Tuesday Workshop Sessions
(Choose one session from each track. )
Tuesday, April 1, 2008 - 3:00 - 5:30 p.m.
Workshop Session 1
Generally Accepted Practices: Workshop Session
Session registration is limited to 200.
Designed for BC professionals with seven years minimum experience.
Would you like to contribute to the next phase of the DRJ’s Generally Accepted Business Continuity Practices document?
The original Generally Accepted Business Continuity Practices document is now being used worldwide by business continuity professionals as a leading source for “sound” business continuity practices.
This session will allow you to provide feedback on the original Generally Accepted Business Continuity Practices document and be a part of the migration into the second phase of this initiative which is to create Industry Vertical Generally Accepted Business Continuity Practices.
If you are an experienced professional in the financial and/or telecommunication sector we would value your input on the next phase of the Generally Accepted Business Continuity Practices document.
Contributors to the original Generally Accepted Business Continuity Practices document include practitioners from the public and private sectors as wells as partner organizations.
Join us as we migrate into Phase II of this ground-breaking initiative and gain the insights that will be shared during this session.
Be prepared to communicate your questions and/or answers in an interactive round table environment. Your expertise will be invaluable to this effort.
Members of the DRJ Editorial Advisory Board will facilitate this session.
Workshop Session 2
Optimistic Bias: A Barrier to Business Continuity?
Optimistic Bias is the tendency to view oneself or one’s organization
as invulnerable or less likely than others to experience negative life
events. It is a pattern of judgments.
These judgments can interfere with the necessary planning for disasters and business continuity.
Many plans developed by organizations have hidden flaws due to this flawed pattern of judgments.
Optimistic bias has been shown to have a direct bearing on not only individual planning but business and government planning as well.
What do research and the literature tell us about this bias? Are you or your organization guilty of optimistic bias?
After this session the participants will be able to define optimistic bias, will be able to discuss the possible impact it has on their organization’s planning process and most importantly allow the opportunity for attendees to examine their own beliefs and judgments about impending disasters.
Many session attendees will be eager to take this concept back to their own companies and try to identify and gaps in their planning.
Barbara Citarella is the founder of the award-winning company RBC Limited, a healthcare and management consulting business. In addition to consulting in all areas of health care, RBC Limited has worked extensively with law enforcement, government agencies and the private sector with regard to business recovery planning, protection of personnel assets, infrastructure protection, exercise observer, all hazards planning and the Incident Command System.
Workshop Session 3
Virtual Emergency Operations Centers: The Wave of the Future
all know what a physical Emergency Operations Center (EOC) looks like
and feels like. The physical EOC is the “nerve center” of the company’s
recovery operations and houses subject matter experts from different
areas of the business. The EOC’s role is to manage and monitor the
response to the event, as well as the overall recovery of the business.
The primary function of any EOC is to establish and manage the Four
C’s: Control, Communication, Collaboration, and Coordination.
A virtual EOC takes the physical EOC (people and processes) and moves it into “cyberspace” through a variety of technology tools. There are many advantages to not having “four walls.” Currently there are two major issues driving the need for a virtual EOC: (1) The threat of an avian flu pandemic; (2) Companies whose key employees are dispersed across large geographic areas, making collaboration difficult.
This workshop will outline everything your company needs to know to establish a virtual EOC – how to develop one, what are the advantages and pitfalls, technology options that will give you the best results, and ways to combine the physical and the virtual. The goal of the workshop is to teach the skills to develop a successful virtual command center. A VEOC, whether it be stand-alone or in concert with an existing physical EOC, offers many rewards.
Phelps has provided extensive consultation to global companies
preparing for the pandemic threat. A partial client list includes Visa,
the World Bank, AEGON, Northern Trust, Triton, Liberty Mutual,
Federated Department Stores, Stanford University, the California
Institute of Technology (Caltech), and Wells Fargo.
Jan Sysmans is responsible for WebEx’s business continuity and disaster recovery program. He is also the chair of the marketing communications committee for the SaaS Executive Council, an industry council sponsored by the Software & Information Industry Association.
Workshop Session 4
Financial Services Industry: Business Continuity Information Sharing Session
Randall Till, CBCP
business continuity experts from the financial sector as they share
their best practices, success stories and view on changing trends in
the industry. The regulatory requirements of the financial sector have
long driven the evolution of business continuty, and continue to shape
best practices and processes in the industry.
You will hear from a panel of leading experts who will address some of the most pressing issues facing our industry today. They will share their experiences and outline the proven practices that have been successful within their companies. While key industry topics will be covered by the panel, participants will have opportunities to ask questions and explore areas of interest.
Some of the key topics that will be discussed:
Incident management and response practices, global implementation and lessons learned
• Integration of business and disaster recovery plans into the Business Continuity Management Program.
• Integration of business continuity with other key disciplines – taking an enterprise wide approach.
Learn from the financial sector’s industry experts, and join the conversation on the most important issues facing the business contiuity industry today .
Randall Till, CBCP, is a senior business leader at MasterCard Worldwide.
Mike Gifford, IT senior manager disaster recovery, The Capital Group Companies.
Barry Gorelick, CBCP, vice president, Ameriprise Business Continuity Management at Ameriprise Financial, Inc.
Greg Pinchbeck, business resiliency director at JPMorgan Chase Treasury & Security Services and Centralized Transaction Operations.
Charles Wallen CISSP, managing executive FSTC Business Continuity Standing Committee at Financial Services Technology Consortium.
Workshop Session 5
Team Coordination Training for Disaster Response: Part 2
Session registration is limited to 200.
This is a hands on, participation intensive workshop which elaborates on Sunday Workshop Session 3.
While we were introduced to characteristics and practice elements in dynamics of disaster response groups, this session will specifically address emergency alerts, communications, real case scenarios, safety, more in depth team coordination training with different stress elements which require flexibility, development of a custom field response guide.
Come prepared to immerse yourself and work hard. You will come away from this with new knowledge of how to optimize the strengths and capabilities in group response.
We will take a hard look at leadership and how it may have to change hands, how to maintain internal cohesion while everything else is changing, how to work together when disaster responders have diverse daily functions, experience and organizational frame of reference. Materials will be included.
This presenter also hosts a session on Sunday afternoon that coordinates with this session. Those participants who successfully complete both sessions, the homework and a take-home exam will be awarded the Certification in Catastrophic Planning: Advanced Team Coordination Training for Disaster Response.
Paula Smith, Catastrophic Planning Policy Review Committee, has a PhD in BioMedical Psychology, executive training through Harvard Business School, and has worked in clinical and university settings as well as industry and government. She has experience in contingency planning as an emergency and disaster management professional in the DC area.
Workshop Session 6
Ready, Set, Exercise!
How to Develop and Conduct a Successful BCP/DRP Exercise
Goldman Mgmt. Consultants
Successful crisis management and disaster recovery takes more than a plan: it requires realistic testing and validation.
How do you do that properly? Are your exercises smoke and mirrors or do they provide as-close-to-real situations as possible? How does your program compare? How can you improve?
During this hands-on workshop, you will learn how to set up and conduct a successful BCP/DRP exercise. Students will master the aspects of effective exercise preparation and execution, including:
• Types of drills and exercises
• Elements of a successful exercise
• Scope, objectives, and extent of play
• Scheduling and coordination
• The scenario team
• Scenario ideas and events you can use
• Resources and props
• How to conduct, evaluate, and critique
• Imagination, creativity, and leadership
• Steve’s highly acclaimed Exercise Planning Checklist.
You will learn how to avoid common pitfalls during the development process and how to anticipate and resolve potential problems. Exercise conduct, evaluation, and critiquing strategies will be discussed. With his lively style and real-life examples, Goldman will lead the class through interactive discussions of successful exercise development.Steve Goldman is a leading crisis management and BCP consultant and former global BCP manager for a Fortune 500 company. Over his long career he has developed, conducted, and evaluated drills and exercises ranging from one-hour tabletops to massive three-day exercises involving hundreds of responders from dozens of companies and government agencies.
Breakout Session - Track 4
(Choose one session from each track. )
Tuesday, April 1, 2008 - 1:30 - 2:30 p.m.
Strategic Session 4
NEC Case Study: Tactical and Strategic BCP Development and Deployment
formerly Nippon Electric Company, is one of the world’s leading
providers of Internet, broadband network and enterprise business
solutions. Headquartered in Tokyo, Japan, NEC has 200 business units
worldwide, generating $40 billion in revenues with more than 150,000
employees. NEC has special risks to manage. In 2007 there were two
significant earthquakes in March and July, causing an interruption in
manufacturing operations. This session will introduce the
organization’s BCP development and deployment case study.
Shinobu Sasaki is NEC’s BC/DR senior business consultant, responsible for BC/DR consulting business since 2004, supporting more than 25 clients during four years.
Noriyuki Sakamoto is chief manager of risk control and compliance division in NEC head office and leader of the business continuity plan effort for NEC.
Managerial Session 4
Enterprise Risk Management & BC At Dow: How They Intersect
a follow up to Dave Kepler’s “Enterprise Risk Management and Business
Continuity” session, the BC team from The Dow Chemical Company will
take time to address general questions regarding their group’s
interactions with the Dow executive management team. The team will
share their internal processes, including some valuable insight, which
the attendee can leverage to improve their own relationship with senior
Bill Worsley, CBCP, is a business continuity manager for The Dow Chemical Company.
Howard Fenter heads up Dow’s disaster recovery program. He has years of experience in DR and business continuity planning.
Mike Simon leads the business continuity efforts for the company. He has spent many years in the BC and DR planning industry.
Technical Session 4
Leveraging Maturity Models for Effective IT Risk Management – Case Studies
Fusion Risk Mgmt.
will learn best practices and emerging trends in IT risk management.
Hear how leading companies decompose the IT risk management challenge
to determine strengths and weaknesses, and build a plan to mature their
IT risk management program over time. Learn how to consolidate myriad
business drivers including regulatory compliance into a unified
approach to proactive enterprise-wide risk management. Explore specific
case studies of enterprises that are effectively using emerging
concepts, processes and tools. The session will also show how these
firms have implemented a single framework to address not only security,
DR and BC, but also physical and logical security, safety,
environmental and other operational risks.
David Nolan is the founder and chief executive officer of Fusion Risk Management, Inc., Rolling Meadows, IL.
Emergency Response Session 4
Using Incident Command System to Enhance Your Organizations Emergency Response Capabilities
Randall Till, CBCP
today’s changing business climate, new threats and risks force
organizations to look for better methods and stronger practices to
manage and protect their company interests and assets. Randall Till
will discuss implementing the Incident Command System (ICS) as part of
global effort within this organization. The success stories and the
benefits will be related as he explains the strategy, approach and
lessons learned. He will build a case for why the ICS approach and
structure makes good sense and provides a strong business case as a
necessary enhancement for your BC program.
Randall Till, CBCP, is a senior business leader at MasterCard Worldwide where he is responsible for developing and implementing an enterprise-wide BCM program.
Advanced Session 4
Mission Assurance: Building a Culture of Preparedness
Booz Allen Hamilton
Booz Allen Hamilton
attacks as witnessed on 9/11 and in Europe, critical infrastructure
failures, and natural disasters highlight the need for an integrated
Mission Assurance approach for both the government and commercial
enterprises. As highlighted by the US Government Mission Assurance
Governance Committee, it “Is a cohesive approach integrating critical
infrastructure protection with physical, cyber, and personnel security
and contingency planning to provide a coordinated approach for ensuring
the Federal government’s ability to perform mission critical
processes.” The presentation highlights case studies where
organizations have developed successful mission assurance programs.
Jerry Vevon a principal at Booz Allen Hamilton with 28 years of management, leadership, and intelligence analytical experience.
Jonathan Allen is a senior associate with Booz Allen Hamilton and one of the firms’ leaders providing crisis management, security services, risk management, and resiliency to both government and commercial clients.
Information Session 4
Executive Level Table Top Exercises: A Case Study from Novartis Pharmaceuticals
terms “Pandemic” and “Bird Flu” have become commonplace in today’s
world. While the likelihood of another flu pandemic impacting the world
is unknown, the impacts would be indisputably devastating. This
presentation will highlight how the Novartis Pharmaceuticals Pandemic
Preparedness program has been embraced by the firm, from its inception
to the current state. Recently, Eagle Rock Alliance assisted Novartis
Pharmaceuticals in presenting a table top exercise to their executive
team. This presentation will also highlight the results of that
Gregory King, CHP, is head of health, safety, environment and business continuity. He has worked in various areas of the Pharma industry for 17 years.
Jordan Crotty is a consultant in the business continuity group at Eagle Rock Alliance.
Breakout Session - Track 3
(Choose one session from each track. )
Monday, March 31, 2008 - 4:15 - 5:15 p.m.
Strategic Session 3
Incorporating Self-Assessments in Your Business Continuity Plan
continuity planning does not take place in a vacuum. Every planner
faces the challenges of justifying expenses and securing resources in
order to build and maintain a successful BCP program. How can you raise
awareness of the program and identify achievable goals? Planners need
to incorporate self-assessments and scoring matrices into their
continuity plan. This session will discuss measuring the organization’s
readiness and understanding risks and holes in the plan via scoring.
Attendees will leave with a better understanding of how to determine
where their program is and where it is heading.
John Tartaglia is Strohl Systems’ senior technology risk management consultant specializing in business continuity/disaster recovery planning project management, development and implementation Tartaglia has more than 18 years experience in information security risk management, business continuity and disaster recovery planning.
Managerial Session 3
The Convergence of Email Archiving and Disaster Recovery
the last year, disaster recovery, compliance, and archiving have become
increasingly intertwined. In 2006, new Federal Rules of Civil Procedure
changed the way electronic information such as email and digital files
must be produced for litigation.
As a result, U.S. companies have been forced to pay billions of dollars to unearth digital records from back-up tapes originally implemented for disaster recovery. New best practices are emerging for holistic management of digital data such as email. As disaster recovery and archiving converge, leading companies are reinventing the way they manage data to improve policy management, reduce costs, and lower legal and compliance risk. This session will thoroughly cover the new compliance, legal discovery, and retention rules for managing digital data and their dramatic impact on disaster recovery.
Paul D’Arcy is vice president of worldwide marketing for MessageOne and an expert on email and crisis communication infrastructure. With more than 15 years of technology marketing experience, he is a published author and a frequent speaker at industry conferences.
Technical Session 3
Implementing a High-Availability Web-Based Environment
SunGard Availability Services
more and more organizations build and implement internal web-based
applications that drive major business objectives, they are faced with
the design and implementation of a solution that will ensure a high
level of resiliency and data protection. This discussion is designed to
share experiences and practical application of tools that are available
to build resilience into web-based applications in your own environment.
Cheryl Carmel, CISSP, director of customer support center for SunGard Availability Services Software Products Group. Her responsibilities include design, implementation and management of SunGard’s hosting environment for the commercial software products.
Emergency Response Session 3
BIA: The Next Generation
output of a BIA is critical information for developing cost efficient
and effective recovery strategies and capabilities. Historically
however, conducting a BIA has been unnecessarily time consuming and
inefficient. The Next Generation of BIAs has arrived. Learn practical
approaches for conducting a BIA in your organization that will produce
meaningful results to aid in the success of your BC program. You will
also receive guidance on appropriately balancing recovery requirements
with costs and maintaining your impact profile without having to use
unnecessary person-hours to get the job done.
Peter Laz, MBCP, is a senior consultant with Forsythe Solutions Group. He is a member of the DRJ Editorial Advisory Board, a board member of PPBI and program director of the Capital Region Chapter ACP.
Lewis Cox, CBCP, is a managing consultant with Forsythe Solutions Group. He is a member of the BRPASW (Wisconsin Chapter), the Executive Technology Club (Chicago Chapter) and PPBI.
Advanced Session 3
Human Continuity: The People Side of BC
Gerald Lewis, Ph.D
G. Lewis & Assc.
BC plans frequently incorporate redundancy in their data centers,
telecommunications capabilities, and IT resources. While data and
communications integrity is fundamental, businesses are focusing on how
to protect the most critical component of their organizations – the
workforce itself – in order to be truly resilient. We will discuss the
life cycle of a crisis and the importance of pre-, mid-, and
post-incident plans, services, and strategies to help mitigate the
impact of a crisis on personnel. Learn communication strategies and
best practices to help you connect, protect and account for your human
Dr. Gerald Lewis, Ph.D an international consultant, has worked with government agencies, healthcare facilities, educational institutions and private businesses on a wide range of work, behavioral health and organizational issues.
Steve Zirkel has more than 18 years of CRM and contact center industry experience. As GM of the BC segment, he drives the growth, knowledge and innovation, as well as directing the overall operations for the company.
Information Session 3
The Disaster Recovery Institute International (DRII) Certification Process
taken a few DRII courses, even sat for the certification exam – now
what? You’ve heard the stories of how intense the application process
is – where do you start? This session will be chaired by members of the
DRII Certification Commission and the DRII Certification Manager, and
will focus on the application process to successfully become certified.
The session is targeted to those individuals who have either begun or
wish to begin this process, and will feature a “how-to” approach to
this topic. Participants are encouraged to bring specific questions
concerning their applications.
DRII is a recognized leader in providing education, standards, and professional certification.
Breakout Session - Track 2
(Choose one session from each track. )
Monday, March 31, 2008 - 2:45 - 3:45 p.m.
Strategic Session 2
DRJ and Forrester BC/DR Market Study: The State of DR Preparedness
the current state of enterprise disaster recovery preparedness. The
results from the Disaster Recovery Journal and Forrester’s First Annual
BC/DR Market Study will be reviewed in this session. Coverage will
include: Company practices regarding DR planning, plan maintenance and
testing; The percentages of companies that have alternate recovery
sites; Current recovery tiers and technology selection; Company
confidence in their DR preparations and more. The conclusion will
provide an overall assessment of current DR preparedness efforts and
provide recommendations and suggestions for improving preparedness.
Stephanie Balaouras primarily contributes to Forrester’s offerings for IT infrastructure and operations professionals. She is a leading expert in how companies build resilient IT infrastructures to support key business initiatives.
Managerial Session 2
Helping Others Along The Way: Creating Partnerships
company has a good BC program, but is that enough? What happens to a
community during a significant and/or widespread event? If government
agencies are overwhelmed, who comes to the aid of the average citizen
or business? Hurricane Katrina was a great example of how our
not-for-profit community is critical to the recovery of an impacted
region. What are not-for-profit organizations doing to prepare? What
can the private sector do to reach out and make a real difference? Are
there opportunities for partnerships to make our entire society more
resilient? This innovative session will share trends in BCP to partner
with this sector, and discuss how your company can help!
Regina Phelps has more than 26 years of experience. She is founder of Emergency Management & Safety Solutions, a consulting and training firm.
Jeff Fish has more than 15 years experience in operations management, and is vice president of executive office at United Way of the Bay Area in San Francisco.
Technical Session 2
Winning with a Secure Network and Data Storage Environment
today are facing ever increasing amounts of data generation. IT
departments are feeling challenged to ensure it is available when
needed, and at the same time are pressured by budgetary constraints.
Remote access is becoming more of a norm. As a result, more and more
business are considering on-line backup to secure and protect their
most important data. Managed storage and data protection will be top 10
picks for storage in 2008. But with so many choices, it is hard to know
exactly what can and should be done to prepare for the inevitable. This
session will enable you to be on top of what you need to do to ensure
your organization is prepared.
Mark Steinberg is director of business development, senior member of the technical staff for Hill Associates, Inc. He has spent more than 25 years in the business of technology as it continues to undergo profound and dramatic changes.
Emergency Response Session 2
Maximizing the Table-Top Experience with “Serious Games”
games” are being used to train war-fighters, first responders, and
incident response teams. They are the perfect training tool for high
intensity, hands-on-action situations. These tools are so effective
because they are totally engaging. The brain’s learning capacity peaks
when a strong attitude of caring fuels the effort. This session will
show what the FBI has been doing recently to apply serious game
technology to continuity of operations.
Kevin Haslag is the IT COOP program manager in the FBI’s Office of the CIO. He has had a long career in the FBI IT organization, and has been leading the IT COOP program since its beginning.
Advanced Session 2
Partnering for Continuity: From Process to Plan to Program
a BC program can be a daunting task. This case study describes a
successful partnering approach to formalizing existing processes,
defining enterprise and department BC plans, and creating an
organizational emergency management program. Ultimate Software
completed a multi-phase EM project and partnered with external
resources to help achieve their goals. Learn the phases of the project
and highlight key elements. Also examined will be the existing
foundation within the organization and how the project was managed,
from the original vision statement to the ongoing maintenance of the EM
program. In addition, we’ll review the key steps, critical milestones
and evolution of how the BC/DR activities were developed, documented,
John K. McCarthy is a process management consultant at Learning Advantages.
Marilyn Almanza is the PMO enterprise director at Ultimate Software.
Betty L. Boudreaux, CSP, is a loss control department manager at Chubb Group of Insurance Companies.
Information Session 2
H5N1 Influenza: It’s Not Just For The Birds. Medical Management of an Influenza Pandemic
influenza pandemic is perhaps the biggest public health threat that we
face in the coming decade yet many people tell me that they are fed up
hearing about it. Public attention on this has faded over time and
businesses have moved onto other problems. The problem is that the
virus hasn’t gotten tired nor has it slowed its rate of mutation or
spread. We will review the latest developments of the H5N1 influenza
virus and discuss the major medical issues you will face during a
pandemic. We will review government guidance, discuss anti-viral and
vaccine strategies and explore workplace infection control methods that
can help reduce the impact of this disease on your business
Stuart Weiss is a nationally recognized expert in the field of disaster preparedness and the medical consequences of manmade and natural disasters. He is a founding partner of MedPrep Consulting Group.