Business Continuity Planning – Advice from CPNI.GOV.UK

This article has been shared from the UK governments Centre for the Protection of National Infrastructure (CPNI) – the website is full of advice as to how businesses can better prepare for a disaster. Find out more at http://www.cpni.gov.uk/

Business continuity planning

Article Summary

The Business Continuity Plan (BCP) is an essential part of any organisation’s response planning. It sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterwards.

A BCP need not be specific to terrorist incidents and apply to any major disruption such as a major fire, flooding or power fault.

The plan itself sets out the agreed arrangements for bringing events under control, the necessary resources for maintaining critical business functions and the staff required for co-ordinating actions.

It also needs to be clearly presented, avoiding vague internal references and abbreviations, and structured in such a way that people can quickly find and understand what is expected from them.

A wide range of advice for developing and maintaining BCPs is available but the following is a summary of common principles:

Understanding the business

The first step is to identify the assets and processes that are critical to the business, some may have been identified during recent risk assessment exercises.

  • Which roles and individuals are vital for fulfilling business commitments?
  • What equipment, IT, transport etc will staff need to maintain operations?
  • How long can the business function before full operations are restored?
  • What alternative resources are available?
  • Which departments are vital for fulfilling orders and contractual obligations?
  • Which suppliers and other third parties are integral to daily routines?

The BCP should then present all the steps that staff are expected to follow in the aftermath of an incident in order to maintain essential operations and return to ‘business as usual’ as soon as possible.

The structure and detail of the BCP will vary from business to business and from location to location but, in general, should include:

The initial response

  • Clear roles and delegated responsibilities for those who will take charge of co-ordinating the initial response and from where in each location.
  • Do those working with emergency services have access to any prepared response packs
  • Factors determining part or full evacuation of premises.
  • How first-aid will be provided
  • Arranging internal and external communications
  • Arrangements for marshalling crowds towards pre-determined muster points.
  • Support for people with disabilities, restricted mobility or other needs.

Longer-term planning

  • When and how alternative accommodation and facilities will be utilised.
  • Arrangements to maintaining access to key records and IT systems
  • Contingency arrangements for critical operations – financial transactions, client orders, receipt of deliveries, production commitments.
  • How the appropriate staff will be able to access any contingency sites
  • Agreed procedures for re-commencing routine operations.
  • How staff kept off-site from site can be kept informed

Continuity preparations

If you do not have a business continuity plan in place then consider how best to make your organisation more resilient while the plan is being developed Some initial planning and actions could be taken now, for example:

  • Cross-training of skills amongst the workforce.
  • Documenting procedures so that delegated staff can perform unfamiliar tasks.
  • Agreed relocation options both within and outside the premises (e.g. meeting rooms that could be quickly converted to work areas).
  • Nominated contingency staff familiarised with any response planning
  • Remote access to IT systems in nominated back-up locations or staff homes.
  • Alternative sources of production equipment.
  • Secure/off-site storage of data back-ups and valuable documentation.
  • Agreed methods for out-of-hours contact for staff, suppliers, clients etc.
  • Provision of ‘Emergency packs’ include key documents and items that may be needed by those who manage from an incident room or work with the emergency services
  • Agree a communications plan for keeping both internal and external audiences informed in the midst of an incident

Further advice

A wide range of advice on business continuity is available, much of it free. The Government’s Preparing for Emergencies website provides extensive information for business (including ‘Expecting the Unexpected’) and links to key organisations. Defra’s website also contains guidance about contingency planning for a variety of emergencies. More detailed advice for business continuity professionals can be found at the UK Resilience website.

At the local level, the Civil Contingencies Act 2004 requires local authorities to provide advice and assistance to businesses in relation to business continuity management. Consult your local authority’s website for further details.

– See more at: http://www.cpni.gov.uk/Security-Planning/Business-continuity-plan/#sthash.KBUSAmLO.dpuf

Social Media Security Threats

Infographic on Social Media Security threats

Supreme-Systems-IG-v1-Sep-Oct

Get Secure with our top 10 tips..

Ten tips from the Supreme Team to help make your IT network more secure. Happy reading!

1. Educate your team…
IT Security begins with your team so teach them how to spot malicious emails. I like this article on www.pcworld.com which talks about the 3 signs you should look out for. In short if you receive an email purporting to be from your bank (or supplier, client, booking.com) which you a) are not expecting (hint: look closely at email address – you should be able to spot that the address is not really from who it is claiming to be from); b) is not addressed to you (so rather than Dear Angie, the email addresses you as Dear Customer, Dear Sir or nothing at all) and c) it has an attachment or link which you need to click on to view further information – it is a phoney! Delete immediately.

2. …revoke their rights
This is the first thing we do when we on-board a new client. We revoke local PC rights for all users. This does not always go down well in the first instance but after we explain that the easiest way to introduce viruses to their IT system is by letting their users download unverified content most business owners soon come round to our way of thinking…

3. Employ user account access controls
Just so you can ensure that only authorised users can access you business’s IT systems and information

4. Get a business grade firewall
We are still amazed by how many times during a pre contract audit we come across businesses who use firewalls (router) clearly designed for domestic use. Not all firewalls are created equal so please get a business grade firewall

5. Pay for your anti-virus – you get what you pay for if you go FREE
“You are just paying for the name aren’t you? They all do the same thing!” Wrong! As above not all AV’s are created equal. Pay for your anti-virus – Free is as free does. We will always recommend market leaders (our belief is that they must lead the market for a reason) – their products are tried and tested. If you do implement only one of our advice please do this. Don’t skimp on AV!

6. Move from Exchange to Microsoft Office 365
Another way viruses get into IT systems is via SPAM (unsolicited) email messages. Moving to Office 365 by Microsoft will give you the necessary protection against SPAM for your emails. Plans start from £3.10 per user. You can find out more here

7. Upgrade old software
Do you still have PCs running Windows XP? Are your servers still powered by Windows Server 2003? Microsoft has stopped supporting these operating systems and this means if those shady types find a way of accessing your system through these software then Microsoft will not be releasing a “patch” to stop this intrusion

8. Encrypt your sensitive information
When the word encryption is used many small business owners shudder at the thought of setting up complex and expensive systems. The fact is encrypting your critical business information is not only easy to do but also relatively inexpensive (even free if you know what to do…) Encrypt emails, USB drives and documents. You can also encrypt devices such as laptops, smart phones and tablets in case they get into the wrong hands

9. Physically secure your IT systems
Keep your servers screwed down and locked up if possible so no one can move them. Seriously! We have been to many audits where the “server room” is also being used as the storage room / packing room / general chat room…you get the idea…

10. Get a good DR Solution
Ok guilty as charged. We are DR Fanatics…but prevention is better than cure…

Hope you enjoyed our tips…until next time!

The Supreme Team

Growth Vouchers – What you can claim for…

I hope you had an enjoyable summer break and back to work feeling revitalised.

Just a quick email – you will recall I sent an email to you back in July regarding the government’s growth voucher scheme which we are accredited consultants for. If you did not receive the email, you can find it on our blog here

I have received a number of queries regarding what the vouchers can be used for so I thought I would send you an email to give you some ideas on how you can utilise the vouchers to get worthwhile business advice for your business – from an IT standpoint.

1.       Growth & Expansion

Thinking about moving office? Selling abroad? Expanding your team? We can give strategic advice on ways in which IT can help you achieve these goals. Use your growth voucher to get and pay for advice on:

  • Upgrading existing equipment to ensure your new team is more productive (i.e. new server upgrades, new OS upgrades),
  • Better IT security (do you have problems with spam, viruses, internet misuse and you need strategic advice on tacking these issues),
  • How you can make your new premises “technology proficient,
  • Getting the best broadband provision.
  • IT Failure Prevention – the bigger you get, the more dependant your business is on its IT systems. These systems are not infallible so you must put in place provisions to ensure that your business carries on as usual if they fail. You can get strategic advice on how you can implement fail-safe measures such as disaster recovery solutions that keep your systems ticking away.

2.       Competitive Advantage

In today’s fast moving market place, only the fittest as they say survive so why not get strategic advice on how you can use IT to improve your internal processes and make your business leaner and much more efficient?

The strategic advice we can give can include:

  •        Looking at ways in which you can reduce your IT costs with Cloud Technology;
  • Advice on implementing a company intranet and how to effectively use it;
  • Looking at software to help improve your in-house processes such as ERP or CRM solutions
  • Helping you reduce your communication cost or improve inter-company communications by looking at unified messaging solutions such as Lync (great for communication with teams/clients/suppliers in other countries).

3.       People Development

  • Your people are your best assets and investing in their development particularly with IT is a great way to keep them vested in your business. You can use your growth voucher to get advice on getting the best IT related training for your team.

Once we invoice for the work we do (i.e. upgrade for a new server for example) you can pay for part of this fee using your growth voucher as an element of the invoice will be consultative work. There is a 50:50 split – the government can pay up to £2,000 and you pay the rest. We will let you know how much of the total invoice you can claim.

You can find out more by visiting www.gov.uk/apply-growth-vouchers. Applying is easy – and I recommend applying for a voucher even if you don’t think you will need any such work at present. We all know how quickly things can change.

Give me a call if you want me to answer any questions – I am always happy to help.

Thanks and regards as always!

Angie Hart

Tel: 01213090060

Email: angela@www.supremesystems.co.uk

The Way We Work – IT Support that works for Birmingham & West Midlands Business

As you may already know before attaining the heights of stardom as a Subject Matter Expert, I wore the hat of an account executive (sounds better than saying salesperson I think…) here at Supreme Systems. One question I was always asked during the sales presentation (and the one I took the most pride in answering) was the “why should I choose you over company ABC” question. Every salesperson relishes the opportunity to extol the virtues of the product or service that they represent and I was no different. I remember the very first time I was asked this question and I delivered what I felt was a winning pitch (it was – we won the contract) that was able to convey the message that “IT makes sense to choose Supreme”

I decided to write this article after we (Suzie, Sim and I) where drafted in to create a video that would tell prospects exactly why we believe they should choose Supreme Systems as their IT Support Partner. Whilst thinking of what I would say in the video, memories of my past life experience working in sales came flooding back and I was transported to that moment at the end of the sales process when the question was asked. I recall the pride, passion and conviction in my voice as I delivered the now mastered pitch that still never failed to leave goose pimples down my arms and for the most part seal the deal.

I believe that the complete belief I exhibited each time I gave the “everything will be ok if you choose Supreme Systems” was successful because prospective clients could feel the sincerity of my patter and were assured that their IT would be in good hands. I have worked for the company now for 6 years and I know hand on heart that when Supreme Systems comes into the picture things start to become stable. We may not be a Logica or Capita (yet…) but goodness, we work hard to ensure that IT works for our clients.

We are not your typical IT Company – we do things differently here. The secret is in the way we work – our approach to IT Support that I believe gives us that certain je ne sais quoi that stands us apart from the crowd. We always see things from the end users perspective (i.e. the cost to you if any issue remains unresolved for a period of time) rather than our own view point; we understand that sometimes engineers may get a little technical so our Technical Liaison Managers will help translate any tech speak so you know what is going on. Our client services managers are customer ambassadors that work in the best interest of our clients. Led by the formidable Sim Hayer – aka the General, the CS team are tasked to ensure our clients are 100% happy all the time; Our Subject Matter Experts will tirelessly investigate and road test the latest technologies that could make your business more productive and profitable. We are fanatic about improving the way we work so we will strive to achieve accreditations that come with a quality stamp of approval. We are currently ACCREDIT Certified but we are also in the process of becoming ISO9001 and ISO27001 certified.

Success is on boarding the right way, proactive support, review meetings, round table discussions, taster offers, Tracker, CS Road Maps, Business Continuity and 999Restore.I won’t embellish too much here on what these all mean for you, just in case there are competitors lurking about (book a meeting and I will tell you more) but they really do make for a better partnership between us and our clients – partnership were we become their trusted technology partner.

Supreme Systems gets my rubber stamp of approval – but then I am biased. Find out for yourself why you should choose Supreme with confidence. Call us today on 0800 001 5942

Choosing an IT Company in Birmingham – What to look for.

We all know the benefits of outsourcing IT? Lower costs, improved service, more expertise and resources etc, but we also need to be mindful of some of the drawbacks – unresponsive suppliers, hidden costs, lack of initiative…. This guide helps you pick the right IT support supplier and hopefully avoid those drawbacks.

1.How did you find out about them? This demonstrates how seriously they take their business. A provider that is willing to spend on its sales and marketing process is a sure sign of a business that is actively trying to grow their business and such will be able to cope with your growing business.

2. Location, Location, Location! – Most IT issues can be resolved remotely but for the rare occasion when an onsite visit is essential you need to be sure that your IT provider will be able to do so easily. How long will it take them to get onsite for your critical emergencies? 1hr is amazing, 2hrs is very good, 3 is ok anything more than 4 is a no no!

3. Check their credentials. If they say they have 20 Engineers and 3 Offices – visit some of their offices to make sure this is so (and while you are there look to see how they treat their equipment, if they are not looking after their own equipment how well will they look after yours?). Check their qualifications and accreditations – make sure they have what they say they have.

4. Cost vs Quality – The old adage applies – “you get what you pay for”. So although the cheaper option may look more attractive now in the long run it may end up costing your company more – however don’t be afraid to negotiate. Make sure you are getting value for money.

5. Find out what other services they offer. You don’t want to find yourself in a situation where you need to call one company for IT support, another to look at your security, another to manage backups, or to help with an office move. If you have a good relationship then ideally you trust them to assist you in other areas.

6. Is there a trial period? Or at least a cooling off period? Many suppliers will have a minimum contract period, so it makes sense for you to trial their service before you commit.

7. Get references – If you do nothing else make sure you ask every potential supply to provide you with references so you can speak to their current customers – You should aim to speak with at least 3 references.

We are accredited Growth Voucher Scheme Adviser

I wanted to let you all know that Supreme Systems is now an Accredited Growth Vouchers Advisers.

The Growth Vouchers scheme is a £30m government programme designed to help small businesses get strategic business advice on areas to do with finance and cashflow, recruiting and developing staff, improving leadership and management skills, marketing, attracting and keeping customers and making the most of digital technology.

How does this affect my business

Well if you are considering getting strategic advice on any of the areas mentioned above, the government will give you up to £2,000 (50% subsidy) to get the help you need.

£2,000? What’s the catch?

See that’s the great thing – there is no catch, neither are there any hurdles to jump over. Growth vouchers are given on a random basis so your chance of getting one is fairly good.

Give me some ideas on how I can use my voucher to “make the most of digital technology”

The scheme is part of a government experiment to find out the impact of advice on small business growth so you can only use your vouchers to pay for “strategic business advice”​. ​

In relation to IT, the advice could be used for addressing the risks of cyber-attacks, or exploring how digital technologies can be used to reduce costs, improve productivity or quality control. Give me a call if you want to discuss how you can take advantage of this scheme for your business.

How do I find out more about the scheme?

Visit www.gov.uk​ (click on link) or the enterprise nation market place. I would advice you apply to receive a voucher even if you do not have anything in mind at present. Once you are approved you have three months to use your voucher. The scheme is due to expire March 31st 2015 and only 20,000 small businesses will be selected.

Give me a call, Angie Hart on 0121 309 0060 ext 2 if you want to know more about the scheme.

What is your Plan B?

IT plays such an integral role in the way organisations work that when they go wrong it can cause a massive disruption to day to day work.

 

We class an IT disaster as anything that prevents you from using your critical IT systems and accessing your critical business data. This can include:

•         Server Failure

•         A Power Cut

•         Sabotage by a disgruntled employee

•         Accidental deletion

•         Virus/Malware

•         Application Failure

The scenarios listed above are typical of those we see often – and can happen to any business. According to a research conducted by the Gartner Group in 2012, any company with poor or no DR solution will incur on average 29.4hrs downtime following an IT disaster.

 

How much will this cost your business?

Think about the loss in productivity, loss in income and most importantly how your business’s reputation will be affected if you are unable to work for 29.4hrs. That’s 4.2 business days! In our opinion, this is a mild estimate. We know of one business that was unable to work for two weeks following a server failure!

 

999RESTORE – the Disaster Recovery (DR) Solution from Supreme Systems can have you back up and running in just two hours following a major system failure

 

Some Features of 999RESTORE

 

4hr Return Time of Service

This is the maximum time that we guarantee you will be unable to work for. We can simply switch to your virtual server hosted in our data centre or replace your faulty server with a hot spare whilst we repair or replace faulty parts; resolve the issue or reconfigure a new server.

 

30 Min Return Point of Service

This is the maximum data loss you will suffer. Our solution provides 30 minute incremental snapshots of your system which allows for optimal recovery points.

 

Bare Metal Restore

Our solution allows us to restore your server as is – i.e. with all the software, applications and configurations ready to go as they were from the last snapshot.

 

Microsoft Exchange Granular Restore

Microsoft Exchange has become one of today’s most critical business applications and losing access to this data for even a short period of time can be damaging to any business. 999RESTORE from Supreme Systems recovers an Exchange server in its entirety quickly and seamlessly.

 

The DR 5

We all agree that having a Business Continuity Plan is essential to ensure your business continues as normal within a short space of time following any disaster. Disaster Recovery is an essential aspect of your BC Planning and below we have listed 5 key must haves that you should have to ensure a quick recovery.

1. An alternative place to work

No true BCP is complete if you do not have a place where you and your team (or your key people) can continue to operate from. Our recommendation would be to have a dedicated site for your business that replicates exactly your current infrastructure. If this is unaffordable, at least ensure the site you choose has good internet connectivity. We would also advise having your Work Place Recovery Site (WPRS) in a completely different location to where your business currently is – so if your business is based in Solihull, consider having your WPRS in Birmingham.

RE: Having your own dedicated WPRS site with replicated infrastructure – there are ways of achieving this that will not cost the earth. Give Angie Hart a call on 0121 309 0060 ext. 2 and she will tell you more.

2. Email Recovery

Our recommendation is for Exchange Online (Office 365) – which allows you to access your emails from anywhere. We are seeing many businesses switch to Exchange Online rather than having it on premise for this exact same reason as it provides complete protection and redundancy for their emails.

3. Critical Device Protection

We all have them – devices in our businesses which if they went “pop” would have a big impact on the business. We are not talking servers here…oh no – more the day to day items that allow our businesses to tick along smoothly. So think of your “manufacturing PC”, “the accounts laptop”, “the MD’s tablet or laptop”. Your routers and switches are key to the business and you should have some sort of provision to ensure that you can get replacements quickly if anything goes wrong with them.

Our critical device protection service guarantees to replace your critical devices within 2hrs – preconfigured and ready to go. We have seen a lot of interest for this service and it is no surprise considering that it can take up to 5 days to get a fully functioning replacement in place.  Yes warranties are good to have – but what good is a warranty when it can only guarantee a next day replacement (imagine if that replacement is your MDs laptop which he needs for his important business trip to China..) Want to know more? Give Angela a call on 0121 309 0060 ext 2

4. Get a good DR Solution for your servers

Not all DR Solution are made the same – so get a good solution that will offer bare metal recovery (so it captures everything, not just data but applications as well), allow for very fast RTO (how quickly you can get back up and running) and very small RPO (how much data time wise you lose).

5. Find an IT Partner you can trust…

Preferably one that understands how much of an impact the disaster could potentially have on your business (reputation, loss of revenue, financial cost of the business not working as it should) will happily work from 9 – fixed (be it in the evenings or weekends) and you can call at any time. Sounds like a company we know… :-)

We hope you enjoyed our post. Comment if you have any other suggestions to add to the list – or give us a call on 0121 309 0060 if we can give any assistance with your DR planning.

See how much you can save with Office 365!

Many of you will be planning upgrades to your servers and PCs.   If this is the case, you may be £s better off considering Office 365.

Microsoft Office 365 suite is a hosted, online version of the traditional installed version of Microsoft Office software. This online service is subscription-based and includes Office, Exchange Online (business class emails), SharePoint Online (document storage), Lync Online (video/web conferencing, instant messaging) and Microsoft Office Web Apps.

There are many benefits to using Office 365 – security, work anywhere access and better team collaboration are just a few of them. However the major benefit for many businesses will be the cost savings they make when they move to Office 365.

Office 365 is a subscription service so you pay per user per month. There are 7 different plans – the entry level package is Office 365 Business Essentials and Office 365 Enterprise E4 is its most comprehensive enterprise offering. Prices start from £3.10 to £16.10 per user. There is an annual commitment for businesses that sign up to the service.

In our experience those that save most will be businesses that require access to a shared location where their documents can be saved plus business class email. The added functionality of Office Apps and Lync is of course a plus. Businesses who run bespoke applications will need to run a hybrid infrastructure (i.e. a combination of on premise and cloud provisions) but there are still substantial savings to be had even with this type of arrangement.

So how much can you save?

On average, businesses will see year on year savings of between 25% – 80% on their IT costs.

We have outlined typical savings for a business with 20 users with year on year growth of 20% using Office 365 exclusively. We will use Office 365 Business Essentials for comparison (which in our opinion is sufficient for most businesses that will require the use of Microsoft Office applications and file storage).

Capture

That’s a whopping saving of 87% and we haven’t included the savings made from reduced energy consumption of running servers 24/7!

We know not all businesses’s IT spend and IT usage will be as straight forward as the scenario above (which is based on one of our clients) – we have created a cost comparison worksheet that will allow you to calculate how much your business will save (it will also make clear how we reached our numbers for the on premise costs above as prices for hardware and licences are fully broken down) To request a copy please email angela@www.supremesystems.co.uk and we will send it to you.

Thanks for reading – if you need help deciphering which package would be best for your business (and it can be confusing when you first see them) or simply to discuss your migration needs, do give us a call on 0121 309 0060 ext. 2 – ask for Aidan