Born To Be Wild

Author: admin

  • How the Insurance & Continuity Lifecycle Works

    How the Insurance & Continuity Lifecycle Works

    How the Insurance & Continuity Lifecycle Works

    Information coming out of the insurance industry is that there will be an increase cost of premiums and in some instance, an inability to get coverage. The thought of not being able to get insurance for most businesses, must be unthinkable. Unfortunately, we may see just that from 2019 onwards.

    Therefore, it’s necessary to start looking where insurance plays a part in your current resilience capability, and when and where you should be reviewing it in your Business Continuity Lifecyle.

    What the ‘Good Practice Guide’ says:

    A holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

    There are four core phrases to BC, and RiskLogic summarised it the best way we knew how; in a lifecycle diagram. If you’re not already doing it, it might be time to bring insurance into the mix!

    business continuity plan

    Step 1: Analyse

    Assessing vulnerabilities and understanding the impacts of a disruption to your organisation.

    Stakeholder engagement
    The most important part of this step in your business continuity journey, is to ensure that all key stakeholders have buy-in on the process. This means that the implementation of the Business Continuity (BC) journey for your organisation is backed by the people from the top.

    Policy and Framework
    Intentions and directions of an organisation that sets out the scope and governance of the BC program and reflects the reason why it’s being implemented.

    Business Impact Analysis (BIA)
    The main technique used for the analysis of an organisations business functions.

    Insurance check point: During the BIA process, when you are identifying the resources required to deliver a critical product and services, highlight the specialist equipment or facilities that would be part of the current insurance policy. At this stage it’s just a case of making a note of these resources which then can be transferred to a list that will require further investigation and confirmation of current loss policy.

    Threat Assessment
    The process of evaluating threats using risk-assessment techniques to identify an acceptable concentration of risks and single points of failure.

    Insurance check point: Check your current insurance policy and risk matrix’s for a comparison.

    Step 2: Plan

    “Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption” – Good Practice Guide.

    Crisis Management
    Strategic plans define how strategic issues resulting from a major incident should be addressed and managed by Top Management.

    Recovery Strategies
    Recovery Strategies will provide a step-by-step guide for recovering your Critical Business Functions ensuring that functions are recovered to meet the Maximum Allowable Outage (MAO) expectations.

    Insurance check point: If you develop a new recovery strategy, could it now mean a reduction in insurance cover?

    Ex. Manufacturing plant 1 is in the North Island and is insured for 1 million. Manufacturing plant 2 is in the South Island is insured for 1 million. Both plants have the same setup and can manage extra capacity if either is out of action. Should you be paying the same premium for both sites? Talk to your broker.

    Business Resumption
    A business resumption strategy contains a series of actions and steps designed to return the affected business to its preinterruption status and includes restoration or relocation of facilities and resumption of operations to maximum capacity.

    Insurance check point: The faster you recover, the less assistance you need from your insurance company. You should be getting rewarded for that! Talk to your Broker.

    IT Disaster Recovery
    A task orientated document designed to provide the IT disaster recovery team with the tools to identify, assess and respond to company-wide incidents effecting IT infrastructure, software or hardware systems.

    Insurance check point: Do you have cyber security plan? Do you really know what you are covered for?

    Step 3: Validate

    “Build capability, rehearse and test your program to demonstrate your level of preparedness”.

    Awareness Training
    It is essential that all individuals undertaking BC related tasks at any level have the appropriate level of competence for the role through:

    • Training
    • Knowledge
    • Experience

    Crisis Leadership Training
    Suitable for senior leadership with overall crisis management responsibilities. Training specifically designed to build awareness, critical skills and crisis leadership capabilities of your team using the latest experiential learning techniques and real-world case studies.

    Component Testing
    A testing regime to provide appropriate coverage of all agreed business continuity recovery activities. This includes defining performance indicators and establishing test scripts to validate the recovery of critical business functions as identified in the Business Impact Analysis.

    Scenario Exercises
    Rehearsing an organisations Business Continuity Program via realistic, hands-on scenario exercises is critical to:

    1. Build familiarisation with staff roles, responsibilities, processes and available tools
    2. Identify practical program improvements
    3. Provide a high level of stakeholder assurance in an organisations recovery capability

    Insurance check point: Invite your broker to your scenario exercises. Get immediate feedback on potential outages and how you will be covered or not covered by your current policy. Provide your broker with your exercise report, demonstrate you are resilient, negotiate a new premium.

    Step 4: Maintain

    Review and rehearse your program to build resilience and ensure continual improvement through:

    • Reviews & updates of your entire program
    • Annual training for your response teams
    • Annual exercising for your response teams and staff

    Insurance check point: Make insurance check part of your annual Maintenance program.

    In summary, Business Continuity needs to be a business as usual activity preparing for extreme events. Your organisation should plan for the worst but hope for the best. If you have put the time in and demonstrated you are resilient, you should be reward for that. You’re a low-risk organisation and that should count for something in these drastically changing times.

    Contact Us today to learn more

  • Netflix’s ‘The Horn’: the Epitome of Resilience

    Netflix’s ‘The Horn’: the Epitome of Resilience

     

    Please note, this article contains subtle spoilers on the Netflix documentary, The Horn.

    At our RiskLogic sessions on Business ContinuityEmergency or Crisis Management training, we usually ask what our classes summary on resilience is. Personal experiences mixed with what they’ve read online produces a variety of answers, but we believe we’ve found a visual example of the perfect response.

    It’s called The Horn, and it’s a Netflix documentary now available to stream.

    In summary, The Horn follows the paramedics and helicopter pilots of Air Zermatt, a specialist rescue organisation located at the base of Switzerland’s famed and ferocious, Matterhorn.

    The Matterhorn Mountain and neighboring peek. Located in Zermatt, Switzerland. 

    The film crew obtained unprecedented access to the extreme conditions and work that these men and women do, resulting in a dramatic, beautifully shot documentary that can make most jobs feel somewhat…neutral and safe.

    I wanted to dive into the key aspects that make it so relevant to what we’re training out and what RiskLogic’s own values are.

    I broke it down into five key sections that relate to the six episodes available:

    1. Team work
    2. Resilience
    3. Planning & Training
    4. Communication
    5. Passion

    If you’ve not seen the documentary yet (stop reading this and go watch it!) and/or have little knowledge of the Matterhorn in Zermatt, here is a quick breakdown:

    • Matterhorn height: 4,560m tall (836m taller than New Zealand’s Mount Cook).
    • Zermatt ski slopes and tourism: 200km of slopes (21km in summer), 3 million tourists per year.
    • Sport undertook in the area: Skiing, snowboarding, hiking, climbing, mountaineering, base jumping, abseiling, hunting, paragliding, heliskiing, sledding, ice-skating and much more.
    • Number of rescues: 1,600-1,700 per year (nine available helicopters)
    • Fatalities & climbs: 500+ climbers have died on the Matterhorn, 2,000 make the ascent to summit annually.
    • Weather: Due to its location and size, it creates its own weather system, making it one of the most challenging rescue locations on earth.
    • Rescue range: 2,000 square kilometers
    • Staff: 6 full-time and 5 freelance pilots; 5 certified flight instructors, 7 paramedics, and 15 mechanics.
    • This year marked their 50th year operating.

    1. A Perfect Example of Teamwork

    The teamwork Air Zermatt portray is second to none and shown almost immediately in episode one. No more than thirty seconds in, you’re introduced to the extreme conditions these specialist rescuers are put through.

    Dangling from a 30ft long rope in a tight crevasse, carefully held and directed from his team above, Simon, a mountain rescue specialist is slowly making his way to his patient. A mountain skier has fallen into one of the most extreme places on earth, and his only way out is from the perfectly rehearsed teamwork the rescuers possess.

    Simon is a volunteer and highly rated by his peers as one of the most experienced mountaineers available. He races into Air Zermatt when he is required and called – all year round.

    Jumping into the helicopter seconds from taking off, he is briefed and begins preparation. Everything is seamless. The pilot and the paramedics are happy to see Simon again. When they land, he assesses the situation and decides on a plan that everyone trusts and acts upon. Within a few minutes of landing, Simon is meters away from his patient, beginning the procedure and rescue as planned.

    Simon Anthamatten of Air Zermatt

     

    Although the scenes after this may be distressing to some, it’s a brilliant ending to episode one that portrays an ultimate level of brotherhood and faith in one another.

    Almost every ten minutes within the show, you are introduced to more examples of their impressive teamwork. Episode four introduces you to the junior paramedics who are going through their training. What stuck with me was that their tutor/trainers are paramedics employed by Air Zermatt, not at a University or a training school. The people who taught them will be the people they work alongside. With this, a dynamic but extremely effective routine is set up early on and followed throughout their careers.

    “I just need to tell you how amazed I am by the level of teamwork you displayed”, a patient declares to his rescuers.

    Everyone knows the drill, there is no question of capability. Everyone seems to know exactly where everyone is, even when they’re 30ft beneath the snow.

    2. Resilience

    Episode five and six talks of the mission during one of their busiest periods. Air Zermatt is put through extreme conditions regardless of the tourism boom, but in the height of the season, they are seen rescuing 20+ patients a day. With nine helicopters and an average of an hour per rescue, days are long and exhausting. For the team though, not having enough time to finish lunch is the norm, but not being able to complete the mission isn’t.

    In one instance, a hiker heads out on an easy, up-and-down route to a pass. Here, he is struck by a devastating white-out that brings with it extreme fog and winds. He pitches his tent right where he stands and assesses the situation; it’s not good. With only a day of food and three days of water, he decides to activate his emergency beacon, Air Zermatt pick this up instantly.

    As you’d now expect, the pilots are in the air within minutes, however, they’re confronted by extreme weather and simply can’t get to him. With a small signal, the team can keep in touch with the stranded hiker over the phone, but by day three, his phone dies.

    One of the four Air Zermatt helicopters

    “This is going to be really tricky. The weather conditions are quite bad this close to the ground. There is no way, I’m sorry, we can’t make it tonight” radios the pilot back to base.

    Throughout the three days this mission runs, the team have no choice but to carry on with other rescues while the weather clears. Their minds are on the job, but also with the lost hiker.

    “Sometimes, I go home and try to switch off, but my thoughts are still with the patient, stuck on the mountain. I get to sleep in my bed, but he is still there, trying to survive”, explains senior paramedic, Patrick.

    Patrick Wenger — Air Zermatt Paramedic

    By day four, an exhausted team has no choice but to head up the mountain one more time, they see a break in the fog. Upon approaching, they explain a detailed situation to the French specialist rescue team they had picked up beforehand. Setting them down onto a small ledge, the team begins the search for the tent. It’s here their resilience is shown once more.

    Despite the odds and likelihood of a rescue, the team pushes on. Communications are passed throughout the base and plans are put in motion. Paramedics remain on site, pilots prepare to take over the pickup, hospitals are on standby. Everyone has done this before, they are calm and collected.

    “They are sometimes called the heroes, although they say they just do their jobs…they changed my life”, says the stranded hiker.

     

    3. Planning & Training

    Air Zermatt runs like clockwork after fifty years of operating. They’re dealt with many varieties of situations and seem to have a plan for every one, but we all know that’s not the case. There are simply too many scenarios possible to have an individual plan for each, therefore, you must assess and group them into priority areas.

    In one episode, the siren once again sounds throughout the base. A key member of the show, Patrick learns of a patient on route, but soon finds out her status, code blue.

    Netflix's 'The Horn' is the Epitome of Resilience | by Ollie Law via Medium | RiskLogic

    Senior Paramedic and Doctor, Axel Mann.

    Code blue is one of the more serious situations the team can deal with. It is a patient who will not survive long enough to get to a hospital and is effectively classed as ‘dead’. The paramedic’s job is to work fast and precise to bring them back.

    The patient is brought into the hanger on a stretcher and almost like a rehearsed dance, the six crew get to work in between the docked helicopters.

    “OK, everyone pauses. Take a breath. OK, let’s go again…” orders one of the paramedics.

    It’s the middle of winter, but the crew are soaked in sweat from their efforts. In the background, mechanics stare and observe the tense moment. The camera crew keeps a distance.

    Jump back a few episodes, and you get a glimpse of how the team prepares for this. During a lunch break, the trainee paramedics are called urgently to assist with a seizure case. Slightly confused and disorientated, the two are caught off guard and need to regroup themselves.

    Junior Paramedics in an emergency drill

    When they enter the hanger, they see senior paramedic Patrick sitting on a chair having a “seizure”. Despite knowing this is a drill, the team take it extremely seriously and grab all the relevant equipment.

    “I think that is the best communication you’ve had so far. You kept relaying the steps and did your A.B.C’s. If you keep this up, you can both be great paramedics”, Patrick praises after the session.

    For pilots, their job roles are drastically different and require their attention to be on the safety of their colleagues. In the series, every pilot classes the other as “probably the best in the world”, but it’s the training they give themselves that brings that to light.

    After 14,000 hours of flying, CEO Gerold is their most experienced pilot and only took the top job on the agreement he could continue to fly. But even he recognises the need to constantly train. In episode four, he is assessed by his colleague and junior on his capabilities.

    Despite a flawless assessment, Gerold showed a commitment and standard to all by ensuring he was not exempt from continuous training and preparation.

    Netflix's 'The Horn' is the Epitome of Resilience | by Ollie Law via Medium | RiskLogic

    Air Zermatt CEO, Gerold. Photo credit @POSTAS

    His senior status is nothing but a title on paperwork back at base during rescues. Everyone recognizes the need for teamwork and even when this is practiced, it is treated as equal.

    4. Communication

    It’s next to impossible to pick out one example of communication within the organisation. Each employee speaks at least three languages, they express a constant drive to keep everyone informed and can present themselves on an equal level to their patients during a rescue.

    That is of course, to the exception of Axel.

    Senior Paramedic and Doctor, Axel Mann.

    Their most experienced and senior doctor seems like an older version of The Terminator and is a typical German/Swiss with ‘Mann’ as a surname. Honing a weathered face, strong jaw and large eyebrows, Axel would come across as the last person you would want to attend to you, but you would be wrong.

    “Axel is amazing. If you are in trouble and Axel is there helping you, you will be good. I have rarely seen him make any mistakes in the thirty years we have worked together”, CEO Gerold Binor explains.

    During one episode, Axel is trying to attend to a young woman who has a concussion from a skiing accident. She is disorientated and confused trying to get free from the stretcher. While trying to do his job, Axel speaks up and orders the lady to listen.

    “HEY! Listen to me OK, we’re trying to help you, you need to stay still and let us WORK!” he points and shouts to her.

    It’s a mixture of humor and aggression that comes from Axel’s personality, but his approach is effective. He only speaks when it’s necessary, and when he does, everyone listens. His credibility and experience have created a foundation of trust and respect for Axel from his peers. It’s concise, it’s professional and it gets tasks done.

    Later in the series, Axel is called upon to assist with multiple rescues on a ski slope. By the fourth rescue, the weather once again sets in. The helicopter leaves with two patients and not enough room for Axel.

    His cell phone rings, “Axel, the pilots have said they can’t get back to you, it’s too foggy now, sorry”. “What am I supposed to do, it’s an hour walk back from here”, Axel asks. “Gerold says get creative”, responds the lady at HQ.

    Despite his aggressive look and boisterous approach to communication, Axel manages to convince skiers and mountain staff to make a sled, and ski him down. In a hilarious shot of this senior doctor being led down the slope behind skiers, his phone rings again.

    “Are you being creative Axel?” the HQ lady asks.

    5. Passion

    By now, you’ve likely got an idea of their commitment and passion for their roles. A love for their jobs, their colleagues and mission has produced a company that can set an example for the rest of the world. They believe in what they do and are prepared to spend hours perfecting it.

    If it wasn’t for the passion for learning, saving and excelling at their jobs, many more lives would be lost on those mountains. This is something we could all learn from.

    It was perhaps the last quote by CEO, Gerold that summed it up best.

    “All these questions, they arise, and you learn, and you try to figure out the best way for yourself. Mainly it’s a school for life what we do here. Sometimes in a very hard way, but that’s what it’s all about. Being a human being…”

    In conclusion…

    We were pleased to come across this documentary, not just because of how well it’s put together, but because there is another great example to touch upon when we meet people now. Another case-study that we can use to perfect our own resiliency and revisit to inspire plans and actions.

    I highly recommend watching The Horn when you have a chance, but when you do, ensure you concentrate on the key elements that assist them in their jobs: teamwork, maintained by communication, progressed with resiliency and set upon a passion for what they do.

    Until next time, plan, do, check and act…

    Contact us today to learn more ->

  • Bangalore’s Organised Chaos & it’s Effectiveness

    Bangalore’s Organised Chaos & it’s Effectiveness

    Same country, different client.

    You may remember last year, RiskLogic shared our trip to India; our furthest trip with a client. Well, now I’m back, but this time it’s with a leading IT organisation.

    If you’ve ever rung an IT helpdesk for advice or support external to your business, chances are the phones getting answered out of the Manyata Embassy Business Park, in Bangalore.

    A site that manages to cater for 100,000 employees every day working for some of the biggest names in the Tech Industry.

    My week in Bangalore saw me at the park every day and it brought a whole new meaning to the phrase, organised chaos.

    Getting around

    Everyone is on a mission in Bangalore, and if your scooter, car, bus or Tuk-Tuk has a faulty horn, it’ll stay at home. The overpowering presence of loud noise is what (somehow) controls the waves of vehicles and pedestrians. Align this to the smells, heat and towering buildings; you’ve got yourself organised chaos.

    With a population of just over 12 million, and the average house owning 2 vehicles, you question what actual room they have left, but somehow, they make it work.

    After yet another nail-biting drive to the office with my driver Srinivasa, I’m dropped at the front door to my client. Out of the heat and into the world of air-con again.

    Being flexible for your people

    After several layers of security, I finally get to the meeting room. It’s the first time I have been asked to write down the serial number of my Microsoft Surface Pro at the security desk. Now where would that be?

    I’m back in India again to do what we at Risklogic do best: making companies more resilient so they can better serve their key stakeholders.

    Business Continuity is what we live and breathe, and a standard project would normally run over 3 months. This trip, I have 5 days (the same timescales as my week in Prague!)

    We are known for flexibility here at RiskLogic, we make it work for the client. Of course, some careful planning and pre-trip preparation (during the long-haul flights) is required with condensed deliverables, but we get the job done.

    For me, the professional preparation and flexibility for clients, although tiring, opens up opportunities for more effective conversations when it counts. 

    An Indian example of communications

    There are 300 different dialects here in India, which not everyone speaks, so English is the foundation language; handy!

    The Indian team is great, smart, professional and passionate people. It makes the process flow and we get the job done.

    They are very passionate about delivering to their key stakeholders and take business continuity extremely seriously.

    They must, when your RTO’s (Recovery Time Objective) is set at 5-minutes, preparation is key.

    The pressures of being an 8-billion-dollar company can be seen on the faces of the managers I’m meeting with.

    The second day on site, I’m informed that there will be a fire drill. Of course, my ears prick up, this should be interesting.

    A fire drill for an $8b company

    We are in a building of about 1,000 people, my client occupies the 3rd floor of this 7-story building.

    The alarm sounds, and we start to evacuate, the siren is ear piercing in the stairwell, I really want to get out, that’s the point I guess.

    The rest of Manyata Embassy park is business as usual of course and the cars, trucks and scooters don’t stop around the mass gathering we’re accumulating.

    Several wardens direct us to the assembly area stopping cars and trucks on route and we start to line up in company lines, a good 500 meters away from the building. Check!

    I can hear some guy directing everyone over a PA in English, hundreds of people are listening. Perfect, another check.

    After about 5 minutes, the PA man starts to talk us through the importance of evacuation drills with some real-life examples of real events that have not run as smoothly.

    He doesn’t mince his words. He is full on now into an Emergency Management trainingsession and explains what everyone should know; how to evacuate your people with and without any equipment, two and one man carry, fire extinguisher training, even loading causalities into the back of an ambulance. The lot.

    I’m impressed with the whole session, and the main message for me is what I’m always telling my clients.

    One of the few times you can get all your work force in front of you is during an evacuation drill. 

    Lessons learnt

    Use the time wisely, it’s a great time to spread a message about the importance of Emergency Management or Business Continuity and anything else needed to be communicated on a large scale.

    To an outsider, the noise and huge amounts of people can trigger some major anxiety and overload of senses, but to the locals here, they’ve mastered how to ensure everyone listens when it counts. Really impressive stuff.

    The rest of the week goes well, finishing off with some training and a mini-exercise for the newly formed Business Continuity team, who still have a lot to learn, but they’re as committed to BC as they are to business as usual and proud to be resilient for their global client base.

    Next stop, the Czech Republic where we reset and start the process again. A new team but the same client and no doubt some new challenges and lessons.

    Until next time, Plan, Do, Check and Act…

    Contact Us today to learn more

  • Business Continuity in Prague | Four Key Points

    Business Continuity in Prague | Four Key Points

     

    This week, we at RiskLogic found ourselves in the Czech Republic, Prague, continuing the work we had started with our new client the previous month in Bangalore, India.

    Although my client contact was the same, the team was new. Within five days, we had to complete a 3 months Business Continuity program, so timings and delivery were intense.

    It was both exciting and bizarre to be in Prague. I can’t say I’d ever thought I’d be consulting there nor India before it, but here we are.

    Our client base is growing and with it, their reach and need for global business continuity solutions. So, the business reached out and RiskLogic provided.

    In fact, I wasn’t the only person overseas this month. Briony from our Melbourne office is in Milton Keynes, England while Simon, our Regional Manager NSW, QLD & ACT, is in the United States.

    During my time in this amazing city, I picked up on four points I think are important to reiterate and share with my network.

    Here they are below:

    1.     Communications

    I found that having this at its highest level was vital, not just with the client, but internally at RiskLogic too. Maddie, based in our Sydney HQ was supporting me to complete our Business Impact Assessment (BIA) we were completing on site.

    Maddie was able to do this while also completing an induction for our new staff member, Mary. Really impressive stuff!

    I made it clear early to my client that her timezone was a day ahead, it would bring challenges, we’d all need to be flexible. If she rang me with a query, everyone stopped. If a report was required, everything was on hold.

    With the client, getting a whole organisation into a BIA meeting within two days was a significant challenge too. Especially as the flu season has arrived here in Europe (I got my fair share of that too).

    With people off sick, I wasn’t hopeful we’d get many meetings completed; I was mistaken. My client contact, Choon-Hian had worked hard on presenting the importance of this week, and sure enough even sick staff were logging in and conferencing over the Cisco system.

    That brings me onto my next point…

    2.   Buy in: do the hard yards

    When you’re introducing a new program, don’t just talk to the senior stakeholders in the process, communicate it company wide.

    You don’t need to hold massive conference meetings, you don’t even need “all user” emails sent out. Just start small drips of concentrated information that will be talked about internally naturally – like a viral bit of news.

    This client is huge, they have large offices all over the world and some of the biggest clients available. Choon-Hian is from Singapore, my other contact, India, a systems support manager from South Africa and the boss back in Sydney. When you fly three overseas staff members and a senior manager from New Zealand to your office, your business understands the importance of the project.

    But that still shouldn’t be all you do.

    I saw Choon-Hian constantly let even the most junior of staff know his wider BC plans. “By 2020, I want this organisation ISO 22301 accredited, so this is the stepping stones to a 2-year journey”.

    3.    It’s a journey to invest in

    Choon-Hian was full of great quotes and is a committed and enthusiastic BC professional. After showing him our incident response pyramid, Choon-Hian got it and began sharing this way of looking at BC to the wider team.

    Business continuity lifecycle risklogic

    “This is the beginning of a new journey, not the end” he says one afternoon to the team. He encourages people to understand that this may take some time, but it’s ultimately going to change the face of the business.

    Any organisation can have a business continuity program, but if no one is invested into it, it won’t be used when it’s most needed.

    Choon-Hian avoids this by constantly reiterating the values and importance of the program. However, he’s careful with his words and can thoroughly explain his plans to the team and wider business. As an outsider trying to deliver a project to a client, its a breath of fresh air.

    4.    BD: servicing the most important clients

    I can’t talk about my clients critical stakeholders, but let’s just say one of them creates some of the most beautiful machines and had a revenue of 99 billion euros in 2017. That’s an important client!

    At the far end of my clients building is a secure area which is solely dedicated to this critical stakeholder. A huge, silver wall with the client’s logo, a very recognizable logo may I add!

    You can’t enter without a special pass, so we’re escorted in. Inside are tech wizards sitting with no less than three monitors and two laptops. Numbers and strategies line the wall while automatic blinds shut out outside interest; this room means business!

    How do you build confidence in a client that’s given you all their most personal details, making that much revenue? You show them your business continuity plans.

    During a recap meeting, a senior stakeholder walks us through where his team operates from. Choon-Hian explains the plan for ISO 22301 accreditation by 2020 and I top it with “that goes a long way when it comes to BD and credibility for new clients”. “Oh, you don’t have to tell me twice!” he says. “Being ISO accredited has been the deal breaker for us in the past”.

    Internal and external branding on a global scale was huge for this client. Huge pictures of Prague lined at least one wall in the meeting rooms.

    Abstract shapes line the windows, and I’m told this is consistent on a global scale. For their BC, it’s the same. We’re already talking about what’s happening in the States and Malaysia. Its great to work with a client who understands the requirement to role out BC across all of its critical Products and Services, wherever they are based.

    Brad Law Prague BIA

    Conclusion

    What a fantastic month we’ve had so far. I have a growing team of professionals like Mary (who completed a report for me on her second day of work!), Nick who has more enthusiasm for his new role than most, and of course my son, Ollie, who was great to have around this week assisting in the meetings and scenario exercise in Prague.

    This client makes it easier too. Constant communication with me, passion for the program and a drive to get fully on board with a 2+ year journey. Seeing such large-scale implementations and communication is inspiring. The guys at the top should be proud of their team.

    Until next time, plan, do, check & act…

    Contact Us today to learn more

  • The Buzz Word: Denial

    The Buzz Word: Denial

    It took two massive earthquakes to wake up New Zealand to the realities of natural disasters. Almost all professionals we meet, share the same key worry surrounding earthquakes impacting their business, despite the ever-present threat of cyber-attacks, supply chain issues and loss of key staff.

    So, if another event of such magnitude is front and centre in professionals’ minds, why do businesses still fail to prepare? Day three perhaps may have answered this; denial.

    Christchurch

    The group were asked to describe some of the barriers to embedding Business Continuity (BC) within their organisation. The key word appearing was “denial”.

    Denial is usually part of a more complex reason, but ultimately, it’s key stakeholders finding any excuse to keep the Business Continuity Plan (BCP) at the bottom of the in-tray.

    Many businesses in Christchurch showed exceptional resilience by getting through two major events. They have found ways to crawl out of the rubble and rebuild to continue operating. So, why would they ever need a BCP?

    RiskLogic and Aon put the question back on the open floor discussion that morning.

    “We have to get realistic though”. During the 2011 events, there was an understanding and level of support from external parties and key stakeholders. Businesses accepted that invoices or services were going to be delayed. Everyone seemed to be in it together, and no one was to blame. However, if it was just your business that had an isolated event, like a cyber attack or reputational incident. Will those key stakeholders or clients be so understanding? Especially if your business has no BCP to use in a recovery effort.

    Thankfully though, all our delegates were committed to insurance and BC. Unfortunately, they’ve learnt just like all of us that it’s rare for other professionals to be as committed to it.

    What are some of the major barriers to constructing a thorough BCP that will help your business get through in times of crisis?

    • Use research information to demonstrate the likely threats, like the Global Economic forum report.
    • Gather data on similar businesses that have an outage that you can relate back to your own business.
    • Run BC awareness sessions at your company at every opportunity, like during evacuation drills.
    • Talk to your insurance brokers about being rewarded through premiums for having good resilience plans in place and demonstrate this back to Senior Leadership.

    Rounding it up

    After three great days across New Zealand, Aon and RiskLogic were fortunate enough to meet and support some of the most passionate professionals this country has to offer. Being able to discuss face to face what changes will come in 2019 and providing solutions to this is what makes our country so unique on a global scale.

    The insurance market has never been so hard, we all must work together to make sure we are going to get insured for the future. The insurance companies aren’t just playing hardball, 40 billion dollars in natural disaster payouts occurred in NZ in 2017 alone! They, like us, need to make a profit, because if they don’t, they will disappear. If that happens, then no one will have insurance…

    We don’t envisage the Aon and RiskLogic partnership stopping here. Discussions are already underway on how we can provide more world-class content and resources throughout 2019; providing more opportunities for professionals to attend seminars and obtain unique advice to help organisations get through in times of crisis.

    If you don’t want to wait for that to happen, you can email us direct now to begin discussions on an insurance & continuity plan that will put you at the forefront of resiliency.

    Email here: info@risklogic.co.nz

    Contact Us Now

    View Day One Video
    View Day Two Video
    View Day Three Video
  • Mass Supply Chain Issues | A German Case Study

    Mass Supply Chain Issues | A German Case Study

    When you think of drought, Africa, South America or the Middle East usually springs to mind. It’s unlikely Germany resides in this list. However, this year marks its worst drought on record.

    If you know anything about Germany, you know that their two favourite things are fantastic beer and delicious potatoes.

    You could understand my surprise when I learnt the price difference in potatoes and beer. It was cheaper for us to fill up on thick wheat beer than a high-carb vegetable. After some research, I found out that Germany had recorded their hottest summer on record this year, which has contributed to extreme impacts on the farming industry.

    Emsland Group, a potato processor with seven production plants spread throughout Germany, has announced their worst year of product numbers. This has directly affected their suppliers, clients and resellers.

    It’s easy to forget that potatoes are not just something that accompanies your grandmothers’ delicious roasts. Emsland Group reports that Potato Starch, Protein and Fibre, Potato Flakes, and Potato Granules make up over 60% of their order list, while potato chips take up the remaining 40%.

    Interestingly, New Zealand saw an almost identical crisis last Christmas when news broke of depleting potatoes supplies. Pack n’ Save became the first supermarket to run at critically low levels of potato chips, while news reports urged people to “stock up now” before the holidays.

    For these suppliers, raising prices does not and cannot happen immediately. For the German suppliers, they forecast and schedule a price increase for late 2019 as a result of this year’s drought. This means not only are customers affected by lack of produce, they are also affected by price increases over the next 12 months.

    Fortunately for the Emsland Group, a plan had been put in place prior to this crisis. One they actioned upon once warnings of a 2018 drought became known. They named it the Emsland Group Assurance model.

    In a nutshell, this model supported growers by offsetting a portion of the damage incurred from the drought. Emsland Group offered growers a drought subsidy and also provided incentives to deliver as much raw material as possible. Therefore, they could maintain effective relationships with their major clients and suppliers simultaneously.

    However, a spokesperson from Emsland Group said that “we cannot keep these incentives up in the future. We must find a new way to combat drought or set customer expectations”. She acknowledged that many of their resellers were becoming increasingly concerned of the future of the product.

    There is likely a discussion occurring between stakeholders regarding climate concerns, but we’ll leave that to the experts. The conversation here is being prepared whether you believe in it or not. A supply chain issue (whether you are the supply chain or rely on them) is the crisis to avoid.

    For Emsland Group, they had a plan that they initiated. But they’ve recognised that by 2019, it will be out of date and they are likely working on plan B. This is important and is often forgotten in large organisations where many gatekeepers are found.

    As important as your Supply Chain Plan is, it will change every year (at the least). Emsland Group knew their farmers and they had a handle on fulfilment numbers, but this will change next year.

    You must use this example as an excuse to check your own procedures. RiskLogic encourages you to think out of the box. You may have nothing to do with the agriculture industry, but it’s guaranteed you rely on suppliers to operate.

    Suppliers could be a telecommunication network, a rented/shared office space, online storage…the list goes on. If any one of these were to go down or cease to exist without warning, what are your plans? Could you get back to Business as Usual as quickly as possible?

  • Stimulating Interest Before a Crisis Event

    Stimulating Interest Before a Crisis Event

    On the 30th of October, New Zealand was again rocked by a 6.2 earthquake south-west of Taumaranui. This is nothing unusual for a Cantabrian, but my hotel in Wellington swaying and rolling certainly caused some beads of sweat.

    A few hours later after my first meeting of the day, a contact calls me up to give an update on his two-year Crisis Management journey.

    Referring to his CEO, this contact had spent the better part of two years simply trying to get sign off on a company-wide, online Crisis Management Solution. It was a 6.2 earthquake only 200kms away that finally initiated interest.

    I guarantee I’m not the only one who had this conversation on the 30th. In fact, you can see a genuine spike in password updates and McAfee/SAP subscriptions after a major cyber-attack like the WannaCry Ransomware attack in May 2017.

    We shouldn’t be using an event as an excuse to investigate business disruption programs, but it can take a significant event to stimulate interest, that unfortunately will never change.

    If by chance your CEO didn’t arrange a meeting after the 30th October’s earthquake, did you take it upon yourself to arrange one anyway? Although I don’t recommend waiting until an event, it is a perfect time to revisit the programs you want to implement and encourage interest to the next level.

    The trap to avoid is when your executive team is only inspired to act post-event. RiskLogic often sees organisations doing three things:

    1.     Leaving their crisis team in the docks until it’s too late,

    2.    assuming if we’re in a crisis it’s too late,

    3.    failing to over-escalate followed by rapid de-escalation during an event.

    The proven way around this is through training & exercisingGet your response team in a safe environment, practice the steps and prove your point around the importance of preparedness.

    During the meeting

    My contact finally got the call and was ready; she’d been waiting for this moment for a long time. We had discussed six months ago that the best way to make this meeting count was to essentially go in with a prepared proposal.

    During the period where you’re not getting the call-up, you should be arranging all of that. Your job is to do this in-between events and ensure it’s seamless for when it needs reviewing and actioning. I know how hard it is to generate interest in this subject, but as resilience specialist, it’s our job to highlight the risks, all the time, not just post event to the leadership team.

    Make it so straightforward, it’s impossible not to move forward on it.

    There are other threats outside of EQs

    Yes, believe it or not, New Zealand has other major crisis events that occur all of the time. The most common being cyber-attacks. They are silent killers for organisations and often go unnoticed until it’s far too late.

    If you’re subjected to a major cyber attack and fail to have plans in place, it’s highly unlikely your insurance provider will pay out for your lack of preparation. Even with something we can’t help, like natural disasters, insurance providers may fail to compensate you in the future. As I have mentioned in a previous article the insurance landscape is changing.

    If you can get the chance of that meeting with your CEO, make it count, they don’t come around too often. Highlight the risks to them now, not post event, take action and get prepared.

    Until next time, plan, do, check & act…

  • Why You Need to Consider A Crisis Communications Plan

    Why You Need to Consider A Crisis Communications Plan

    When an event occurs, usually it’s one that effects a larger variety of people and organisations. Seldom are you at the very centre of that event or having to explain why it happened. However, as we know, it can happen – no matter how unlikely you think it is.

    CEOs and Boards need to be aware of the critical gap that keeps opening between business-as-usual corporate communications, and best-practice crisis communications.

    Many leaders train or mentally prepare for day-to-day contentious issues, but few successfully manage a full-blown crisis because they have a mind set of “it’s unlikely to happen to me”.

    Communicating effectively while facing cameras or media outlets while your company is being held prisoner during a ransomware attack takes skill. It requires crisis experience, frontline case studies you’ve been a part of, and an utter, intense knowledge of your plans and how to communicate them.

    Many get it wrong, especially in political arenas. Many pass it to the next person or a PR Agency who are “representing the brand”. If you’re the CEO, if you’re at the top, it’s your job to deal with this. Your resilience team should have this in their best interest and part of their annual objectives; to get you trained up and confident.

    Research by Pentland Analytics highlights that in the 12 months following a crisis, there is a 45% difference in shareholder value between those leaders who responded well, and those who didn’t.

    So, what is the solution?

    You need a communications team who can navigate effectively through reputational storms. They need the hard-and-true experience of real events under their belt, and those who can work under enormous pressure with a smile on their face.

    With a little planning, training and exercising, your communications team can be transformed into seasoned crisis specialists. – Tim Archer, Head of Communications

    Where do you start with crisis comms?

    Keeping things less complicated is always a bonus, but we pride ourselves in programs that are straight forward and follow simple checklists to see where you’re at. A sanity check if you will.

    We run the ruler across your Crisis Communications Plan and get to know your team. Understanding your current processes (or lack of them) allows us to then place a training program and modules that relate to you as a business, not just regulatory.

    Often, we meet with your Head of Communications and Chief Risk Officer and understand your current media and communications capability. This then aligns to a full report.

    But, you can do these steps yourself by simply gathering what you currently have, note down three possible events (Earthquakelockdownscyber-attack), and locate the processes in place to communicate how your organisation is going to handle them. If there is nothing there, it’s time to consider some training either by outsourcing, or planning internally.

    Get effective with a Crisis Communications Plan

    All US Presidents have one. It’s a list of bullet points or green, amber, red responses to tricky questions during an interrogation by the media. These are regularly put together by experts who can know more than what most leaders do. Just watch The Final Year, a Netflix documentary about Barrack Obama’s final year as US President to get an understanding.

    If you don’t have a dedicate individual/s to look after a response, or a dedicated plan, you’re going to be in deep water, very fast.

    A slow or poor response can potentially escalate and exacerbate the reputational damage to an organisation. Let’s take the recent media feedback from many New Zealand schools and their care towards students. This year saw much criticism around principals having effective plans in place.

    At RiskLogic, we don’t barge in and tell you you’re doing it wrong. We collaborate with the leaders and communications team to develop scripts and plans that match who the individual is. A PR agency for example will spend a lot of time considering the brand (which is worth doing), but no time getting to know the person who will be in front of the cameras. How confident are they?

    Our user-friendly plans are transferable internally too. It’s a critical component to your wider Crisis Management Plan (that we merge for you), and ensures a strategic, methodical response.

    Getting the training in is vital

    The plans, strategies and objectives are all useless unless you practice them. We recently ran an exercise where, unbeknownst to our lead subject of the organisation (the CEO), a significant event had occurred that morning. Protestors formed outside one of his properties four hours before.

    During the exercise (which involved real cameras, his team and real case studies), our Communications expert, Tim Archer carefully and gently walked through some basic, non-threatening questions. This CEO found himself slouching, relaxing and enjoying this unusual training.

    “So, Mr. Smith, can you tell me about the protest going on at [location] right now?” Tim asks. “Yes, we managed to get on top of that an hour ago and have released a statement via social media”. Neither of that was true, in fact, the CEO realised that the information from the questioning was too specific for it to be a drill.

    Tim kept drilling. Soon, this clients tough, resilient wall was beginning to crumble under the intense questioning. No plans had been discussed to cater for these very forward questions. Soon, in the safety of their training room, the session ended, providing significant review opportunities.

    If you’re not sure where to start, just start here

    Don’t put this on the backburner. It’s worth at least understanding if your organisation has even the minimum in place. If you find it’s well matured in media communications, then excellent, it’s time to test it – regularly.

  • Is Your Business Ready For The FENZ Emergency Scheme?

    Is Your Business Ready For The FENZ Emergency Scheme?

    One year in for New Zealand’s updated fire and emergency regulations (FENZE Scheme & Procedure), how confident are you that your business has the right emergency procedures in place?

    Evacuation schemes and procedures

    As of 1 July 2018, most New Zealand buildings must by law have an approved and managed evacuation scheme or procedure. The exceptions are residential homes or complexes with three or fewer household units.

    This is the result of a new regulation under the Fire & Emergency NZ (FENZ) Act and, although not as in-depth as our neighbouring Australia’s regulations, the new requirements are still causing some confusion for organisations and businesses trying to stay compliant.

    There is particular confusion amongst businesses around whether an evacuation scheme or procedure is neededThe diagram below sheds some light.

    FENZ Regulation Evacutaion and procedure scheme diagram

    Other changes under the new regulation include:

    • colour and layout of building fire action notices
    • fire-fighting equipment for older buildings
    • new application deadlines and requirements for FENZ approval
    • adjustment to evacuation schemes or the power to revoke by FENZ
    • changes in trial evacuations
    • requirements for building owners to notify FENZ of certain events.

    Although NZ’s commercial and industrial safety history is good, many have failed to adjust to and maintain these requirements. Those who have, however, have seen a positive response during insurance renewal periods, as well as quicker adjustments to new premises they’ve obtained.

    Lockdown and shelter in place

    Whilst every site must now have an evacuation procedure, this still leaves questions around the latest concerns: lockdown and shelter in place (ie, the opposite of evacuation).

    Many industrial outfits close to Christchurch airport were put into lockdown immediately after the Christchurch attack on 15 March—a seemingly unlikely event for these businesses. One confirmed armed police prowling their loading docks, creating panic for staff and stakeholders on the business’s preparedness.

    With growing focus on this new threat to New Zealand, businesses are assessing which staff need detailed training, how they maintain a programme, and how they align this to the updated evacuation requirements.

    Mix in the issue of sending mass-communications for businesses with staff out in the field and on the move, and it can all seem overwhelming.

    Plan, do, check & act…

    Instead of worrying about the multitude of emergency events that could occur, take a practical look at your current processes. You’ll get a good idea of where you’re at by following these four steps: Plan, Do, Check & Act.

    As an organisation, our client, Master Plumbers has taken this advice seriously and has begun a new programme with RiskLogic in 2019. By following the programme, Master Plumbers will develop a comprehensive crisis management plan and training for its newly-formed crisis management team in Wellington.

    A full programme looks to increase their preparedness and capability across three levels of coordinated response:

    • Tactical: First responders, wardens and emergency services—building capability to ensure people and assets are protected.
    • Operational: Reducing the impact to critical business functions during a business interruption.
    • Strategic: Delivering a strategic incident response to protect the Master Plumbers brand and reputation.

    The next phase of the journey looks to put the team through a scenario exercise to validate the crisis plan and team.

    You can look to implement a similar program today by contacting us.

  • No Smoke Without Fire: The Auckland NZICC Crisis

    No Smoke Without Fire: The Auckland NZICC Crisis

    At approximately 1pm on Tuesday the 22nd of October, a fire started in the (still under construction) 700 million-dollar New Zealand International Convention Centre (NZICC).

    Although the investigation into how and why the fire started could take up to another two weeks, it’s been alleged that a junior contract construction worker left a blow torch on while heading outside for a cigarette. This has caused an estimated 250 million-dollar of damage.

    Many media reports have collated and shared a bombardment of inadequate statements, unconfident strategies and blame games by key stakeholders from all parties.

    This event caused a considerable amount of disruption to the Auckland CBD – closing many businesses, stopping public transport and closing shops & cafes in the surrounding streets for up to three days.

    Insurance companies are hindering the investigation and causing extra disruption while many are now in the process of reviewing premiums and terms of those connected to the convention centre. The outlook is bleak for these however as in some premiums, the terms rarely state coverage for another businesses fault.

    So, the question we must ask ourselves when an incident like this occurs is one; do we have Emergency Management procedures in place to mitigate this? Do we have Standard Operating Procedures (SOPs) to protect our people and our places, our building, facilitates and our assets against predictable events?

    Are our plans up to date and have they been tested and validated? Are they in line with current Fire & Emergency regulation as well? The FENZ Scheme & Procedures are a new regulation from 2018 which will likely be more prominent to leaderships teams after the investigation is concluded.

    This scheme is designed to have audited processes in place to help people in scenarios exactly like this. It would appear that this didn’t happen in the case of the NZICC.

    RiskLogic follows these regulations very closely, maybe even more so since the merger with First 5 Group (who are leading experts in the Emergency Management space across Australia & New Zealand). We’ve seen an alarming number of organisations not keep up to speed with regulations like this and not testing their plans.

    Secondly; do we have good crisis management training in place which will help our people to effectively respond to these incidents? If we look at case studies from the Convention Centre fire, many employees have disclosed that managers “told them to carry on working” as smoke began to creep its way into their office.

    This tells us that perhaps the smaller, less mature businesses have not looked at crisis training whatsoever.

    Whatever the case, we need to be trained and drilled, we need to have thought about how we respond as an organisation and look at the environment our organisation (and people) are in. What makes your business exempt to training and validating plans? Just because you’re not SpaceX or Military, you should be doing this.

    Thirdly; do we have business continuity plans in place (BCPs)? These are plans that enable us to recover critical functions quickly and simply without having to think about it during an event. These are the backbones to your business’s true resilience. A good BCP is simple, to the point and easy to find. Remember that last point. Your staff must not only know what’s in the BCP, they have to know where is kept (electronically or physically but preferably both). If you or your staff don’t know where the Business Continuity Plans are, it’s useless.

    So, these are the questions we need to be asking ourselves. We know that New Zealand businesses have been slow to pick up on this planning, but it’s this planning that will help you respond and recover most effectively.

    In the case of the Auckland International Convention Centre fire, the planning that was in place was likely focused on the direct facility. People effectively evacuated and thankfully no one was seriously hurt. But what if you’re one of the businesses over the road? What if you’re impacted by someone or something else’s mistake – then what?

    This crisis is more common than you think. 100+ organisations next to the convention centre would vouch for that.

    Contact Us today to learn more