took four days to tow the ship into shore,

Bonkers for Conkers!!

Health and safety within the UK has a bad name, it is often ridiculed in the tabloid papers and there is no shortage of stories about ridiculous decisions made, wrongly, in the name of health and safety. One of the oldest urban myths is that children have to wear safety equipment to play conkers.  For those of you

Algeria, A One Off Terrorist Attack?

I thought this week we should discuss somewhere a bit hotter than the weather we are experiencing in the UK at the moment. Most of the UK, except where I am based in Glasgow, is covered in thick snow and suffering all the results of snow such as power cuts, inability of some staff to get to work

Is It a Beef Burger? . . . .Nay

For the last 10 days in the UK one of the biggest stories in the news has been the finding of horse meat in a number of UK ‘beef’ products. Testing by the Irish government on a number of supermarket own brand burgers found traces of horse DNA and another burger was found to contain 30% horsemeat. The burgers

“Fight or Flight”…. Vauxhall Helicopter Crash

On Tuesday morning the main news item was a helicopter crash in central London which killed two people. It appears that the helicopter hit a crane in fog, exploded and then crashed on to the streets below narrowly missing the bulk of commuters on their way to work. A number of people were injured by flying debris and

Floods and fires…… as usual

Happy new year to all readers and I hope you had a good break. I suspect back to work for all of us and the Christmas break now seems a distant memory. In the UK the news over the Christmas period seems to be dominated by rain and yet more rain, inevitably followed by flooding. Transport seems one

Ceramic Tiles and Stainless Steel Kitchens!

This will be the last formal blog of the year! The news item which caught my eye at lunchtime on Thursday is the ongoing flooding causing so much disruption to various parts of the UK. Today’s report showed a terrace of houses in Whitby which have had their gardens washed away and now will have to be demolished.

Horizon Scanning

Yesterday the news was dominated by the killing of the Hamas Leader Ahmed al-Jabari in the Gaza Strip by an Israeli air strike. This was in response to rising tensions in the area after the Palestinians have fired a number of missiles into Israel. There have been a number of recent changes within the Middle East which make

Taking advantage of incidents?

The issue I would like to think about this week is how, as business continuity people, we should approach big disasters and what should our attitude be to them. If we are affected by the incident, then our job is simple, we implement our business continuity plan and hopefully we recover our organisation successfully. If we are not

The games are dead. Long live the games!

Earlier this week I went to a CSARN event in Glasgow on “The 2014 Commonwealth Games – the race for safety and security”. It’s aim was to look at the lessons learned from the Olympics and see how they applied to the Commonwealth Games. There were presentations from David Wilton Security Operations Manager for Glasgow 2014, Richard Tolley,

Freedom…or Not?

This week in the UK, Alex Salmond First Minister of Scotland and David Cameron UK Prime Minister signed a historic document which allows Scotland to have a referendum on whether Scotland should stay in the United Kingdom or should become an independent country. For us in Scotland this is a momentous decision and one of the most important

The sins of the past…

I was watching the news at lunchtime today and saw that Lance Armstrong has been stripped of his seven Tour de France wins and he has been accused of leading “the most sophisticated, professionalised and successful doping programme that sport has ever seen.” I am not a fan of cycling but I am aware of his name for

Managing Help During Incidents

The main story dominating the news in the UK this week is the abduction of April Jones, a 5 year old girl while out playing in the village of Machynlleth in Wales. Despite a huge effort by the Police and local volunteers they have still not found her. This is one of a parent’s worst nightmares, to have

RBS – Learning from incidents

Most of you couldn’t miss the RBS, Nat West and Ulster Bank ‘computer glitch’ over last weekend which led to many of their customers being unable to access their accounts and take money out. The papers were full of stories of people unable to buy houses and parents who couldn’t get money to feed their children. Also, there

G4S Appearances Count

I am not sure whether this news has reached international level, but in the United Kingdom the security company G4S has hit the headlines for their failure to deliver the 13,000 security guards it was contracted to provide at a cost of £280m during the Olympic Games.  Contingency plans have been invoked and 3,500 troops have been deployed

You’ll Never Walk Alone

I remember seeing the Hillsborough disaster on the television as it happened, but for me it was not one of those iconic moments when you remember exactly where you were when it happened. My two iconic moments when I remember exactly where I was are 9/11 and when Lady Di died! For those of you not familiar with

People in the recovery process

I was wandering around the BBC news website yesterday and came across the following headline “At least eight people have been killed in a car bombing in central Iraq, security officials and medics say”. Normally I would have thought nothing more of it as it seems to happen all the time in Iraq, and moved on to the

What can we trust?

I have always made the assumption that the mobile phone network was fairly robust and that we could rely on it to communicate during an incident. I generally put a caveat on use of mobile phones in the immediate aftermath of the incident because the system can very quickly become overloaded and then you cannot connect to the

PD 25111 – People in the plan

In my previous bulletin I promised that I would talk about some thoughts on the human aspects of business continuity and write a synopsis of PD 25111 which was published about a year ago. This document deals with the human elements in business continuity. As far as I can see the document is ok, but I do feel

Indian Power Failures

Most of you could not of fail to notice the two big power cuts in India this week, the second of which affected over 600 million people. I think for the most of us to picture such a situation is very difficult.  For many in India, especially the rural parts, they are used to being without power, this

It’s all about the planning…

Many of you, like myself, will have watched the Queens Diamond Jubilee River Pageant and seen the Royal barge and the 1000 accompanying ships pass down the Thames. Despite the terrible weather, and the fact the pageant over ran, the event finished without any unforeseen events. According to the reports, the entire event took 3 years to plan,

It Ain’t What You Do (It’s the Way That You Do It)

The 80s Fun Boy Three (with Bananarama) song could equally could have gone “it aint what you say it’s the way that you say it” and this in many cases is true, extreme views given in a calm, measured and a well structured way, seem almost sensible. In the same way senior managers during disasters have tried to

There’s A Riot Going On…

Last week there were riots in many Islamic counties targeting American institutions and organisations seen to be American. This week there has been anti Japanese’s riots in China. Although the cause has been different I think there are a number of similarities and lessons which could be learned which we as business continuity people should take into account

Terrorist Attacks

I noticed this week that the last fugitive of a cult who planned and carried out the Sarin gas attack in 1995 on the Tokyo underground has been captured. Katsuya Takahashi, a member of the Aum Shinrikyo doomsday cult, had been on the run since the attack which killed 13 people and injured 6,000. When we look at


Today I heard that a second victim had died of Legionella in Edinburgh. So far the total number of confirmed cases of Legionnaires’ disease has reached 41, and the number of suspected cases currently stands at 48. Sixteen water-cooling towers in the southwest of Edinburgh have been treated with a range of chemicals to kill any bacteria but

Right Wing Terrorism

The sentencing of Anders Breivik last week to 21 years in prison and the court finding him sane, reminds us that not all terrorists are linked to al-Qaeda and that right wing terrorism can be just as deadly. Breivik killed 77 people when he bombed central Oslo and then opened fire at an island youth camp. I was reading

Failure to plan is planning to fail

Those of you who have been watching the Olympics for the last couple of weeks cannot fail to have noticed the immerse amount and planning that must have gone on to make the games such a success. The doom-mongers prophesied terrorist attacks, transport chaos and a heroic British muddle through. Instead there was very little transport failure, noterrorist

0 Hours RTO

The Italian earthquake and the recent eruption of Mexico’s Popocatepetl volcano both show the sheer power of nature and that whatever measures we put in place to try and stop nature, our attempts can be quickly overwhelmed. Recently I have been working with an organisation which provides data centres. It is a business which, until now, I didn’t know very much about. The company provides the shell

“We are all Greeks” Shelley

In my bulletin on Thursday 20th October 2011, I wrote about the crisis in the eurozone and what actions the business continuity manager ought to take in response to such crises. My article said that during crisis events which affect the organisation from outside, the business continuity manager needs to have the incident room ready to go and should

Underpants Bomber

I heard in the news this week that the CIA had foiled an ‘underpants’ bomb plot which aimed to bring down an aeroplane. In the piece they were also talking about how Al-Qaeda in Yemen were getting more sophisticated in their bomb making, and that the Al-Qaeda as a whole appeared to be refocusing on attacking Western targets.

Mail terrorism

Over the last few days a total of 10 envelopes containing white powder have been sent to Michael R. Bloomberg and six banks in Manhattan. Following the Anthrax attacks in the USA in 2001, any envelope containing white powder causes mass disruption until the police can prove that is it not anthrax, such as in this case where

Google drive

Google has announced this week that they are going to compete with Dropbox and Sugersync by announcing their cloud storage system Google Drive. Many of us use these systems to share home files and photos with friends or a way of backing up our personal data. The system works well in that as soon as a file is

F1 Bahrain unrest

I am not a huge Formula 1 fan, rather than sit down and watch an F1 race on a Sunday afternoon, it is a sport which I follow from afar and roughly know what is happening. I was just reading an article in the “i” newspaper which put forward the idea that Formula One supremo Bernie Ecclestone should

Titanic anniversary

Most of you cannot fail to notice that it is the 100th anniversary of the Titanic sinking this weekend. This has produced a flurry of television programmes, the 3D version of the Titanic film and the anniversary cruise which is visiting the site of the wreck. I personally think that going on a cruise to the site of

Fuel crisis

I was just writing a bulletin about ghost ships (yes there is a relevance to business continuity!) but I thought I should write something on the possible fuel crisis. For those who are not aware of this potential incident, the tanker drivers in the UK who supply petrol stations have just voted to go on strike although no

Sabotaging your Plans

When I was in the army we learned about the Strategic Corporal. When fighting a war, especially an insurgency, it is often the actions of low ranking soldiers on the ground which can have a major impact on the campaign, especially when the battle is taking place in the media as well as the battlefield. The action of

Recovery from Incidents

As promised I will speak about the activities you carry out after an incident such as a fire. I tried to sneak in a bulletin about sabotage this week but have been firmly told that it has to be about the activities after the fire has been put out! Firstly after an incident you need to think who

Water shortage

I was amused to see that certain parts of England are looking like they will have to apply for drought orders as their reservoirs are half full. I was amused, as coming from Glasgow it has never seems to stop raining! Every time I come back by plane or train from England I am greeted by a wet


For many to see Rangers go into administration last week was a sad day. As we know football clubs are much more than businesses and much more than watching 22 men kick a ball around a park for 90 minutes; they come with large numbers of supporters who care passionately about the fortunes of their club. They feel

Is losing a manager a business continuity issue?

As most of us have probably heard the England Manager Fabio Capello resigned at the end of last week. The situation has been compounded by the Euro 2012 tournament which is taking place in June so this will disrupt the England’s team preparation for it. In business continuity terms is this a business continuity issue if CEO, Chief

Costa Concordia

This week’s bulletin has to be on the Costa Concordia sinking and I thought I would share the following 5 thoughts with you. 1. The ship had some of the most sophisticated navigation systems on any ship and she still hit the rocks. Does your business continuity plans take in to account human error, probably, but do they

PIP implants

What is the connection between silicone implants and business continuity? Although the story of the allegedly faulty PIP implants is not head line news at the moment there are some interesting business continuity lessons from it for all of us. For those who are not familiar with the story, a large number of cosmetic surgeons within Europe have

New Years thought – Be Prepared

Happy New Year to all readers I hope you had a good break and are raring to go for 2012! Over the Christmas break whilst staying on the Isle of Coll, which is a small island on the West coast of Scotland, I had a very good example of being prepared. During the holiday we had horrendous weather,

Business Continuity & The Olympics – is your organisation ready

I attended an excellent talk by Steve Yates at the Scottish Resilience Conference on Mondayand he was talking about business continuity and the Olympics. The big area he was stressing, was not how good the Olympics business continuity plans were, but whether businesses and public organisations are ready for the disruption caused by the Olympics. I personally thought

St Pauls Cathedral Protests

I have been following the Occupy movement protest at St Paul’s Cathedral in London (and round the world) with some interest as this is a type of Business Continuity incident which perhaps many have not thought about. Most would agree that the Church of England’s handling of the incident has been poor. The protestors are protesting about points

Learning from Incidents

I was sent an exercise report from a colleague in Shetland who had taken part in Exercise Sulla, an exercise looking at the response to an incident similar to the BP oil spill in the Gulf of Mexico. I am working on doing some incident training for the team which would respond to an incident. One of the

Counting the costs of the riots

I saw this headline on the online version of The Telegraph today (24th August) “UK retailers lost 30,000 trading hours due to riots” which they say equates to upwards of 1,250 trading days lost. When we are carrying out the business impact analysis stage of the business continuity lifecycle we are always trying to find calculations of how

The next incident is always the one we haven’t thought of…

“The next incident is always the one we haven’t thought of…’ I use this phrase during all my training and time and time again it proves to be true;  ash cloud, fuel crisis etc. Who would have thought that there would be rioting on the streets of United Kingdom. Dare I say this is the sort of thing

Some initial business continuity thoughts on the Japanese Earthquake

Whatever resilience you have within the organisation mother nature by sheer power can overwhelm them. Think about your supply chain – do any of you essential good come from Japan. They may come from the affected area or as there will be a shortage of power your supplier may be impacted by the lack of electricity. Business deals. I

The Definitive List of Exercise Scenarios

I put the following post on the Linkedin BCMIX  Group about a month ago. I asked readers to help me compile the definitive list of exercise scenarios. I have had about 50 replies so far. The list can be found at I have also put some information on what events the scenario is good for and the likely

Regus incident in Australia

Regus who claim to provide business continuity services let many of their customers down just before Christmas. Those who sell business continuity need to make sure that their own house is in order. See the full article at

Why resilience is important

I got this quote from an ICM press release. I think it explains the concept very well………… “The trend for resilience is being driven by a number of converging issues: speed of technology advancement; the increase cost of downtime; and evolution of instant (social) media. These three things mean that organizations can face potentially corporate reputation damaging incidents, without

Departments you need to involve to achieve BS25999

Achieving BS25999 needs to be a team effort and best use should be made of the skills you have within your organisation. Why develop business continuity training when you have a training department who could help you develop the training and has the capability to develop e-learning. The following are the departments, in additional to the operational departments you are recovering,

Lessons learned from first 6 months of implementing BS25999

The following are the learning points from a ‘Structured Debrief’ of the first 6 months of working with one of our clients as we approach the first audit. As we are starting working with another part of the organisation to achieve BS25999 it was important to learn the lessons before starting up a second project. Point learned to

Scroll to Top