q4 2010 - continuitysa...q4 2010 update business from allen g smith, ceo it is unbelievable that...
TRANSCRIPT
Q4 2010
UPDATEBusiness
From Allen G Smith, CEOIt is unbelievable that this year – 2010 –has almost come to an end. It has beena year that has been dreamt about withintense an cipa on for so long!
It was finally Africa’s me to show theworld what it’s capable of! Too quicklydid the FIFA Soccer World Cup™ comeand go. Of course, Con nuitySA preparedfeverishly to not only ensure its ownreadiness for the event, but also to deliver a worldclass service to clients andnonclients through the Con nuity2010Portal and Steering Commi ee. In addi
on to this, businesses had their fareshare of challenges in general this yearas well! Major infrastructural upgradeprojects have meant that organisa onshave had to deal with power, water andtelecoms outages fairly frequently.
With regards to the economy, all of ushave surely watched with bated breathfor signs of recessionary recovery. Thesesigns have certainly been there, but therecovery has indeed been slow with theever present fear of a doubledip orsecondary recession in the back of ourminds.
Con nued on p2
1 Business Update
3 On the Consul ng Front
4 Assessing the risk of Cloud Services
5 Opera onal Prudence
6 How prepared is your company/organisa on to dealwith opera onal disrup ons?
8 From the CGF...
9 Con nuitySA expands in Mozambique
9 Aitec Conference Mozambique
10 IODSA Golf Day 2010
10 Con nuitySA celebrates 21 years
Keeping ContinuitySAclients informed
1
2
Con nued from p1
But regardless of all the nega ve variables that have affected our daily lives,Con nuitySA has con nued to be profitable during excrucia ngly tough mes.Our aim has been to keep focusing onService Excellence which we believe isthe only trait that can set a companyapart from the compe on! This, alongwith the partnerships we form with ourclients, have stood us in good stead andhas ensured that Con nuitySA can con
nue doing business in 2011 – a newyear with new opportuni es!
Perhaps the most exci ng opportunitylooming for Con nuitySA is a partnership with CoroCapital. Con nuitySA ispleased to announce that CoroCapitalwill become its new business partnerand will effec vely acquire a 49% equity stake in Con nuitySA. Con nuitySAengaged with CoroCapital some meago with regard to them being a poten al shareholder in the business andthis has culminated in an agreementwhereby the Dialogue Group will sell its51% share in Con nuitySA to CoroCapital. The Con nuity Investment Trust,represented by management and staffof ContinuitySA, will acquire 2% resul ng in a shareholding as follows;Con nuity Investment Trust (51%) andCoroCapital (49%). Together with CoroCapital, Con nuitySA is facing exci ngprospects and looks forward to con nued growth both in South Africa andinto Africa. The transac on referred tois subject to the various condi onsprecedent as per the Dialogue GroupHoldings Limited SENS announcementdated 26 October 2010 and specificallyCompe on Commission approval.
The staff at Con nuitySA have displayed yet again their depth of characterand Can Do! a tude during the pastyear and I sincerely hope that you asour client have experienced the passion with which they embrace theirdaily ac vi es.
I would like to wish you and your lovedones a blessed Fes ve Season and lookforward to seeing you in 2011!
3
On the Consulting Front
The revised Business Con nuityIns tutes Good Prac ce Guidelines was launched in early2010. Con nuitySA has ensured that the revised guidelineswas captured in our CapabilityMaturity Model (CM²), a solu
on that measures an organisaon’s BCM capability and ma
turity, based on a set of twelveBCM success factors derived from BS25999 (the interna onalBCM standard), the Business Con nuity Ins tutes Good Prac
ce Guidelines and Con nuitySA’s wealth of experience regarding the cri cal components required for achieving recoverability. The CM² solu on has received enormous interestfrom the business community since it was launched in 2009.Our Complete Con nuity® Programmes have also been realigned to the revised Business Con nuity Ins tutes Good Prac ce Guidelines. During the process of realignment ourtraining material has been streamlined to ensure increasedtrainee interac on and the Five Day Complete Con nuity®Prac oner Programme includes revised prac cal exercises atregular intervals. Con nuitySA is also proud to announce that in November thisyear our Complete Con nuity® Programmes and training facili es received Botswana Training Authority (BOTA) accredita on. To date, our programmes are accredited in SouthAfrica (ISETT SETA), Mauri us (MQA) and Botswana (BOTA)we intent to further develop and increase our accredita onprofile throughout Africa.In 2010 South Africa were the proud hosts of the FIFA 2010World Cup™. In prepara on for this pres gious event and inthe effort to provide con nuous value to our clients, Con nuitySA provided two Con nuity2010 offerings, the Con nuity2010 Portal and Steering Committee. To guarantee that the offerings achieved the required goals, a dedicated team ensured the accuracy of real me informa on and providedimmediate and con nuous accessibility thereto. A structuredcommunica on process was established to ensure key informa on reached relevant par cipants in the desired meframes. The feedback from the Con nuity2010 par cipantswere extremely posi ve, confirming the success of the Con nuity2010 portal and Steering Commi ee offering. Con nuity2010 Steering commi ee par cipants at several sessionsreconfirmed the uniqueness of the commi ee and the valueit created for execu ves through all industries. The Con nuity2010 Steering commi ee requested the con nua on of asimilar Steering Commi ee to address high level business risks
and concerns, with the view of eventually becoming a voice forCorporate SA. Informa on regarding the new Steering Commi ee will be made available early next year.The Con nuity2010 team created a document named A Summary of the Con nuitySA FIFA 2010 World Cup ™ Offering thatprovides a summary of the decisions, ac ons and outcomes ofthe various phases covered before, during and a er the FIFA2010 World Cup™. The success of the project was remarkableand as such the document holds valuable and prac cal informa on for the reuse in similar ini a ves within various industries. The document can be downloaded from our website: http://www.continuitysa.co.za/continuity2010.html.Con nuitySA will con nue to strive towards providingOrganisa ons with unique offerings aligned to their specific requirements. Several new offerings, aligned to interna onal best prac ces, are in the process of beingdeveloped and will be launched in 2011. For more informa on please contact Louise Theunissen, louise.theunissen@con nuitysa.co.za
Louise Theunissen MBCI, PMP
General Manager: Consul ng Services
As we draw to the close of 2010 we realise that, although the year has been tough, we weres ll able to achieve many objec ves in ensuring con nuous growth. In addi on to the standard Business Con nuity Management (BCM) services, Con nuitySA Consul ng Services division, through the years has developed several unique BCM offerings which are beingcon nuously updated to ensure that the offerings are kept in line with the latest BusinessCon nuity Management standards and guidelines.
Upcoming BCM training courses for 2010, Quarter 1
• 2 Day training 25th26th January 2011 (JHB)
• 2 Day training 22nd 23rd February 2011(Bots)
• 5 Day training 7th11th February 2011(JHB).
• 5 Day training 9th13th May 2011(Bots).
4
The Cloud Security Alliance is a nonprofit organisa on that was formedwith the aim of promo ng the use ofbest prac ces for providing security assurance within cloud compu ng, andhas representa on from a myriad of interna onal technology and so waregiant’s including Google, DELL, Oracle,VMware, IBM, and Microso . TheCloud Security Alliance has publishedversion 1.0 of its “Consensus Assessments Ini a ve Ques onnaire” whichcomprises a set of ques ons that acloud consumer and cloud auditor maywish to ask of a cloud provider.
The ques onnaire addresses a widerange of control areas including security (Facility, human resources, informa on and architecture), businesscon nuity, compliance, governance,legal and risk management. Ques onsrela ng specifically to business con nuity that should be posed to poten alcloud vendors include:
• Do you provide mul failure disaster recovery capability?
• Do you monitor service con nuitywith upstream providers in theevent of provider failure?
• Do you have more than oneprovider for each service you depend on?
• Do you provide access to operaonal redundancy and con nuity
summaries which include the services on which you depend?
• Do you provide the tenant the ability to declare a "disaster"?
• Do you provide a tenant triggeredfailover op on?
• Do you share your business con nuity and redundancy plans withyour tenants?
• Do you provide tenants with geographically resilient hos ng op
ons?
• Do you provide tenants with infrastructure service failover capabilityto other providers?
The ques onnaire will assist organisaons to build the necessary assess
ment processes for engaging withcloud providers. While assessing thebusiness con nuity capability of cloudproviders is a prominent theme withinthe ques onnaire, the ability to perform prac cal recovery tests remains acri cal success factor for building asound business con nuity strategy.
The ques onnaire can be downloadedat www.cloudsecurityalliance.org/cai.
Assessing the Risk of C loud Services
Wayne Reed
General Manager: Research and Development
The rapid evolu on of cloud services remains an exci ng concept promising greatquality of service, scalability, ease of implementa on, and reduced reliance on internal IT resources. While these factors can create significant economic benefit for customers, the risks associated with cloud services con nue to present the greatestbarrier to adop on.
5
While various Sub Commi ees and Management are taskedwith the role of addressing effec ve risk management, it’sthe Board that is accountable and need to ensure that thesenecessary systems are implemented. Companies should endeavour to develop, implement and maintain sound riskmanagement prac ces consistent with interna onal bestprac ce and good corporate governance.
Business Con nuity Management (BCM) is an applied science and holis c risk based management process that willassist the Board in addressing these objec ves:
• Iden fying, assessing and measuring risks in an effec veand efficient manner;
• Making decisions based on comprehensive risk analysis;
• Providing greater certainty of the delivery of goods andservices;
• Mee ng effec ve risk /reward business objec ves;
• Sa sfying corporate governance requirements.
Businesses that are suscep ble to disrup on, whether it beIT down me or denial of access due to industrial ac on,should consider the reward in having continuity in theirbusiness opera ons – BCM is a means to ensure the con nuity of the business during adverse opera ng condi ons.
Con nuitySA is uniquely posi oned to assist organisa onsand their Boards to iden fy risks that could adversely affecttheir revenue genera ng ac vi es through our Consul ngand Standby Services offerings:
In pursuing these objec ves, Con nuitySA can:
• Implement a comprehensive and systema c risk assessment and repor ng process throughout the organisa on;
• Create an environment that controls and mi gates riskswithin acceptable risk tolerances;
• Provide an informed view of risks associated with business ac vi es;
• Heighten risk management awareness within the organisa on;
• Foster a culture of con nuous improvement in risk management through a review process;
• Provide the necessary infrastructure required by organisa ons to recover their opera ons during a disrup on.
A business that fails to address opera onal risk effec velymay well succumb to the adverse effect that an opera onal disrup ve event could cause – the reward inhaving con nuity within an organisa on will ensure that appropriate measures are in place to minimise the nega ve effects of such a disrup on.
Opera onal Prudence
Derek Taylor (CISA)
Business Development Manager
The aim of Opera onal Prudence is to achieve a fuller understanding of the reward risk balance within an organisa on. Effec ve risk management seeks notonly to reduce the likelihood and consequence of the adverse effects of risk, butalso the reward of protec ng the company’s assets, stakeholders, environmentand reputa on.
6
A Business Con nuity Ins tute (BCI) survey (November 2009 January 2010) showed that the top five causes of businessdisrup on over the previous 12 months recorded by respondents were: pandemics; IT and telecom disrup on; adverseweather; lack of energy supply (Power) and computervirus/cyber a ack.
The mescales and advance warning of these disrup onswill vary considerably, and in some cases, will allow me toimplement mi ga on measures. For example, if adverseweather is forecast, plans can be set up to allow staff towork from home, but this may not work for an unexpectedloss of power. It may well be that a changing climate will influence, and possibly exacerbate, the occurrence or severityof some of these 'top five'. This in turn may shape decisionsabout the scale and capacity of resilience and recovery resources, or the alloca on of budget and spending strategiesto provide both resilience and recovery capabili es.
The challenge is to recognise the emerging risks and the poten al disrup ons. So the ques on we should be ponderingis how well are business con nuity plans and our BCM systems able to cope with the changing scope and magnitude,likelihood and nature of the risks and impacts they consider?
The idea of Maximum Tolerable Period of Disrup on (MTPD),or its equivalent, has always generated lively discussion. It isa central pillar of most business con nuity management systems, looking to customers and other stakeholders to help
jus fy the ming and priori sa on of BCM ac vi es and expenditure. This is supported by the BCI Benchmark, whichsuggests that most par cipants adopt this metric to someextent.
“The business impact analysis (BIA) iden fies, quan fiesand records the organisa on's maximum tolerable periodof disrup on for each cri cal ac vity or func on and priori ses its restora on”.
Most of us would accept that ge ng it wrong can have riskand financial implica ons, poten ally misinforming or misleading those who rely on the informa on. BS 25999 definesMTPD as: “the dura on a er which an organisa on's viability will be irreparably damaged if delivery of a par cularproduct or service cannot be resumed”. It advises us to “…assess over me the impacts… if the ac vity is disrupted”and “…establish the MTPD of each ac vity” by iden fyingthe latest me by which an ac vity must be resumed, theminimum level to which resump on must be achieved, andthe me within which normal ac vity levels must be restored. It says that we should “…iden fy any interdependent ac vi es, assets, suppor ng infrastructure or resourcesthat also have to be maintained”. This is sound advice butit's important to remember that this is a standard, not amanual; it can't advise on specifics. Nonetheless, we needa way to confidently align with its intent and set prac cal recovery priori es and meframes for our organisa on.
Jacob Mothupi, MBCI
CEO Con nuitySA – Botswana
operationalHow prepared is your company/organisa on to deal with
disruptions?
7
In an a empt to safeguard against threats and vulnerabilies most organisa ons have already introduced a mul tude
of specialist func ons and collec vely named them as Corporate Defence Management (CDM). The corporate defencedomain represents these different corporate defence related ac vi es, all of which contribute to the defence ofthe organisa on. Ac vi es which make up what can be described as the corporate defence domain are as follows:Corporate Governance Risk Management Corporate Compliance Corporate Intelligence Knowledge ManagementPhysical security IT Security Resilience Management Corporate Protec on Corporate Controls Corporate AssuranceCorporate Inves ga ons.
The corporate defence domain can be said to representwhat can be described as the corporate defence ecosystem,
as it relates to the symbio c rela onships which exist between these ac vi es. This rela onship highlights the factthat all defence related ac vi es are linked, and that eachcould be said to represent a link in a chain. Like any chain, itis only as strong as its weakest link, and therefore it couldbe said that this represents something of an asymmetricchallenge for an organisa on, as it is the weakest link whichis typically exploited. The challenge therefore facing contemporary corporate defence is to unify, align and integrate themanagement of these defence related ac vi es.
If we now look at what is referred to as the corporate defence cycle, we will see that this cycle represents the cornerstones of corporate defence, and addresses the keydrivers which should be present in all corporate defence related ac vi es. These four drivers include:
An cipa on: The mely iden fica on andassessment of exis ng threats and vulnerabili es, and the predic on of future threatsand vulnerabili es.
Preven on: Taking sufficient measures toshield the organisa on against an cipatedthreats and vulnerabili es.
Detec on: Iden fica on of ac vity types(excep ons, devia ons & anomalies etc)which indicate a breach of corporate defence protocol.
Reac on: The mely response to a par cular event or series of events, in order toboth mi gate the current situa on, and totake further correc ve ac on in rela on todeficiencies iden fied, and to prevent theseevents reoccurring in the future.
Business con nuity management (BCM),as a component of Resilience Management, is key in corporate defence withinorganisa ons. While business con nuityas it currently stands represents an important step in corporate defence, it isan area that itself is con nually evolvingand has not yet reached its final des na
on. It is already developing in the direcon of an even broader crossfunc onal
discipline such as CDM.
Anticipation → Prevention → Detection → Reaction
8
There is a saying that says “when tough mes prevail, the toughget going”. There has never been a truer word spoken for businesses in South Africa, as the economic slowdown has seen manyindustries take a ‘direct hit’, o en resul ng in heavy job losses,dras cally cut produc on and some mes even business closure.Indeed, to survive in these tough economic mes; businesses willneed to ensure that they deploy well considered and differen ated strategies, whilst at the same me being fully cognisant oftheir corporate governance prac ces, which so o en get ignoredwhen people become desperate to meet the business objec vesand make their financial targets. Partnerships of course can make a significant difference in thesuccess of a business, par cularly when mes are tough. Clearlyin heightened mes of public scru ny – including a far greaterinformed ins tu onal investor – partnerships need to be established for the correct reasons, and not simply done for the sakeof its camaraderie or ‘feelgood’ reasons. Real value must befound when collabora ng with other businesses and failing toestablish the common ground could waste precious me, moneyand in fact cause certain reputa onal damage. Such a partnership has again been found in CGF’s latest Corporate Patron, namely IS Partners who were recently appointed inthis capacity and join the other CGF Corporate Patrons, Con nuitySA and Spescom. “We are delighted with this collabora ve partnership andthrough the patron support of IS Partners, we are able to offerimmediate value to IS Partners and their supply chain,” says TerryBooysen, CEO of CGF Research Ins tute. CGF Research Ins tute has over the years become widely knownfor our role in assis ng to ‘educate’ and inform businesses aboutthe cri cal need for good governance as the underpinning founda on for sound, ethically based business prac ces. Each month,CGF is tasked to produce related reports that pertain issues linkedto ma ers such as BBBEE, Records and Contracts Management,IFRS, Workplace Violence, Corporate Kidnapping, Execu ve Remunera on, Boardroom Behaviour and Procedures and manymore ranging topics. Clearly, the ambit of good governance is notfound in a text book alone or only contained within the likes ofthe King III Report and similar recognised governance recommenda ons and laws. At the very heart of the topic – good governance starts withineach individual and their inner discipline which allows for ethicalbusiness prac ces and integrated performance, covering the financial and nonfinancial opera ons. In terms of this latest Corporate Patron announcement, Booysenadds that he was a racted to IS Partners not only for their rolein the corporate governance field, but also because of its business leaders who share a common vision within CGF to see morebusinesses align themselves with good governance prac ces. Grant van der Wal, CEO of IS Partners fully supported theCorporate Patron move with CGF
from the first mee ng, saying that the ‘partnership’ was “an extension of their own corporate ethos, as well as being a symbolicendeavour to cause others to follow.”To this end, through IS Partners’ commitment and financial backing, both companies who also both happen to belong to theProudly South African Campaign have agreed that all the companies within IS Partners’ supply chain will be able to qualify forsubstan ally reduced pricing in the event that they wish to availthemselves of CGF’s popular webbased Body of Knowledge Governance so ware program. This special offer will last for the twoyear period of Corporate Patronship, now also occupied by ISPartners. This offer is limited to organisa ons within IS Partner’s supplychain and customer base. Qualifying suppliers and customers willsave the entry cost of R90k, but the standard R34k per annumfee will s ll apply. The service may be used throughout the company. CGF’s standard terms and condi ons of business engagement apply. To make use of this offer, contact CGF on +27 11 476 8264/1/0or email [email protected] About IS Partners IS Partners was established in 2001 and the company collaborates extensively with thought leaders within their field of exper se, enabling their clients to innovate and create new waysof improving their businesses. The company’s focus resides in the implementa on, customisa
on and integra on of core applica on development on Microso pla orms for business intelligence, customer rela onshipmanagement, corporate performance management and knowledge management solu ons. Within their subsidiaries; PERFORMANCE BUSINESS was established to address the demand in the market for hosted solu onswhich assists to align partnerships and unlock business value tocustomers through opera onal and industryspecific hosted applica ons. PROGNEO was established to provide specialist financial consul ng services, linking finance and technology totransform the way finance departments operate. For more informa on about IS Partners visitwww.ispartners.co.za For more informa on about CGF Research Ins tute visitwww.cgf.co.za or www.corporategovernance.co.za For further informa on contact: CGF Research Ins tute (Pty) Ltd Terry Booysen (Chief Execu ve Officer)Tel: 011 476 8264 Cell: 082 373 2249 Email: [email protected]
From the CGF…
BRONZE PATRON – IS partnersopens governance doors for its supply chain
9
On August 20th, Con nuitySA officially launched the Recovery Facility located just outside of Maputo, Mozambique by holding, a breakfast at theCardoso hotel for invited delegates. The event was well a ended withguests from across a wide range of business sectors including financial,communica ons and security to name a few.
Brandon Ross and Wayne Reed presented not only on the BCM Lifecyclebut also on the specifica ons of the newly upgraded facility.
The upgraded facility now has a board room, new kitchen and pause areaas well as a 30Sqm syndicated server room that falls into the Con nuitySAstandards constructed in line with Con nuitySA’s standards.
The site also has a new entrance and recep on area for visitors and clientsto report to and sign in at.
The facility has 60 seats and there is plenty of room for growth. A new Municipality power feed was installed to provide stable power in an areaknown for power related problems.
As you may be aware, the ContinuitySA Recovery Facility inMozambique has recently been upgraded to handle newand larger client requirements. One of the ContinuitySAgoals in Mozambique is to grow the local client base and toparticipate in local IT and Business Conferences, in order togrow awareness.
ContinuitySA approached the AITEC Africa team to discussour participation in the conference held in Maputo duringOctober. The ContinuitySA focus at this conference was todiscuss the difference between BCM and DR – a commonarea of misinterpretation.
It was also a huge privilege to have the Minister of Technology and Science official open the conference which – at anygiven time – was attended by between 70 and 250 delegates. ContinuitySA has already been invited to speak at theAITEC Mozambique conference in 2011 and look forward tofurther contributing to the development of BCM Awarenesswithin the Mozambique business community.
Con nuitySAe x p a n d s
Aitec Conference Mozambique 2010
10
Con nuitySA, Affinity Partner to the Ins tute of Directors South Africa, sponsored the 10th hole at the IoDSAAnnual golf day – in addi on to entering a 4ball to play in the event. Con nuitySA was represented on the day byAllen Smith (CEO), Duane Bester (Solu
ons Design), Wayne Reed (R&D) andJus n Hammann (BDM). The event wasbrilliantly organised and the gi s atsignin were fantas c. The only nega
ve feedback was that the greenscould have been easier!
Con nuitySA – as part of their sponsorship on the day – held a lucky draw andare proud to announce that Mr. JackMashazi, Factory Manager at TigerBrands, was the lucky winner! Congratula ons Mr. Mashazi!
IODSA GOLF DAY 2010
Every year, Con nuitySA acknowledgesthe hard work, dedica on and commitment displayed by members of staff.This year was no excep on! Eventhough the past year was marred bythe doom of the economic downturn,the staff at Con nuitySA con nued toserve with excellence and enthusiasm.
On 11 November 2010, a func on wastherefore hosted at the NiteFeverNightclub in Centurion. This venue wasexcep onally befi ng to the theme ofthe event: an 80’s Disco Party! Characters from the 80’s rocked up in theirnumbers: Rambo, Flava Flav, Irene Carafrom Flashdance fame, Don Johnson ina pink Miami Vice ou it and Kiss toname but a few.
The atmosphere was fes ve and it wasevident that everyone intended tohave a great me! The formali es of
the evening included a few words bythe CEO of Con nuitySA – Mr. Allen G Smith – followed by the Awards Ceremony.
11
With Con nuitySA growing at such a fast pace with all our latest site developments and new service offerings it gives me such pleasure serving
as editor for Client Chronicles as there is such a great deal to reporton. Having said that, the Con nuitySA team remains commi ed tobringing our readers more and more valuable ar cles that will alwayskeep you up to date with our latest products developments and services.
Should you have any Business Con nuity thought pieces or ar cles thatyou would like to submit and feel will serve our readers interest for theupcoming issues Client Chronicles, we value your input and would like tohear from you.
Your thoughts and feedback are most welcome and can be sent to me directly to Kalaivani.Pillay@Con nuitySA.co.za
We hope you enjoy reading your copy of Client Chronicles.
Kalaivani Pillay, Editor
From the Editor’s
desk
Consul ng Person of the Year – Karen Humphris
Service Delivery Person
of the Year
and also
Employee of the
Year – Innes Le Roux
Manager of the Year
– Leonie Cronje
Division of
the Year
– Service DeliveryHardest Worker of the Year Chris na Botha
Sales Person of the Year – Leigh Anne Van As
Finance & Admin Person
of the Year – Daphne Ramlal
Region of the Year – Cape Town