• 20 August 2022, 01:33 AM

Category Archives: Workplace Recovery

Covid-19 – Home Working v Workplace Recovery

The covid-19 pandemic was/is not a ‘normal’ disaster; a normal disaster generally affects a single company whereby it is left unable to trade (normally) and amongst other things, faces loss to its competitors.   Covid-19 affected the majority of businesses and thus competitors were also closed or subject to equally disruptive service offerings. There was hence no benefit to look for alternatives – none were available.

Home working whilst popular is beginning to show its foibles.  De-centralised working in terms of technology alone is hugely problematic and requires significant and continued investment and management;  The social aspect is the subject matter of many professional scholars with numerous articles circulating; Those relating to BC focus on the cost comparison of the increased HR + IT requirement against  that of an out-sourced BC contract;  a quote taken from a recent media posting provides a view:  “Each home has its differences, each person has their differences. Combine the two and multiply by the additional tasks needed per ‘home-working-employee’ and there you have an immense management requirement which continues almost infinitum. Each house move, each home improvement, each new employee, necessitates some employer involvement.  Even in times of economic calm, the involvement is likely to cause constant grief for the employer, throw in an unforeseen event, when it is critical that differences make no difference, and the potential for business damaging mayhem is all too apparent”

Other studies have focused on well-being and in particular mental health issues brought about by isolation which is widely publicised as being on the increase.  Managing such issues in a centralised office is demanding enough but doing so on a widespread campus of decentralised home workers is fraught with complexities for which the employer is responsible and liable. Again, the problems of management become magnified when dealing with a company-wide crisis brought about by an unforeseen event.

Lockdown closed/disrupted 99% of businesses.  Everyone became frustratingly patient – but this was because they had no choice;  In a ‘normal’ crisis – where only one or a few businesses are affected – the ‘frustratingly patient’ person no longer remains ‘as patient’ – why? Because there is choice; The businesses that are closed, risk losing business to those that are open.  This is evident when seeking to buy something as simple as a sandwich; if your normal sandwich shop is closed, you’ll go elsewhere – you won’t wait.

In a ‘normal’ crisis the first few days, leading up to the first few weeks are critical.  Decentralise people with decentralised systems and there lays a good recipe for disaster. Essentially decentralising anything creates additional tasks; and no matter how much automation or planning is engaged, it is extremely unlikely the overall tasks will ever be less or even close to those of a centralised version or error free.  Keeping tasks to a minimum (and simple) in a crisis is paramount to success. Ideally the task is singular – invoke contract and carry on with business (as normal).   Centralising as much as possible is absolutely key to a smooth transition from normal-to-crisis-to-normal.

DSM’s view:  Home working is an essential BC tool – it’s one spanner of a set – however, it isn’t a spanner that fits all. Try to make it fit all and serious damage may result.

Please note: All DSM’s positions are in-line with current UK government & WHO guidelines on Social Distancing.

Top Tips For Business Continuity Management

The why and how of introducing a Business Continuity Management strategy
Business Continuity involves building resilience in your organisation by identifying its key products and services and the critical activities that underpin them, then devising strategies so that you can trade through a disruption and recover afterwards.
Most organisations recognise that they should have a Business Continuity plan in place but see it as too expensive and time consuming to address, however this doesn’t have to be the case.
The benefits of introducing continuity awareness within the company far outweigh the risks associated with just hoping bad things won’t happen (although statistically they will!). Companies are looking ever more carefully at their supply chain to identify potential weaknesses and are asking for evidence of a documented and tested strategy to prove service level agreements can be maintained in any event.
The biggest mistake is trying to do the whole process in one fell swoop which, if ever completed, is likely to be a huge document that is put on a shelf and ignored for a few years. By breaking the process down into simple manageable phases where you can tick off the “quick wins” and demonstrate progress you introduce a culture of ongoing review; it is vitally important to constantly update your recovery plans in line with business growth and operational changes.
 
Top tips for Business Continuity Management:
 

  1. Carry out regular risk assessments and take steps to eliminate, or at least minimise, potential threats to the operation of your business.
  1. Consider possible scenarios and analyse their impact on your business – forewarned is forearmed.
  1. Compile an action plan of what should be done in order to maintain Business As Usual in any event. Put formal contracts in place which will enable fast recovery of vital operations.
  1. Document key business processes and ensure no critical activities can be done only by a single individual.
  1. Review the resilience of your suppliers and their capability to meet Service Level Agreements. Consider multiple sourcing to reduce reliance on a single supplier.
  1. Protect your company information and ensure it can be accessed or rapidly restored in any event without compromising on security.
  1. Carry out regular tests to prove you can continue to function should you lose access to your premises or vital services, or in the worst case, your entire business environment.
  1. Encourage all employees to get involved with the preparation and testing of Business Continuity plans so they buy in to the importance of keeping your business alive.

To discuss your Business Continuity strategy further please contact us.
 
 
 

Reality remains in the office

Working from home – the new normal or the new risk?

So, working from home is the new normal – right? We’ll never go to the office again – really?  The kitchen worktop or the chest of drawers in the spare bedroom makes for a great office – yes?  The kids screaming– isn’t an issue, the cat/dog pawing at your leg doesn’t intrude on your train of thought or interrupt the flow of the important client meeting on Zoom or Teams?  All is sweet then – carry on!

If you’re fortunate to have an office at home you may be spared some of these intrusions….  but note….. it’s an ‘office’.  For most, the home ‘office’ is a ‘make do’.  ‘Make do’s are either a pain or a novelty that eventually become a pain.  ‘Make do’ spaces are often a borrowed resource with such borrowing sometimes lasting only minutes.

The current crisis is sure to bring about some changes but, is going to the ‘real’ office a thing of the past?  For many reasons, we think it unlikely – although for sure, on the back of the novelty factor, the ‘we-can-work-from-home’ brigade , which range from those counting the pennies (believing it will save a fortune) to those with imaginations of a paradise, will strive to prove it is the new normal.

So why do we think the ‘real’ office is still here for a while longer……

Well for one, the majority of businesses are technically not ready.  Cyber criminals, though, are very ready!  The ‘real office’ may be well firewalled but, the likelihood of this extending to the home office, is small.  Wrapped within pages of GDPR legislation, businesses have many legal obligations for securing  data – especially that which is personal.  Aside the possibility of all company data being encrypted and ransoms demanded, those that flout the regulations can be heavily fined and Directors held accountable.    Home working – is it the new normal or is it the new  risk – a very big risk!

 

 

 

 

 

Disaster Recovery Testing – Will Your Plan work?

Disaster Recovery has become tougher due to ever-changing virtual environments.

Being able to recover from a disaster is consistently a top priority for IT managers. They’re constantly looking for ways to protect more applications, and to do it more economically with less downtime. But even with sustained investment, there’s still an alarming lack of confidence in how well these processes will perform when a real disaster event occurs.

One of the most ambitious projects an IT department will ever embark on is the creation of a Disaster Recovery (DR) plan. But IT professionals need to understand that creating the plan is only the first step in the process. No matter how carefully crafted it is, a DR plan has no value if it doesn’t work when needed or if only a subset of the protected data can be recovered and recreated. It’s important to understand that in addition to developing an adequate DR plan, a strictly adhered to change control process must be implemented so that changes in the environment can be reflected in the plan. Yet the reality of the modern data center is that change typically happens too fast for a change control process to keep up with it. Even if change control is adhered to most of the time, one small misstep or slip up can result in recovery failure.

Four Disaster Recovery monitoring must-haves:

  • Environment awareness. Disaster Recovery tools must go beyond application awareness and understand the environment so that changes to the application’s specific environment are detected and reported.
  • Hardware and software independence. DR monitoring should work across a variety of applications and storage hardware to analyze for inconsistencies.
  • Monitoring only. DR tools don’t have to actually move data — there are numerous hardware and software vendor products that do that. DR monitoring should therefore complement those solutions, not compete with them.
  • Work from a knowledgebase. DR shouldn’t depend on collecting information from devices for information. Organisations should develop their own list of best practices that’s used to check for DR gaps.

The proof is in the testing

Disaster Recovery plan testing is critical to identifying changes in the environment so that the plan can be updated or modified to include any new situations and to accommodate any altered conditions. Despite the importance of DR plan testing, full-scale tests can only be done periodically because they’re time consuming and often expensive to conduct. In reality, partial testing is more likely with a quarterly frequency at best; many businesses only do a full-scale test once a year.

Many businesses also have the added burden of multiple locations coupled with legal or compliance regulations. That means each location should conduct its own standalone DR test, This can potentially make the gaps between various DR sites and the primary site even greater.

The problem is that in between DR tests, many configuration changes take place. As a result, IT planners are looking for ways to monitor and validate their disaster readiness in between full-scale tests. DR monitoring tools are able to audit processes such as clustering and replication to ensure these systems capture all the data they need and store the redundant data copies correctly.

Configuration is the root of the problem

When a Disaster Recovery process like replication is first implemented, it’s installed into a known, static application state. The volumes have all been created and configured, and they can be easily identified by the replication application so that it can protect them. But as the application evolves, new volumes may be added so that more host servers can be supported. Or perhaps a volume gets moved to a different storage system so that performance can be improved, such as moving log files to an all-flash array. These additions or changes are often not reported to the IT personnel in charge of the disaster recovery process and, consequently, are left out of the protection process.

The configuration changes will typically be discovered during the next DR test and can be corrected then. But if a disaster occurs before the next scheduled test, data loss is likely to occur, as well as a failure to return the application to proper operation. In other words, every time a configuration change is made to an application, a DR test should be planned to make sure all the changes have been mapped into the DR process. In the real world, however, most IT budgets can’t support the expense of such frequent DR tests, and the IT staff is stretched far too thin to execute tests so frequently.

The bottom line

DR planning is never a one-time event; it’s a constant process that has to keep up with evolving service-level agreements and changes in environment. Given the realities of a rapidly changing business, it’s almost impossible for change control processes to keep up, and it’s equally difficult to conduct DR tests with enough frequency to be meaningful. As a result, most companies, especially large enterprises, should consider disaster recovery monitoring and outsourcing of the day to day processes.

For more information or to discuss your DR requirements further please contact us.

Workplace Recovery Suite

5 things to consider in a workplace recovery plan

A workplace recovery plan will build resilience into your business, and prove to your staff and clients that you’re serious about keeping your business alive in the event of a disaster.

But what does a good plan look like? Here are five important factors you should consider:

  1. 24/7 access

A business continuity workarea recovery site which isn’t accessible 24 hours a day is something you want to avoid. While it’s easy enough to find a site that you can access during normal working hours, you should also consider the wider impact of a disaster scenario. You may, for example, need to use the disaster recovery (DR) site out of hours during a disruptive incident. Moving kit and people in the early hours is hard enough without the added issues of access.

  1. Facilities

When disaster strikes it’s easy to get caught up in the bigger picture and forget about the everyday resources your office needs to function. We’re not talking about servers and desktops but the smaller items that make life easier – like cables, phone chargers and even stationery – as well as a way of storing them.
The presence of local amenities and accommodation are also easily overlooked, but could be of great significance to you and your staff if you have to stay at the site for many weeks.

  1. Staff support

The top priority for most firms is the well-being of their staff. This was confirmed in a recent survey carried out by the Business Continuity Institute (BCI), which found that 90% of practitioners put staff safety before other factors, such as security of critical data, customer support and productivity.
Having a team of professionals at hand who can deliver a smooth transition for your business when you most need it is invaluable. Your workplace recovery provider should be committed to making your move into a backup office location as easy and uncomplicated as possible, especially during the initial stages following an incident.

  1. Security and privacy

In an ideal world you’d want your business continuity work area to be a replica of your current office. Of course, this isn’t always possible – which is why it’s important to concentrate on your core requirements. One such requirement may be a high level of security and privacy. For example, if you’re working with sensitive or regulated data you may decide that a shared space is simply out of the question for your business.

  1. Scalability

Many companies make the mistake of not thinking ahead; it’s important to consider your medium and long-term needs, not just the must-haves in the aftermath of an unexpected event.
Depending on issues such as permanent damage to your original premises, you may find that you need to stay in your backup site for longer than originally anticipated and that your requirements change over time.
Your plan should therefore include details on how many workplace recovery positions you require in a disaster scenario over a period of time, as well as how long you can reside there