Interview Software Report Book reviews CEO of Sedgwick International Your guide to business Mark Evans reviews UK, Stewart Steel continuity software the latest titles

cirmagazine.com September-October 2019

Are we there yet? Contingency planning for a hard Brexit is nally taking centre stage across both government and industry

California bound Companies are being urged to prepare for another set of wide-ranging new rules emerging from the US

Powering down A powercut saw businesses, public services and homes plunged into darkness in the UK during August

Peak problems What Hong Kong’s troubles mean for business

View: “Global politics, societal opinion and technological innovation have a major impact on business models”

cover_3.indd 3 11/09/2019 15:06:15 FREE TO ENTER

COMMERCIAL LINES CATEGORIES OPEN CATEGORIES 1. Commercial Lines Insurer of the Year 15. Claims Initiative of the Year 2. Commercial Lines Broker of the Year 16. Schemes Broker of the Year 3. Commercial Lines Broker Claims Team of the Year 17. Lloyd’s and the London Market Award 4. Commercial Lines Insurer Claims Team of the Year 18. Cyber Product of the Year 5. Commercial Lines Specialist Broker of the Year 19. InsurTech Award 20. Communications Team of the Year PERSONAL LINES CATEGORIES 21. Innovative Product Award 6. Personal Lines Broker of the Year 22. Initiative of the Year 7. Personal Lines Insurer of the Year 23. ESG Award 8. Personal Lines Specialist Broker of the Year 24. Specialist Coverage Award 9. Personal Lines Broker Claims Team of the Year 25. Growth Company of the Year 10. High Net Worth Insurer of the Year 26. Commercial Insurance Recruiter of the Year 11. Motor Insurance Award 27. Insurance Law Firm of the Year 12. Home Insurance Award 28. Digital Insurance Award 13. Health Insurance Award 29. Inclusion and Diversity Award 14. Pet Insurance Award 30. Loss Adjuster Award Deadline: 15 November 2019

www.nationalinsuranceawards.co.uk

5 March 2020, The Waldorf Hilton, London

NationalInsuranceAwards.indd 1 09/09/2019 11:07:44 Comment News & analysis

Comment

esearch published Latin America was identified as the only this month region to have seen an improvement in suggests that it is economic resilience, although at a low level more important due to localised structural challenges. The than ever to assess region’s capital markets are not sufficiently resilience in a developed, labour markets show low world economy productivity and a significant part of the that is less resilient population remains vulnerable to falling now than it was back into poverty. at the onset of the global financial crisis Beyond the benefits at the micro level, in 2007. Switzerland, Canada and the US risk transfer to insurance markets can boost enjoy the greatest economic resilience (as macroeconomic resilience by facilitating Rthey have consistently for the past decade) stronger recovery after a shock event, according to the study, penned by the according to Swiss Re’s analysis. Economies London School of Economics and the Swiss with higher levels of insurance penetration Re Institute; whereas resilience in the euro also tend to exhibit less volatile growth. area has seen the most dramatic decreases Happily, insurance resilience (or since 2007. protection needed against that which is According to the data, this reflects available) for the three core risk areas fragile fiscal positions in some countries, of natural catastrophe, mortality and exhaustion of monetary policy options, healthcare spending, has improved in most a still challenging environment for the regions since 2000, but, it says, there is still banking system, labour market inefficiencies major scope for improvement. and relatively underdeveloped financial In the US and Canada, almost two- markets. And while peripheral countries thirds of protection needs are currently in the euro area are much less resilient than covered by existing resources including the core economies, even the recovery of insurance; in Latin America, insurance resilience levels in Germany and France resilience improved slowly since 2000; and since post-crisis lows has been non-linear in Asia-Pacific, the picture improved in both and slow. the advanced and emerging economies of The report’s authors point to a the region. “trillion-dollar opportunity” for the In Europe, meanwhile, the aggregate insurance industry in closing a record-high insurance protection gap amounted to protection gap. £278 billion in 2018 – more than double “The insurance industry has largely kept the 2000 value, with emerging countries in pace with growing loss potentials and can the region accounting for over half of the do more to improve resilience. Emerging gap. Relatively speaking, though, composite markets, in particular, benefit more strongly insurance resilience has improved in from insurance protection than mature both advanced and emerging European economies, which often have greater access economies since 2000. to alternative sources of funding,” says group chief economist at Swiss Re, Jerome Jean Haegeli. “Considering the 35% probability of recession in the US next year and the global ramifications thereof, it is more important than ever to assess the underlying resilience of our economies and Deborah Ritchie, Editor look beyond the traditional GDP measures.”

cirmagazine.com September-October 2019 03

CIR-EditorialComment.indd 1 12/09/2019 17:07:57 SAVE THE DATE

4 June 2020 London Marriott Hotel Grosvenor Square

Sponsored by In association with

cirmagazine.com/businesscontinuityawards cirmagazine.com/businesscontinuityawards

BC-Awards-2020_filler_.indd 5 12/09/2019 15:24:18 contents.indd 1 Are we there yet? Peak problems at latest the plans across government both and industry. Ant looks Gould planning for ahard Brexit centretaking is finally stage chess moves and matches contingency of tiddlywinks, As domestic Brexit negotiations sway intricate between reports impact could have implications. global Martin Allen-Smith Hong Kong’s future is hard to predict, but business the recently found itself at centre the of uncharacteristic unrest. One of world’s the most significant commercial hubs has data and... Brexit planning management company’s journey, digital claims cyber spoke to CIR’s Ritchie Deborah about claims the InternationalCEO of Sedgwick UK,Stewart Steel to be used as aprofessional used to be information source. We accept no liability for decisions of any nature, including financial,that are made as a result of information we supply. CIR Magazine and its content and inall any are media of part Perspective Publishing Limited. Perspective All Publishing Limited’s content for is designed professionals and BREXIT COVER STORY: HONGKONG UNREST Q&A:Stewart Steel Cover story Hong Kongunrest What it does mean for business? 18 14 12 now subject to amajor government investigation. impact on and businesses, homes, public and services is incredibly rare event, but one had which an immediate August saw what National the as an Grid described McGrath investigates emergingrules from USstate the of Joe California. urged to prepare for another of set wide-ranging new organisations around world, the companies are being As data continues privacy amajor to be issue for Powering down California bound POWER CONTINUITY DATA PRIVACY Circulations Member Audit Bureauof 14 12/09/2019 12:45:33

27 22 Photo by: Shutterstock.com by: Photo News & analysis

News briefing A round-up of the latest industry news

Business confidence continued to suffer in Hong Kong as ongoing civil unrest shows no sign of abating. Companies are beginning to realise the challenge of managing continued uncertainties as the former British colony’s government struggles with its biggest News in brief political crisis since the return to Chinese rule in 1997. More on this in our cover story on p14.

Only a third of businesses have complete confidence in their disaster recovery capabilities, according to The Association of British Insurers expressed insight from Databarracks. Just 35% of respondents concern over the low take-up of cyber insurance in the UK. Just 11% of businesses are thought to to the company’s annual Data Health Check survey have a specific cyber insurance policy in place, have full confidence in their plans, while just 49% have meaning millions of small businesses could be complete confidence in their current back-up solution. at risk, the ABI warned. The market is estimated to be less than a tenth of the size of the UK’s pet Analysts from Willis Towers Watson said UK motor insurance market, it said. claims payout inflation surged by 8.6% in 2018, taking the average cost per claim to £4,791. The sharpest rise was seen in Wales and the North East at 22.4% Marsh’s Global Insurance Market Index reported between 2016 and 2018. The region with the highest that global commercial insurance pricing increased 6% average cost per claim (at £5,403) in 2018 was for the during the second quarter of this year, in the seventh second year running the North West of England. consecutive quarter of increases. This increase also Editorial & features represents the largest since the index was launched in 2012. Chancellor Sajid Javid announced he would be doubling this year’s Brexit funding with an extra £2.1bn for no-deal preparations. This consisted of an The threats from extreme right and left-wing immediate cash boost of £1.1bn to prepare “critical terrorism will now be reflected in the government’s areas” ahead of the UK’s October exit from the EU, official terrorism threat level. The changes, which plus a further £1bn available to enhance operational follow a Joint Terrorism Analysis Centre review into preparedness this year “if needed”. News, views & regulars the country’s approach to counter-terrorism after the 2017 attacks, mean the system reflects the threat posed by all forms of terrorism, irrespective of ideology. Separately, the government announced an extra Analysis 7 £9m will be made available to help ready major ports and surrounding areas for Brexit. Local government secretary, Robert Jenrick said £5m will be given to Book reviews 9 local councils which either have or are near to a major air, land or sea port and £4m will be provided to local News in brief 10 resilience forums. Editor Deborah Ritchie Industry views: Airmic & the Chartered IIA 48 [email protected] And, up to ten freeports are to be created after the Feature UK leaves the EU on 31st October, status for which Tel: +44 (0)20 7562 2412 ports and airports across the country will soon be able Industry views: CII & IRM 49 Associate publisher to bid. International Trade Secretary Liz Truss MP Steve Turner pointed out that these manufacturing and services Executive summary 50 [email protected] trade hubs could be free of unnecessary checks and Tel: +44 (0)20 7562 2434 paperwork, and will offer customs and tax benefits. Market Guide: Industry products & services 51 Design & production manager 10 Global insurance industry M&A rose in the first Matt Mills September-October 2019 half of 2019 with 222 deals completed worldwide, up Civil unrest [email protected] NIBs.indd 1 from 196 in the second half of 2018, according to a Tel: +44 (0)20 7562 2406 mid-year report from Clyde & Co. This marks the most significant increase in transaction volumes since BUSINESS CONTINUITY 31 Publishing director H1 2015 and the fourth consecutive six-month period Mark Evans Stuart Bailey, chairman of of growth. SOFTWARE REPORT 2019-20 Tel: +44 (0)20 7562 2418 the Hong Kong Exhibition and Convention Industry Association, Managing director believes it is “business is as usual” for John Woods those attending trade exhibitions and Market analysis 32 conferences in Hong Kong however. Tel: +44 (0)20 7562 2421 He said: “At this time we are seeing Business continuity soft ware now that major exhibition and conferences Contributing writers in Hong Kong are running without encompasses basic planning tools for the Martin Allen-Smith incident or interruption. Exhibition smallest company, to fl exible, multi-faceted Patricia Cullen and conference events were not Ant Gould targeted for disruption. Hong Kong is Expert view: Is Hong Kong safe to visit as protests escalate? platforms able to manage complex risk and Joe McGrath definitely still open for business and cirmagazine.com safe to [visit].” resilience functions for multinationals. Dave What makes developments in As protests enter their fifteenth week in Hong Kong, following what has been the most Accounts . Hong Kong so important on the violent and chaotic weekend yet, Traveller Assist Group’s Craig Wright,Adams says the city takes is a look at the market Marilou Tait safe for travellers – as long as they avoid the protests, remain vigilant and follow local global stage is that this is about far news and incident alerts. Tel: +44 (0)20 7562 2432 more than ‘a little local difficulty’10/09/2019 that 10:57:52 will soon pass. There are very real Protesters are increasingly targeting the disruption of public transport,Products including the and features 34 Subscriptions concerns that the events of recent Mass Transit Rapid (MTR) network and Hong Kong International Airport (HKG). On August Tel: +44 (0)1635 588 861 months willNews irrevocably & analysis damage the 12th and 13th, hundreds of departing flights were cancelled and arriving flights diverted due to HKG halting all operations for safety reasons. Your guide to business continuity soft ware [email protected] island’s reputation as a stable place to On 15th August, Traveller Assist, at the request of an insurance underwriter, do business, with the risk that it could successfully evacuated 159 foreign students and expats from products,Hong Kong via a chartered including a market directory lose out in a big way to other financial flight, followed by assisting a further 23 people to leave the country via commercial flights £189 pa in the UK hubs such as Singapore, when over the following days. Two weeks later, protesters succeeded in shutting down transport £199 pa in the EU large organisations are making key links to and from the city’s international airport, which has already caused scores of £209 pa elsewhere Human rights issues in Chinapassengers escalate to miss flights, supplyand some airlines chain to delay flights. risks This is extremely disruptive investment decisions over the coming for business and pleasure travellers. Freshyears. analysis It has already highlights seen itsmajor position concerns surroundingDue to unpredictable human rights routes abuses that protesters in China, are casting taking, causeddoubt inon part the by government Cheques must be made payable to resilienceon the of Safe supply Cities chains Index for – abrands biennial sourcing fromroadblocks Xinjiang ESG and and protesters China wantingas a whole. to avoid Ryan prolonged Aherin confrontation reports with police and Feature Supply chain risk Perspective Publishing Limited and ranking compiled by the Economist counter-protesters, it is difficult to predict the next protest location and because of this, it Intelligence Unit based on factors is increasingly likely that foreign nationals could be caught up in protests and surrounded addressed to the Circulation Dept. s more reports emerge about ongoing human by crowds. rightssuch asabuses health in care,China’s dedicated Xinjiang cyberregion against the Travellers to Hong Kong should remain flexible and be prepared for delays, and avoid indigenoussecurity teams, Uyghur disaster population, continuity the likelihood of wearing black t-shirts, which have been worn by the protesters and white t-shirts, which the use of forcedmoreplanning andcompanies child and labour being community-based in swept Xinjiang into controversyincreases. over thehave perceived been worn ‘fat by cats’, the but counter-protesters. that a “Whilst there may not exist good, and most trade bodies have A One of the biggest risks is inhaling tear-gas if you happen to be nearby or down-wind of The supply chainspolice of patrolling apparel brands – fall haveto 20th already from been regulator would take the chance expressly ‘good’ practices, their own relevant guidelines. linked to labour rights9th twoabuses, years but ago. there is evidence to suggest to makeaother violent a abuses public protest, incomment theand region.there of is also an increased risk of damage to eyes from lasers which This helps, but even here there The butterfly effect are being directed at surveillance camerasthere to hide are the clear faces of ideas protesters. of what The sporadic clashes on the streets these violations could move beyond the sector and even what onlyFollowingTravellers a few years theshould emergence ago also would avoid of taking reports photos about or thefilming use ofthe protests as journalists andare issues. Words such as ‘diversity’ China’s borders, as raw materials produced in Xinjiang are haveforced been labour a matter in the only camps, for the the Chineseis government not good” has used can actually be very vague. Should of Hong Kong – which in any case are innocent bystanders have also been targeted. In addition, due to strict social media being used in manufacturing in other countries. companiesstate-run media concerned. to try and put a more positive spin on the the workforce represent the local generally limited to small areas of the laws in Hong Kong, travellers should avoid posting any images or comments about the facilities.Ofwat We actually researched went further reports in Chineseperformance language media on, say, reducing the or national community? Is this by Ethnic tensions have simmeredcity – may in wellXinjiang cease for in decades, the weeks or protests, or any political issues. but bloody riots in 2009 marked the beginning of a new thatand containedissued a set statements of rules to frommake government company officials carbon about footprint, can lead to gender, or race? (And that alone months to come, but for the long- the types of ‘vocational training’ detainees are receiving in chapter of escalating violence that, in turn, triggered a heavy- companiesCraig explain Wright how is director their of special risksadverse at Traveller public reaction Assist. He and has a helddecline several roleshas a potentially controversial set of the camps. These state that many of the re-education camps CIR Magazine is published by: handed security crackdown. Sinceterm, then, political Beijing commentators has instigated wonder executive includingpay is linked special to performancerisks underwriter in where reputation he was that responsible causes a forloss K&R, of extortion,definitions). Background? Education? a series of increasingly draconianif measuresChina’s light-touch in the far-western to the territoryprovide – outlined training hijackingin Ofwat’s in apparel and 2019 piracy. and price footwear He has also manufacturing, clients,operated creating on high food arisk toxic security environment teams with theClass? BBC and Disability? Even the Equality processing and electronics manufacturing. It is likely that if 17 ‘autonomous’ region. These include:might separating also have children been shifted by review (PR19)CNN methodology. in the Middle East and Africa,at theand AGM,worked where for the the United major Nations at the Internationaland Human Rights Commission Perspective Publishing from their families to indoctrinate themevents, into changing Han Chinese life in the citycomponents both At the for time, theseCourt Ofwat sectorsof Justice chief are in executive, beingThe Hague. made Wright shareholdersby detainees, started revolt,histhe career creating as an aofficer worse in the recentlyBritish Army pondered over whether such government will dowhere its best he servedto make on themglobal untraceable counter-terrorism to other and counter-narcotics operations. culture and the mass detention of youngfor individualadults in custom residents and for theRachel Fletcher said: “Through the public image, that means recruiting September-October‘boxes’ might be counterproductive 2019 6th Floor built internment camps over government fears they may be supply chains. businesses that ply their trade there.measures we’ve announced today, becomes harder. – a point since echoed by Cranfield10/09/2019 10:44:02 susceptible to extremist activities. we are strengthening the incentive As an example, earlier this University. 3 London Wall Buildings Martin Allen-Smith is a freelanceRisks beyond borders Beijing claims that the forced labour engaged at these on companies to improve their year the Department for Digital, More operationally, where does The abuses against Uyghur communities in Xinjiang go London Wall facilities is vocational training meant to helpjournalist students integrate performance for customers and Culture, Media & Sport issued a the responsibility end? In what your beyond the use of forced labour in re-education centres. The into Chinese society and improve their economic well-being. cutting the rewards that come from proclamation that businesses seeking organisation does? What your supply production of key raw materials from the region, many of London, EC2M 5PD However, the government line on this won’t help the reputation financial engineering.” to secure government contracts chain does? (Remember Apple and which play an important role in all manufacturing in China, of brands that are found to be associated with widespread Then, of course, there are the would need to show that they can Foxconn?) Or, does it go even further? UK is also linked to abuses such as forced and Child labour. violations of the rights of hundreds of thousands of Uyghurs. employees. The need to acquire also ‘improve society’, such as Very recently this became a matter of Estimates suggest that over a million people have been The greatestand retainraw material people riskis fundamental, is linked to the productionhelping address modern slavery debate as the two oil majors, BP and of cotton. China is the world’s largest producer of cotton and detained, though it is difficult to determine accurate numbers particularly in this period of high or climate change. Shell, took two diverging philosophies Tel: +44 (0)20 7562 2400 because of reporting restrictions in the region. There iscirmagazine.com according to China’s National Bureau of Statistics 74.4 per cent of its cottonemployment is produced and in aXinjiang. new generation According to our Launched at the Social Value to the issue. Shell pledges to consider evidence that can help gauge the scale of mass detentions. The which feels acutely the pressure on Summit, David Lidington MP said: what its clients were doing with its Australian Strategic Policy Institute has created a database commodity risk assessment, Chinese cotton has been directly linked to child andthe forced environment labour, andas women will arguably and children “Everyhave year, the government spends products, including responsibility of known detention facilities in the region and tracked the feel the effects of climate change £49 billion with external organisations for the carbon footprint of the fossil build-up of existing and new facilities since 2016. A substantialHongKong.indd 4 had to work in the cotton harvest to make up for the lost wages most. Growing up in the expectation and it is morally right that we make fuels used: BP takes the view that once increase of known and suspected detention facilities in of detained men. ISSN 1479-862X of a fairer society; being an attractive sure none of that money goes to any the product is ‘out of the door’ it is Kashgar, Hotan and Urumqi have been identified between Due to the prevalenceemployer of Chineseis a business cotton necessity. in the global organisations who profit from the evil out of its control and it is pointless to cirmagazine.com January 2016 and September 2018. apparel industry – China is a major exporter of cotton-based textiles to other garmentRandstad, producers the in humanthe region resource such as practices of modern slavery. Similarly, attempt to regulate use. consulting firm, reported in 2016 it is right that we demand that the Whether Shell is brave or BP too Apparel, electronic and food supply chains Bangladesh, Cambodia and Vietnam – links to abuses in the important role of ESG, with organisations we work with meet the dated in its view only time will tell. Given the lack of solid information emerging from the region, Xinjiang are likely to spread well beyond China’s borders. 84 per cent of respondents to a high standards we need to protect our Failure to consider ESG, not just standard due diligence practices are unlikely to be effective in Other materials to look out for include cashmere wool, survey it conducted saying they environment and employ workforces as it is currently understood but as preventing links to violations in the manufacturing of goods which is often imported into the region from Mongolia to be would leave their current job to which represent our diverse society, a changing and developing process, in Xinjiang. So far, brands in the apparel and food processing processed in factories. work for a company with a better including people with disabilities and is tempting the fates, and the fates sectors have been linked directly to factories using forced As China expands its Belt and Road initiative, Xinjiang corporate reputation. those from ethnic minorities.” of risk management are fickle gods. labour at the re-education facilities.contents.indd However, there is evidence2 will be a major springboard for Chinese economic activity 12/09/2019 12:45:43 that suggests that all manufacturing supply chains linked to into Central Asia. The region’sAs importance an aside, it is was one interesting of the that On top of that, there might not be a China are at risk of having association with forced labour and driving factors behind Beijing’sin this tightening international grip oversurvey Uyghur the UK Blurred lines lot of a business left if the underlying communities. Therefore, abusescountry-specific faced by local research communities identified are a An already difficult issue is ideas are not incorporated in to the also likely to escalate. stark mismatch between what workers exacerbated because there are no business model. As Unilever under want and what UK employers are current universally agreed standards Paul Polman demonstrated, the idea 08 Ryan Aherin is a senior commoditiesperceived analyst to atoffer global the risk workforce. for ESG – one of the central points that there is business and a world as September-October 2019 analysis company Verisk Maplecroft made by AMNT, which even thinks two separate things is not just denying analysis.indd 1 Pick and mix this ambiguity might sometimes be reality, it is bad business, and a good The complexity of these issues deliberate. Whilst there may not exist business is an ESG business. is compounded by the way they expressly ‘good’ practices, there are at Mark Evans is editor of bettersociety.net intersect and overlap. Perceived bad least some clear ideas of what is not

cirmagazine.comcirmagazine.com July-August 2019 23

ESG_.indd 2 16/07/2019 09:58:37 11/09/2019 17:40:50 2019 CIR Software Report - Full Page Ad - Avalution Consulting copy.pdf 1 9/4/2019 3:41:21 PM

FOCUSED, ACTIONABLE C BUSINESS CONTINUITY SOFTWARE M Y INFUSED WITH AVALUTION’S EXPERTISE. CM

MY

CY Catalyst provides comprehensive, yet easy to use, business continuity and IT disaster recovery

CMY planning functionality to prepare organisations for disruptive incidents. With Catalyst, business continuity planning is simple, scalable, and actionable – for the programme manager AND end user. K

avalution.com/catalyst

NEW FEATURE: SURVEYING + VENDOR RISK

Engage with both internal and external stakeholders using custom surveys to collect critical programme data, including vendor risks, plan input, exercise feedback, and more.

Ask our team about Catalyst Surveying + Vendor Risk. News & analysis Supply chain risk

Human rights issues in China escalate supply chain risks Fresh analysis highlights major concerns surrounding human rights abuses in China, casting doubt on the resilience of supply chains for brands sourcing from Xinjiang and China as a whole. Ryan Aherin reports

s more reports emerge about ongoing human other abuses in the region. rights abuses in China’s Xinjiang region against the Following the emergence of reports about the use of indigenous Uyghur population, the likelihood of forced labour in the camps, the Chinese government has used more companies being swept into controversy over state-run media to try and put a more positive spin on the Athe use of forced and child labour in Xinjiang increases. facilities. We researched reports in Chinese language media The supply chains of apparel brands have already been that contained statements from government officials about linked to labour rights abuses, but there is evidence to suggest the types of ‘vocational training’ detainees are receiving in these violations could move beyond the sector and even the camps. These state that many of the re-education camps China’s borders, as raw materials produced in Xinjiang are provide training in apparel and footwear manufacturing, food being used in manufacturing in other countries. processing and electronics manufacturing. It is likely that if Ethnic tensions have simmered in Xinjiang for decades, components for these sectors are being made by detainees, the but bloody riots in 2009 marked the beginning of a new government will do its best to make them untraceable to other chapter of escalating violence that, in turn, triggered a heavy- supply chains. handed security crackdown. Since then, Beijing has instigated a series of increasingly draconian measures in the far-western Risks beyond borders ‘autonomous’ region. These include: separating children The abuses against Uyghur communities in Xinjiang go from their families to indoctrinate them into Han Chinese beyond the use of forced labour in re-education centres. The culture and the mass detention of young adults in custom production of key raw materials from the region, many of built internment camps over government fears they may be which play an important role in all manufacturing in China, susceptible to extremist activities. is also linked to abuses such as forced and Child labour. Beijing claims that the forced labour engaged at these The greatest raw material risk is linked to the production facilities is vocational training meant to help students integrate of cotton. China is the world’s largest producer of cotton and into Chinese society and improve their economic well-being. according to China’s National Bureau of Statistics 74.4 per However, the government line on this won’t help the reputation cent of its cotton is produced in Xinjiang. According to our of brands that are found to be associated with widespread commodity risk assessment, Chinese cotton has been directly violations of the rights of hundreds of thousands of Uyghurs. linked to child and forced labour, as women and children have Estimates suggest that over a million people have been had to work in the cotton harvest to make up for the lost wages detained, though it is difficult to determine accurate numbers of detained men. because of reporting restrictions in the region. There is Due to the prevalence of Chinese cotton in the global evidence that can help gauge the scale of mass detentions. The apparel industry – China is a major exporter of cotton-based Australian Strategic Policy Institute has created a database textiles to other garment producers in the region such as of known detention facilities in the region and tracked the Bangladesh, Cambodia and Vietnam – links to abuses in build-up of existing and new facilities since 2016. A substantial Xinjiang are likely to spread well beyond China’s borders. increase of known and suspected detention facilities in Other materials to look out for include cashmere wool, Kashgar, Hotan and Urumqi have been identified between which is often imported into the region from Mongolia to be January 2016 and September 2018. processed in factories. As China expands its Belt and Road initiative, Xinjiang Apparel, electronic and food supply chains will be a major springboard for Chinese economic activity Given the lack of solid information emerging from the region, into Central Asia. The region’s importance is one of the standard due diligence practices are unlikely to be effective in driving factors behind Beijing’s tightening grip over Uyghur preventing links to violations in the manufacturing of goods communities. Therefore, abuses faced by local communities are in Xinjiang. So far, brands in the apparel and food processing also likely to escalate. sectors have been linked directly to factories using forced labour at the re-education facilities. However, there is evidence Ryan Aherin is a senior commodities analyst at global risk analysis company Verisk Maplecroft that suggests that all manufacturing supply chains linked to China are at risk of having association with forced labour and

08 September-October 2019 cirmagazine.com

analysis.indd 1 11/09/2019 17:40:50 Book review News & analysis

Inspiration for resilience professionals

The Fearless Organisation Amy C. Edmondson, Wiley 2019. Reviewed by Mark Evans, publishing director, CIR wiley.com n the ‘ideas economy’ standardisation However, to have the academic frameworks to backfill the Igives way to ingenuity. Ideas (and doubts) concepts is reassuring and helps dissect the ways in which this are the drivers of almost all modern can be achieved, with many examples bringing to life how it can endeavours and risk mitigation, but the work in practice. The Columbia Space Shuttle, VW and Wells patterns of the past and weak management Fargo are covered and, I think a little unfairly as this wasn’t an can lead directly to cultures where fear oppressive regime but rather a decision not to gamble: Nokia. prevents ideas and fears being shared. Conversely, the methods Pixar uses to review and maintain To create psychological safety for individuals and quality are revealing and positive templates, and the calm collaborative teams, leaders must create new organisations that actions of Captain Sully demonstrate an abject lesson in trusted recognise these barriers. communication. Edmondson spent two decades researching such areas, The final chapters actually give you the ‘how’, and if short of and sees the clear benefit in creating organisations in which time these last two chapters are probably the ones to read first. mistakes can be made – and critically reported. This does not Here each element of creating such a fearless organisation is mean that such spaces are automatically ‘nice’; comfortable and broken down. secure are not quite the same thing. The author even includes a sort of ‘observers’ guide’ to spot What this book offers is a well written, researched and strategies that avoid creation of an open environment. Finally, illustrated guide to how creating a fearless organisation can help all the potential objections to not creating this organisation are drive better decisions, whether within business, medicine or dealt with, as is the tricky difference between being candid and indeed any area of the modern world. lacking discipline. What it probably doesn’t do is create anything as insightful All in all, a concise and engaging guide as to how as Edmondson thinks. The buff and rather dry John Harvey- organisations can be made open and more productive. Whether Jones already knew this many years ago, with one quote all organisations can, or want to, change is a different question encapsulating his view: “In order to solve problems, information – and an assumption that managers and CEOs always desire the has to be shared; and not only information, but doubts, fears best for the organisation has never been quite in so much doubt and questions”. Or, to put it another way: “People who don’t than under the current wave of harassment claims and lack of make mistakes are no bloody good to you at all”. respect of alternative social views.

Robertson’s Insurance Principles for Leasehold Flats Paul Robertson, 2019. Reviewed by Mark Evans, publishing director, CIR 1stsureflats.com mong the least thrilling book titles ever with digressions into the history of insurance that serve not Aimagined, this has to be a contender. only to give a historical colour to the text but also underpin the But then again it isn’t there to compete with foundations of insurance. Snippets of information grant a more Ian Fleming; it is there to do a job, and a holistic view of insurance – the way in which value, risk and job it does – in detail and with insight and past legal cases create the interrelated covers and duties is one authority. It is thorough, laying out the such example. explanations in simple, understandable English (rather than the Robertson’s useful guide also includes some great sections esoteric legalese that dominates so much of modern life and of on the myths that exist in property, examples in calculating which insurance policies are consistently accused) and provides value, a glossary and a case law reference section. the legal frameworks from which all property-related insurances In the end, the book is really about one thing and leaves hang. In some ways it is a good introduction to insurance in little unsaid on that topic. If your business has need of general, and certainly would serve as a textbook. information on insurance for leasehold flats, this is likely to be The dense law and insurance concepts are interspersed the only book you will ever need.

cirmagazine.com September-October 2019 09

BookReviews_.indd 2 11/09/2019 15:07:38 News & analysis News in brief

News briefing A round-up of the latest industry news

Business confidence continued to suffer in Hong Only a third of businesses have complete confidence Kong as ongoing civil unrest shows no sign of abating. in their disaster recovery capabilities, according to Companies are beginning to realise the challenge insight from Databarracks. Just 35% of respondents of managing continued uncertainties as the former to the company’s annual Data Health Check survey British colony’s government struggles with its biggest have full confidence in their plans, while just 49% have political crisis since the return to Chinese rule in 1997. complete confidence in their current back-up solution. More on this in our cover story on p14. Analysts from Willis Towers Watson said UK motor claims payout inflation surged by 8.6% in 2018, taking the average cost per claim to £4,791. The sharpest The Association of British Insurers expressed rise was seen in Wales and the North East at 22.4% concern over the low take-up of cyber insurance between 2016 and 2018. The region with the highest in the UK. Just 11% of businesses are thought to average cost per claim (at £5,403) in 2018 was for the have a specific cyber insurance policy in place, meaning millions of small businesses could be second year running the North West of England. at risk, the ABI warned. The market is estimated to be less than a tenth of the size of the UK’s pet Chancellor Sajid Javid announced he would be insurance market, it said. doubling this year’s Brexit funding with an extra £2.1bn for no-deal preparations. This consisted of an immediate cash boost of £1.1bn to prepare “critical Marsh’s Global Insurance Market Index reported areas” ahead of the UK’s October exit from the EU, that global commercial insurance pricing increased 6% plus a further £1bn available to enhance operational during the second quarter of this year, in the seventh preparedness this year “if needed”. consecutive quarter of increases. This increase also represents the largest since the index was launched Separately, the government announced an extra in 2012. £9m will be made available to help ready major ports and surrounding areas for Brexit. Local government The threats from extreme right and left-wing secretary, Robert Jenrick said £5m will be given to terrorism will now be reflected in the government’s local councils which either have or are near to a major official terrorism threat level. The changes, which air, land or sea port and £4m will be provided to local follow a Joint Terrorism Analysis Centre review into resilience forums. the country’s approach to counter-terrorism after the 2017 attacks, mean the system reflects the threat posed And, up to ten freeports are to be created after the by all forms of terrorism, irrespective of ideology. UK leaves the EU on 31st October, status for which ports and airports across the country will soon be able to bid. International Trade Secretary Liz Truss MP pointed out that these manufacturing and services trade hubs could be free of unnecessary checks and paperwork, and will offer customs and tax benefits.

Global insurance industry M&A rose in the first half of 2019 with 222 deals completed worldwide, up from 196 in the second half of 2018, according to a mid-year report from Clyde & Co. This marks the most significant increase in transaction volumes since H1 2015 and the fourth consecutive six-month period of growth.

10 September-October 2019 cirmagazine.com

NIBs.indd 1 10/09/2019 10:57:52 News in brief News & analysis

For the full story behind all these headlines, visit cirmagazine.com

The global biometrics market could grow to £9.1bn by 2023, according to research conducted by Frost & Sullivan. It predicts that changing consumer demands and the emergence of the of Things will be the key drivers behind an annual growth rate of 19.3%.

Firefighters were called to manufacturer Whirlpool’s Peterborough site, where 52 trailer units containing washing machines and fridge parts had caught fire near the appliance manufacturer’s headquarters.

The National Counter Terrorism Security Office is inviting businesses to engage in a free training initiative designed to help maximise Following Germany’s lead, the UK became the safety and security using existing resources. It is second country in Europe to enable Google Flood hoped that the See, Check and Notify (SCaN) Alerts. Environment Agency-issued warnings will programme will empower employees to know now appear on a Google Search and in the Google what suspicious activity to look for and what to Public Alerts map within seconds. The roll-out follows do when they encounter it. Interested parties are a two-year collaboration between The Environment invited to contact their local Counter Terrorism Agency and Google. The system is in use in the US, Security Adviser. South America and parts of Asia, where it issues alerts relating to such environmental emergencies as earthquakes, wildfires and extreme temperatures. A US consumer protection group urged victims of Equifax’s 2017 data breach to consider the free credit monitoring offered as part of the settlement because of Law firm RPC released figures suggesting an overwhelming interest in the cash alternative. whistleblowers reported 175% more data breaches to the ICO in the year since the The government announced an inquiry into the introduction of the GDPR, the arrival of which large-scale electricity failure that affected parts of the has made people more vigilant and aware of UK one day in August. Almost one million people the rules around the handling of personal data. were affected by the outage, which occurred after Taken alongside the ICO’s renewed readiness to almost simultaneous problems at two power stations. issue fines, RPC says these figures should bring the issue into sharp focus for businesses.

Gcube warned that, as the offshore wind sector expands globally, prices fall and technology evolves, asset owners and investors are becoming increasingly exposed to technical and supply chain risks, alongside natural catastrophe and extreme weather risks. To address this, the underwriter prescribed more sustainable approaches to risk management, alongside insurance. It says effective programme management will help ensure project delivery and successful long- term operations are not impacted.

cirmagazine.com September-October 2019 11

NIBs.indd 2 10/09/2019 10:57:52 Interview Stewart Steel

Interview CEO of Sedgwick International UK, Stewart Steel spoke to CIR’s Deborah Ritchie about the claims management company’s digital journey, cyber claims data and... Brexit planning

A number of recent acquisitions to take as we have had a couple career become a problem? mark some significant milestones in of deadlines already that we have Added to that is the impact of an your half-century of growth. What had to work towards. We were ageing workforce. There are a number are the most significant highlights? ready to respond anyway. The of dynamics around that issue. People Last year Sedgwick achieved a major challenge for organisations like ours are working longer for a number of investment boost from the private is that – to an extent – it doesn’t reasons. Gold-plated pensions have equity firm The Carlyle Group which matter how prepared we are, if our gone, and we’re also living longer. became the majority shareholder in clients are not. Our approach has There is also a grey area now between a US$6.7billion transaction. We have been to work with clients to see being a full-time employee and being been very successful in that regard, where they are going and what they a part-time consultant. In the long- tending to go to the market are doing. term, if there is a reducing working to refinance. population over time, technology Sedgwick’s international footprint What might a no-deal outcome might fill the gap of what used to has grown through the acquisition mean for claims? be human capital. It may end up of Vericlaim and when we had the A number of protocols are in place being a good news story. opportunity to bring in Cunningham that allow insurers to write for a Lindsey, it was an easy decision certain period after Brexit – whether “The insurance industry has to make. That acquisition grew hard or soft. And their TPA providers always been responsive to our business across another can run off any claims for a certain climate change – whether 65 territories. period of time. Quite a lot of work extreme heat or devastating We have also just completed the has been done to ensure both floods, it has always found acquisition of York Risk Services outcomes are dealt with in terms of Group, which provides claims the necessary processes. ways to respond” administration, managed care, Fundamentally, from a specialised loss adjusting, pool commercial perspective, there will When it comes to the climate administration and loss control be a focus on delivering a service debate, there can’t be too many solutions; and brings an additional and satisfying customers. Doing climate change deniers left out there... 5,000 highly skilled professionals this in the right way will ultimately It’s interesting for the insurance into the fold – growing the Sedgwick enhance brand reputation. industry because it’s always been family to almost 27,000 colleagues responsive to climate change – and enhancing our position as a What other influences and whether extreme heat or devastating global industry leader. developments are having an impact floods – the industry has always This is also great news for the on claims? found ways to respond. Moving industry and for all our stakeholders. Mental health is an interesting area. forward, as the standard perils Both employers and individuals are change, we may need to have different With a new prime minister now waking up more and more to the discussions about the issues. moved into No10 and a fresh issues – not least because we are commitment to exiting the beginning to see a number of high When it comes to cyber insurance European Union by the end of profile individuals talking openly and related claims, the debate has October, what impact does this have about their mental health challenges. always come back round to the on any Brexit-related contingencies It’s a significant issue for employers to challenges of a lack of data. With a at Sedgwick? manage. At what point does working growing pool of cyber claims data This recent news has not changed our long hours because you love your job to draw from, what have we since approach to the actions that we need and you are striving to get on in your learned about insuring cyber risks?

12 September-October 2019 cirmagazine.com

Interview.indd 1 13/09/2019 11:03:34 Stewart Steel Interview

has made that all more possible. We are currently looking at an AI process that can run alongside a more physical tick approach. The ability to help with that from end-to-end is something that a digital process lends itself well to. Some insurance carriers find the digitalisation process quite challenging and are looking to outsource their entire claims departments. The insurers that do that in-house will succeed provided they have the human expertise to understand it. Others may look to outsource the process. We talk a lot about big data and the concept is extremely powerful but the data needs to be analysed and you need to have full confidence that the analysis is correct. There is an opportunity for all insurance players to use that data and help shape better risk management.

CEO of Sedgwick International UK, Stewart Steel Are the new, so-called disruptive That’s a good question. In the early extremely well advanced in the insurtechs a cause for concern for days, I think that some of the cyber US, and a lot of digital tools for the industry, in your view? products out there were products workers’ comp. There are a lot of smaller firms looking for a market rather than a We also use a lot of video out there offering a number of, market looking for a product. There technology and apps so we don’t on the surface, exciting looking was never any data. Now we know a always have to physically attend a services, but with certain limitations. lot more about the physical impact site. This means we can carry out One firm is offering claims of a cyber attack. I’m not sure to twice as many visits in any normal management services in building what extent the industry has grasped day. Tech is not cheap, but in the long repairs. They have a managed fully the issues around financial loss run it should bring costs down. contractor network but they are or reputational risk related to cyber using tech at the front end to make incidents, however. “In the early days, some the process faster. And they’re We are pretty good at writing cyber products out there picking up some claims at the and dealing with claims when were products looking lower level. someone has been hacked. But the The challenge of coming into for a market rather than brand and reputational impacts this marketplace as a pure tech are still less well understood. a market looking for a player is having sufficient claims What we do know is that no-one product. There was never and customer service knowledge is immune to the risks. any data” to make a difference. You may have the very best claims tech but Where is Sedgwick on its digital Many personal lines claims if you don’t have the necessary transformation journey? What processes already use a good number expertise, it is not going to work. innovations are you currently of digital tools to handle various It will be interesting to see if the exploring to improve processes? parts of the claims journey. We larger tech players look to do We are quite advanced on our also have building surveyors and a something in this arena. digital journey. We have our contractor network. Joining those up Interview by Deborah Ritchie WeatherNet offering, which is was a real challenge but technology

cirmagazine.com September-October 2019 13

Interview.indd 2 13/09/2019 11:03:35 Feature Civil unrest

nown for many years as the Pearl of the Orient, Hong Kong is also Asia’s self-proclaimed ‘world Peak problems Kcity’. It has enjoyed star billing within One of the world’s most significant commercial hubs has the region as a top attraction both as a place for organisations to do business, recently found itself at the centre of uncharacteristic unrest. and as a destination for tourists to Hong Kong’s future is hard to predict, but the business impact go shopping. The former British could have global implications. Martin Allen Smith reports colony has continued to thrive since transferring to Chinese rule in 1997, ■ Protests originally started over a government bill, which has since been but this year has seen things take a tabled, that would allow mainland China to extradite suspected criminals volatile turn as an initially peaceful ■ Activists have since expanded their list of demands and grievances and series of pro-democracy protests Hong Kong’s protests have become increasingly unpredictable and violent have developed into a wide range of ■ Companies are beginning to notice the effects: from the street, through to civil unrest incidents, ranging from sales, investment, and even through political commentary of employees vandalism and strike action to street clashes with police and arrests. The impact could be far-reaching; passenger and cargo flights each day, for Hong Kong itself, for China, contributing an estimated five per and for the many multinational cent to Hong Kong’s GDP directly organisations that have significant and indirectly. With protesters operations there. The semi- targeting the site on numerous autonomous Chinese city is facing up occasions since the protests started, to the prospect of its first recession in this has the potential for far-reaching a decade, with all of its usual growth consequences both for businesses sectors under huge stress. Banks are and individuals. issuing profit warnings, while hotels, There is of course a wider restaurants, and other retail businesses backdrop for China in all this, in areas affected by the protests embroiled as it is in something of a have suffered a major reduction in war of words – and tariffs – with US business. Economists estimate that president Donald Trump. Businesses retail sales could fall by anything operating in the region have found from 20 to 30 per cent this year. themselves having to carefully manage Figures from The Hong Kong Retail their political positions too. Airline Management Association suggest that Cathay Pacific had gone on record some of its members located in tourist saying that it “wouldn’t dream” of areas have reported a fall in retail sales muzzling the views of its 27,000 value of at least 50 per cent during Hong Kong staff, but following the August 2019. dismissal of several pro-democracy The nature and duration of the supporters among its workforce under protests have sent ripples across a apparent Chinese pressure, some diverse range of sectors, with aviation, employees suggest that this is exactly transportation and healthcare all what has happened. The issue has revising their expectations for the put the airline in a turbulent position coming months’ trading. Disruption over whether to block its staff from to operations at Hong Kong’s airport taking part in or voice support for the has been particularly impactful. More demonstrations, or potentially risk than 74 million passengers used the losing its China-facing business. In airport last year, and it handles 1,100 mid-August, the carrier’s chairman

14 September-October 2019 cirmagazine.com

HongKong.indd 1 10/09/2019 10:39:42 Civil unrest Feature

John Slosar underlined its support Photos Shutterstock.com by: for free speech, saying: “We employ 27,000 different staff in Hong Kong. We have virtually every opinion on every issue amongst our staff and we certainly wouldn’t dream of telling them what they have to think about something.” However, a move by China’s aviation regulator to bar staff supporting protests from working on flights to the mainland or through Chinese airspace came around the same time as four Cathay staff were dismissed, including two pilots, leading some to suggest the two were linked. The Big Four accounting firms have also moved to distance themselves from alignment with protesters, issuing statements following the publication of advertisements by a group of unnamed individuals claiming to be employees. PwC responded: “The advertisement does not represent the firm’s position. We firmly oppose any action and statements that challenge national sovereignty. The rule of law and the ‘One Country, Two Systems’ principle are the foundations to maintaining stability and harmony in Hong Kong. We condemn all violent and illegal activities, and misleading statements and we urge the society of Hong Kong to work together to address the challenges ahead, and safeguard the stability and prosperity of Hong Kong.”

Problem areas For organisations that find themselves in one of the pockets of disruption, the importance of proper preparation will be brought into sharper focus. Marsh has advised clients that, regardless of the heightened risk threat level, all Hong Kong-located clients should immediately review and update their business contingency plans and crisis response protocols

cirmagazine.com September-October 2019 15

HongKong.indd 2 10/09/2019 10:39:44 Feature Civil unrest

for specific elements that relate can communicate quickly during Kong’s largest banks – including to any protest, demonstration or dangerous situations, and also Citigroup – have closed certain other disturbance. Specifically, it suggests that risk managers review branches during the protests as warns that plans should include their insurance coverage in light of the a precaution. Investment firm security measures to protect staff or potential threat of further unrest. BlackRock postponed a two-day customers from harm or injury. It Limiting exposure to disruption conference due to take place in also recommends that there should has also been top of the agenda for Hong Kong in September, electing be established protocols for engaging many large organisations. Insurer to defer the event until February as with and assisting first responders AXA has around 2,000 employees in a precaution in light of the potential including the police, fire emergency Hong Kong and has told managers to for disruption to travel and other and medical services. allow flexible working conditions for plans for attendees. Large exhibitions The firm says a working employees, including working from across a range of other industries emergency communications system home where practical. are also under threat, with Seafood is also essential, ensuring employees Meanwhile, some of Hong Expo Asia (originally scheduled to take place in September) cancelled due to the potential travel disruption, and organisers of a number of other large exhibitions also reported to be considering cancellation or postponement. The knock-on effect has been felt sharply by the hotel sector, with many – including some of the city’s top hotels such as the Mira Hong Kong and the InterContinental Hong Kong – placing some staff on involuntary leave in response to lower-than average occupancy rates. The government’s own figures suggest visitor numbers were down by half during the period 15th-20th August compared with the previous year.

16 September-October 2019 cirmagazine.com

HongKong.indd 3 10/09/2019 10:39:53 Civil unrest Feature

Stuart Bailey, chairman of the Hong Kong Exhibition and Convention Industry Association, believes it is “business is as usual” for those attending trade exhibitions and conferences in Hong Kong however. He said: “At this time we are seeing that major exhibition and conferences in Hong Kong are running without incident or interruption. Exhibition and conference events were not targeted for disruption. Hong Kong is definitely still open for business and safe to [visit].” What makes developments in Hong Kong so important on the global stage is that this is about far Expert view: Is Hong Kong safe to visit as protests escalate? more than ‘a little local difficulty’ that will soon pass. There are very real As protests enter their fifteenth week in Hong Kong, following what has been the most concerns that the events of recent violent and chaotic weekend yet, Traveller Assist Group’s Craig Wright, says the city is safe for travellers – as long as they avoid the protests, remain vigilant and follow local months will irrevocably damage the news and incident alerts. island’s reputation as a stable place to do business, with the risk that it could Protesters are increasingly targeting the disruption of public transport, including the lose out in a big way to other financial Mass Transit Rapid (MTR) network and Hong Kong International Airport (HKG). On August hubs such as Singapore, when 12th and 13th, hundreds of departing flights were cancelled and arriving flights diverted due to HKG halting all operations for safety reasons. large organisations are making key On 15th August, Traveller Assist, at the request of an insurance underwriter, investment decisions over the coming successfully evacuated 159 foreign students and expats from Hong Kong via a chartered years. It has already seen its position flight, followed by assisting a further 23 people to leave the country via commercial flights on the Safe Cities Index – a biennial over the following days. Two weeks later, protesters succeeded in shutting down transport ranking compiled by the Economist links to and from the city’s international airport, which has already caused scores of passengers to miss flights, and some airlines to delay flights. This is extremely disruptive Intelligence Unit based on factors for business and pleasure travellers. such as health care, dedicated cyber Due to unpredictable routes that protesters are taking, caused in part by government security teams, disaster continuity roadblocks and protesters wanting to avoid prolonged confrontation with police and planning and community-based counter-protesters, it is difficult to predict the next protest location and because of this, it police patrolling – fall to 20th from is increasingly likely that foreign nationals could be caught up in protests and surrounded by crowds. 9th two years ago. Travellers to Hong Kong should remain flexible and be prepared for delays, and avoid The sporadic clashes on the streets wearing black t-shirts, which have been worn by the protesters and white t-shirts, which of Hong Kong – which in any case are have been worn by the counter-protesters. generally limited to small areas of the One of the biggest risks is inhaling tear-gas if you happen to be nearby or down-wind of city – may well cease in the weeks or a violent protest, and there is also an increased risk of damage to eyes from lasers which are being directed at surveillance cameras to hide the faces of protesters. months to come, but for the long- Travellers should also avoid taking photos or filming the protests as journalists and term, political commentators wonder innocent bystanders have also been targeted. In addition, due to strict social media if China’s light-touch to the territory laws in Hong Kong, travellers should avoid posting any images or comments about the might also have been shifted by protests, or any political issues. events, changing life in the city both Craig Wright is director of special risks at Traveller Assist. He has held several roles for individual residents and for the including special risks underwriter where he was responsible for K&R, extortion, businesses that ply their trade there. hijacking and piracy. He has also operated on high risk security teams with the BBC and CNN in the Middle East and Africa, and worked for the United Nations at the International Martin Allen-Smith is a freelance Court of Justice in The Hague. Wright started his career as an officer in the British Army journalist where he served on global counter-terrorism and counter-narcotics operations.

cirmagazine.com September-October 2019 17

HongKong.indd 4 10/09/2019 10:44:02 Feature Contingency planning

Are we there yet?

t has been three long years As domestic Brexit negotiations sway between intricate chess since the UK voted to leave moves and matches of tiddlywinks, contingency planning the European Union and as the ensuing political turmoil for a hard Brexit is fi nally taking centre stage across both Icontinues, businesses that had been government and industry. Ant Gould looks at the latest plans in doubt about the UK’s pending exit from the bloc have accepted ■ A renewed focus on no-deal contingency planning has seen billions that it is now time to refi ne and test pledged by the government to ensure businesses are ready by 31st October contingency plans in case the country ■ Some industries are faring better than others, with smaller businesses leaves as scheduled on the 31st lagging behind all the others in the fi nal weeks before the UK leaves the EU October but without a deal. ■ Pharmaceuticals and heavy industry, meanwhile, are leading the charge One sector that has certainly with their more sophisticated and realistic approaches to back-up planning been ahead of the game is the pharmaceutical industry, particularly as two thirds of medicines used in the chains, particularly for medicines in place to air freight products with UK are presently imported from the with special requirements such as a short shelf-life which cannot be EU – with 90 per cent of these coming cold storage, short shelf-lives or stockpiled. through Dover and Folkestone. personalised medicines containing Medicines will also be prioritised Mike Th ompson, CEO of DNA. Manufacturing plants are also at the border and additional roll-on, the Association of the British running for extra hours and into roll-off ferry capacity between the UK Pharmaceutical Industry has the weekend. and the EU has been secured. Th ese described Brexit as the biggest Th e government has been active ferries will run on routes between logistical challenge ever faced by for its part, setting up the Brexit the ports of Immingham, Felixstowe, the industry. He says the sector has Medicines Supply Contingency Poole, Plymouth and Portsmouth. responded by increasing stocks of Planning Programme last year At the beginning of the medicines, duplicating processes here requesting companies to increase summer, following Boris Johnson’s and in the EU, planning alternative stocks of medicine by at least six appointment as Prime Minister the routes and reviewing supply weeks’ worth and ensure plans are Treasury announced an extra £2.1

18 September-October 2019 cirmagazine.com

Brexit.indd 1 12/09/2019 11:00:39 Contingency planning Feature

billion to fund preparations for no deal planning, including £434 million towards ensuring continuity of supply of vital medicines and medical products. A £25 million contract notice was also put out to tender to set up an express freight service to deliver small parcels of medicines or medical products on a 24-hour basis, with additional provision to move larger pallet quantities on a two to four- day basis. Th e successful provider(s) are expected to be announced in September and the contract will run for 12 months. Th e government also plans to create ten freeports, status for which ports and airports across the applied to storage and areas adjacent Another potential concern for country will soon be able to bid. to core port operations. But it can’t be businesses is the loss of cheaper International Trade Secretary Liz a silver bullet for the risk of no-deal labour – from skilled to unskilled – Truss said these manufacturing and disruption and £10 million should be something which is presently being services trade hubs could be seen in the context of the more than exacerbated by the falling value of the free of unnecessary checks and £600 million UK port operators invest pound. Th is is a particular concern for paperwork and will off er customs each year. the construction industry – which in and tax benefi ts. Doug Bannister, chief executive of the UK employs more than 225,000 But while ports are readying the Port of Dover is still upbeat. “Th e EU citizens. themselves for all eventualities, Port of Dover, as with our sister ports Th e construction industry has they are hamstrung by local issues, in France and our ferry partners, not been sitting on its hands, including lack of physical space are prepared for the 31st of October. however. At the start of the year, and suitable infrastructure. Th e Merchants, border agencies and the Construction Leadership government has now added another highway authorities also have pivotal Council convened a meeting of over £20 million for councils to appoint a roles to play in ensuring the system 100 industry leaders – including designated Brexit lead and released continues to operate smoothly,” construction contractors from another £9 million to help ready he said. across the supply chain, house major ports and surrounding areas builders, product manufacturing and for Brexit. Kent – home to the Port Preparation is all professional services, as well as trade of Dover, Eurotunnel, Ashford and And the money continues to fl ow. In associations and key construction Ebbsfl eet – will receive over £2.6 September the government’s Spending clients, to develop sector contingency million, and Kent County Council Review included another £2 billion for plans for a no-deal Brexit. It looked at £1 million. Brexit delivery. how the industry can recruit, retain Tim Morris, CEO of the With many businesses uncertain and support foreign nationals within UK Major Ports Group gave the about their ability to get parts and the UK construction workforce – and investments a cautious welcome, goods in on time, it is no surprise that how to mitigate the impact of changes warning “we must be realistic about stockpiling – no matter how modest to the rules on the import and export the extent of physical change possible – has gained traction, and that the of goods within the supply chain. between now and the end of October”. cost of warehouse space in the UK has Following the meeting, the CLC Th e Port Infrastructure Resilience soared on the back of high demand. published a contingency planning and Connectivity Fund could make Peter Ward from the UK Warehousing report, and recommendations a diff erence at some locations and Association has warned that UK’s included a call for fi rms to proactively circumstances, particularly if it warehouses are now full. provide information to its EU

cirmagazine.com September-October 2019 19

Brexit.indd 2 12/09/2019 11:00:43 Feature Contingency planning

Registration and Identification (EORI) numbers to VAT-registered businesses that trade exclusively with the EU. Federation of Small Businesses chairman, Mike Cherry welcomed the more assertive moves made by the new Prime Minister. “[Small traders] are the ones that need to prepare the most, so it is welcome to see the government has listened to us and is taking concrete action. Automatically issuing EORI numbers to all VAT-registered small firms that trade exclusively with the EU is a vital intervention in preparing small traders for a no-deal Brexit employees about how to secure becoming invalid under cessation and will be one less thing for them ‘settled’ or ‘pre-settled status’ in the of work clauses. And costs will also to worry about. It will also allow UK, as well as helping to provide increase if the UK falls back into small business importers to the EU to any additional evidence that may World Trade Organisation (WTO) take advantage of easements such as be requested by the Home Office rules with the imposition of tariffs. transitional simplified procedures. for the application. “Focus must now move on to what The CLC also urged the Getting real about no-deal other support government can offer government to reduce the required The larger corporate industries – to small businesses including those... qualification level for a skilled worker and by default their supply chains exclusively trading with the EU that to NVQ Level 2 to reflect the industry – appear to be the largest sector in are below the VAT register threshold. skilled status; to set the salary the UK where contingency planning Small business needs an Emergency threshold for a skilled worker at the may be below par. According to the Budget before 31st October with median level, which is significantly Confederation of British Industry, across the board measures to boost below the £30,000 currently proposed; four out of 10 SMEs that trade cash flow and help [them] prepare, adjust short-term worker visa to internationally have no contingency and adapt, to any new trading 24 months to allow the industry plans at all for Brexit. circumstances from 1st November.” to meet its short-term workforce Understandable? Perhaps. At the time of going to press, requirements; and ensure that, in the Irresponsible? Certainly. But the parliament was in the throes of event of a no-deal Brexit, the mutual CBI defends these companies, saying yet more infighting and political recognition of qualification across that diverting precious resource – posturing, while outside of the EU and UK is prioritised. both human and financial – to Brexit Westminster, polls show the public As with the pharmaceutical preparedness is out of reach; 41 is still in favour of what it voted for industry, the supply chain is also a per cent of CBI members cite cost those three, long years ago. Much major concern – with construction or a lack of resources as the reason uncertainty has surrounded the products valued at over £10 billion for their inaction. Eighty seven per subject of Brexit during this time, with imported from the EU every year, cent say its down to inconsistent very little in the way of agreement. But including £1 billion of timber and information on the topic. if there is one thing we can all agree £750 million of aluminium products. Soon after moving into Downing on (and readers of this magazine in It is estimated that at least 15 per cent Street, Johnson’s new Brexit particular) it is that contingency plans of products used in UK construction team launched a major publicity must be in place – for all businesses, are presently from the EU (accounting campaign guiding businesses in and now. for two-thirds of materials imported). no-deal preparations, and in August Added to this, project delays of over announced it will be automatically Ant Gould is a freelance journalist 90 days may also lead to insurance issuing UK Economic Operator

20 September-October 2019 cirmagazine.com

Brexit.indd 3 12/09/2019 11:00:45 Guiding You To the Summit Helping clients on their strategic risk management journey since 1958.

Fire Protection Engineering Property Valuation Boiler and Machinery Engineering Process Safety Infrared Thermographic Surveys Dust Hazard Analysis (DHA) Natural Hazards Analysis Business Continuity Planning Jurisdictional Boiler & Pressure Vessel Loss Control Training Inspections Code & Project Services Arc Flash Analysis & Training GRC Connect (client portal)

Global Risk Consultants Corp. 100 Walnut Avenue, Suite 501 Clark, NJ 07066 1 732 827 4400 [email protected] www.tuvsud.com/grc

Untitled-2 1 17/04/2019 14:32:23 GlobalRisk_RMadjusted_5.19.indd 1 4/11/19 3:47 PM Feature Data privacy legislation

ome to the world’s largest technology giants, including Google and Facebook, the US state California bound of California is a significant player in H As data privacy continues to be a major issue for organisations the global economy. The state is the largest in the US by economic output. around the world, companies are being urged to prepare for If it were a nation on its own, it would another set of wide-ranging new rules emerging from the US boast a gross domestic product of state of California. Joe McGrath investigates more than US$3 trillion, equivalent to the world’s fifth largest economy. ■ The CCPA signals a significant shift in US privacy law and will greatly Due to its economic significance, impact how businesses collect, use, store and share personal information the state has historically been ■ The CCPA is the first of several data privacy regulations expected to influential in steering the be adopted at state level within the country in the coming years international regulatory agenda. In ■ Like GDPR in Europe, the CCPA is putting privacy protection front the months ahead, it looks set to and centre – making it even more expensive to get it wrong affirm this role again as companies prepare to comply with the incoming California Consumer Privacy Act “This simply extends the reach around data privacy are becoming far (CCPA). of CCPA to global businesses across more complicated and widespread. Signed into law on 28th June all industries,” he says. “There are “Many other US States and 2018, the CCPA will from 1st January additional requirements in the national legislatures are implementing 2020 affect companies based in, or legislation, but it is best to comply new data privacy laws, which are conducting business with, firms in rather than attempt to scope yourself leading to a complex worldwide set of California, if they have revenues of out of compliance.” regulations that global organisations US$25 million or California-based must manage effectively. The CCPA is customers exceeding 50,000. First of many just another example,” he says. This new legislation which has Within the US, the CCPA is the first “It’s important to consider the been tipped to “change the privacy of several data privacy regulations global damage to trust that an landscape” both in California and which are expected to be adopted at organisation will suffer should they beyond and has been likened to the state level, within the country in the indicate non-compliance.” European Union’s General Data coming years. Protection Regulations (GDPR), Earlier this year, Washington New obligations which came before it. State had attempted to pass a similar For those businesses that have already “CCPA is setting the benchmark set of rules, but saw its proposed started data mapping within their for privacy laws to come,” says Fouad legislation fail to pass committee stage compliance processes under GDPR in Khalil, vice-president of compliance at in April. Despite this, industry figures 2018, it is likely that they will have a Security Scorecard. “This all signals a believe that similar rulesets can be rolling start with the rules emerging significant shift in US privacy law and expected both across the US, and from CCPA. will greatly impact how businesses internationally. Under the CCPA, businesses collect, use, store and share the “We can expect many US states are expected to adhere to a set of personal information of California and other countries to follow suit,” conditions whereby they must residents, including non-consumers, says Mathew Lewis, senior vice- explicitly seek and manage the job applicants, employees and president at Axiom Law. “CCPA and consent from individuals about business-to-business partners.” Europe’s GDPR put privacy protection their data preferences. To meet this Khalil explains that CCPA will front and centre and make it very comprehensive set of requirements, apply to all ‘for-profit’ entities that do expensive to get wrong.” companies must develop privacy business in California, as well as any Peter Galdies, managing director programmes to mitigate risk by the entities they control and those that of data governance group DQM GRC, January deadline. control them. agrees, noting that the global rulesets “CCPA has a mix of prescriptive

22 September-October 2019 cirmagazine.com

CaliPrivacyAct.indd 1 11/09/2019 16:17:45 Data privacy legislation Feature

requirements as well as simply have to apply the new rules to all “Companies will need raising the bar on the care required datasets. Companies in the insurance to build a robust privacy collecting, storing, sharing and market, for example, may be able processing of personal data,” says to take advantages of relevant programme to mitigate risk, Axiom Law’s Lewis. exemptions relating to information which will include compiling He explains that companies collected under the Health Insurance a data inventory that tracks will need to build a robust privacy Portability and Accountability Act and the data captured, stored, programme to mitigate risk, the Gramm-Leach-Bliley Act. processed and shared” which will include compiling a “After considering the exemptions, data inventory that tracks the data if companies determine they still have costs of non-compliance. GDPR captured, stored, processed and obligations, they will need to identify has shown that regulators have little shared. “Companies typically have – starting from the baseline of their appetite for companies that don’t meet hundreds if not thousands of internal GDPR compliance efforts – the steps their obligations when it comes to systems and outside vendors with they may have to take to comply with data privacy. access to personal data,” he says. the requirements of the CCPA, and Among the highest profile cases “This is critical to managing the options for taking those steps,” were the fines issued to hotels group customer data requests, addressing says William Long, co-leader of Sidley Marriott International and British the right to be forgotten, and securing Austin’s privacy and cybersecurity Airways which collectively totalled your supply chain with the right practice. some £300 million. In July, the contractual terms to protect the data.” “This may involve changes UK’s Information Commissioners’ Lewis says companies should to privacy policies, notices and Office confirmed its intention to fine be looking to update their existing disclosures, amendments to contracts Marriott just shy of £100 million for privacy policies and templates for and insurance policies, a process for data breaches and British Airways data protection agreements, while responding to data subject requests, £183.39 million. refreshing their understanding of the employee training and a review of While these fines were data held and training staff on their information security procedures and among those to make the biggest new obligations under the CCPA and practices.” international headlines there have GDPR regimes. been hundreds of others. The Under CCPA, there are also Lessons from GDPR European Data Protection Board some exceptions, however, which Ultimately, companies should be released statistics on the number of may mean that businesses do not mindful of the explicit and implicit enforcement notices and warnings

cirmagazine.com September-October 2019 23

CaliPrivacyAct.indd 2 11/09/2019 16:17:47 Feature Data privacy legislation

protect themselves by ensuring they don’t adopt a ‘wait and see’ approach.”

Enforcement differences While the substantial fines that have been issued under GDPR may offer food for thought, there are some noticeable differences in the Europe regime compared to that of the CCPA. GDPR granted data protection authorities substantial enforcement powers, including the power to impose fines of up to the greater of four per cent of annual worldwide turnover or €20 million for failure to comply with the data protection obligations. By contrast, under the CCPA, the California Attorney General can bring a civil action for each violation. “In such a civil action, a company can, depending on the violation, be issued an injunction or a penalty of US$2,500 for each violation or US$7,500 for each intentional violation,” explains Sidney Austin’s William Long. There are a significant number of other differences too, but far too many to list here. That said, industry experts are advising companies to operate at the highest possible standard, globally, given that additional regulations are likely to be implemented in the coming months and years. Cory Cowgill, chief technology officer at Fusion Risk Management, explains: “I fully expect there will be more privacy regulation in the future. GDPR consolidated the patchwork of privacy laws across the EU into one piece of legislation. it had issued back in February over a quarter (64,684) were related “In the US, to avoid a patchwork 2019. It confirmed that some to specific data breaches,” says Teresa of CCPA and similar state laws, we 206,326 cases had been reported to Troester-Falk, chief global privacy should expect a similar federal law authorities across 31 jurisdictions in strategist at privacy software group with the same goal of consolidating the European Economic Area since Nymity. “The GDPR has created a a patchwork of laws into one privacy GDPR was brought in. groundswell of privacy regulations or law for the country.” “Almost half of these cases were amendments to existing legislation Joe McGrath is a freelance journalist related to complaints (96,622), while around the world. Businesses can best

24 September-October2019 cirmagazine.com

CaliPrivacyAct.indd 3 11/09/2019 16:17:51 BOOK YOUR TABLE

The 10th annual Risk Management Awards

6 NOVEMBER 2019 London Marriott Hotel Grosvenor Square

Celebrating success in the practice of risk management

@CIR_Magazine #RiskManagementAwards

cirmagazine.com/riskmanagementawards

Main awards sponsor Sponsored by Headline partner Supported by

RiskManagentAwards-2019_bookAtable.indd 1 12/09/2019 14:19:34 Establish Your Information Foundation

How are you leveraging knowledge in your organisation? Having a single place to manage your information can lead to quicker reactions and faster recoveries. You can achieve that goal by having the Fusion Framework System. With Fusion, you can gather, organize, and analyze information about your organisation to support better decision making.

Discover What’s Possible with Fusion. fusionrm.com/discover

Untitled-2 1 17/05/2019 09:50:47 Power continuity Feature

lmost one million people were affected by a large- scale electricity failure that affected swathes of the UK Powering down in August, after almost simultaneous A August saw what the National Grid described as an incredibly problems at two power stations. Supply failed at both the gas- rare event, but one which had an immediate impact on fired station at Little Barford in businesses, public services and homes, and is now subject to Bedfordshire at 16:58 BST on Friday a major government investigation. Deborah Ritchie reports 9 August and then at Hornsea offshore wind farm two minutes later, ■ One million people lost power after supply failed at both a gas-fired station with blackouts reported across the in Bedfordshire and an offshore wind farm in Essex two minutes later Midlands, South East, South West, ■ Blackouts were reported across the Midlands, South East, South West, North West, North East of England, North West, North East of England, and also across much of Wales and also across much of Wales. ■ Some observers suggest that the answer to what went wrong may be found National Grid power was restored less in the technical detail than in the fact that the risk landscape has changed within an hour but knock-on effects continued to disrupt train services in several areas into the following day. Days later, the government an “urgent detailed report” into announced an inquiry into the causes the incident and its causes. It has “Hospitals rely on power of the incident, examining whether the option of enforcement action for emergency care and there were any avoidable technical including a significant fine, although have back-up generators problems, and how well National National Grid has said that the power to shoulder the load Grid communicated and resolved the cut was an “incredibly rare event” should power cease, but at problem. and was not caused by its own supply The government’s action follows systems. Ipswich Hospital, a back-up a move from the energy regulator, As well as major transport generator also failed” Ofgem, which quickly demanded delays, the power cut also affected

cirmagazine.com September-October 2019 27

power.indd 2 12/09/2019 14:00:47 Feature Power continuity

leaders in the critical infrastructure community for contingency planning, have regulations that continue to drive them with ‘reliability’ metrics such as: number of customers interrupted; customer minutes lost; and mean daily fault rates. “Such metrics are good for normal operating conditions but they undervalue the impact of large-scale events and price lost load at a flat rate. Yet the value of lost load compounds the longer it’s lost. For example, most customers will value costs differently in the first few minutes of the disruption caused by an outage, when it’s merely inconvenient, than they do after days of disruption, or weeks when modern life becomes simply impossible. Likewise, the impacts of large-scale events are disproportionately high, driven by abnormal restoration costs and widespread and complex infrastructure damage. Large-scale events are therefore often only included in the narrative of risk registers and the reliability metrics drive a planning and investment focus on smaller, more common, events rather than larger, more uncommon, yet more disruptive events. Especially when combined with an accessibility and affordability target.” “Grid operations have increased in complexity due to changing power demand, increased reliance on renewable sources, and increasing introduction of smart public buildings, including Ipswich Availability Services suggests that technologies. Together, these have Hospital in Suffolk, where a back-up the answer to what went wrong may created a risk landscape that is generator intended to supply power lie not in the technical detail but in no longer relatively stable and to outpatient areas did not work as the fact that the risk landscape has interspersed with occasional shocks expected. East Suffolk and North changed and that “the metrics that are but unremittingly characterised by Essex NHS Foundation Trust said that collectively used to drive investment uncertainty, complexity and risks with patients were kept safe during the 15 and planning for infrastructure adversaries,” she adds. minutes it took to restore power to disruptions are now reaching their the site. limit of usefulness”. An increasing reliance Dr Sandra Bell, head of resilience “Most electric power utilities, Colin Jeffs, head of business consulting, EMEA at Sungard which have long been seen as continuity consulting at Daisy

28 September-October2019 cirmagazine.com

power.indd 3 12/09/2019 14:00:50 Power continuity Feature

“The impacts of large scale events are disproportionately high, driven by abnormal restoration costs and widespread and complex infrastructure damage” Corporate Services says the incident is a sobering acknowledgement of our reliance on power. “With around one million people impacted, it is a timely reminder about how different people and organisations can experience different and sometimes catastrophic outcomes from such occurrences. Hospitals, for example, rely on power for emergency care and have back-up generators to shoulder the load should power cease, but at Ipswich Hospital, a back-up generator also failed thereby impacting outpatients, X-rays and scans,” he adds. Jeffs suggests organisations take the opportunity to ensure that business continuity planning and testing and exercising include layers. “Not only are disaster scenarios rarely linear, but you may also have to deal with situations where you are managing disparate disasters simultaneously. You can experience nothing unusual for quite some time, and then several issues occur all at once. This is where resiliency is key. And keeping your business continuity management updated to reflect your Being prepared for such outages is and the impacts of not having those overall resiliency, is essential to help vital, and part of that is understanding things can ultimately make your you through trying times,” he advises. how resilient you are. How resilient readiness and response more effective. “What happened in August are your processes, your systems, Ideally, you will already have thought also illustrates that modern life your technology, your infrastructure, through a comprehensive set of takes power for granted, but taking your people? And when services stop scenarios, what will be impacted, anything for granted in business – what is in your power to control? how and where and formed a plan continuity terms, is not an option. Such as communications to staff and to minimise the impacts and to Power can and does fail, and as we stakeholders, welfare of staff, the communicate to people what you are saw in August, it can be on a large- continuation of critical services via doing about it.” scale that affects huge numbers of other means and so on. Knowing Deborah Ritchie is editor of CIR both people and businesses alike. what is critical to you

cirmagazine.com September-October 2019 29

power.indd 4 12/09/2019 14:00:51 layout.qxd 25/01/2007 12:54 Page 1

Promoting business continuity in the City of London

London is one of the world's great cities – a global centre for business and commerce. Ensuring London is ready to meet the challenges of tomorrow is fundamental to the world economy and a priority for the City of London and every London business.

www.cityoflondon.gov.ukwww.cityoflondon.gov.uk/businesscontinuity

Untitled-8Untitled-1 1 24/02/201515/11/2011 15:40:2209:37:01 BUSINESS CONTINUITY SOFTWARE REPORT 2019-20

Market analysis Business continuity so ware now Products and features Your guide to business encompasses basic planning tools for the smallest continuity products and services p34 company, to  exible, multi-faceted platforms able to manage complex risk and resilience functions for multinationals. Dave Adams takes a look p32

cirmagazine.com Market analysis • Products • Product features • Supplier directory

BCSR-Cover.indd 1 11/09/2019 16:24:55 Business Continuity So ware Report

hile business continuity so ware adoption was once driven primarily by Market analysis Wregulatory requirements, today having Business continuity software now encompasses basic planning an e ective business continuity strategy tools for the smallest company, to fl exible, multi-faceted is seen by many organisations as a cost of business as usual. Although the platforms able to manage complex risk and resilience functions so ware’s primary functions are still to for multinationals. Dave Adams takes a look at the market improve management of continuity risks and recovery planning and not have used business continuity testing, many end users now also use to so ware before. help embed risk and business One trend visible throughout the past continuity information gathering and decade and now widespread in many management processes throughout sectors is smaller organisations seeking their organisations. to improve business continuity in order Optician Specsavers, which employs to win or retain business from larger over 32,000 people in ten di erent corporates. Zawada says the number countries, uses ClearView so ware of Avalution clients in this position has for business continuity management grown “dramatically” in recent years; and crisis management in its UK and this reason to invest in business operations. “We are looking to use continuity so ware has overtaken it more globally in the future,” says regulatory requirements as the primary group business continuity manager driver of adoption. Aaron Carter. “We use it for developing  e so ware can also manage the exercise templates and for reporting other side of these relationships: on exercises. It can provide us with ClearView is among the vendors a clearer picture of our maturity in that o er supply chain continuity business continuity management, capability assessments within their crisis management and organisational so ware. Some end users seek to resilience.  e most bene t comes from extend collaborations with key the BIA function: it’s collating all the suppliers further: Steve Richardson, little pieces of potentially important chief product o cer at Fusion Risk information that you might use when Management, cites an insurance putting BC plans in place.” He says the company within Fusion’s client base move towards using the technology that uses the Fusion Framework System

Business Continuity Software Report 2019-20 Continuity Software Business in other countries beyond the UK is to help it run joint testing exercises with linked to an aim to embed BC more Avalution’s Catalyst so ware could be one of its mission-critical -based deeply within the company, getting used by an organisation of virtually any SaaS providers. more business units to take ownership type or size. Regulation still drives adoption of their part of the process. Marie-Helene Primeau, executive of business continuity so ware in Brian Zawada, managing director at vice-president at Premier Continuum, many industries and geographies. Avalution, says that while some larger tells a similar story: the company’s Charles Bo n, president, EMEA/ organisations want so ware they can user base includes both ‘traditional’ APAC and global chief of strategy at customise and recon gure as they wish, business continuity clients – working ClearView, says many clients want smaller organisations are more likely to in regulated industries and sometimes so ware that is aligned with ISO prefer a turnkey solution they can start using large-scale, customised 22301 to ensure consistency across using straight away. Some so ware can implementations – and much smaller multinational operations. be both of these things: Zawada claims organisations, many of which may North America, Europe and parts

32 September-October 2019 cirmagazine.com

BCSR_ourArticleTheirArticle.indd 2 12/09/2019 09:56:01 Business Continuity So ware Report

of Asia remain the most likely sources such as weather alerts. Some end users o en you  nd that those organisations of new clients for business continuity use the so ware to run or support later switch back to using best in class so ware vendors, but many also report vendor management processes. so ware for those di erent disciplines. increased interest in the Middle East; One RecoveryPlanner RPX end But you do need so ware that can and in countries including India, user doing this is North Shore seamlessly interface with other best in from where many businesses supply Bank, headquartered in Milwaukee, class solutions.” services to companies based in Wisconsin, US. It has 500 employees Vendors also report a growing developed countries. and 48 branches across neighbouring appetite among end users for increased Another ongoing trend is the drive states; and uses the so ware for disaster automation of some business continuity to make so ware as user-friendly as recovery and business continuity processes. RPX now supports possible. With business continuity planning and for vendor management. automation of testing schedules, regarded as a fundamental part of “All our information regarding key risk assessments, BIAs and work ow; business as usual, so ware needs to be third party vendors is there,” says enabled by smooth integration suitable for more general users as well Pat Ingelse, assistant vice-president between the so ware and data as specialists. and project manager at the bank. “It’s sources like HR directories and Elaine Comeau, continuity director internet-based, so if the building where asset management systems. at Banque Nationale in Quebec, our primary servers are is no longer A growing number of vendors expect Canada, cites the ease with which in use, we as employees can go home to see more use of automation, AI sta across the bank can use Premier and still manage our business with and machine learning in future. “In a Continuum’s ParaSolution so ware as very little interruption. For our needs, typical recovery environment, we’re a key attribute of the technology.  e it’s a perfect  t.” faced with lots of data coming in and bank has 20,000 employees and 400 Steve Richardson says a growing we then access so ware and interrogate branches across Canada. number of Fusion end users are seeking that data and decide what to do,” says “ e biggest advantage is that it is to integrate management of multiple Bo n. “ at is a complex process and user-friendly,” she says. “It’s easy to risk-based disciplines. One important machines could do that better and navigate. It’s made it easier for our argument in favour of doing so, he quicker.  ey can learn from what has business users to update their business says, is that it stops these functions happened before, they can understand continuity plans throughout the year. becoming siloed within the business. where the dependencies are.” Everything is web-based, so you can Organisations taking a more integrated But for Zawada, the most important have a mobile copy on your phone.” approach include businesses in parts recent change in the way business Growing numbers of end user of the  nancial and insurance sectors, continuity so ware is used is the organisations are attracted to solutions along with some higher education way it now permeates throughout that, like RecoveryPlanner’s RPX, and healthcare institutions. Once organisations, allowing signi cant o er a native mobile app version of organisations have established this improvements in continuity the so ware, thus bypassing the type of capability they may also use the preparations and spreading awareness

potential problem of a lack of online store of data and business information and understanding of continuity and Report 2019-20 Continuity Software Business access during an incident, as users it creates to inform other risk-based risk management issues throughout retain access to an up to date version business decisions or to support other the workforce. of the plan and can receive and respond business processes. “ e power of unlocking to noti cations. Some vendors are less impressed by participation throughout the Integration between business the idea of a single solution delivering organisation is huge,” he says.  e continuity so ware and other business multiple risk-related business functions. right choice of business continuity systems has been an important attribute “I believe organisations still need best so ware could be the  rst step towards of these so ware products for a long practice functionality,” says Zawada. unlocking that power within any time, whether with back o ce tools, “Where [users are buying] a single organisation, while the technology governance, risk and compliance platform for multiple risk management continues to perform its principal (GRC) platforms, emergency disciplines it’s because they’ve been told task, safeguarding operations, assets noti cation systems, or speci c systems they need to use a single platform. And and people.”

cirmagazine.com September-October 2019 2019 33

BCSR_ourArticleTheirArticle.indd 3 12/09/2019 09:56:03 Business Continuity So ware Report

ALIVE IT BC IN THE CLOUD CATALYST CONTROLLIT INFINITE BLUE AVALUTION CONSULTING

This product was developed for BC in the Cloud by Infinite Blue planning and coping with critical provides automated SaaS tools and situations through comprehensive professional services for building and support of all business continuity maintaining effective business management tasks and the avoidance continuity and disaster recovery plans of double data maintenance through that aim to streamline and simplify Catalyst provides comprehensive automated interfaces. Designed to be continuity, governance and risk business continuity and IT disaster highly customisable, the entire management programmes, and recovery planning functionality to application including all functions is focuses on planning, exercising, help prepare organisations for available via a web browser meaning governance and compliance, disruptive incidents. Designed for the no time-consuming or costly client enterprise risk, incident management global enterprise but scaling to installations. This product is available and vendor tracking. address the needs of any organisation, on-premises or as a software-as-a Catalyst is designed to make service (SaaS) solution. Consulting, infiniteblue.com/bcinthecloud continuity planning simple and development, implementation, actionable, both for the manager and maintenance as well as support and the end-user. training is provided by Controllit. BUSINESS CONTINUITY PLAN TEMPLATE A set of fully integrated modules aim In June 2019 the alive-IT v6 was BCP BUILDER to simplify the user experience and released, providing what the vendor streamline plan development and describes as a completely new solution BCP Builder is an online business programme maintenance. The BIA for business impact analysis (BIA) continuity plan template designed in a module uses on-screen guides to help based on ISO 22317. The BIA can now simple tab-based format. The product ensure department owners submit be carried out in the form of a survey, is designed to work both for small and the correct information and then which can be centrally managed and large businesses, and as such there are leverages that information in all tracked at any time, integrating the 1, 10, 25 or 50 plan packages available. subsequent planning phases. The Risk participants automatically and Assessment module enables teams to workflow-controlled. This product is popular among clearly identify key risks to the consultants who typically use the organisation’s most critical activities A powerful procedure calculates the software to prepare plans with their and resources, allows management to values for recovery time objectives clients, to help streamline processes quickly identify where risks exceed (RTO) and maximum tolerable period for consistency and to provide a their risk appetite, and sets the stage of disruption to determine the time- central location for storing plans. for developing business continuity critical business processes. At the end Once complete, user organisations will strategies. The Recovery Strategy of each BIA project, the result, have access to a plan with practical Identification module takes the including supplementary texts, can be incident response procedures and guesswork out of strategy Business Continuity Software Report 2019-20 The products Continuity Software Business generated in a comprehensive final accessible information for use in an identification. report as a Word or PDF document. emergency or business disruption Catalyst uses the information captured A complete implementation of a threat BCP Builder is based on the BCI’s during the BIA and risk assessment to and risk analysis is planned for the Good Practice Guidelines and satisfies help clients clearly identify and coming releases. the requirements of ISO 22301. establish response and recovery strategies. When planning, Catalyst controll-it.de bcpbuilder.com offers an intuitive plan development process, with access to a wide variety

34 September-October 2019 cirmagazine.com

40-49-BCSR-products.indd 2 12/09/2019 09:46:36 Business Continuity So ware Report

of highly customised planning Catalyst Insights uses all the data in CLEARVIEW templates and content. the system to automatically produce CLEARVIEW CONTINUITY business continuity programme The Task Scheduling feature allows metrics that help users quickly teams to assign start and end times to identify and address preparedness recovery tasks and establish task gaps and report on the organisation’s dependencies to better plan for a true level of preparedness. disruptive incident. The Live Incident Management ClearView’s software is used by Catalyst’s Exercise module enables module provides an online location organisations of all sizes and in all teams to improve the preparedness for teams to collaborate and share sectors around the globe. Designed and resiliency of the organisation and information about a disruptive to be easy to use and intuitive, confidently respond in the event of an incident in real-time, including occasional users can get up to speed actual incident. announcements, situations reports, quickly, while more advanced users and recovery status. have a complete set of features necessary for managing all aspects of Catalyst Bullhorn enables users the business continuity management to quickly and easily connect by lifecycle. sending emergency notifications and surveys to internal contacts Functionality includes a business via email, text message, or voice continuity management system, phone call. including risk assessment, BIA and plan development, exercising and Catalyst Control+Comply helps users notification plus dynamic incident

Business Continuity Awards Gig economy Book reviews Mental health at work Game of drones Book review If you didn’t make it to the Gala, Implications for Cyber wiles and To what degree should Addressing airport Paul Martin’s employers get involved? vulnerability Rules of Security manage controls and compliance management. read all about the winners here insurance and risk retail riles

cirmagazine.com July-August 2019 cirmagazine.com May/June 2019

The butterfly effect Mark Evans says companies must be Risk Technology Focus Riskonnect’s Mark Holt on how to aware of a complex web of issues that surround ESG factors shrink big data for more manageable, insightful information requirements efficiently – ensuring Back-up to basics The discovery of destroyed masters Critical Equipment Focus Compliance goes only so far in following a fire at Universal Studios serves as a lesson for us all protecting critical equipment, says TÜV SÜD’s Michael Wood

Are we there yet? Autonomous vehicles are finally being Property Focus QBE’s Cécile Fresneau looks at the trends tested out on UK roads. Ant Gould brings us up to speed driving radical changes in property risk, and their implications they are consistent with stakeholder An integrated notification module expectations and tailored to the provides two-way SMS, push organisation’s risk profile. notifications, email, voice and conference call options. A mobile The Vendor Risk Survey module application is also available. The allows users to engage with both notification functionality has been With great power... Clash of the titans 5G has landed Global political risk internal and external stakeholders enhanced in the latest version, View: “Good relationships are at the heart of most businesses, and uncertainty is another word for a weakening of these relationships” Industry view: “Brexit did not emerge out of nowhere; the causes had been simmering for years” cover_.indd 4 16/07/2019 17:18:36 cover_.indd 3 21/05/2019 11:29:27 using custom surveys to collect critical ClearView 7.3. To advertise in programme data, including vendor risks, plan input, exercise feedback, ClearView offers a flexible reporting the CIR Professional and more. suite with dynamic report creator Services guide and executive dashboard showing Avalution Consulting offers hosting gap analysis and key metrics in easy Business Continuity Software Report 2019-20 The products Continuity Software Business options across the US, Europe, to use graphic formats with full data Canada, Australia and the UAE. export/download. please call Steve Turner This provider offers a free trial to A considerable range of self-service on +44 (0)20 7562 2434 those wishing to familiarise functionality is available to users or email steve.turner@ themselves with the product. wishing to tailor the platform, and cirmagazine.com integrations capabilities enable a avalution.com seamless interface with all other key data sources and third party systems

cirmagazine.com September-October 2019 35

40-49-BCSR-products.indd 3 12/09/2019 09:46:40 BusinessBusiness ContinuityContinuity So Sofware ware ReportReport

to enable all activity to be managed Continuity Logic’s latest update, v5, multi-channel mass notification through one portal. feature a complete range of engine. capabilities, including the ability to ClearView is available in enterprise, re-write the operating methodology of crises-control.com public sector, or small business the solution without developing versions and is fully consistent with additional software code. ISO 22301 and all other major FUSION FRAMEWORK SYSTEM industry standards. This may include adding a subset of FUSION RISK MANAGEMENT new data fields into a crisis ClearView provides comprehensive management module or building an implementation and ongoing support entirely new solution with hybrid or using business continuity experts to unique requirements. help organisations make the most of the software’s powerful functionality. Continuity Logic v5 is built on a Microsoft technology stack, accessible The Fusion Framework System is a clearview-continuity.com through any modern web browser, cloud-based management system for and is 100% HTML5-compliant. building programmes focused on operational risk management, business CONTINUITY LOGIC V5 The product offers across-the-board continuity, IT disaster recovery, third- CONTINUITY LOGIC security and encryption controls, party management, and crisis and incorporates current requirements for incident management. The Fusion Through its enterprise software accessibility (for the visually impaired) Framework System helps users gather, platform, Continuity Logic offers a and is delivered as a global SaaS from organise and analyse information feature-rich product plus the ability to IBM Cloud datacentres. about their organisation to support meet bespoke requirement sets. better decision making. continuitylogic.com Continuity Logic’s solution includes The Fusion Framework System BIA, dependency mapping, close provides a comprehensive approach integration with enterprise HR, CRISES CONTROL tailored to each client’s needs and configuration management and CRISES CONTROL offers innovative capabilities that give notification solutions, task users access to critical data, resources, management, dashboards and live Customers use Crises Control for information, and people anytime and visualisations, crisis management business continuity management anywhere. It integrates across all risk support, testing and exercising, vendor planning, testing, execution and and resiliency agendas to aid users in management, risk assessments and full review, emergency preparedness and establishing a well-rounded function mobile applications. response, IT alerting, public alerting information foundation that employee, resident, diplomat or citizen consolidates siloed data sources into tracking and safety and building or one place. Users can automate You can download all asset security. processes, manage remediation Business Continuity Software Report 2019-20 The products Continuity Software Business CIR Software Reports in full at cirmagazine.com/cir/cirreports.php activities, and gain insights through Crises Control is modular, cloud- analytics. hosted and deployed as a SaaS model Missed your chance this time? Please contact Steve Turner to ensure 99.99% uptime. Crises Fusion Framework is a core system for on 020 7562 2434 or steve.turner@ Control brings together a business managing all types of risk and cirmagazine.com to discuss bespoke print continuity planning and execution resiliency programmes without and online opportunities across all our engine, a SOP and asset management requiring separate modules. The software reports. engine, a ‘digital academy’ for training system of tools complements business and knowledge sharing and a global continuity management by enabling

36 September-October 2019 cirmagazine.com

40-49-BCSR-products.indd 4 12/09/2019 09:46:42 2019 CIR Software Report - Full Page Ad - Avalution Consulting copy.pdf 1 9/4/2019 3:41:21 PM

FOCUSED, ACTIONABLE C BUSINESS CONTINUITY SOFTWARE M Y INFUSED WITH AVALUTION’S EXPERTISE. CM

MY

CY Catalyst provides comprehensive, yet easy to use, business continuity and IT disaster recovery

CMY planning functionality to prepare organisations for disruptive incidents. With Catalyst, business continuity planning is simple, scalable, and actionable – for the programme manager AND end user. K

avalution.com/catalyst

NEW FEATURE: SURVEYING + VENDOR RISK

Engage with both internal and external stakeholders using custom surveys to collect critical programme data, including vendor risks, plan input, exercise feedback, and more.

Ask our team about Catalyst Surveying + Vendor Risk. Business Continuity So ware Report

users to assess the most important assessments, generate inherent risk Integral to the Pro software, the risks and impacts and gather a scores, manage control libraries, provider’s approach draws on familiar foundation of company data to build monitor key risk indicators, and organisational structures to facilitate strategies and plans. Users can also report on risk posture. design, delivery and training, with the complete a BIA and participate in aim of encouraging greater interest planning and exercises. fusionrm.com and engagement, improved capability, stronger linkage with other risk The product also aids users in aligning disciplines and requiring less user with business process recovery INONI PRO time. Information is gathered via requirements for IT risk and disaster INONI online interviews with question texts recovery. Users can develop detailed that can be adapted to reflect the way plans and runbooks and integrate Inoni Pro is a multi-user SaaS each client organisation thinks and directly with user IT systems business continuity management operates. management solution for efficiency system that delivers BIA, risk during exercises and incidents. assessment, planning, validation and Although primarily a SaaS solution, maintenance in a single, integrated Inoni also deploys the platform both For crisis or incident management, package. It is designed to support within country jurisdictions, and self- Fusion enables organisations to view organisations’ alignment or hosted within organisations’ own situational intelligence, create and compliance with ISO 22301, but also closed IP environments. manage incidents and exercises, and assists in other aspects of best practice, perform after-action analysis all from including resilience, crisis inoni.co.uk a virtual command centre. management and ITDR.

This product also provides the tools to The product aims to support MATACO automate vendor assessments. Users organisational individuality and SAVANT can engage vendors with a self-service expressions of risk appetite and portal to respond to questionnaires, tolerance to loss. The system delivers This is a business continuity plan and upload documents, and resolve issues. materials that are practical and useful management tool, fully hosted in a Vendors can also participate in in a major disruption online, via private cloud with a UK-based service programme activities such as plan mobile devices and physical cards. At provider. The application comprises of reviews and exercises. the same time, it seeks to satisfy the a menu structured to support the peacetime requirement for detailed business continuity management Finally, Framework users can maintain documentation for training, audit lifecycle, including BIA, strategies and a risk register, perform risk and compliance. tactics, teams and group definitions, plan templates, plan creation and distribution, exercise scheduling and reviewing. Emergency & Mass Notification Organisations within the power Business Continuity Software Report 2019-20 The products Continuity Software Business Software Report 2019 -20 generation, insurance, education and medical industries use Mataco to create and maintain business continuity plans. To advertise in the next CIR software report, please call Steve Turner - Telephone: 020 7562 2434 or email [email protected] Mataco is a cloud-based business continuity software system that aims to provide full support for business continuity management, disaster

38 September-October 2019 cirmagazine.com

40-49-BCSR-products.indd 6 12/09/2019 09:46:44 Business Continuity So ware Report

recovery and incident management joined-up incident management team ORBIT4BC processes. to operate without being in the same ORBIT ITALY room. Provided on a SaaS basis, the software Founded in 2000, ORBIT Italy is a is available for tablet, smartphone and All plans have tasks allocated to business continuity management desktop PC. Mataco offers a flexible individuals who can log the actions consulting firm, IT service provider database repository in which to record they carry out with regards to these and software developer, and and maintain all relevant information, tasks. There is also a general logging ORBIT4BC was designed to offer a documentation and tasks required for box for recording decisions. complete software solution that helps an effective, robust, and complete companies manage business implementation of business continuity All entries are time and date stamped continuity and disaster recovery planning. against the person who enters them processes. and cannot be altered once entered. Public sector buyers can obtain This means all actions are recorded By collecting and classifying data, the Mataco via the G-Cloud framework and can be accessed in order to defend software allows users to define, on the government’s Digital the individual or organisation against implement and update the business Marketplace. Private sector companies post-incident litigation. continuity, disaster recovery and carry should contact Savant directly. out risk analysis. The system currently comes with 25 Mataco is available for all iOS & pre-loaded plans which can be tailored This product allows customers to Android smartphones and tablets – as needed. manage all the data that must be enabling mobile access to disaster gathered to comply with such business recovery plans in the field and via the The provider delivers training in both continuity management standards and mobile phone network. the system and incident management guidance as ISO 22301, BCI GPG and in general. It also stages a simulated ITIL. It also handles the entire Mataco includes secure full back up as exercise to familiarise people with the lifecycle, in a number of different standard, including telephone and system, test plans and develop skills in languages. email support. The hosted solution incident management. has a monthly fee based pricing This tool has a graphical interface that structure and requires no software MIMS is aimed at the SME market, was designed to make it easy to use installation. local authorities and other public and search in the case of critical event. sector organisations. It also features built-in integration savant.co.uk with several mass notification systems It is currently being installed in a for give a two-way real time number of school academies and communication through SMS, call MIMS multi-academy trusts. School plans bridge and other technologies. CONTINUITY WEST reflect NaCTSO advice and other safeguarding guidance. User organisations can choose MIMS is an incident management between on premise or cloud / SaaS Business Continuity Software Report 2019-20 The products Continuity Software Business system through which users can access The provider also has a hospital installation. plans, contact lists and uploaded version aimed at hospital trusts and is documents. The product can also currently the registered provider to Future plans for this software include notify staff by SMS and email. Public Health England for trainers the development of interfaces with when testing hospitals and hospital major enterprise risk management MIMS sits in a secure server so it is trusts in major incident management. solutions as well as AI features. accessible by any user at any time from anywhere. All users can see what continuitywest.co.uk orbititaly.com other users are doing, allowing a

cirmagazine.com September-October 2019 39

40-49-BCSR-products.indd 7 12/09/2019 09:46:46 Business Continuity So ware Report

PARASOLUTION completion. Roll-ups and dashboards plans, the product links the different PREMIER CONTINUUM provide current state of readiness, activities using prerequisites and a requirements, contact information and decision tree. The software also links gap reports to support informed the required resources to the activities. decision-making. It can also link multiple plans and produce dependency mapping. ParaSolution also offers an IT disaster recovery module that allows users to Users may also receive automated ParaSolution addresses the entire better document IT disaster recovery alerts that notify them of their business continuity management dependencies as well as runbooks and respective activities, providing all the lifecycle and can be tailored to the link them to business requirements. information required for the execution user organisation’s needs. By performing gap analyses, users can of the task, including resources, improve strategies and plan business contact information, and diagrams. An easy-to-use cloud-based software, continuity management and the tool provides guidance and integration with external sources. PDRWEB also offers an integrated flexibility to help users embed best notification module via email and/or practices within its operations. ParaSolution is supported by SMS, recording each step and all experienced consultants, supporting messages in relation to it. The web platform and mobile apps the continued maturity of users’ offer easy access to the tool at time of resilience programme. rdiinc.ca incident. ParaSolution is supported 24/7/365 by an in-house helpdesk. premiercontinuum.com/en/software/ parasolution REALBCP ParaSolution includes modules in REALCGR business continuity, IT disaster recovery, risk management, vendor PDRWEB RealBCP is an integrated business risk management, emergency plan SERVICES CONSEILS RDI continuity management system that management, and ISO 22301 covers the entire business continuity compliance and governance. This product can be tailored to suit a lifecycle. Benefits include integrated, range of users, from SMEs to large full relational continuity intelligence, The business continuity module multinational organisations. The crisis-specific response, risk integrates BIA, risk assessment, plan product features a dashboard showing development and activation, exercises, the status of different plans, BIA crisis and incident management, and progress, maintenance status of plans, reporting. Users can configure most message centre, logged in users and components and adapt them to completed activities. strategic objectives, culture, language and structure. Users can also change This tool has a web-based customised the report’s design, homepage content, survey form, which, once completed, Business Continuity Software Report 2019-20 The products Continuity Software Business dashboard views, terminology and will automatically establish RTOs definitions, instructions set and the using customised weight factors and selection of applicable templates. activity dependencies. Reports are then generated by site departments For incident and crisis response, this and dependencies. Upon review and tool uses information gathered in the acceptance of all reports, PDRWEB planning phase, mobilises stakeholders automatically creates different through the notification module, and business continuity and disaster captures and monitors task recovery plans. During the creation of

40 September-October 2019 cirmagazine.com

40-49-BCSR-products.indd 8 12/09/2019 14:38:41 Business Continuity So ware Report

assessment and BIA, alignment assessment records, manages vendor RPX features based on compliance and products and services as well as their RECOVERYPLANNER performance objectives, testing business impacts, determines a modules, prevention module, audit vendor’s risk score, and includes module and quality monitoring. additional visualisation and reporting capabilities. Guidance and instructions are embedded in tutorial modules and The product has customisable documents may be stored based on notification workflows and messaging RPX is used by organisations all over their attributes, with filtering options. for assigned tasks and approvals with the world to develop, manage, more than six levels of notification, maintain and activate business The tool can be integrated with defined mail-merge type field tags for continuity plans and programmes. notification systems. notification messages, and custom timing. Users can gain an understanding of All solutions are offered in a secured the different ways in which an impact private-cloud model or as a SaaS. Detailed analysis enables users to view could affect the user organisation RTOs by department and location, through the risk assessments and BIAs realcgr.com impact and more. Data viewed that are simplified with surveys and through the included and wizards. customisable reports is presented in a RESILIENCEONE visual manner with simple filtering They can create as many plans and SAI GLOBAL that makes it easy to spot actionable scenarios as desired using the out-of- insights. the-box templates, industry specific SAI Global acquired Strategic BCP in content or one’s own. 2018. It software, ResilienceONE A number of different built-in reports offers an integrated solution for help business continuity teams RPX’s automated features, flexible business continuity automation, risk understand impacts and how to plan permissions and simple licensing management, crisis management, for them. makes it easy to include as many disaster recovery, emergency people in the programme as desired communications, and business With 500,000 cross-industry users at while being powerful enough for those analysis. top companies, ResilienceONE managing the business continuity provides a comprehensive, cost programme. This product supports planning for effective way to bring business and recovery from business outages continuity, disaster recovery, and crisis The virtual command centre is an and incidents, using a set of 107 management together in a SaaS-based interactive crisis management tool criteria encompassing business solution. that provides plans in the form of continuity standards, regulations, and playbooks, automates notifications, best practices for compliance across This product features fixed pricing for and tracks, monitors and reports on multiple industries. unlimited users. A consulting team incidents and exercises in real time. Business Continuity Software Report 2019-20 The products Continuity Software Business provides product onsite and online The latest version, ResilienceONE support, guidance, and training; and a Users can track and map compliance 2019, features a vendor continuity dedicated team provides support to and manage the programme with management function and risk customers through multiple channels hundreds of default reports or create intelligence for more robust reporting. including online support desk, phone, custom reports. and email. Vendor profiling and screening Even without an internet connection, determines assessment needs, saiglobal.com RPX Continuity App Plans are maintains historical and auditable available and users can manage and

cirmagazine.com September-October 2019 41

40-49-BCSR-products.indd 9 12/09/2019 09:46:51 Business Continuity So ware Report Crises Control BC in the Cloud Business Continuity Continuity Business Plan Template Catalyst ClearView LogicContinuity v5 Pro Inoni Fusion Framework System Framework Fusion Mataco alive-IT

Features Plan navigator • • • • • • • • • Plan navigator Dependency mapping • • • • • • • • Dependency mapping Graphical call list • • • • • Graphical call list Location resource manager • • • • • • • Location resource manager Recovery site layout planning • • • • • Recovery site layout planning Reports – preformatted • • • • • • • • • • Reports – preformatted Reports – own build • • • • • • • • Reports – own build Process modelling capabilities • • • • • • Process modelling capabilities Technology modelling • • • • • • Technology modelling ‘What if’ analysis • • • • • • ‘What if’ analysis Data collector • • • • • • • • • • Data collector Automatic analysis • • • • • • Automatic analysis Simulation capability • • • • • • • • Simulation capability Dynamic updating from database • • • • • • • • • Dynamic updating from database Education and training • • • • • • • • Education and training Test and exercise • • • • • • • • • Test and exercise Test scripting • • • • • • • • Test scripting Dynamic incident management • • • • • • • • • Dynamic incident management Dynamic question setting/reviews • • • • • Dynamic question setting/reviews RTO/RPO desired/actual analysis • • • • • • • RTO/RPO desired/actual analysis Standards compliance • • • • • • • • • Standards compliance Integrates with GIS mapping • • • • Integrates with GIS mapping Workflow management with email alerts and reporting • • • • • • • • • Workflow management with email alerts and reporting Multi-language capability – interface • • • • • • • Multi-language capability – interface Multi-language capability – user data • • • • • • Multi-language capability – user data User roles and groups • • • • • • • • • • User roles and groups Document update management • • • • • • • • • Document update management Comprehensive audit trails • • • • • • • • Comprehensive audit trails Mobile device support • • • • • • • • • Mobile device support Templates available • • • • • • • • • • Templates available Change control and tracking • • • • • • • • Change control and tracking Screen customisation • • • • • • • • Screen customisation Help • • • • • • • • • Help 24/7 live support • • • • • • 24/7 live support Internal search engine • • • • • • • Internal search engine

Business Continuity Software Report 2019-2020 Product features Report 2019-2020 Product Continuity Software Business Charts, reports, graphs • • • • • • • • • Charts, reports, graphs Filters • • • • • • • • • Filters Personal filter • • • • • • • Personal filter Drag and drop • • • • • • • • Drag and drop Mobile app for offline viewing • • • • • • • • Mobile app for offline viewing Integrates with EMN software • • • • • • • Integrates with EMN software Published APIs for data interface • • • • Published APIs for data interface Remote hosting • • • • • • • • • Remote hosting SaaS option • • • • • • • • • SaaS option

42 September-October 2019 cirmagazine.com

50-51-BCSR-Matrix.indd 2 10/09/2019 17:20:06 Business Continuity So ware Report RPX Planner Shadow Shield RealBCP PDRWEB MIMS ParaSolution ResilienceONE ORBIT4BC

Features Plan navigator • • • • • • • • • Plan navigator Dependency mapping • • • • • • • • Dependency mapping Graphical call list • • • • • • • • Graphical call list Location resource manager • • • • • • • Location resource manager Recovery site layout planning • • • • • • • Recovery site layout planning Reports – preformatted • • • • • • • • • Reports – preformatted Reports – own build • • • • • • • Reports – own build Process modelling capabilities • • • • • • • Process modelling capabilities Technology modelling • • • • • • Technology modelling ‘What if’ analysis • • • • • • • • ‘What if’ analysis Data collector • • • • • • • • Data collector Automatic analysis • • • • • • • • Automatic analysis Simulation capability • • • • • • • Simulation capability Dynamic updating from database • • • • • • • • Dynamic updating from database Education and training • • • • • • • • • Education and training Test and exercise • • • • • • • • • Test and exercise Test scripting • • • • • • • • Test scripting Dynamic incident management • • • • • • • Dynamic incident management Dynamic question setting/reviews • • • • • • • Dynamic question setting/reviews RTO/RPO desired/actual analysis • • • • • • • • RTO/RPO desired/actual analysis Standards compliance • • • • • • • • Standards compliance Integrates with GIS mapping • • • • Integrates with GIS mapping Workflow management with email alerts and reporting • • • • • • • • Workflow management with email alerts and reporting Multi-language capability – interface • • • • • • • • Multi-language capability – interface Multi-language capability – user data • • • • • • • • Multi-language capability – user data User roles and groups • • • • • • • • • User roles and groups Document update management • • • • • • • • • Document update management Comprehensive audit trails • • • • • • • • • Comprehensive audit trails Mobile device support • • • • • • • • • Mobile device support Templates available • • • • • • • • • Templates available Change control and tracking • • • • • • • • Change control and tracking Screen customisation • • • • • • • Screen customisation Help • • • • • • • • • Help 24/7 live support • • • • • • • 24/7 live support

Internal search engine • • • • • • • • Internal search engine features Report 2019-20 Product Continuity Software Business Charts, reports, graphs • • • • • • • • Charts, reports, graphs Filters • • • • • • • Filters Personal filter • • • • • • • Personal filter Drag and drop • • • • • Drag and drop Mobile app for offline viewing • • • • • • Mobile app for offline viewing Integrates with EMN software • • • • • • Integrates with EMN software Published APIs for data interface • • • • • • • Published APIs for data interface Remote hosting • • • • • • • • Remote hosting SaaS option • • • • • • • SaaS option

cirmagazine.com September-October 2019 43

50-51-BCSR-Matrix.indd 3 10/09/2019 17:20:07 Business Continuity So ware Report

switched with a click. Live RPX Help plans and contact information in the Desk support is available in all time hands of those who need it, when they zones and in various languages. need it, with no need for paper plans.

RPX is used by organisations of all Work has begun on a brand new, sizes and industries, public and completely revised version of Shadow private, throughout the world. Also Planner. This new tool has been available are integrated advisory designed by business continuity services designed to help develop management professionals with effective plans that are tailored to each significant input from the provider’s organisation’s culture, structure and active user base. maturity. dcs.tech recoveryplanner.com

SHIELD SHADOW PLANNER KINGSBRIDGE BCP DAISY GROUP

Shadow Planner is a SaaS-delivered modular based business continuity management tool that makes managing business continuity management programmes of any size easy and is used by small, medium and enterprise customers alike.

Its BIA module features a powerful dependency mapping tool giving real time gap analysis, whilst the business continuity planning module allows users to create step by step action Shield is business continuity planning plans for any given scenario. solution that leverages more than 35 years’ experience and combines it with Testing and exercising module make it best practices outlined by the DRI, the easy to schedule and report on tests BCI and international standards. participate in incidents and crisis and track actions alike. If an incident communications. The App is available was to occur, then Shadow Planner’s Shield offers three editions; each built in both iOS and Android. own mass communication module to maximise the functionality. Business Continuity Software Report 2019-20 The products Continuity Software Business allows business continuity and crisis With cloud-based datacentres in managers to send out emergency Customised BIAs, database driven, Europe, the US and Canada, RPX can communications via two way Email complete team templates, offline be hosted as a SaaS or provided and SMS using either pre-defined mobile apps and an available on-premise. messages or those created at the time integrated communications tool are of an incident. just a few of the Shield’s highlights. The RPX system is designed to support localisation and is provided in In addition to this, a mobile app puts kingsbridgebcp.com a variety of languages that can be critical information such as action

44 September-October 2019 cirmagazine.com

40-49-BCSR-products.indd 10 12/09/2019 14:44:46 Business Continuity Software Report To advertise in the Professional Services Guide contact Steve Turner - Telephone: 020 7562 2434 Supplier Directory or email [email protected]

To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

FOCUSED, ACTIONABLE BUSINESS CONTINUITY SOFTWARE

Catalyst provides comprehensive, yet easy to use, business continuity and IT disaster recovery planning functionality to prepare organisations for disruptive incidents. Developed from Avalution’s considerable experience building and operating the most effective, efficient, and strategy-aligned business continuity and IT disaster recovery programmes, Catalyst was designed for the global enterprise organisation but scales to address the needs of any organisation. With Catalyst, business continuity planning is simple, scalable, and actionable – for both the Avalution Consulting programme manager AND end user.

323 W Lakeside Avenue, Suite 410 PROGRAMME DEVELOPMENT Cleveland, OH 44113 USA • Business Impact Analysis and Risk Assessment • Surveying and Vendor Risk Management Level 1, The Chase, Carmanhall Road, • Plan Development and Management Sandyford, Dublin, D18 Y3X2, Ireland • Recovery Task Scheduling and Visualisation • Automated Exercise Planning and Management

PROGRAMME MATURATION +1 866 533 0575 (US) • Automatic Programme Analysis and Reporting (Insights) +44 142 440 0599 (UK) • Corrective Actions Management +353 76 680 5015 (EU) • Compliance and Audit Management • Management Review [email protected] CRISIS/EMERGENCY/INCIDENT MANAGEMENT avalution.com/catalyst • Live Incident Management • Built-in Emergency Notification (Bullhorn)

READY TO LEARN MORE? Please contact our team to learn more. We look forward to connecting with you.

ClearView is designed to be easy to use and intuitive: occasional users can get up to speed very quickly, while more advanced users have a complete set of features necessary for managing all aspects of the BCM lifecycle.

Functionality includes a BCMS, including risk assessment, BIA and plan development, exercising, and notification plus dynamic incident management.

An integrated notification module provides two-way SMS, push notifications, email, voice and conference call ClearView Continuity options. The notification functionality has been enhanced in the latest version, ClearView 7.3. Astral House, Granville Way, Bicester, Oxfordshire, OX26 4JT A considerable range of self-service functionality is available to users wishing to tailor the platform, and integrations capabilities enable a seamless interface with all other key data sources and third party systems to enable all activity to Tel +44 (0)1869 354230 be managed through one portal. [email protected] www.clearview-continuity.com ClearView provides comprehensive implementation and ongoing support using BC experts to help organisations LinkedIn: www.linkedin.com/company/ make the most of the software’s powerful functionality. clearview-continuity Twitter: twitter.com/ClearViewBCM

cirmagazine.com September-October 2019 45

DirectoryBC-Software.indd 1 12/09/2019 13:05:19 To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

Fusion Risk Management Fusion Risk Management is a leading industry provider of cloud-based software solutions for business continuity, WeWork Monument integrated risk management, IT disaster recovery, and crisis and incident management. Its products and services take 51 Eastcheap organizations beyond legacy solutions and empowers them to make data-driven decisions with a comprehensive and London flexible approach through one system. Fusion and its team of experts are dedicated to helping companies achieve EC3M 1JP greater organizational resilience and mitigate risks within their businesses.

Tel: +44 (0) 20 3884 3538 [email protected] fusionrm.com YouTube: youtube.com/channel/ UCtNFz9l-0CGbyxaiRzHQ_yg LinkedIn: linkedin.com/company/ fusion-risk-management/ Twitter: twitter.com/FusionRiskMgmt

KingsBridge BCP Shield is a no nonsense BCP solution that leverages more than 35 years’ experience and combines it with the best 34 Blair Park Road, Suite 104, Williston, VT, practices outlined by the DRI, BCI and ISO. If a simple and secure BCP tool is critical to your organization, look USA 05495-7534 or Box 515, Metcalfe, ON, no further than KingsBridge’s Shield. Canada, K0A2P0 Shield offers three editions; each edition is carefully built to maximize the functionality while reducing the “fluff” or “bloat” that is common. Customized BIAs, database driven, complete team templates, offline mobile apps and Contact: Steve Rogers (sales) an available integrated communications tool are just a few of the Shield’s highlights.

Tel: 888-246-6642 Don’t just build your BCP and hope it works, Shield your business from Chaos. Fax: 888-246-6642 [email protected] www.kingsbridgebcp.com Youtube: www.youtube.com/channel/ UC2XO4sIj644aHAWZIcHnszg Linkedin: www.linkedin.com/company/ kingsbridgebcp/ Twitter: twitter.com/kingsbridgebcp

46 September-October 2019 cirmagazine.com

DirectoryBC-Software.indd 2 12/09/2019 13:05:20 To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

Developed by Premier Continuum, ParaSolution is a web solution that has been helping clients simplify and manage Business Continuity, Disaster Recovery, Risk Management and Emergency Management over the last 15 years. Our key features reflect our client-centred approach: • Its EASY-TO-USE workflow and seamless update functionality mean there’s no need for end-user training or remembering passwords. Premier Continuum / ParaSolution • For EFFICIENCY, information captured in the BIA is automatically available in other steps of the lifecycle and connected to a centralized and integrated database. 1010 Sherbrooke St. West, Suite 800, • The MULTILINGUAL solution communicates with users in their preferred language. Montreal, QC, H3A 2R7 • ParaSolution comes with standardized approaches, based on industry best practices such as ISO 22301 and BCI Canada Good Practices, while allowing EXTENSIVE CUSTOMIZATION. • You can MEASURE compliance with ISO 22301 using the integrated ICOR self-assessment tool. Contact: Eddy Gallagher, National Sales Director • ParaSolution SaaS is highly available. It is hosted on SECURE and audited servers.

Tel: +1.877.761.6222 / +1.514.761.6222 / ParaSolution – Grasp – Tailor – Optimize – Mobilize +1.514-758-1642 Premier Continuum Inc., proud developer of ParaSolution, is a training partner of the BCI and ICOR and a consulting Fax: +1.514.817.1423 firm with over 20 years of hands-on experience. [email protected] www.premiercontinuum.com Twitter: @1continuum LinkedIn: Premier Continuum Inc.

Resiliency Solutions Since 1999

RPX BCM Software Depth, Flexibility & Scope for a Planner, Simple Enough for the Casual User RecoveryPlanner’s cloud-based RPX software brings together a variety of risk management areas to deliver a mature integrated solution for organizational resiliency. RecoveryPlanner Key Features: 101 Merritt Boulevard, Trumbull, CT • One Complete Mature Package • Multi-lingual UI & Support • Rapid Implementation 06611 USA and Dartford Kent, UK • Cloud-based, Global Data Centers • Support in all Time Zones • Customizable & Flexible • SaaS or On-premise License • Native App in iOS & Android • Leader in all Gartner’s MQ’s Contact: Jeff Goldstein • Unlimited, Concurrent Licensing • Strong Security for BCMP Software

Tel: US: +1 (203) 455-9995 Continuity Consulting UK: +44 (0) 8448 040 653 Also available are integrated advisory services to help develop effective Plans and Programs that are tailored to [email protected] each organization's culture, structure and maturity. Direct representation, support and professional services available throughout Europe, EMEA and APAC, including representation and live support in the UK. www.recoveryplanner.com Linkedin: www.linkedin.com/company/ Contact us today for improved resiliency, preparedness and response! recoveryplanner.com/ Twitter: @RP_BCM

cirmagazine.com September-October 2019 47

DirectoryBC-Software.indd 3 12/09/2019 13:05:21 News & analysis Industry view

Industry views

Boardrooms are increasingly aware that changes in global more imaginative approach. Formal assessments and heat maps politics, societal opinion and technological innovation can should be exchanged for structured, creative discussions across have a far greater impact on their business models than ever business units. Boards and risk professionals need to make before – and at a much faster pace. Businesses have always space to think the unthinkable and speak the unspeakable. And been vulnerable to emerging risks, but in today’s volatile and note that emerging risks may not be new risks; they can also be uncertain environment, disruption to established businesses is known risks which take on a diff erent profi le or characteristic. becoming more widespread. Th is is as much about corporate culture as it is about Th e UK Corporate Governance Code, which was introduced processes. Allowing space for this thinking requires a board by the Financial Reporting Council last year, now requires that is open to and initiates challenge – a board that constantly boards to specifi cally address emerging risks alongside asks ‘but what if?’ Risk managers have an important role in principal risks in their annual reports, and to explain what facilitating such discussions but ultimate responsibility must procedures are in place to identify, manage and mitigate them. lie with the board. Th is is not to say that traditional risks Despite this, boardrooms are still not paying enough are diminishing in importance – far from it. But the risk attention to emerging risks, preferring to focus on easier-to- community must steer eff orts to recalibrate the required focus. manage traditional risks. Th e tendency is to focus on risks where they have useful data sets and control over their choice Julia Graham is technical of direction. As a result, there is real a danger that emerging director and deputy CEO risks are being fi led in the ‘too hard’ or ‘less important’ folder, at Airmic leaving businesses highly exposed to changing winds that

can fundamentally alter their course. Part of the challenge is In association with recognising that emerging risks require an entirely diff erent approach to traditional or well-established threats. Th ey are far harder to defi ne, quantify and map and require a diff erent,

For the second year running, cyber security has been change aft er the introduction of GDPR and new legal identifi ed as the number one business risk faced by frameworks for online payments. Th is risk is likely to become organisations in Europe. Th ese are the fi ndings of Risk in Focus more severe for UK and Irish businesses, as they face the 2020, our fourth annual report analysing the business risks prospect of further regulatory change because of Brexit. faced by organisations across Europe. Digitalisation has led to huge technological advances Cyber security and digitalisation have both appeared in the from artifi cial intelligence to blockchain. Risk in Focus 2020 top three risks over the last two years. Th is year the number of contains guidance for businesses about taking advantage of chief internal auditors citing cyber security as a top fi ve risk has the opportunities that come with digitalisation and support in increased by 18%, further strengthening its position as the clear managing the associated risks. number one risk. I urge businesses and other organisations to use the Th e increasing burden of regulatory change felt by guidance in Risk in Focus 2020 to better protect themselves businesses with the introduction of GDPR and new legal against the biggest risks they are facing, particularly from cyber frameworks for online payments is also analysed. It advises security, regulatory change and digitalisation. businesses to consider whether they are taking a suffi ciently forward-looking approach to regulatory changes, for instance, a regulatory implementation calendar. Dr Ian Peters MBE is chief executive of the Chartered Cyber security is a problem we regularly see on the news Institute of Internal Auditors from the theft of 500 million Marriott hotel guests’ personal information, to the security breach which exposed 50 million Facebook user identities. Risk in Focus 2020 includes In association with guidance for businesses to better manage the cyber risks they face. Risk in Focus 2020 also analyses the impact of regulatory

48 September-October 2019 cirmagazine.com

Industryview.indd 2 11/09/2019 17:11:02 Industry view News & analysis

What's your view? Email the editor at [email protected]

We oft en hear about the benefi ts of big data and artifi cial professionals, fi nancial advisers and insurers. intelligence, and how they can fi nd patterns within huge bodies Th e report we have published, set out a range of actions of information that would overwhelm even the most brilliant that would allow medical records to be shared more eff ectively. human brain. However, just as every building needs to rest on What is striking about the report is how few actions related strong foundations, the activity around gathering and using to technology, and how many were related to building a huge pool of data rests on a vast and complex network of relationships and a shared sense of purpose between these relationships of trust: if the trust isn’t there, the activity breaks groups. down. It underlines the fact that a true digital economy is about Th is was brought home to us most strongly in a piece of work far more than hardware and programming. It is about a social we published this summer on the use of electronic medical contract between all those who benefi t from it - acknowledging records in underwriting. An eff ective system of medical the benefi ts that can be realised by sharing and processing data underwriting would have many benefi ts: it would allow insurers in new ways and establishing ongoing relationships that build to underwrite policies more eff ectively, it would help insurers to and preserve trust. pay claims by making the disclosure of pre-existing conditions more eff ective at the underwriting stage, and it would make the redaction of information more eff ective, ensuring that insurers Dr Matthew Connell is director of policy and public are not sent information that they are not meant to see. relations at the Chartered Th e technology needed to achieve an eff ective system Insurance Institute of sharing relevant medical record already exists. However, there is also, quite rightly, a network of groups and individuals In association with that generate and oversee the use of information. Th e most important is these are, of course, the end users of the services of the NHS, but there are also regulators, data guardians, medical

Firstly, I would like to congratulate all of those who have to discuss and deliberate on the increasing importance of risk been shortlisted in the CIR 10th anniversary Risk Management management and its education in India. With the challenges Awards. Th e Institute is proud to be supporting this prestigious being faced by Indian businesses, rise in corporate governance event and we look forward to celebrating with you all at the issues, disruption in traditional business models and volatility dinner and ceremony on the 6th November. in the Indian economy, risk management has gained a lot of It must be the year for tenth anniversary celebrations, as traction. We were delighted to support this event. we at the IRM will also be celebrating this milestone for our We’ve some exciting developments ahead with the review own Risk Leaders event: A decade of discovery and disruption, of our Diploma syllabus, launch of a new qualifi cation next to be held on 14th November at the Inmarsat in London, Autumn and also our submission to OFQUAL for accreditation. and sponsored by Barclays. We’ve a stellar line up including We’re also developing a new learning management system Jim Winters, managing director, Global Fraud Management, and introducing multiple choice questions for our Certifi cates Barclays; John Scott, head of security education, Bank of for 2020 and will be taking the Institute of Operational Risk’s England; Robert J Trent PhD, Professor of Supply Chain Certifi cate in Operational Risk Management into our portfolio. Management, Lehigh University; Professor Daniel Ralph, Judge Business School, Cambridge University; and Lakshmi Shyam- Socrates Coudounaris is chair of the Sunder, chief risk offi cer, World Bank. Institute of Risk Management Two of our senior management team have just returned from a business trip to India where they have been working hard with ITI Edvest (our strategic delivery partner in India). Th ey attended a Risk Management Conclave that was organised In association with by the Institute of Directors in India in association with IMC Chamber of Commerce and Industry. Th e conclave was supported by industry experts who came together as panellists

cirmagazine.com September-October 2019 49

Industryview.indd 3 11/09/2019 17:11:03 News & analysis Executive summary

Major trends in engineering and construction risks revealed A new study throws light on the most costly risks and incidents in engineering and construction, with fire and explosion topping the list, as defective product and business interruption claims pick up the pace nalysis of over 13,000 engineering insurance claims over the last five years highlights seven major trends in engineering and construction projects, driving some of the largest losses ever. AConstruction sites today are much larger than in the past and projects can run for many years. The expansion of the Al Maktoum International Airport in Dubai, for example, will not be completed until 2030 and is expected to cost around US$36bn. “As a result, sums insured are now much larger – projects with values of US$5bn to US$10bn are not unusual, meaning claims can be in the tens of millions of dollars,” says global head of property and engineering claims at AGCS, Raymond Hogendoorn. claims by frequency, and the second largest by severity. There Flooding of the Hidroituango hydropower dam in are almost three times as many defective products claims as Colombia in 2018 during construction is estimated to cost storm claims, the next largest cause of claims by frequency insurers around US$1.4bn, one of the largest engineering claims in history. Greater supply chain complexity Innovative technology is increasingly deployed to combat In the past, an airport or a power plant would most likely have rising risks and costs. AGCS recently used drones, laser been built by a national contractor using local suppliers. Today, scanning and computer modelling to determine the root cause it is more likely to involve multiple parties with machinery, of a machinery explosion at an inaccessible site. Drones equipment and other components sourced and transported and satellite imagery were also used to assess engineering from around the world claims after record wildfires in California and Hurricane Florence in 2018. The insurer also coupling 3D topographical BI data from drones with hydrogeological modelling software Growing awareness of BI exposures has seen an increase in and rainfall simulation data to predict flash flooding risk on firms buying BI covers, in particular delay in start-up (DSU) construction sites. insurance, which covers delays to construction or engineering projects following physical damage. Costliest construction and engineering risks (Source: AGCS) Political risk Fire/Explosion Large construction projects can take as long as five to 10 years Fire is the biggest cause of loss for engineering claims, to complete and involve contractors and suppliers from around accounting for over a quarter (27%) of losses by value, based the world, making them vulnerable to sanctions and trade on analysis of more than 13,000 claims around the world worth disputes. almost £7.3bn. Fire has caused in excess of £1.9bn of insurance losses in five years. Natural catastrophes are another source of Growth of renewable energy projects large claims. As the demand for green energy has increased, solar and wind projects have become larger, the locations more remote Defective product and quality control and wind turbines much bigger – with blades as long as a Defective products are the single biggest source of engineering football pitch. In 2018 alone, there were 409 new offshore wind turbines across 18 projects in the EU. Offshore wind can be “3D topographical data from drones with a particularly challenging area for claims, as turbines can be hydrogeological modelling software and rainfall difficult to access. simulation data can help predict flash flooding risk on construction sites” Source: Allianz Global Corporate & Specialty (AGCS)

50 September-October 2019 cirmagazine.com

ExecutiveSummary.indd 1 12/09/2019 12:49:04 Professional services guide

Business Continuity software

ClearView BCM Software Developed through a combination of practical experience of BCM consultants, live client feedback and technology experts, ClearView has quickly become a leader in the global BCM software market.

ClearView has removed many of the barriers that organisations experience when implementing BCM software, ensuring that ClearView delivers improvement to their BCM processes.

• Delivers ease of use for straight-forward, effective deployment and maintenance of BIA's, plans, exercises, risk and incident management. Users do not need extensive training and can pick up and use ClearView quickly and easily, even if only accessed infrequently ClearView Continuity • Achieves a high level of modularity which means that configuration allows the solution to meet the needs of organisations precisely, but in a very cost effective manner Astral House • Accessible from any web browser and mobile device, with mobile applications for all major platforms. Granville Way • Provides alignment to ISO22031 and Regional BCM standards Bicester • Fully integrated Emergency Notifications and dynamic Incident Management module Oxfordshire • Winners of BCM Software of the Year for an unprecedented 5 years between 2012 and 2017. OX26 4JT • Fully ISO 27001 (information security management) and ISO 9001 accredited to provide the highest levels of security and robustness. Trusted by international private and public sector organisations Tel: +44 (0)1869 354230 • Implemented by consultants with many years BC experience so we understand exactly what you want and can offer www.clearview-continuity.com professional help. Much more than a software service • Backed up with global support for clients in all sectors and all sizes • Comprehensive reporting and dashboard analysis plus a custom report builder and integrated What If?/GIS capability for scenario mapping

ClearView – we make the complicated simple.

Daisy Shadow-Planner enables you to plan, develop, test and execute more streamlined and structured Business Continuity. Taking the pain out of the entire process, Shadow-Planner helps your people work smarter and faster and Shadow enables your business to deliver against its BC commitments more quickly, efficiently and cost effectively. Planner BCM SoftwareSoftware Designed by BC specialists, this suite of integrated software supports the entire Business Continuity Management (BCM) lifecycle: from impact analysis through developing plans to testing and reporting. Daisy supports you every step of the way, helping you create the strongest and most effective plans to minimise downtime and ensure you can work Daisy House, No 2 Golden Square, ‘business as usual’. 220 Chester Street, Aston, Shadow-Planner is based on four core modules: Birmingham, B6 4AH • Business Impact Analysis (BIA) • Business Continuity Planning Contact Daisy to find out more about the unique • Notification benefits of Shadow-Planner: • Mobile Plans Call +44 (0)344 863 3000 Organisations in the financial services sector, public sector and others in regulated industries have used Shadow- Email [email protected] Planner to help comply with business continuity standards such as ISO 22301 and other specific codes of practice. https://dcs.tech/campaign-shadow-planner/ How you benefit A low-cost solution, requiring no local cap ex or hardware investments, you can: • Get rid of inefficient, inaccurate and risky manual approaches - Word documents and spreadsheets • Ensure all essential data (plans, contacts, documentation and more) are in a single secure location, at your fingertips • Be assured that all data is regularly reviewed, updated and consistent • Achieve faster ISO 22301 BC certification

cirmagazine.com September-October 2019 51 To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

Business Continuity software

Sungard AS Business Continuity Management Planning Software

AssuranceCM

Brand new to this edition of the report is AssuranceCM which was designed by users, for users. This next-generation business continuity software and risk management solution removes the barriers to organisation-wide engagement and builds greater confidence in contingency plans. It’s about extending beyond simply addressing compliance requirements. It’s also about knowing teams are prepared to recognise threats to the business and empowering them to engage locally before incidents lead to major disruptions. UK & European Head Office Unit B Heathrow Corporate Park, So far our users rate the AssuranceCM experience as: Green Lane, Hounslow, Middlesex Intuitive – Simple and easy, get your program up and running with minimal training TW4 6ER Aware – Merge external happenings with enterprise plans and gain real-time contextual insight to act decisively Alive – Eliminate manual data management and trust that your data is accurate and up-to-date Tel: + 44 (0) 800 143 413 Efficient – Yet secure to help you work smart, engage users and delight stakeholders on program effectiveness [email protected] Independent – SaaS and mobile, connect quickly to people and information that matters the most www.sungardas.co.uk And a 100% SLA availability guarantee.

US & RoW Plans and testing do not deliver outcomes, people do. Sungard AS AssuranceCM is about enabling you to take what we 680 East Swedesford Road learn back into the business continuity/disaster recovery planning cycle and share it across the company for better Wayne, PA 19087 USA outcomes.

Toll-Free: 1 800-478-7645 ASSURANCENM (NOTIFICATION MANAGER) Local (US): 1 610-878-2644 Email: [email protected] Introducing our new powerful emergency notification tool, designed for when you need it most to ensure the effect send www.sungardas.com of critical alerts to your key recipients at any time, using any device, and get the response you need.

AssuranceNM Alerting and Mobile Services from Sungard Availability Services (powered by Send Word Now®) leverages a variety of communication methods to transmit tens of thousands of voice and text messages in minutes. The AssuranceNM communication solution is built on an award winning platform that is used by both public and private sector organisations worldwide, offering them market leading capabilities and superior performance which Sungard AS customers can rely on. For more information please contact Sungard AS:

BUSINESS CONTINUITY, DISASTER RECOVERY & ALWAYS ON INFRASTRUCTURE

Daisy has become the UK’s go to partner for resilient, secure and always available communications and IT infrastructure managed services.

As the UK’s business continuity industry leader with over 25 years’ experience, Daisy is embedding resilience into its entire service portfolio, focussed on enabling today’s digital business in the key areas of always-on infrastructure, connect & protect and agile workforce.

Business Continuity Management: Daisy’s BCM consultants and Shadow-Planner software work with you to deliver digital business resilience and address Daisy House, No 2 Golden Square, the new risks of the digital economy. We advise, deliver, support and manage all or part of your business continuity 220 Chester Street, Aston, management, including emergency response planning; crisis and reputational risk management; operational and business recovery planning; infrastructure process and IT risk analysis; supply chain risk management; authentic Birmingham, B6 4AH exercising, maintenance and awareness. For more information: Workplace and FlexPlace Recovery: Call +44 (0) 344 863 3000 Daisy has got your offices and your people covered from 18 specialist business continuity centres available UK-wide, Email [email protected] mobile and virtual office solutions delivered to the home and complex call centre and financial trading positions. We https://dcs.tech/business-continuity/ usually have customers up and running within an hour and not just for business interruptions, but to cope with peak or seasonal trading and the flexibility digital businesses now demand.

ITDR, FlexTech and Data Availability: Daisy’s flexible IT and data recovery services will protect your technology, data and communications, available when the need arises and for test and development scenarios. We have nine resilient UK data centres and an award-winning portfolio of data availability services, applauded by industry analysts. For replacement IT onsite fast, we have over 1,000 servers and seven ship-to-site, mobile data centre units, all ready to dispatch if disaster strikes. This can be a safe roll-back recovery option in the event of cyberattack.

52 September-October 2019 cirmagazine.com To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

BUSINESS CONTINUITY, LOGISTICS

CMAC Business Continuity Transport makes moving your people safely, simple. We believe that everyone should be CMAC Business Continuity Transport moved safely, whether it is in an emergency or as a planned exercise. We want everyone to feel secure in the knowledge The Globe Centre, St James Square, that if they can no longer work at their usual location, they will be safely moved, just by making one phone call to our Accrington, Lancashire BB4 0RE 24/7/365 call centre. We were established in 2007 and have become the UK’s leading dedicated provider of business continuity transport. Contact: Ashley Seed

Tel: +44 (0) 1254 355 126 [email protected] www.businesscontinuitytransport.com Twitter: https://twitter.com/ CMACgroupUK Linkedin: https://www.linkedin.com/ company/10540515/

claims handling & risk management software solutions

In business since 1992, JC Applications Development Ltd take great pride in our ability to develop world class software solutions and associated services that enable our clients to manage risk, compliance and claims more effectively. As a result they are better placed to achieve their corporate ambitions, save time, money and offer a superior service to their stakeholders. This is proven by our last customer satisfaction survey where 98% of respondents said that they would recommend us.

JC Applications Development Ltd With over 200 successful implementations JCAD is a market leader in the provision of claims handling and risk Manor Barn, Hawkley Rd, Liss, management software to both the public and private sectors. Client representation covers many diverse industries Hampshire, GU33 6JS including but not limited to;

Contact: Phil Walden • Housing associations • Finance • Local government • Retail • Emergency services • Construction Tel: +44 (0)1730 172020 • Charities & NGO’s • Facilities Management [email protected] • Academia • Utilities www.jcad.co.uk Twitter: @jcad2 JCAD’s software is wholly “off the shelf ” which enables time efficient implementations, low cost systems and simpler training. Additionally, by offering a best practice approach to risk and compliance management we can focus on the development of new functionality that is then shared across our entire client base. JCAD are an ISO9001 accredited supplier and our hosting partners are accredited to ISO27001.

CIR Software Reports

To advertise in the next CIR Software Report please call Steve Turner on +44 (0)20 7562 2434 or email [email protected]

cirmagazine.com September-October 2019 53 To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

claims handling & risk management software solutions

Origami Risk is the top-rated risk and insurance technology platform serving all members of the risk management community from insured corporate and public entities, to insurance carriers, brokers, TPA’s and risk consultants. The company provides an integrated platform of products including RMIS, GRC, Claims, Safety, Analytics, Underwriting and Data Tools. Origami Risk has the most experienced team in the RMIS industry, ensuring that client Origami Risk service and success is the central focus of each engagement. Origami Risk LLC was founded by industry veterans 30 Moorgate, London, EC2R 6PJ, UK committed to designing intuitive web-based software that streamlines how risk, insurance and claims data is collected, analyzed and shared—ultimately helping users to be more productive and manage the total cost of risk for their Contact: Neil Scotcher organizations or for their clients. Origami Risk is consistently ranked by users as the top RMIS provider by users, as well as independent third parties. To learn more about Origami Risk, visit www.origamirisk.com, or contact Origami Tel: +44 (0)16179 17740 at [email protected]. [email protected] www.origamirisk.com LinkedIn: www.linkedin.com/company/ origami-risk/ Twitter: @origamirisk Youtube: www.youtube.com/channel/ UCUSGoJ_XoT0nz_K9HJXk2rQ/featured

Ventiv Integrated Risk Management (formerly RiskConsole Advance) Whether you’re managing risk, safety or insurance programs, your job is more challenging than ever. More data. Increased business complexity. Greater security risks. Heightened expectations. Less time to respond, and with fewer resources. You need a technology solution that meets today’s needs while demonstrating the ability to meet tomorrow’s challenges, too. The answer is Ventiv IRM.

Ventiv IRM empowers you to take control of your organisation’s data and achieve clarity you need to make fully Ventiv Technology informed decisions. Improve your efficiency and maximise scarce resources, while getting back the time you need 30 – 40 Eastcheap, London EC3M 1HD to think and act strategically.

Contact: Steve Cloutman Fully embedded and integrated into Ventiv IRM, Ventiv’s analytics, reporting and data discovery is the market’s newest and technologically most current offering. Ventiv is the only RMIS provider offering cutting-edge Tel: +44 (0) 7971 505433 IBM Watson Analytics as an embedded and integrated component of our solution. All this empowers you [email protected] to deliver data-driven decisions that generate optimal outcomes like reducing total cost of risk. www.ventivtech.com Linked In: www.ventivtech.com/linkedin With your processes optimised, best practices embedded, and knowledge converted, you will have raised your risk technology maturity to drive better results and make your risk management department more resilient. Twitter: @ventivtech

Work area recovery

The FortressAS team are expert in the provision of Operational and Cyber Risk and Resilience services.

Working along the lines of the NIST Framework, we focus on reducing the risk of disastrous events and mitigating the Fortress Availability Services Limited impact of these events when they do happen. City Reach, 5 Greenwich View, London, E14 9NN Our services span:

• Advisory (BC and Cybersecurity) • Managed Services (Endpoint Detection and Response – ED&R, Virtual CISO) Tel: +44 (0)20 3858 0099 • Solutions (ED&R, Threat Correlated Vuln Management, Identity, Insider Threat) [email protected] • Infrastructure Services (DRaaS, BaaS and Workplace Recovery) www.fortressas.com Twitter: @fortressas We focus on delivering high quality services and those with a high ROI. LinkedIn: https://www.linkedin.com/ company/fortress-availability- services-limited

54 September-October 2019 cirmagazine.com INTEGRATED RISK MANAGEMENT SOLUTIONS

Enterprise Risk Management | RMIS | Healthcare | Audit Management Business Continuity Management | Vendor Management Compliance & Regulatory Management | Health and Safety Management

Riskonnect transforms the way you perceive and manage risk by integrating data, connecting risks, and correlating their relationships for a clear view of how risk impacts the entire enterprise.

We are the global leader in integrated risk management technology. And we are relentless in our quest to give customers insights they can’t get anywhere else.

For more information on Riskonnect visit us at www2.riskonnect.com/CIR2019 FLOOD PRONE OR FLOOD PROOF?

Flood is one of the costliest natural hazards in the world, yet most flood loss is both predictable and preventable. Our flood protection resources help you understand the exposure to your site, and take simple steps to protect it. Choose to be resilient today. Visit fmglobal.co.uk/flood

RESILIENCE IS A CHOICE.

© 2019 FM Global. All rights reserved.