FAQs

Welcome to our FAQs page, where we answer common questions about our services and solutions. If you can’t find the information you’re looking for, feel free to reach out through our Contact Page for further assistance.

Technology
Business Continuity planning
Data backup and recovery
Information security
Premises

Technology FAQs

Loss of access to your offices implies that the contents of the office are unharmed and can be used again as soon as access is regained. Effectively you will need a short term replacement PC’s and Servers delivered to an alternate office location. Our expert partner network can provide short term technology rental or alternatively many of our Workplace Recovery partners provide office space pre-equipped with hardware, please Contact Us for more details.

Depending on the specification of the servers replacement should be fairly quick from the manufacturer or rental provider, the issue will be where to put the servers assuming your data centre is beyond quick repair. We can provide fully managed data centre space through our partner network, however you will need to factor in the lead time to cross connect the equipment to your data network or establish VPN connections. It is far better to set up a Disaster Recovery (DR) infrastructure ahead of the incident and we can help you with that, please Contact Us

It sounds as though you have an office based switch, which is in effect a single point of failure. You may want to consider upgrading to a Voice over IP (VoIP) telephone system which provides on premise functionality and a back up to a cloud based switch. Good VoIP systems will also provide remote login capability for remote working which can be really useful for Recovery situations.

Finding the root cause of a network problem can be difficult. You may need to appoint a specialist Network Diagnostics/Network Assurance engineer to fault find the problem. We work with expert partners that can provide the monitoring equipment and expertise to find and resolve the issue.

A well run Cloud infrastructure should in theory be more resilient than running your own servers. However you do need to investigate your vendors Continuity arrangements in detail as some providers are super resilient and others can be less so. Also bear in mind that you will be dependent upon availability of connectivity to the Cloud. If you need assistance with choosing or reviewing a Cloud provider please Contact Us

Business Continuity planning FAQs

Yes – spending a little time planning for Business Interruption will help you develop a more Resilient and Valuable business as a result. The amount of time and budget you put behind developing your plan will normally depend on the size of your business, market sector and the risks you face. Please Contact Us if you would like to set up a free of charge 1:1 consultation with one of our Business Continuity expert partners.

Insurance is vital for all businesses but it is only an indemnity against Loss which is good but not the complete solution. To use a driving analogy we have insurance in case we crash, but avoiding the crash in the first place is even better! Business Continuity is no different as it is all about planning ahead and minimising the impact on a business caused by Interruption, prevention is generally far better than cure.

This depends on so many factors such as Company Size, Organisational Complexity, Location and most importantly how comprehensive the plan is or needs to be. I always start with the view that doing something is better than nothing and it can always be developed and improved over time. Start with the simple things and build the plan step by step.

Typically the most economically important business process will be recovered first, right the way through to the least important. The trick is to find an affordable continuity solution that achieves an acceptable risk profile for management, customers and regulators, this will be unique to each organisation. Allocation of budget is ultimately a management decision. From a planning perspective it is important to present the Impact of disruption and the Risk of disruption alongside the costs of mitigation and recovery.

There are literally hundreds of potential causes of Business Interruption, so it is probably best to start with the loss of the following: People, Property, Data, Product & Reputation. Within each of these categories you can identify your own sub categories based on the unique structure of your organisation. Start by brainstorming potential causes of Business Interruption for your business and then rank them from Most to Least likely.

Business Continuity plans should be updated as regularly as needed to remain current. Changes will be driven by changes to Staff, Processes, Technology, Suppliers, Law/Regulation, Risk Profile and most importantly as a result of learnings from Testing / Implementation of the Plan due to an actual disruption.

This depends on the size of the organisation, complexity, available budget and a whole host of other factors. It is often a good idea to start building your own plan and see how you get on. If you need expert help with writing your Business Continuity Plan we can introduce you to a local consultant for a free 1:1 conversation.

ISO 22301 is an international management systems standard for Business Continuity Management (BCM) which can be applied to organisations of all sizes and types. Organisations that achieve ISO 22301 accreditation are able to demonstrate to shareholders, customers, regulators, partners and insurers that they adhere to good practice in BCM. If you are considering ISO 22301 certification please let us know and we will introduce you to our ISO experts.

Data backup and recovery FAQs

The starting point point for most businesses should be to backup all data. It is good practice to understand where your critical data is stored. For example if you operate a server based infrastructure, you may not need to worry about backing up individual PC’s. If you operate a cloud based infrastructure then backup should be managed by your cloud provider (it is always best to check there arrangements)

There are so many ways to backup data, but essentially regardless of the method chosen, backup involves writing a copy of the data to another computer or media device. At the low end of the range this could involve backup to a thumb drive or DVD and at the top end data can be replicated or mirrored in real time across a Wide Area Network. The method(s) chosen will depend on your resilience requirements, budget and technology. Please Contact Us to discuss your needs in more detail.

The only definitive way to check if your backed up data will reinstall or restore is to test it. The test will make sure the media can be accessed and the restored data is complete. If your data is stored in the Cloud it is still vitally important to test the service, or ask your vendor to conduct a test for you.

Frequency of backup will normally depend on the criticality/value of the data you are creating and the budget you have available. Many modern data backup services can be scheduled to check for new data on a regular basis without intruding significantly on operating speeds.

It is often possible to recover data from extensively damaged hard drives. It is important to note that a % of data may well be lost so this is not a recommended alternative to taking regular backups to an external device.

Information security FAQs

They are, effectively the same in the sense that they both relate to preventing unauthorised access to data. However Information Security is broader as it goes wider than the Cyber Realm to include physical security of Information ie. Leaving backup tapes in an unlocked cupboard.

A good place to start is by working towards the ISO 27001 standard for Information Security. This standard gives you the process and controls needed to implement Information Security in your business. You may also want to engage an Information Security consultant. We can introduce you to a local consultant and even set up a free of charge 1:1 video call or phone call.

You should respond honestly with the controls and policies you have in place. We would always recommend that you work towards or certify with a recognised Standard such as ISO 27001 for Information Security as this is a certification you can display to customers and they will understand the level your business has attained in this area.

If you are processing credit card transactions you need to make sure you are Payment Card Industry Data Security Standard (PCI DSS) compliant. For the customer records you need to take all the steps possible to keep these secure. Ask whether you need to keep all the records, how many copies of the records exist in backups, are backups disposed of effectively, are your passwords secure and regularly changed, do all staff have the correct user roles (ie. as limited as possible to perform their duties) etc.

Whether you need to register your business for the Data Protection Act will depend on the type of business you operate and the data you are collecting. The best way to check is to visit the Information Commissioners website and complete the Online Assessment Tool

The risks are varied and will depend on your business. According to the Information Security Breaches Survey: 2014. 33% of small businesses were attacked by an unauthorised outsider, 45% of small businesses suffered from virus infection or malicious software, 16% were hit by denial of service attacks, 12% identified that outsiders had successfully penetrated their networks, 4% know that they had intellectual property stolen.

Unfortunately data breaches occur constantly and the majority go unreported. Take a look at this visualisation of data breaches of 30,000 customer records or more since 2005

Yes, most insurers will offer Cyber Insurance cover as an addition to your Business Insurance Policy. Cyber cover will normally cover post breach Legal Costs, Losses relating to Lost Business and Credit Monitoring services for customers. Policies do vary so please check directly with your insurance company or broker.

Premises

The most common cause of Premises Interruption we see is from water damage or flooding. Normally the water escape is from within the property (pipe burst, blocked drains etc) as opposed to external flooding. Other risks include Fire, Power Failure, Criminal Damage and Denial of Access due to an incident within or close to the premises.

This figure depends on a wide range of factors including your Location, Type of Operation, Age of Property, Risk Reduction Measures etc. Over years of experience helping businesses manage interruption we see an average of just over 1% interruption rate each year for Premises (other forms of business interruption move the headline interruption rate to over 4% per year)

This will depend on the type of premises you operate. For example if you run a Restaurant and cannot open you can multiply each day of closure by your average takings/profit. On top of this figure you should a valuation for potential loss of future business as customers find an alternative restaurant and perhaps never return. Offices are a bit harder to assess as some processes could be continued away from the office, some processes can be delayed and some are essential and dependent upon the office being available.

Home based workplace recovery is increasing in popularity as more businesses embrace the Cloud for applications and data storage as well as Bring Your Own Device (BYOD) for technology. The key points to consider are whether your team members can work effectively from home? are they willing to work from home? do you have the tools in place for distributed workers to communicate effectively? how will remote working affect interactions with customers (phone calls, meetings etc)? Many companies now combine Home Working and office based Workplace Recovery to deliver a total solution.

It is possible to ‘design in’ Premises Resilience into your property strategy. For example you could split critical teams across different offices, hold stock in two warehouses rather than one, research the flood history of your new premises before signing the lease, Google your new address to see if the neighbours are ‘accident prone!’ or operating high risk businesses.

There are numerous strategies you can employ to reduce fire risk and the impact of fire. These range from Detection, Compartmentation, Materials, Suppression, Training etc etc. A good place to start is to engage a Fire Risk Management consultant to review your premises and processes. One simple activity that can have a huge positive impact is to conduct a regular Thermographic Survey of your electrical infrastructure. This survey uses a heat sensitive camera to identify ‘hot spots’ that can often go on to become a source of fire.

Assuming you do not own a second location to relocate your customer service team to, then you will need to consider a Workplace Recovery contract with a third party provider. Workplace Recovery contracts grant you fast access to fully furnished office space with technology and connectivity. As a part of this process you will need to consider whether your business requires Dedicated or Syndicated space as well as how you will seamlessly divert your calls.

Aside from making sure windows and doors are locked, blinds are drawn etc, you will probably need to engage the services of a Security Consultant to advise on alarm systems, access control, monitoring, guarding etc. We work with a number of Security consultants that even provide ‘penetration testing’ services where they will test your security by gaining unauthorised access to your premises and identifying your security weaknesses.

Probably the best option is to rent a small ‘self storage’ room on a rolling week to week contract. We can put you in touch with providers in your local area.

Yes we work with a specialist brokerage company that rent fully managed pallet storage space nationwide. They can even organise Receipt, Handling and Despatch and other logistics services if required. This service is ideal for companies that have to divert deliveries due to business interruption at their warehouse or have sudden unexpected peaks of stock for any reason.