Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

undefined

The Business Continuity Institute is pleased to welcome its first Associate Fellow (AFBCI) since the new grade was created. Having completed a rigorous assessment process, Johannes Muellenberg now has the honour of being able to call himself an AFBCI and gain extra recognition through the use of those letters after his name.

Earlier in the year, the BCI launched its AFBCI grade in order to meet the growing demand of our members, many of whom have contributed significantly to the industry and the Institute but are not yet eligible to become a Fellow. The AFBCI grade sits between MBCI and FBCI and successful candidates must have demonstrated their commitment to the industry through the number of years experience they have, and a commitment to ongoing learning through their participation in a continuous professional development (CPD) scheme.

To find out more information on BCI membership grades, please click here.

No two disasters are ever the same and business continuity practitioners should never base their plans directly on an individual experience, but case studies still provide an extremely helpful tool when it comes to thinking about what organisational disruptions may occur and how they can be dealt with. That is the purpose of a new book titled ‘In hindsight: a compendium of business continuity case studies’ launched in July at Missenden Abbey in Buckinghamshire, UK, a tribute to the venue where the idea for the book was originally conceived.

In hindsight was edited by Robert Clark MBCI and authored by several people from the field of resilience who all (with one exception) came together when studying at Buckinghamshire New University under the tutelage of Philip Wood AMBCI who provided the preface for the book. In his preface he states "I have found it to be an interesting, thought provoking and stimulating collection of studies and I have learned a great deal from reading it. Learning is key to understanding, and understanding allows us to make the right decisions.”

This compendium of business continuity case studies contains fascinating examples showing the diverse range of issues that organisations could have to deal with. With stories ranging from financial crises (collapse of Barings Bank) to industrial disasters (Piper Alpha), from disease outbreaks (SARS) to natural disasters (UK flooding of 2007), from product recalls (Toyota’s 8 million cars in 2009/10) to crowd management (Dusseldorf Love Parade in 2010), this book is packed with case studies of various incidents demonstrating what happened, how it was dealt with and an additional focus on what went well and what didn’t go well.

In explaining why ‘hindsight' is perhaps the perfect theme for a book, Robert Clark highlighted that “we tend not to look back enough on what has happened in the past in order to learn from it. That's why this book is not just about theory, it is about looking at past incidents and identifying how an effective business continuity management system could have made the situation better.”

Disasters will always happen but if we can learn from each one then we can improve on the outcome the next time something similar happens. To find out more about this book, please click here.

http://www.thebci.org/index.php/about/news-room#/news/hindsight-is-a-wonderful-thing-90286

August 15, 2014

BCI Asia Awards

The 2014 BCI Asia Awards took place on Thursday 14th August at the 12th Asia Business Continuity Conference in Singapore. The BCI Asia Awards are held each year to recognise the outstanding contribution of business continuity professionals and organizations living in or operating in China, Tibet, Hong Kong, Japan, Macau, North Korea, South Korea, Taiwan, Mongolia, Philippines, Malaysia, Singapore, Laos, Thailand, Vietnam, Brunei, Myanmar (Burma), Cambodia, East Timor, Indonesia.

The Winners of the Awards were:

Business Continuity Provider of the Year (Product)
ezBCM

Business Continuity Team of the Year
Maxis Berhad

Business Continuity Innovation of the Year
Bluezoo

BCM Manager of the Year
Khalid Ahmed Bahabri

BCM Newcomer of the Year
Sachin Kumar

Congratulations to all the winners and well done to all those who were nominated. All winners from the BCI Asia Awards 2014 will be automatically entered into the BCI Global Awards 2014 which take place in November during the BCI World Conference and Exhibition 2014.

(MCT) — Nearly 24 hours after witnessing the devastation himself, Gov. Rick Snyder today declared a disaster for metro Detroit counties in the wake of a historic flood that left a huge path of destruction across the region.

Thousands of flooded basements and raw sewage spills. Wrecked cars. A massive sinkhole. Ongoing traffic nightmares.

Metro Detroit is dealing with all of this — and more. Adding to the chaos, scavengers are now going through water-logged debris that people are putting out on the curb for trash. Where that ends up is uncertain, triggering yet more public health concerns.

The devastation has left local officials exasperated and pleading for help, saying there is no way their communities can handle this on their own. They are in dire need of state and federal aid, they say. And it needs to come fast.

...

http://www.emergencymgmt.com/disaster/Governor-Declares-Flood-Disaster-Southeast-Michigan.html

With the Northern Hemisphere now in the midst of hurricane, typhoon and cyclone season, many businesses have emergency plans in place, plywood to board the windows, and generators at the ready. But a new study from economists Solomon M. Hsiang of Berkeley and Amir S. Jina of Columbia, “The Causal Effect of Environmental Catastrophe on Long-Run Economic Growth,” found it is far more difficult for the overall economy to weather the storm.

As Rebecca J. Rosen explained in The Atlantic, economists previously had four competing hypotheses about the impact of destructive storms: “Such a disaster might permanently set a country back; it might temporarily derail growth only to get back on course down the road; it might lead to even greater growth, as new investment pours in to replace destroyed assets; or, possibly, it might get even better, not only stimulating growth but also ridding the country of whatever outdated infrastructure was holding it back.”

After looking at 6,712 cyclones, typhoons, and hurricanes that occurred between 1950 and 2008 and the subsequent economic outcomes of the countries they struck, Hsiang and Jina were able to decisively strike down most of these hypotheses. “There is no creative destruction,” Jina said. “These disasters hit us and [their effects] sit around for a couple of decades.”

...

http://www.riskmanagementmonitor.com/the-long-term-economic-impact-of-hurricanes/

In 2012, when Superstorm Sandy struck the East Coast, thousands of residents were displaced from their homes. In wake of the panic and chaos, Airbnb, an online platform where people list and book accommodations around the world, saw an opportunity to leverage its existing services for neighbors to help neighbors. During the disaster, 1,400 Airbnb hosts — who typically collect payment for accommodations — opened their homes and cooked meals for those left stranded.

After Sandy, Airbnb reached out to the San Francisco Department of Emergency Management to share what it learned and discuss how it could reach a broader audience during an emergency. Simultaneously, the company was in discussions with officials in Portand, Ore., about an initiative to help civic leaders and community members work together to create a more shareable and livable city.

...

http://www.emergencymgmt.com/disaster/Airbnb-Partners-San-Francisco-Portland-Disaster-Relief.html

Company's 97th Patent Describes Improvements to Snapshot Performance for Faster System Recovery

LONGMONT, Colo. – Dot Hill Systems Corp. (Nasdaq:HILL), a trusted supplier of innovative enterprise-class storage systems, today announced innovative technology described in its latest addition to its patent portfolio - a new innovation that improves snapshot performance in storage arrays.

Generated by Dot Hill's AssuredSnap™ snapshot software, which is part of the company's Data Management Services (DMS) suite, snapshots are versatile and extremely useful tools for backup and data recovery operations. By reducing the number of operations required to access snapshot metadata, the invention disclosed in Dot Hill's 97th US patent, numbered 8,751,467, improves storage controller performance when using data snapshots, which can result in faster system recovery.

Traditionally, when an application on a storage controller wants to access snapshot data from a storage system, the application first needs to retrieve the storage device's snapshot metadata. The status quo approach of accessing metadata is inefficient since it involves multiple steps of copying cache pages. Using Dot Hill's patented approach the application can use the cache page address to access the metadata. A second application is allowed to access the cache page and can also update the metadata in this approach. After the application finishes its update, cache pages are mirrored to the remote system and written back to the appropriate storage devices. This patented approach streamlines the data recovery process.

"Our customers run demanding applications that require high-performance storage with rock-solid reliability," said Ken Day, chief technology officer, Dot Hill. "Besides providing 99.999 percent data availability in all our AssuredSAN storage systems, we never stop innovating to set ourselves apart from the competition. Dot Hill's growing patent portfolio is a reflection of a world-class engineering team that develops highly differentiated storage solutions."

Dot Hill's patent portfolio builds on the extensive intellectual property behind Dot Hill AssuredSAN and AssuredSAN Pro solutions, which deliver rock-solid, wicked-fast solutions to customers and OEM partners. Dot Hill's continuous innovation benefits the company's key vertical market customers in the Media & Entertainment, Telecommunications, Oil & Gas, Big Data & Analytics and Digital Imaging sectors, that require high-performing storage to support demanding applications.

About Dot Hill

Leveraging its proprietary Assured family of storage solutions, Dot Hill solves many of today's most challenging storage problems - helping IT to improve performance, increase availability, simplify operations, and reduce costs. Dot Hill's solutions combine breakthrough software with the industry's most flexible and extensive hardware platform and automated management to deliver best-in-class solutions. Headquartered in Longmont, Colo., Dot Hill has offices and/or representatives in China, Germany, India, Japan, Singapore, the United Kingdom, and the United States.

For more information, visit us at www.dothill.com.

BCM 2000:  Essentials of BCM Series
Implementing ISO 22301, 22313,
22320, 22398, 27031, 31000, 19011 & 17022
Includes BCI's 2013 Good Practice Guidelines 
Looking for a course that is based on international standards?
 
Looking for templates and examples on how to develop a Business Continuity Management System that meets the requirements of the standards? 
 
Do you like to have fun (and maybe even laugh out loud!) when you learn?
Then BCM 2000: Essentials of Business Continuity Management is the course for you!  Download the Brochure 

Course Description 
BCM 2000: Essentials of Business Continuity Management provides you with knowledge to develop a standards-based, auditable, and actionable business continuity program for your organization.
This course is the critical starting point to developing a program that can be certified ISO 22301. It is comprised of 10 individual modules that can be taken as a series or in combination over time.

Essentials of Business Continuity Management provides the foundation necessary for new or current professionals interested in either developing a career in Business Continuity Management, seeking certification, or for those professionals responsible for developing a business continuity program for their organization.

It is designed to expose the participant to all aspects of a holistic BCM program and to be a solid "how to"guide for building a business continuity program for all types of organizations.


Student activities are included throughout the course and are designed as knowledge checks to reinforce lesson materials and to provide attendees with hands-on activities that will enable them to become familiar with and apply these principles in their jobs.

Delivery Structure
Essentials of BCM is offered as an elearning course that includes the following elements: Download the Brochure
  • Voice over ppts teaching online
  • pdf's of the course book
  • Templates of how to implement the requirements of the standards (sample policies, reports, etc.)
  • Multi-media that is relevant & fun!
  • BCI's 2013 Good Practice Guidelines 
  • Case study
  • Open for Business Toolkit
  • Course review activities to evaluate for comprehension
  • Practice exam questions (for DRII's Qualifying Exam)
  • Online essay for CEU credit  
  • Email access to a qualified expert for questions
  • Online ISO 22301 Lead Implementer Certification Exam included in course fee 
Certification Requirements
Successful completion of the BCM 2000 series with a passing grade on the online CORS in BCM exam completes the educational component for certification as a Certified Organizational Resilience Specialist (CORS) in BCM / ISO 22301 Lead Implementer.

null
Holders of the CORS certification are entitled to apply for statutory membership with the BCI at the AMBCI or MBCI level, subject to evidence of required experience.
With ISO 22301 as an international standard allowing companies to demonstrate their ability to cope with major threats; as well as provide a management systems approach to business continuity management, this course provides you with what you need todevelop a program that complies with these certification standards.

Register Here

And if you have questions, don't hesitate to call or send an email.
Sincerely,
Lynnda Nelson, President
The International Consortium for Organizational Resilience
Education@theicor.org
866.765.8321 US/Canada  +1630.705.0910 International Calls
BCM 2000: Essentials of Business Continuity Management Series
BCM 2011: Business Continuity Program Development
BCM 2021: The Business Impact Analysis
BCM 2022: The Risk Assessment
BCM 2023: Developing Strategies / Options to Protect the Organization
BCM 2031: Plan Design, Program Structure, & Required Documentation
BCM 2032: Incident Response, Management & Communication
BCM 2033: Business Continuity & Recovery Plans
BCM 2035: Writing the ICT Continuity / IT DR Plan
BCM 2041: Awareness, Training, Testing & Exercising
BCM 2042: Program Evaluation, Improvement & Audit
BCM 2011:  BCM Program Development 
In order to develop a Business Continuity Management System, it is important to understand the requirements of management systems, the core concepts of business continuity, and how to determine the scope of the program, develop policy, and the requirements for leadership and governance. BCM 2011 provides an overview of each of these topics as the foundation for developing and managing the BCMS.

BCM 2021:  The Business Impact Analysis
The BIA process is covered from beginning to end with a focus on the identification of the organization's key products and services and the critical activities and resources that support them.  Examples of BIA data gathering questions, methodology, analysis and reporting provided. 

BCM 2022: The Risk Assessment
Using the ISO 31000 standard on Risk Management as its basis, this course describes the process of conducting a risk assessment and analyzing the results to mitigate risks.  From risk identification, risk description, risk analysis, risk evaluation, risk communication, and risk reporting, this course covers the entire risk assessment process using an enterprise risk management approach.   A key requirement of the standards is the identification of the organization's risk appetite or acceptance and this course provides the methodology for this identification. In addition, BCM 2022 includes a review of different quantitative and qualitative methods for analyzing risk.

BCM 2023:  Developing Strategies / Options to Protect the Organization
This course introduces the student to the challenges of selecting the appropriate strategies / options
for the continuity and recovery of business processes, critical functions, operations and the supporting information technologies within the specified recovery time objective.  Building on the information gathered during the BIA and risk assessment, BCM 2023 explores how to evaluate the different strategies necessary for mitigating risk, continuing operations when possible, and recovering operations if interrupted. BCM 2023 reviews strategies for people, property, assets, technology and information, reputation, suppliers, and financial viability.

BCM 2031:  Plan Design, Program Structure & Required Documentation
In order to develop the actual plan documents the organization will need to decide on the approach, methodology and the plan document structure. BCM 2031 outlines the necessary roles and responsibilities of the members of the organization, the key elements that must be included in every plan type, and how to meet the requirements for managing documentation.

BCM 2032:  Incident Response, Management & Communications
Implementing procedures for responding to an incident of any kind, managing the incident, and ensuring successful communication with all interested parties before, during and after the incident is an essential requirement for all business continuity programs. BCM 2032 also ties to the requirements of ISO 22320 on Incident Management and PAS 200 on Crisis Management & Communications.  The objective of BCM 2032 is to develop and implement procedures for response to and stabilization of the situation following an incident or event, including establishing and managing an Emergency Operations Center and local command centers during the crisis.

BCM 2033:  Business Continuity & Recovery Plans
All of the procedures developed as part of strategy development need to be documented in the business continuity and recovery plan. BCM 2033 reviews the requirements for business continuity plans and how to document procedures according to ISO 22301.

BCM 2034:  ICT Continuity / IT DR Plans & Procedures 
The focus of the ICT Continuity and the IT Disaster Recovery Plan is on the IT infrastructure that supports the business operations and ensuring that the plan in place protects the key infrastructure of
the organization. ISO 27031 on ICT Continuity outlines the methodology for ensuring that the ICT infrastructure supports the BCM infrastructure to ensure that there are no unsupported critical processes and the RTOs can be met. BCM 2034 reviews the guidelines for ICT continuity under ISO 27031, ISO 27001, and NIST 800-34.

BCM 2041:  Awareness, Training, Testing & Exercising 
Building a BCMS culture is an essential component of ensuring a successful program. Determining competence of all parties involved in the business continuity management system and increasing competence through awareness, training, testing, and exercising is a key component of this process and is vital to the success of the BCMS. BCM 2041 also aligns to the guidance of ISO 22398 for developing exercise programs. 

BCM 2042: Program Evaluation, Improvement & Audit 
It is impossible to keep the BCM program current and actionable or to move to a management system without monitoring, measuring, analyzing, and evaluating the BCMS. BCM 2042 explores the requirements for internal audit and management review of the BCMS. Also included are the requirements for writing the audit report based on ISO 19011 and ISO 17022. 
If you would like to submit an article or presentation for a future ICORrespondence Newsletter submit it to Lynnda@theicor.org.
 
Sincerely,
 
Lynnda Nelson, President
The International Consortium for Organizational Resilience
Save 10%
Did you know that you can save 10% on all ICOR courses if you are a member of one of the following organizations?  Contact them to find out how or email info@theicor.org.
  • ICOR
  • ACP
  • AFCOM
  • ASIS
  • BRPA
  • BRPA SW
  • IAEM
  • IFMA
  • NEDRIX 
Become an ICOR Member Today!

Over a series of articles, Hilary Estall, Director of Perpetual Solutions, will be discussing subject areas aimed at those managing a business continuity management system (BCMS) and in particular, those systems certified to ISO 22301. With her pragmatic approach to management systems and auditing in particular, Hilary will offer an insight into areas not widely discussed but still important for the ongoing success of a BCMS.

In the second article of the series, Hilary Estall looks at what’s involved when a certified BCMS reaches its recertification point. What does this mean and what’s involved?

In this article I demystify the process of recertification; the procedure undertaken by certification bodies every third year in the cycle of management system certification. I identify how an organization should prepare and the process of recertification itself. Is it just another audit or is there more to it?

If your organization has a certified business continuity management system (BCMS) you will know that in order to retain it, your certification body will carry out periodical audits. You will also know that when you first achieved certification and were issued with your certificate, it had an expiry date on it, three years hence*. What are the implications of this expiry date and how should you prepare for ‘renewal’?

...

http://www.continuitycentral.com/feature1215.html

When it comes to data restoration, addressing deleted mailboxes or emails is the most common request of IT administrators, according to new survey data from Kroll Ontrack.

When asked how often they receive requests for data restoration, 61 percent of the nearly 200 Ontrack PowerControls customers surveyed across EMEA, North America and APAC report they receive up to five email related restoration requests a month, with an additional 11 percent claiming up to 10 times a month.

In Europe, the second most common data restoration need was disaster recovery (16 percent), followed by missing data (12 percent). In the US, the second most common data restoration need was collection of electronic data for ediscovery (21 percent), followed by consolidating data from older to new applications to eliminate legacy servers (15 percent).

Requests for data restoration came from all departments across an organization, with 24 percent stemming from the internal legal department, 22 percent coming from IT security and 15 percent originating from sales and marketing. Why do these people need their email and documents back? 45 percent of IT administrator respondents note that employees request their email and documents back because they were accidentally deleted. Internal investigations (17 percent) ranked as the second most common source of restoration requests.

http://www.krollontrack.co.uk/software/powercontrols