Criticall eNews Heading

Lessons from BP

The BP Deepwater Horizon well has been official declared dead and with litigation being discussed in terms of a 20 year time scale, a bloody and bruised BP is picking up the pieces.

BP's official Accident Investigation Report has now been released. It details the 8 'safety barriers' that were breached leading to the explosion and subsequent oil-spill.

These include a combination of mechanical failures, human judgements, engineering design, operational implementation and team communication.

BP's senior management have accepted ALL recommendations from the report pertaining to drilling and well operations, contractor and service provider oversight.

The catastrophic incident has prompted Business Continuity managers both within and outside of the oil industry to look for vital lessons so as to avoid repeating the mistakes that led to the incident and failed to contain the fallout in what has become the worst environmental disaster the US has ever faced.
Deepwater Horizon: Accident Investigation ReportSome of the many lessons to learn include:
1. Tailor your BC plan to your company. Representative Henry Waxman and other members of the US Congress heavily criticised executives from BP and four other oil giants for using near identical 'cookie cutter' response plans.

Oil Spil Damage in the Gulf

2. Improve Supplier Governance. Track the performance of partners and incentivise detection and eradication of serious risk.
3. Get your PR right. Don't have your CEO saying "I'd like my life back" when people have lost theirs and others have had their livelihoods destroyed.
4. Have a holistic approach to risk. Buffering against risk is only part of the solution. The unexpected is inevitable and plans for every part
In this issue:
Lessons from BP
Social Media & BCM
Cloudy Days
Hot Gear!
Mi5 Terror Threat Level
Surviving a BCM Audit
Criticall Comment
Darla Delivers
Resource Corner

of this must be in place: incident prevention, stopping the leak, clean up, public relations, litigation, the wider effect on the oil industry, damage to brand value.
5. Don't rely on real-time problem solving during a serious incident. Instead, make sure there is sound planning detailed procedural steps and outlining specific markers for success and failure.

Read more detail about these and other lessons on the links below. Download the report here.

Related links
BP Internal Investigation
CEB: Operation lessons from BP
CEB: Learning from BP
CBS: Lawmakers Berate Oil Execs over Response Plan
Lessons Learned from BP Oil Spill
The BP Well is dead. Long Live the Lessons from the Gulf oil spill
Social Media & BCM

Many corporations have plugged into the power of Social Media websites such as Facebook, Twitter, YouTube, MySpace and LinkedIn, but along with the potential benefits, come real risks that can easily be overlooked. 

Social Media User

The rapid take up of these and other similar sites has allowed their
utilisation throughout the corporate world to take off at a phenomenal rate.

The benefits are clear. By it's nature, use of Social Media allows rapid alteration and dissemination of information. With a geographical reach equal to, and in many cases better than traditional industrial media, effectively managed Social Media can lead to gains in market share, increased brand awareness and value and a broader audience.

Before charging headlong into a new Social Media driven corporate expansion, there's a good case for developing sound Social Marketing policy.

The downside risks are many and include exposure to litigation, false advertising claims and the divulging of sensitive corporate information.

IT security issues such as loss of data and vulnerability to hackers are also considerations when putting together policies and practices for use of Social Media within the enterprise.
Social Media UsersDue to the dynamic nature of media these days, policy needs to be as future proof as possible.

Using new Social Media policy to draw attention to existing security policies as well as avoiding building policies around specific platforms such as Facebook or Twitter, but rather focussing on the broader Social Media landscape, may help avoid constant policy redundancies and rewrites.

Related links
4 Tips for Writing a Great Social Media Security Policy
Seven Deadly Sins of Social Networking
Implications of Increased Use of Social Media
Fear of Data Loss, Social Media Security Risks Rising
Hacking a Corporate Network with Facebook
Cloudy Days

Cloud Computing is one of the fastest growing areas in the IT world.

Deployment in minutes rather than months, significant reductions in running cost, ability to rapidly and easily scale and divest and freedom from site dependancy, all make for an attractive investment strategy.

Beyond these benefits, the usual suspects of confidentiality, integrity and availability (CIA) come into play.

Housing data externally has obvious risks and the weakest links may be out of your control. If your supplier's security is compromised, the likelihood is that yours is too.

Possible solutions here are encryption of sensitive data or excluding this data from the cloud and keeping it in house. This hybrid approach is also most likely the best way to get your toes wet in the world of cloud-based solutions.

Integrity of cloud based data can become an issue if systems are
attacked by a virus or if systems are unintentionally manually modified on the supplier side. This is where due diligence in selecting an appropriate partner pays off. Beyond that, establishing watertight practice guidelines and clear agreements on liabilities and responsibilities.

Cloud Computing Model


Again, due diligence is key when choosing a partner. Areas to focus on are availability guarantees, second site with failover and automatic synchronisation facilities as well as the basics such as adequate business continuity and disaster recovery planning.

Microsoft CEO Steve Ballmer says that by early next year, 90% of their staff will be in entirely cloud
based or cloud inspired work by which time Merrill Lynch estimates the cloud market will be worth USD$160BN.

Oracle White Paper In a recent white paper Architectural Strategies for IT Optimisation: From Silos to Clouds Oracle cites Cloud computing as one of it's core guiding principles for IT Optimisation, citing cost as a major rationale.

Gartner estimates that by 2013, 60% of server workloads will be virtualised and IBM is currently working on a project dubbed Kittyhawk which is a supercomputer capable of hosting the entire internet.

While many unknowns remain, Cloudy times ahead appear certain!

Related Links
Weighing the Risks of Cloud Computing
Managing the Clouds Security Risks
Oracle: Architectural Strategies for IT Optimisation: From Silos to Clouds

In Other News:
Hot Gear!

Verbatim 'Clip-it' USB drive

• Range of colours
• Doubles as a function paper-clip
• 2 and 4GB

ThinkGeek TK-421 iPhone case with Flip-Out keyboard

• QWERTY keyboard
• Bluetooth
• Protective case
• Available for iPhone 4 & 3GS

Novatel Wireless MC545

• Smallest dual carrier HSPA+ USB device in the industry
• Blisteringly fast with up to 42Mbps download/5.7Mbps upload
• MicroSD slot supporting up to 32GB cards
• Economically priced

Mi5 Terror Threat Level

BS25999-2 CoverAll year the Mi5 Terror Threat Level has been listed as "SEVERE".

Mi5 director-general Jonathan Evans pointed out the virtual certainty of anther attack saying "I am concerned that it is only a matter of time before we see terrorism on our streets".

He believes the domestic threat comes from Al Qaeda affiliates in Yemen and Somalia.

Related Links
Mi5: Jonathan Evans' Speech
Mi5: Treat Level
Surviving a BCM Audit

The latest issue of Disaster Recovery Journal has a very useful article titled "How to Survive a BCM Audit".

Geoffrey Wold, managing director for LBL Technology Partners, walks the minefield of BCM audit types, how they impact BCM planning and runs through the most common weakness found in BC plans.

We found it useful and thought you might too!

Related Links
DRJ: How to Survive a BCM Audit

Criticall Comment

Triple Whammy!

Globe ImageCriticall continues to demonstrate walking its own standards talk, achieving ISO9001, BS25999 & HP Software Partner accreditations within 3 months of eachother.

This was followed by the public launch of its world-beating XpressCall offering at the 360 Degree IT Expo in London this month, where CEO Ian Hammond was a keynote speaker on IT Service Management in large corporations.

Darla Delivers

Here's your chance keep a clean conscience whilst having a bit of fun on the job in the name of BCM research!

Late Friday evening, with mission critical deadlines looming, find out how DR-Darla saves the day when things are looking pretty grim at SmartCo*.

Click here to watch our new emergencyCall movie: "Darla Delivers".

Are you more like DR-Darla or BC-Bob? Let us know.

Darla Delivers The Movie - Screen Shot

Resource Corner

Useful links and events for the business continuity professional.


BS 25999 Users’ Workshop

Edinburgh: October 6, 2010

Red Cross Disaster Response Challenge
Hampshire: October 8-10, 2010

BCI London Forum Severe Weather Seminar
London: October 12, 2010

BCM World Conference
London: November 3-4, 2010

Resilient Scotland Conference
Edinburgh: November 22, 2010
The Emergency Services Show
Coventry: November 24-25, 2010

BAPCO Annual Conference

London: April 20-22, 2011


The Emergency Planning Society
Intellect UK
The Business Continuity Institute
UK Resilience
Continuity Forum
Continuity Shop
Scottish Continuity Group
BSI: BS25999
Talking Business Continuity
Business Assurance
Criticall eNews

The Criticall eNews bulletin is produced and published by Criticall Limited to advance and encourage the Global Business Continuity community.

If you have an article you feel would be of value to other business continuity professionals, please contact the editor on

If you would like to subscribe to future issues or wish to be removed from the subscription list, please email with your request.

eNews Online | Previous eNews | Subscribe | Unsubscribe | Privacy | Feedback |