Here are a few thoughts on the article Business Continuity Planning: A Comprenhensive Approach by Virginia Cerulla and Michael J. Cerullo (www.ism-journal.com, Summer 2004)

• The authors distinguish clearly between BCP and disaster contingency recovery planning (DCRP). This distinction is critical - telework at its best is a risk mitigation strategy so that business can continue uninterrupted in the event of a disaster. It will have limited success if organizations think they can rely on it as a DCRP strategy. Can you imagine trying to get all your employees up and running from home after a local disaster? It simply wouldn't happen.
  
• Survey results say that businesses are more concerned about cyber attacks than about physical attacks. That explains in part the reluctance of larger businesses to open ports and other potential security holes to allow video through; the other part of the explanation is that the organization's local area network isn't able to support the bandwidth required. There are plenty of solutions available to solve the second problem (fiber to the desktop is one), while the first is a bit more difficult. Vendors and standards organizations are working on this.
  
• The federal government evaluates the comparable risks of cyber attacks and physical attacks differently, especially in the "target rich" DC area. All organizations have to stop thinking that they must decide between the two, and start insisting on improvements to both. Remote work technologies and cybersecurity can coexist, and must coexist, to most effectively protect themselves.
  
• Remote work reduces risks for physical terrorist attacks and also for other physical disruptions to the daily commute. While the first is rare but potentially extreme, the second is very common, if you include snow storms, major highway accidents, tractors in reflecting pools, and the like. These aren't typically disasterous enough to include in BCP - organizations would likely consider their affects just a part of doing business, but they are one of the biggest drivers for situational telework, a practice that is becoming more common each year.

The authors conclude that, even after 9/11 terrorist attacks in the New York, "based on an analysis of data reported in several major published surveys, many of the existing BCPs are seriously deficient and outdated, as they do not address many of today's major risks of business systems interruption."

To this I'll add: that the consultants and advisors that help develop and evaluate these plans need to update their risk reduction toolset as well.

4:15:46 PM    
comment []  trackback []

Outsourcing Makes It a Small World After All by Dan Muse (SmallBusinessComputing, June 11, 2004) is primarily about how small firms can easily jump into the outsourcing craze using an online resource to identify contractors, who may be anywhere in the world.

Beerud Sheth, vice president, Business Development at Elance.com, 'estimates there are 400,000 small- to mid-size Web and IT services firms in the U.S. alone.' Elance.com's firms tend to charge 40 to 80 percent of what traditional firms would cost, since many of them are small businesses or freelancers with very low overhead. 'Many of those businesses may have resulted from jobs being sent overseas. "They flipped the trend and made it an opportunity," said Sheth, adding who also sees a trend which he calls "reverse outsourcing." 'That is, international companies are outsourcing their IT functions to small U.S.-based businesses.'

2:40:45 PM    
comment []  trackback []