Disaster Recovery Journal

Tuesday Workshop Sessions
(Choose one session from each track. )

Tuesday, April 1, 2008 - 3:00 - 5:30 p.m.

Workshop Session 1
Intermediate/Advanced

Generally Accepted Practices: Workshop Session

Session registration is limited to 200.

Designed for BC professionals with seven years minimum experience.

Would you like to contribute to the next phase of the DRJ’s Generally Accepted Business Continuity Practices document?
The original Generally Accepted Business Continuity Practices document is now being used worldwide by business continuity professionals as a leading source for “sound” business continuity practices.
This session will allow you to provide feedback on the original Generally Accepted Business Continuity Practices document and be a part of the migration into the second phase of this initiative which is to create Industry Vertical Generally Accepted Business Continuity Practices.
If you are an experienced professional in the financial and/or telecommunication sector we would value your input on the next phase of the Generally Accepted Business Continuity Practices document.
Contributors to the original Generally Accepted Business Continuity Practices document include practitioners from the public and private sectors as wells as partner organizations.
Join us as we migrate into Phase II of this ground-breaking initiative and gain the insights that will be shared during this session.
Be prepared to communicate your questions and/or answers in an interactive round table environment. Your expertise will be invaluable to this effort.

Members of the DRJ Editorial Advisory Board will facilitate this session.

Workshop Session 2
Novice/Intermediate/Advanced

Optimistic Bias: A Barrier to Business Continuity?

Barbara Citarella
RBC Ltd.

Optimistic Bias is the tendency to view oneself or one’s organization as invulnerable or less likely than others to experience negative life events. It is a pattern of judgments.
These judgments can interfere with the necessary planning for disasters and business continuity.
Many plans developed by organizations have hidden flaws due to this flawed pattern of judgments.
Optimistic bias has been shown to have a direct bearing on not only individual planning but business and government planning as well.
What do research and the literature tell us about this bias? Are you or your organization guilty of optimistic bias?
After this session the participants will be able to define optimistic bias, will be able to discuss the possible impact it has on their organization’s planning process and most importantly allow the opportunity for attendees to examine their own beliefs and judgments about impending disasters.
Many session attendees will be eager to take this concept back to their own companies and try to identify and gaps in their planning.

Barbara Citarella is the founder of the award-winning company RBC Limited, a healthcare and management consulting business. In addition to consulting in all areas of health care, RBC Limited has worked extensively with law enforcement, government agencies and the private sector with regard to business recovery planning, protection of personnel assets, infrastructure protection, exercise observer, all hazards planning and the Incident Command System.

Workshop Session 3
Intermediate/Advanced

Virtual Emergency Operations Centers: The Wave of the Future

Regina Phelps
EMS Solutions

Jan Sysmans
WebEX Communications

We all know what a physical Emergency Operations Center (EOC) looks like and feels like. The physical EOC is the “nerve center” of the company’s recovery operations and houses subject matter experts from different areas of the business. The EOC’s role is to manage and monitor the response to the event, as well as the overall recovery of the business. The primary function of any EOC is to establish and manage the Four C’s: Control, Communication, Collaboration, and Coordination.
A virtual EOC takes the physical EOC (people and processes) and moves it into “cyberspace” through a variety of technology tools. There are many advantages to not having “four walls.” Currently there are two major issues driving the need for a virtual EOC: (1) The threat of an avian flu pandemic; (2) Companies whose key employees are dispersed across large geographic areas, making collaboration difficult.
This workshop will outline everything your company needs to know to establish a virtual EOC – how to develop one, what are the advantages and pitfalls, technology options that will give you the best results, and ways to combine the physical and the virtual. The goal of the workshop is to teach the skills to develop a successful virtual command center. A VEOC, whether it be stand-alone or in concert with an existing physical EOC, offers many rewards.

Regina Phelps has provided extensive consultation to global companies preparing for the pandemic threat. A partial client list includes Visa, the World Bank, AEGON, Northern Trust, Triton, Liberty Mutual, Federated Department Stores, Stanford University, the California Institute of Technology (Caltech), and Wells Fargo.
Jan Sysmans is responsible for WebEx’s business continuity and disaster recovery program. He is also the chair of the marketing communications committee for the SaaS Executive Council, an industry council sponsored by the Software & Information Industry Association.

Workshop Session 4
Novice/Intermediate/Advanced

Financial Services Industry: Business Continuity Information Sharing Session

Randall Till, CBCP
MasterCard

Join business continuity experts from the financial sector as they share their best practices, success stories and view on changing trends in the industry. The regulatory requirements of the financial sector have long driven the evolution of business continuty, and continue to shape best practices and processes in the industry.
You will hear from a panel of leading experts who will address some of the most pressing issues facing our industry today. They will share their experiences and outline the proven practices that have been successful within their companies. While key industry topics will be covered by the panel, participants will have opportunities to ask questions and explore areas of interest.
Some of the key topics that will be discussed:

• Incident management and response practices, global implementation and lessons learned
• Integration of business and disaster recovery plans into the Business Continuity Management Program.
• Integration of business continuity with other key disciplines – taking an enterprise wide approach.

Learn from the financial sector’s industry experts, and join the conversation on the most important issues facing the business contiuity industry today .

Randall Till, CBCP, is a senior business leader at MasterCard Worldwide.
Mike Gifford, IT senior manager disaster recovery, The Capital Group Companies.
Barry Gorelick, CBCP, vice president, Ameriprise Business Continuity Management at Ameriprise Financial, Inc.
Greg Pinchbeck, business resiliency director at JPMorgan Chase Treasury & Security Services and Centralized Transaction Operations.
Charles Wallen CISSP, managing executive FSTC Business Continuity Standing Committee at Financial Services Technology Consortium.

Workshop Session 5
Novice/Intermediate/Advanced

Team Coordination Training for Disaster Response: Part 2

Paula Smith Ph.D
Catastrophic Planning

Session registration is limited to 200.

This is a hands on, participation intensive workshop which elaborates on Sunday Workshop Session 3.
While we were introduced to characteristics and practice elements in dynamics of disaster response groups, this session will specifically address emergency alerts, communications, real case scenarios, safety, more in depth team coordination training with different stress elements which require flexibility, development of a custom field response guide.
Come prepared to immerse yourself and work hard. You will come away from this with new knowledge of how to optimize the strengths and capabilities in group response.
We will take a hard look at leadership and how it may have to change hands, how to maintain internal cohesion while everything else is changing, how to work together when disaster responders have diverse daily functions, experience and organizational frame of reference. Materials will be included.
This presenter also hosts a session on Sunday afternoon that coordinates with this session. Those participants who successfully complete both sessions, the homework and a take-home exam will be awarded the Certification in Catastrophic Planning: Advanced Team Coordination Training for Disaster Response.

Paula Smith, Catastrophic Planning Policy Review Committee, has a PhD in BioMedical Psychology, executive training through Harvard Business School, and has worked in clinical and university settings as well as industry and government. She has experience in contingency planning as an emergency and disaster management professional in the DC area.

Workshop Session 6
Novice/Intermediate/Advanced

Ready, Set, Exercise!
How to Develop and Conduct a Successful BCP/DRP Exercise

Steven Goldman
Goldman Mgmt. Consultants

Successful crisis management and disaster recovery takes more than a plan: it requires realistic testing and validation.
How do you do that properly? Are your exercises smoke and mirrors or do they provide as-close-to-real situations as possible? How does your program compare? How can you improve?
During this hands-on workshop, you will learn how to set up and conduct a successful BCP/DRP exercise. Students will master the aspects of effective exercise preparation and execution, including:

• Types of drills and exercises
• Elements of a successful exercise
• Scope, objectives, and extent of play
• Scheduling and coordination
• The scenario team
• Scenario ideas and events you can use
• Resources and props
• How to conduct, evaluate, and critique
• Imagination, creativity, and leadership
• Steve’s highly acclaimed Exercise Planning Checklist.

You will learn how to avoid common pitfalls during the development process and how to anticipate and resolve potential problems. Exercise conduct, evaluation, and critiquing strategies will be discussed. With his lively style and real-life examples, Goldman will lead the class through interactive discussions of successful exercise development.

Breakout Session - Track 4
(Choose one session from each track. )

Tuesday, April 1, 2008 - 1:30 - 2:30 p.m.

Strategic Session 4
Intermediate/Advanced

NEC Case Study: Tactical and Strategic BCP Development and Deployment

Noriyuki Sakamoto
NEC Corp

Shinobu Sasaki
NEC Corp

NEC, formerly Nippon Electric Company, is one of the world’s leading providers of Internet, broadband network and enterprise business solutions. Headquartered in Tokyo, Japan, NEC has 200 business units worldwide, generating $40 billion in revenues with more than 150,000 employees. NEC has special risks to manage. In 2007 there were two significant earthquakes in March and July, causing an interruption in manufacturing operations. This session will introduce the organization’s BCP development and deployment case study.
Shinobu Sasaki is NEC’s BC/DR senior business consultant, responsible for BC/DR consulting business since 2004, supporting more than 25 clients during four years.
Noriyuki Sakamoto is chief manager of risk control and compliance division in NEC head office and leader of the business continuity plan effort for NEC.

Managerial Session 4
Intermediate/Advanced

Enterprise Risk Management & BC At Dow: How They Intersect

Bill Worsley CBCP
Dow

Howard Fenter
Dow

Mike Simon
Dow

As a follow up to Dave Kepler’s “Enterprise Risk Management and Business Continuity” session, the BC team from The Dow Chemical Company will take time to address general questions regarding their group’s interactions with the Dow executive management team. The team will share their internal processes, including some valuable insight, which the attendee can leverage to improve their own relationship with senior management.
Bill Worsley, CBCP, is a business continuity manager for The Dow Chemical Company.
Howard Fenter heads up Dow’s disaster recovery program. He has years of experience in DR and business continuity planning.
Mike Simon leads the business continuity efforts for the company. He has spent many years in the BC and DR planning industry.

Technical Session 4
Intermediate/Advanced

Leveraging Maturity Models for Effective IT Risk Management – Case Studies 

Download The Presentation (PDF - 1.8MB)

David Nolan
Fusion Risk Mgmt.

Attendees will learn best practices and emerging trends in IT risk management. Hear how leading companies decompose the IT risk management challenge to determine strengths and weaknesses, and build a plan to mature their IT risk management program over time. Learn how to consolidate myriad business drivers including regulatory compliance into a unified approach to proactive enterprise-wide risk management. Explore specific case studies of enterprises that are effectively using emerging concepts, processes and tools. The session will also show how these firms have implemented a single framework to address not only security, DR and BC, but also physical and logical security, safety, environmental and other operational risks.
David Nolan is the founder and chief executive officer of Fusion Risk Management, Inc., Rolling Meadows, IL.
 

Emergency Response Session 4
Intermediate/Advanced

Using Incident Command System to Enhance Your Organizations Emergency Response Capabilities

Randall Till, CBCP
MasterCard

In today’s changing business climate, new threats and risks force organizations to look for better methods and stronger practices to manage and protect their company interests and assets. Randall Till will discuss implementing the Incident Command System (ICS) as part of global effort within this organization. The success stories and the benefits will be related as he explains the strategy, approach and lessons learned. He will build a case for why the ICS approach and structure makes good sense and provides a strong business case as a necessary enhancement for your BC program.
Randall Till, CBCP, is a senior business leader at MasterCard Worldwide where he is responsible for developing and implementing an enterprise-wide BCM program.

Advanced Session 4
Advanced

Mission Assurance: Building a Culture of Preparedness

Jonathan Allen
Booz Allen Hamilton

Jerry Vevon
Booz Allen Hamilton

Terrorist attacks as witnessed on 9/11 and in Europe, critical infrastructure failures, and natural disasters highlight the need for an integrated Mission Assurance approach for both the government and commercial enterprises. As highlighted by the US Government Mission Assurance Governance Committee, it “Is a cohesive approach integrating critical infrastructure protection with physical, cyber, and personnel security and contingency planning to provide a coordinated approach for ensuring the Federal government’s ability to perform mission critical processes.” The presentation highlights case studies where organizations have developed successful mission assurance programs.
Jerry Vevon a principal at Booz Allen Hamilton with 28 years of management, leadership, and intelligence analytical experience.
Jonathan Allen is a senior associate with Booz Allen Hamilton and one of the firms’ leaders providing crisis management, security services, risk management, and resiliency to both government and commercial clients.

Information Session 4
Novice/Intermediate/Advanced

Executive Level Table Top Exercises: A Case Study from Novartis Pharmaceuticals

Gregory King
Novartis

Jordan Crotty
Eagle Rock

The terms “Pandemic” and “Bird Flu” have become commonplace in today’s world. While the likelihood of another flu pandemic impacting the world is unknown, the impacts would be indisputably devastating. This presentation will highlight how the Novartis Pharmaceuticals Pandemic Preparedness program has been embraced by the firm, from its inception to the current state. Recently, Eagle Rock Alliance assisted Novartis Pharmaceuticals in presenting a table top exercise to their executive team. This presentation will also highlight the results of that exercise.
Gregory King, CHP, is head of health, safety, environment and business continuity. He has worked in various areas of the Pharma industry for 17 years.
Jordan Crotty is a consultant in the business continuity group at Eagle Rock Alliance.

Breakout Session - Track 3
(Choose one session from each track. )

Monday, March 31, 2008 - 4:15 - 5:15 p.m.

Strategic Session 3
Novice/Intermediate/Advanced

Incorporating Self-Assessments in Your Business Continuity Plan

John Tartaglia
Strohl Systems

Business continuity planning does not take place in a vacuum. Every planner faces the challenges of justifying expenses and securing resources in order to build and maintain a successful BCP program. How can you raise awareness of the program and identify achievable goals? Planners need to incorporate self-assessments and scoring matrices into their continuity plan. This session will discuss measuring the organization’s readiness and understanding risks and holes in the plan via scoring. Attendees will leave with a better understanding of how to determine where their program is and where it is heading.
John Tartaglia is Strohl Systems’ senior technology risk management consultant specializing in business continuity/disaster recovery planning project management, development and implementation Tartaglia has more than 18 years experience in information security risk management, business continuity and disaster recovery planning.

Managerial Session 3
Novice/Intermediate/Advanced

The Convergence of Email Archiving and Disaster Recovery

Paul D’Arcy
MessageOne

Over the last year, disaster recovery, compliance, and archiving have become increasingly intertwined. In 2006, new Federal Rules of Civil Procedure changed the way electronic information such as email and digital files must be produced for litigation.
As a result, U.S. companies have been forced to pay billions of dollars to unearth digital records from back-up tapes originally implemented for disaster recovery. New best practices are emerging for holistic management of digital data such as email. As disaster recovery and archiving converge, leading companies are reinventing the way they manage data to improve policy management, reduce costs, and lower legal and compliance risk. This session will thoroughly cover the new compliance, legal discovery, and retention rules for managing digital data and their dramatic impact on disaster recovery.
Paul D’Arcy is vice president of worldwide marketing for MessageOne and an expert on email and crisis communication infrastructure. With more than 15 years of technology marketing experience, he is a published author and a frequent speaker at industry conferences.

Technical Session 3
Intermediate/Advanced

Implementing a High-Availability Web-Based Environment

Cheryl Carmel
SunGard Availability Services

As more and more organizations build and implement internal web-based applications that drive major business objectives, they are faced with the design and implementation of a solution that will ensure a high level of resiliency and data protection. This discussion is designed to share experiences and practical application of tools that are available to build resilience into web-based applications in your own environment.
Cheryl Carmel, CISSP, director of customer support center for SunGard Availability Services Software Products Group. Her responsibilities include design, implementation and management of SunGard’s hosting environment for the commercial software products.

Emergency Response Session 3
Intermediate/Advanced

BIA: The Next Generation

Peter Laz, MBCP
Forsythe

Lewis Cox, CBCP
Forsythe

The output of a BIA is critical information for developing cost efficient and effective recovery strategies and capabilities. Historically however, conducting a BIA has been unnecessarily time consuming and inefficient. The Next Generation of BIAs has arrived. Learn practical approaches for conducting a BIA in your organization that will produce meaningful results to aid in the success of your BC program. You will also receive guidance on appropriately balancing recovery requirements with costs and maintaining your impact profile without having to use unnecessary person-hours to get the job done.
Peter Laz, MBCP, is a senior consultant with Forsythe Solutions Group. He is a member of the DRJ Editorial Advisory Board, a board member of PPBI and program director of the Capital Region Chapter ACP.
Lewis Cox, CBCP, is a managing consultant with Forsythe Solutions Group. He is a member of the BRPASW (Wisconsin Chapter), the Executive Technology Club (Chicago Chapter) and PPBI.

Advanced Session 3
Advanced

Human Continuity: The People Side of BC

Gerald Lewis, Ph.D
G. Lewis & Assc.

Steve Zirkel
Varolii

Today’s BC plans frequently incorporate redundancy in their data centers, telecommunications capabilities, and IT resources. While data and communications integrity is fundamental, businesses are focusing on how to protect the most critical component of their organizations – the workforce itself – in order to be truly resilient. We will discuss the life cycle of a crisis and the importance of pre-, mid-, and post-incident plans, services, and strategies to help mitigate the impact of a crisis on personnel. Learn communication strategies and best practices to help you connect, protect and account for your human capital.
Dr. Gerald Lewis, Ph.D an international consultant, has worked with government agencies, healthcare facilities, educational institutions and private businesses on a wide range of work, behavioral health and organizational issues.
Steve Zirkel has more than 18 years of CRM and contact center industry experience. As GM of the BC segment, he drives the growth, knowledge and innovation, as well as directing the overall operations for the company.

Information Session 3
Novice/Intermediate/Advanced

The Disaster Recovery Institute International (DRII) Certification Process

You’ve taken a few DRII courses, even sat for the certification exam – now what? You’ve heard the stories of how intense the application process is – where do you start? This session will be chaired by members of the DRII Certification Commission and the DRII Certification Manager, and will focus on the application process to successfully become certified. The session is targeted to those individuals who have either begun or wish to begin this process, and will feature a “how-to” approach to this topic. Participants are encouraged to bring specific questions concerning their applications.
DRII is a recognized leader in providing education, standards, and professional certification.

Breakout Session - Track 2
(Choose one session from each track. )

Monday, March 31, 2008 - 2:45 - 3:45 p.m.

Strategic Session 2
Intermediate/Advanced

DRJ and Forrester BC/DR Market Study: The State of DR Preparedness

Stephanie Balaouras
Forrester

Learn the current state of enterprise disaster recovery preparedness. The results from the Disaster Recovery Journal and Forrester’s First Annual BC/DR Market Study will be reviewed in this session. Coverage will include: Company practices regarding DR planning, plan maintenance and testing; The percentages of companies that have alternate recovery sites; Current recovery tiers and technology selection; Company confidence in their DR preparations and more. The conclusion will provide an overall assessment of current DR preparedness efforts and provide recommendations and suggestions for improving preparedness.
Stephanie Balaouras primarily contributes to Forrester’s offerings for IT infrastructure and operations professionals. She is a leading expert in how companies build resilient IT infrastructures to support key business initiatives.

Managerial Session 2
Intermediate/Advanced

Helping Others Along The Way: Creating Partnerships

Regina Phelps
EMS Solutions

Jeff Fish
United Way

Your company has a good BC program, but is that enough? What happens to a community during a significant and/or widespread event? If government agencies are overwhelmed, who comes to the aid of the average citizen or business? Hurricane Katrina was a great example of how our not-for-profit community is critical to the recovery of an impacted region. What are not-for-profit organizations doing to prepare? What can the private sector do to reach out and make a real difference? Are there opportunities for partnerships to make our entire society more resilient? This innovative session will share trends in BCP to partner with this sector, and discuss how your company can help!
Regina Phelps has more than 26 years of experience. She is founder of Emergency Management & Safety Solutions, a consulting and training firm.
Jeff Fish has more than 15 years experience in operations management, and is vice president of executive office at United Way of the Bay Area in San Francisco.

Technical Session 2
Intermediate/Advanced

Winning with a Secure Network and Data Storage Environment

Mark Steinberg
Hill Assc.

Businesses today are facing ever increasing amounts of data generation. IT departments are feeling challenged to ensure it is available when needed, and at the same time are pressured by budgetary constraints. Remote access is becoming more of a norm. As a result, more and more business are considering on-line backup to secure and protect their most important data. Managed storage and data protection will be top 10 picks for storage in 2008. But with so many choices, it is hard to know exactly what can and should be done to prepare for the inevitable. This session will enable you to be on top of what you need to do to ensure your organization is prepared.
Mark Steinberg is director of business development, senior member of the technical staff for Hill Associates, Inc. He has spent more than 25 years in the business of technology as it continues to undergo profound and dramatic changes.

Emergency Response Session 2
Novice/Intermediate/Advanced

Maximizing the Table-Top Experience with “Serious Games”

Kevin Haslag
FBI

“Serious games” are being used to train war-fighters, first responders, and incident response teams. They are the perfect training tool for high intensity, hands-on-action situations. These tools are so effective because they are totally engaging. The brain’s learning capacity peaks when a strong attitude of caring fuels the effort. This session will show what the FBI has been doing recently to apply serious game technology to continuity of operations.
Kevin Haslag is the IT COOP program manager in the FBI’s Office of the CIO. He has had a long career in the FBI IT organization, and has been leading the IT COOP program since its beginning.

Advanced Session 2
Advanced

Partnering for Continuity: From Process to Plan to Program

John McCarthy
Learning Advantages

Marilyn Almanza
Ultimate Software

Betty Boudreaux
Chubb Group

Establishing a BC program can be a daunting task. This case study describes a successful partnering approach to formalizing existing processes, defining enterprise and department BC plans, and creating an organizational emergency management program. Ultimate Software completed a multi-phase EM project and partnered with external resources to help achieve their goals. Learn the phases of the project and highlight key elements. Also examined will be the existing foundation within the organization and how the project was managed, from the original vision statement to the ongoing maintenance of the EM program. In addition, we’ll review the key steps, critical milestones and evolution of how the BC/DR activities were developed, documented, and tested.
John K. McCarthy is a process management consultant at Learning Advantages.
Marilyn Almanza is the PMO enterprise director at Ultimate Software.
Betty L. Boudreaux, CSP, is a loss control department manager at Chubb Group of Insurance Companies.

Information Session 2
Novice/Intermediate/Advanced

H5N1 Influenza: It’s Not Just For The Birds. Medical Management of an Influenza Pandemic

Stuart Weiss
MedPrep Consulting

An influenza pandemic is perhaps the biggest public health threat that we face in the coming decade yet many people tell me that they are fed up hearing about it. Public attention on this has faded over time and businesses have moved onto other problems. The problem is that the virus hasn’t gotten tired nor has it slowed its rate of mutation or spread. We will review the latest developments of the H5N1 influenza virus and discuss the major medical issues you will face during a pandemic. We will review government guidance, discuss anti-viral and vaccine strategies and explore workplace infection control methods that can help reduce the impact of this disease on your business
Stuart Weiss is a nationally recognized expert in the field of disaster preparedness and the medical consequences of manmade and natural disasters. He is a founding partner of MedPrep Consulting Group.