CBI tells UK organisations to make business continuity a priority
CBI Director General Digby Jones urged firms to put a re-assessment of business risks at the top of their list of New Year resolutions.

"In a year that has seen mainland terrorism, a major incident at the UK's fifth largest oil and petrol distribution depot and natural disasters too numerous to mention across the globe, everyone in business needs to spend some time this January re-assessing their business risk,” said Digby Jones.

"In the immediate aftermath of any form of incident, continuity planning becomes something of a buzz word but it is increasingly clear that many firms still don't have the necessary plans in place. As New Year resolutions go, few things can be more important than ensuring your business has a future, whatever happens outside your door.

"Consider Buncefield, it was a miracle that no-one was killed, but more than anything it showed that the unexpected can happen at any time. Please - take a long, hard look at how you safeguard your workplace and employees. Make a conscious decision about what is right for the assets in your company. The preparations you make now could help your business survive a catastrophic event be it natural or man-made, continuity is vital and your customers will expect no less."
Source: Continuity Central

London’s SMEs must develop business continuity plans NOW…
The London Chamber of Commerce has called on directors of small and medium-sized businesses in the capital to respond to the heightened terrorist threat by implementing business continuity plans urgently.

The LCCI - which represents 3,500 predominately small businesses - says that up to 44 percent of small and medium-sized firms have no contingency plans in place and many of those that do, fail to communicate to their staff effectively about what needs to be done in the event of a major emergency incident.

The LCCI is therefore publishing a directors' briefing - drawn-up by members with expertise in the security and business continuity sectors - which details a practical programme which small firms can put in place immediately to improve their preparedness.

The document ‘Crisis management and business continuity planning: a programme for business survival’ includes specific measures which have been drawn-up to counter the changed circumstances since the attacks of 7 th July.

"The chronic lack of preparedness on the part of small and medium-sized firms is the greatest avoidable threat in the capital today," said LCCI president Michael Cassidy. "Directors owe it to themselves, their employees and other firms in the supply chain which depend on them to take action now."

"On 7/7 a number of firms in the capital ran out of food and drinking water because their entire staff were confined to the premises all day. Firms therefore need to make sure they are adequately provisioned in this respect, especially as their premises may fall within an exclusion zone and their staff be forced to remain in situ for two or three days in a worst case scenario."

"Directors should identify an alternative temporary business site which is located well away form the main building. It is imperative that the secondary location is not served exclusively by the same utility companies or communication company as the primary location."

"Small companies should also consider conducting background checks on employees and periodically checking anyone with access to sensitive information."

"We would also urge small companies actively to approach larger organisations based nearby to act as a 'buddy': that is, the more extensive resources of the larger firm would help their smaller neighbour stay afloat in the aftermath of a serious disruption to business."
Source: Continuity Central

Scottish businesses not doing enough to guard against terrorist attacks
Scottish companies will be urged to do more in order to safeguard their businesses against the threat of a terrorist attack at today’s [8 September]Resilient Community Exercise which has been organised by the Scottish Continuity Group.

Emergency services and local organisations including Tayside Police and Scotland Online are joining forces at the event, which is being held in Dundee, to stress the importance of business continuity planning and outline what steps should be taken to ensure that a company can continue to trade in the event of a disaster.

In a press release to highlight the event, Alan Dawson, a board member of the Scottish Continuity Group and business continuity development manager at Scotland Online, explained why there is concern that not enough companies in Scotland are investing in business continuity. He states:

“Business continuity planning should be an important consideration for any organisation but too many companies in Scotland are just not doing enough and are leaving themselves exposed.

“Terrorism is not the only threat facing businesses today, a gas-leak or flood, a burglary or simple vandalism could seriously affect the day-to-day running of a company and if effective back-up systems are not in place then companies will lose trade.

“Some may even be unable to continue in business after such an interruption, especially if cash flow is tight, and if they have not legislated for unexpected contingencies.

“Many cite cost as a reason for not implementing a disaster recovery plan, but more often than not all it takes is simple common sense, such as backing-up your files on a daily basis and storing them in a secure location off-site.

“What we are trying to do through the Resilient Community Exercise is to create awareness amongst both public and private sector organisations, of the importance of having such plans and providing them with the know-how on how to shape them.”

Chief Constable of Tayside Police, John Vine, supports Mr Dawson’s comments, saying: “Planning is everything. Terrorism planning, protecting employees as well as business information and facilities, needs to be taken seriously by senior management and boards of directors.

“Building a secure business is not just about supply and demand. It is about the protection and prevention measures that you can put in place against crime, the consequences of a natural disaster, electronic attack, acts of terrorism and other events that would have an impact on your business.

“Businesses can do much to reduce vulnerabilities by taking time to review their preparedness to deal with emergencies and put simple and often inexpensive security measures in place. From the basics of identifying where your business is vulnerable to making sure you have suitable IT security such as passwords and making sure your key suppliers have plans in place to continue business if they are the ones affected.”
Source: Continuity Central

MI5 director-general tells companies to invest in business continuity
Eliza Manningham-Buller, the director-general of MI5 has told UK businesses that the most effective thing they can do to protect themselves against terrorism is to develop a simple but effective continuity plan and to ensure that business continuity plans are considered at board level not ‘left to specialists’.

Manningham-Buller was speaking at a session on security at the CBI annual conference. She warned businesses that terrorism is still a ‘serious and sustained threat’ to the UK and that firms should not become complacent.

The full text of the director-general’s speech is below (verbatim):

Ladies and Gentlemen, I would like to begin by thanking John Sunderland and Digby Jones for their invitation to speak to you this afternoon. I am delighted to be here to introduce your session focusing on security. I believe this is the first occasion that security has been on the agenda at a CBI Conference. I have come here today to get across two things: what the threat from international terrorism is and what you as leaders of British industry should do about it, and how my Service can support you in that.

First the threat. There is a serious and sustained threat of terrorist attacks against UK interests at home and abroad, including against the business community. There might be major attacks like Madrid earlier this year. They might be on a smaller scale. The terrorists are inventive, adaptable and patient; their planning includes a wide range of methods to attack us. Many senior Al Qaida figures have been killed or arrested since 9/11 but, although the organisation has been damaged, it retains the capability to mount terrorist attacks on Western interests. Moreover the international terrorist threat manifests itself in other forms which are as challenging. “Al Qaida” has become shorthand for other terrorist groups or networks that, inspired by Al Qaida’s successes, and in imitation of it, are now planning attacks against Western interests.

There may be people here who doubt this description of the threat or perhaps question the language used to describe its scale. It is right to ask questions and challenge assumptions. Indeed it is necessary to do so. We need to continue to check our judgement of a threat that is shifting and evolving. But I would urge you to consider the events of 9/11, in Bali, in Istanbul, in Madrid. Be under no illusion. The threat is real and here and affects us all.

I am often asked why there have been no attacks in the UK since 9/11, an entirely reasonable question. Part of the answer is the effectiveness of the UK’s counter-terrorist response and the great increase in international co-operation and exchange of intelligence. Following operations involving my Service, the police and many other partners, plots have been disrupted and terrorist suspects arrested in the UK. A significant number of those arrested have been charged with serious terrorist offences. They will appear before the Courts in due course.

Other reasons include the steps taken by the Government to make it harder for terrorists to operate in the UK and the part played by everyone, business included, in reducing our vulnerability to terrorist attacks by protecting ourselves better. Responding to the threat has not been easy and difficult judgements have to be made. Balancing liberty against security is perhaps the most difficult of them. But stopping an atrocity is only one aspect of the challenges we face. Across the UK, private companies are working with the Service and the police to increase resilience and strengthen the capability of the private sector to stay in business in the face of threats or actual attacks.

This is where I come to my second message, your role. As I have just said, progress has been made in reducing our national vulnerabilities – there have been definite improvements – but I worry that, against the background of no attacks here, we risk becoming complacent. So my message is to broaden your thinking about security issues. A narrow definition of corporate security including the threats of crime and fraud should be widened to include terrorism and the threat of electronic attack. In the same way that health and safety and compliance have become part of the business agenda, so should a broad understanding of security, and considering it should be an integral and permanent part of your planning and Statements of Internal Control; do not allow it to be left to specialists. Ask them to report to you what they are doing to identify and protect your key assets, including your people.

I am often asked what single piece of advice I can recommend that would be most helpful to the business community. My answer is a simple, but effective, business continuity plan that is regularly reviewed and tested. Many of you already have sophisticated business continuity plans in place. Indeed this is one of the areas in which the private sector, rather than the public sector, sets best practice and from which government and others can learn, but do you all have such plans and have you considered them at Board level?

And where do we, the Security Service, fit in? Those of you who only know us from fiction may imagine that the only role of the Security Service is to pursue terrorists, spies and serious criminals. We certainly do that (this is exciting and rewarding work, though not quite in the way that it is presented in fiction) but we also give advice, based on our inside knowledge of the intelligence on the threat. Some of you here today will be familiar with our long established role in providing security advice to a selected range of customers. In the last twenty years, alongside the advice we provide to government, we have increasingly given security advice to some of the private sector. In the past that has been to the sectors of the business community that form the UK’s key national assets, known as the Critical National Infrastructure. Our advice is based on access to all intelligence available to the UK. It is formulated by experts who, supported by an extensive programme of scientific research and development funded by Government and shared with close allies overseas; are well equipped to access the best practice for others.

But that is not enough and reaches too few of you. To support your judgements and you and your employees’ security, we have recognised the need to make you better informed about the nature of the terrorist threat and what practical steps can be taken to protect your business. The MI5 website(www.mi5.gov.uk) has been redeveloped for that purpose and you can also access it through a link on the main CBI website.

This is a first step. There is, of course, more for my Service to do to make useful material about terrorism available to you and your companies. Further initiatives can be expected and improved generic advice made more widely available. The CBI is helping us with this. We need your help channelled through them in identifying where we can best help you. The CBI Business Security Survey will contribute to that process. Specialist effort will continue to be focussed on the critical services but we recognise the demand for advice and information in the wider business community and are working hard to respond to it.

So in sum: the threat is current and real; it affects us all and you, supported by us, have a key role to play.
Source: Continuity Central