By Gary Appleby, AMBCI

Having only been working in this area on a full-time basis for approximately six months, I think I have come a long way from the amount of knowledge I have learnt from my peers within the group I work with.

My first encounter with Business Continuity came shortly after the 11 th September attacks in New York , when my then manager came to me and asked if I could put together a business continuity plan. “Easy” thought I, and I proceeded to compile a document, which at the time I thought was a fantastic piece of work. It had all the elements that a plan should have, processes entailing what do to in the event of a major incident, escalation routes and even an emergency control room. All of which I had come up with after looking on the internet. There was also input from other technical groups when we compared each other’s plans to see where we could improve; however from what I know now these were actually Disaster Recovery plans.

Though I did do what I thought of as a risk analysis, Business Impact Analysis and threat analysis, from what I know now, and in hindsight, they were very thin documents indeed.

I believe my attempts to provide a semblance of business continuity brought me to the attention of my present manager, whose perseverance eventually managed to bring me into his team. My initial baptism of fire was to transform the current BC solution into line with a new contractual agreement in which the ITIL processes are at the very core of the whole business solution. This was a very hectic time and a steep learning curve: not only was I the new kid on the block, having to learn new workings of the account, but everyone was having to work to tight deadlines. If I am honest with myself, during this period I did not learn as much as I should have; I cannot blame anyone for this, just circumstances proving to be difficult.

Following this, I was asked (under the supervision of other members of the practice) to carry-out my first BIA and threat/risk assessment for a new building and account that was based in North Tyneside . Thus armed with a threat assessment that had been previously been created for another building, I spent many hours interviewing staff, trawling through the internet looking at everything from mine workings and chemical threats to military bases and airports in the area. I spent ages talking to other members of the team, and I would advise anyone who is new to this game to ask questions even if they may seem stupid at the time. The chances are, they have already been asked before, but you never know, you could be the first to actually to ask, and you may highlight an issue that no-one has spotted before.

Within the practice we constantly send our documents to other team members, not only to ensure that some item has not been missed out, but more importantly to ensure that the documents we produce are a quality controlled product. So having completed the document, (all 57 pages), pleased as punch I sent it to my colleagues for the quality procedure. Having never done this before and not knowing what to expect, the comments sheets were returned. My first reaction to them when I opened the sheets cannot be written here, needless to say, I was not best pleased. To me, some of the comments were downright picky, however, this process has been one of the learning tools that I think has really helped me. Not only has it made me type more slowly, it has actually forced me to think before I type, most importantly by reading documents written by other team members, which help me to get an even greater insight into the account. Though I still get comments returned, I am pleased to say that these are miniscule compared to the first time, and the best part is that people who have been doing this for a long time can also still make mistakes.

It has not been all plain sailing. I have on occasion found it hard to extract information from other business group managers, many of whom are of the opinion that BC is only important when it all goes wrong, but thankfully with the support of the team these problems have all but vanished.

I am now at the stage where I feel I can actually go out and do this by myself, safe in the knowledge that I actually know what I am talking about and that I have an excellent group of people willing to help and support me.

Though six months have passed, I am still learning, and for anyone like me who is relatively new to Business Continuity, I would say: please do not be afraid to ask questions, and if you are still not sure keep asking until you do!