Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

Friday, 07 November 2014 16:02

New Orleans Dials In Next-Gen 911 Technology

The New Orleans' emergency call administration center has a faster, more efficient response to emergencies that improves the flow of information between citizens, multiple agencies and first responders.

Orleans Parish Communication District (OPCD) covers an area with a population of more than 370,000 residents. They handle more than 1 million emergency calls annually, routing requests to police, fire and EMS personnel in the field. Considering its call volume, OPCD needed a better way to connect applications and automate the flow of information. The former system required multiple computers, monitors and programs, making emergency call management often painfully slow and complex.

In 2013, OCPD was selected by Motorola Solutions to conduct the field trial of a new product, eventually named PremierOne Computer Aided Dispatch NG911 Integrated Call Control.

...

http://www.emergencymgmt.com/next-gen-911/New-Orleans-Next-Gen-911-Technology.html

Transaction includes Cintas’ document storage and imaging businesses in 10 U.S. markets
 
LIVERMORE, Calif. – Rob Alston, CEO of Access, has announced the company’s acquisition of Cintas Corporation’s document storage and imaging businesses in ten U.S. markets. This transaction is the 74th for Access and represents the company’s expansion in its existing markets of Cincinnati, Chicago, Phoenix and Atlanta and the entry into new markets including Miami, Indianapolis, Columbus, Cleveland, St. Louis and Denver. Closing took place on October 31, 2014.
 
Founded in 2004, Access is recognized as one of the fastest growing and most dynamic companies in the records management industry.  The company now has an extensive footprint across the United States and a rapidly growing presence in Latin America.
 
The Access team is led by CEO Rob Alston and President John Chendo. “We are excited to announce this broad expansion of our business” said Rob Alston.  “By adding six new markets to the 32 we already serve, we are now in a position to meet more of our clients’ needs in perhaps all of the cities in which they do business. Moreover, this acquisition adds significant new capabilities and strength to our digital access solutions offering.”
 
“The U.S. leaders of the Cintas Document Management business will be joining us, including the general managers currently running each of the branches. Executive Chad Bevington will take on the role of Vice President of Sales for Access and Michael Kosegi will become our Vice President, Digital Services,” Alston added. “We are very pleased with the high caliber of all our new team members joining us from Cintas Document Management.”
 
John Chendo added “This clearly represents a major step forward for Access. Access won’t be slowing down, however, but rather taking this opportunity to fuel continued growth over the long term. As a part of that effort we will continue to search for and identify strategic acquisition opportunities with select records and information management service providers here in the U.S. and internationally.”


About Access
Access is the largest privately held records and information management (RIM) services provider in North America. A trusted partner to clients spanning multiple industries and markets throughout the country, Access’ complete suite of services includes records storage and document management, data protection (electronic computer media), digital access solutions, secure destruction and compliance services. The valuable business services Access provides allow clients to focus on their core businesses while reducing the costs and risks associated with document retention, management and final disposition.  For additional information, visit http://www.informationprotected.com/.
 
About Cintas Corporation
Headquartered in Cincinnati, Cintas Corporation provides highly specialized services to businesses of all types primarily throughout North America. Cintas designs, manufactures and implements corporate identity uniform programs, and provides entrance mats, restroom supplies, first aid, safety and fire protection products and services. Cintas is a publicly held company traded over the Nasdaq Global Select Market under the symbol CTAS and is a component of the Standard & Poor’s 500 Index. For additional information, visit http://www.cintas.com/.

Anyone who currently holds an ICOR ISO 22301 Lead Auditor Certificate or who passes the exam in the future is eligible to apply to the PECB ISO 22301 Auditor Certification Scheme as a Provisional Auditor, Auditor, or Lead Auditor dependent upon your BCM experience and audit hours.  PECB's certification scheme is ANSI accredited.
To learn more about the PECB ISO 22301 Auditor Certification Scheme visit PECB.

BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor
 BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor is a 5-day instructor led course that prepares internal and 3rd party auditors as well as BCM professionals to audit BCM programs against ISO 22301 - the international standard for Business Continuity Management Systems.  In addition, in the US participants are also taught the critical content of the NFPA 1600 and ASIS.SPC.1 standards.

   

BCM 5000 provides students with the skills and knowledge to conduct and lead effective business continuity management system audits in accordance with the requirements of the BCMS standards, ISO 19011: 2012 and ISO 17022: 2012.  Participants learn how to audit a BCMS, how to write an audit report, how to interpret the requirements of ISO 22301, how to understand the guidance of ISO 22313, and will explore examples of compliance to these requirements for the purpose of audit, program improvement, and self-assessment. 

2014 Course Schedule
*  
November 17-21, 2014        Bangalore, India                    Chenthil.kd@ind.tuv.com
December 1-5, 2014           Brisbane,Australia                 www.jbtglobal.com
December 8-12, 2014         Flagstaff, Arizona                  High Country Conference Center   

*Go to www.theBCI.org for courses scheduled via BCI global partners. 


Class meets 8:00 AM - 5:00 PM Daily
 

 Register Now! 

Course Description  (Download the Brochure

ISO 22301 Lead Auditor teaches the principles and practices of independent auditing of a BCMS and
guides the student through the audit process using a balance of formal instruction and practical case study activities. The focus of the course content is on the requirements of ISO 22301 and how these requirements are implemented in a Business Continuity Management System. 

BCM 5000 provides students with the skills and knowledge to conduct and lead effective business continuity management system audits in accordance with the requirements of ISO 22301:2012, ISO 19011:2012, and ISO 17022: 2012. 

Attendees will also gain the necessary knowledge to prepare for an external audit, conduct an compliance audit as part of a self-assessment, as well as how to develop a standards-based business continuity program.

Who should attend? Existing Lead Auditors, BC professionals, IS professionals, & Internal Auditors.
The course audience also includes those with auditing experience who are interested in adding
the auditing of BCM Systems to their audit capabilities for conducting internal and/or external audits as well as BCM professionals who wish to add the auditing competence to their skill sets. 

To assist with the understanding of the overall process, the class is constructed around a case study and each activity is applied to the case study as we move through the course and practice applying the requirements of the standards to auditing practices.

Also included in the course are small 'quizzes" taken after each section and an exam review "Jeopardy" game to prepare for the exam. 

Course materials include the following:

  • Student Guide - Over 300 pages of text and pictures (not ppts!) to be used as a future reference 
  • Case study
  • Sample plans and supporting documentation to evaluate the case study against the standards and audit requirements
  • Compliance Scorecard for meeting requirements of ISO 22301 and PS-Prep standards
  • Standards Compliant Templates for all major requirements  

Course Outline and Learning Objectives

Part 1:  Requirements of a Business Continuity Management System

Part 2:  Developing Strategies to Mitigate Risk

Part 3:  BCM Program Implementation - the elements of a BCM program and keeping it up to date

Part 4:  Embedding BCM into the Culture of the Organization

Part 5:  Program Improvement, Audit Practices, Writing the Audit Report, exam review and exam

As a result of successfully completing BCM 5000, students will demonstrate competence in and an understanding of the following areas:

  1. The key practices of a business continuity program for organizations of all sizes  
  2. The requirements for auditing business continuity programs under ISO 22301 and the PS-Prep standards  
  3. The essential elements of the standards
  4. Practical audit practices and how to write the audit report 

Attendees should have one or more of the following competencies:

  1. Experience in internal and / or 3rd party auditing 
  2. Experience / expertise in business continuity management    
  3. Understanding of standards and standard implementation  

Accreditation and Certification

 

BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor is accredited by the American National Standards Institute (ANSI).  ANSI is the only US accreditation body.    

Upon completion of BCM 5000 and passing the exam with a rate of 80% or higher, attendees will earn a certificate as an ISO 22301 Lead Auditor and/or BCMS Auditor.   

Register NOW!

Course Fee: $2,895.00 USD includes all course materials, breakfast, lunch, and refreshments. 

All course materials are shipped to you upon registration via FedEx.

Questions?  Contact Lynnda Nelson at toll free North America 866-765-8321, +1630-705-0910 or Education@theicor.org

   
ANSI
Upgrade your BCMS-Auditor or
BS-25999-1 Lead Auditor Certificate
to an ANSI-Accredited ISO 22301 Leader Auditor Certificate Online!
 
This elearning course is only for those practitioners who hold the ICOR BCMS-Auditor or the BS-25999-1 Lead Auditor Certificate.
BCM 5050: ISO 22301 Lead Auditor Training

BCM 5050 is an elearning course designed to provide those currently holding certificates as BCMS-Auditors and BS-25999-1 Lead Auditors with the knowledge to conduct ISO 22301 audits. 
As a result of successfully completing this course you will earn the ANSI Accredited ISO 22301 Lead Auditor Certificate.
  • Online exam included in course fee
  • Standards are not included in course materials (cost for both standards is over $300.00.)  
Course Outline:
  • In-depth review of ISO 22301 - Includes references to ISO 22313 - Guidance for 22301
  • Introduction to ISO 19011: 2011 - Guidelines for Auditing Management Systems
  • Introduction to ISO 17022:Conformity assessment - Requirements and recommendations for content of a third-party audit report on management systems
  • Templates for "Standards Compliance"
BCM 5050 is comprised of the following elements:
  1. Voice over Power Point Presentation (approximately 3 hours)
  2. Student Book (pdf download)  
  3. Templates for "Standards Compliance"
  4. Comparison of BS 25999 and ISO 22301 (excel spreadsheet)
  5. Comparison of the following BCM standards in an excel spreadsheet (drives content for the Templates)
    • ASIS SPC.1
    • ASIS BCM 01
    • NFPA 1600: 2010
    • ISO 22301
  6. Moving from BS 25999-2 to ISO 22301 (BSI)
  7. ISO 22301 Assessment Checklist (BSI)
  8. Online exam (approximately 1 hour to complete)  Consists of 10 short answer questions.  Passing is 80% or 80 points. 
Upon successful completion of the online exam, you will receive your updated ANSI Accredited ISO 22301 Lead Auditor Certificate. The course fee includes multiple submissions of the online exam. There is no additional fee to re-take the exam.
 

Register Now and Begin Today!

Questions?  Contact Lynnda Nelson at 866-765-8321 or Lynnda@theicor.org

While You May be Concentrating Your Efforts on Recovery after an Incident, Be Sure that Information Provided to the Media is What You Want Publicized

Part One of Three Regarding Your Crisis Communications

I recently had the pleasure of attending the 6th. Annual Business Continuity Symposium held in Rochester, New York, and sponsored by the Eastern Great Lakes Chapter of the Association of Contingency Planners (EGLACP). Chapter President John J. Luce and his organization staff lined up some great speakers and set a record for the number of sponsors attending the annual event.

The lead speaker was James W. Satterfield, President, COO and Founder of Firestorm Solutions, LLC, whose session was entitled “Crisis Management Reality Check: Consequence Management Lessons Learned After a Crisis”. At the start of the session, Mr. Satterfield asked “Have You Heard the One About Cannibalistic Rites Being Performed on a Major College Campus?“

...

http://www.strategicbcp.com/blog/cannibalism-how-to-handle-crisis-communications/

Thursday, 06 November 2014 17:16

Making the case for business resilience

By Shailendra Singh

Organizations today are presented with an ever-growing number of challenges, compounded by the speed of technological change and evolution, all of which act together to increase business risk.

In such an unpredictable environment, the ability to weather market and technological and financial stress is critical to sustainability. Reactive corporate disaster recovery is no longer sufficient. Resilient systems and processes that keep businesses running as usual during any crisis are the key to retaining competitive advantage.

One of the biggest issues facing organizations today is a plethora of unpredictable disruptions that have the potential to seriously destabilise business.

...

http://www.continuitycentral.com/feature1245.html

Thursday, 06 November 2014 17:15

PAS 7000 now available

BSI has launched PAS 7000, a universally applicable supply chain information standard for suppliers and buyers at organizations of all sizes around the globe. PAS 7000 ‘Supply Chain Risk Management- Supplier prequalification’ helps answer three key questions relating to any organization’s supply chain partners: Who are they? Where are they? Can they be relied upon?

The standard draws on the collective expertise of 240 professionals drawn from global industry associations and organizations, and it addresses product, process and behavioural criteria for supplier prequalification.

PAS 7000 has been created in response to industry demand, with three quarters of executives considering supply chain risk management important or very important (1). As supply chains increasingly span continents, and brands become ever more exposed due to the demand for increased transparency, the challenges for procurement teams to assess the suitability of suppliers increases. 63 percent of EMEA companies have experienced disruption to their value chain due to unpredictable events beyond their control in the last 12 months, at an average cost of £449,525 per incident per company (2).

PAS 7000 provides companies with a uniform set of common information requirements that reduces duplication of effort in completing tender forms and aids procurement in bringing consistency to the supplier base. It establishes a model of governance, risk and compliance information for buyers to pre-qualify suppliers and confirm their intention and ability, to adhere to key compliance requirements. This in turn helps organizations make an informed decision about whether or not to engage with a potential supply chain partner.

For further information and to download the standard free of charge visit: www.bsigroup.com/PAS7000 (registration required).

(1) Don’t play it safe when it comes to Supply Chain Risk Management – Accenture Global Operations Megatrends Study 2015
(2) Dynamic Markets – Managing the Value Chain in Turbulent Times – Oracle, March 2013.

undefined

At a Gala Dinner at the Science Museum in London on the 5th November, the Business Continuity Institute (BCI) hosted their Global Awards ceremony, an event to recognise the outstanding contribution of business continuity professionals and organisations from across the world.

The BCI Global Awards consist of ten categories – nine of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being chosen by their peers in a vote. As expected the entries received during the year were all to a high standard and the panel of judges had a difficult task deciding upon a shortlist to go forward to the ceremony.

Inevitably there can be only one winner in each of the categories and those who went home celebrating were:

  • Business Continuity Consultant of the Year: Bill Crichton FBCI, Managing Director and Principal Consultant at Crichton Continuity Consulting Ltd
  • Business Continuity Manager of the Year: John Zeppos FBCI, Group Business Continuity Management Director at OTE Group of Companies
  • Public Sector Business Continuity Manager of the Year: Brian Gray MBCI, Chief of Business Continuity Management at the United Nations
  • BCM Newcomer of the Year: Luke Bird MBCI, Business Continuity Executive at Atos
  • Business Continuity Team of the Year: Franklin Templeton Investments
  • Business Continuity Innovation of the Year: Deloitte
  • Business Continuity Provider of the Year (BCM Service): Continuity Shop
  • Business Continuity Provider of the Year (BCM Product): ezBCM
  • Most Effective Recovery of the Year: Bank of New Zealand
  • Industry Personality of the Year: Chittaranjan Kajwadkar MBCI

Steve Mellish, Chairman of the BCI said: "The geographical range of winners at tonight's awards is a sign of just how the industry is developing internationally and how global an organisation the BCI is. The high standard of entries we received gave the judges some very difficult decisions to make so my congratulations go to everyone who won for what is a tremendous achievement."

The BCI Global Awards are held annually and coincide with the BCI World Conference and Exhibition, one of the premier events in the global industry calendar. Held over two days, the conference features fifty exhibitors, a similar number of speakers and close to a thousand visitors.

Thursday, 06 November 2014 17:13

A Quick Guide to Advanced Persistent Threats

The world turns and things change – and that includes computer hacker approaches too. The immediate threats of malware and cybercriminals are relatively well-known. Phishing emails are designed to get you to click right away on a hacker’s link. Worms burrow through systems, always on the go. Viruses in that free software you should not have downloaded replicate and ravage. But now there’s a new menace with a different approach. Instead of attacking your system now, some hackers are making themselves at home for the longer term. They enter by stealth and lie low. Then they start to use your computers – just like they were their own computers. Welcome to the Advanced Persistent Threat or APT for short.

The goal of the Advanced Persistent Threat is typically not to do damage, but to steal data. The most sophisticated APTs require considerable effort and expertise, possibly requiring new internal system code. APT campaigns are also part of the spying arsenal of certain governments that can muster the high levels of hacking resources and expertise required.

...

http://www.opscentre.com.au/blog/a-quick-guide-to-advanced-persistent-threats/

Big Data is changing things, and not just because it requires shiny, new solutions such as Hadoop or Apache whatsit-of-the-week. As organizations use and assimilate Big Data, the more obvious it becomes that IT will need to reimagine some old standards in the data toolbox.

Why? The obvious reason is standard data tools aren’t designed to handle unstructured or high-velocity data. But there are other issues unique to Big Data that will require us to rethink the tools we’re using to manage, analyze and present the data. Here are two that have been in the news recently:

The Executive Dashboard

Executive dashboards were created over a decade ago to help leaders visualize specific enterprise metrics, such as key performance indicators. Not a lot has changed since then. That’s a problem in the era of Big Data, when insight is gained not so much through route reporting as it is through exploration.

...

http://www.itbusinessedge.com/blogs/integration/two-standard-data-tools-to-rethink-in-big-data-era.html

Now that the software-defined data center (SDDC) is nearly upon us, enterprise executives need to start asking a number of pertinent questions; namely, how do I build one, and what do I do with it once it is built?

In essence, the SDDC is more about applications than technology. The same basic virtual and cloud technologies that have infiltrated server, storage and now networking are employed to lift data architectures off of bare metal hardware and into software. But it is the way in which those architectures support enterprise apps, and the way in which the apps themselves are reconfigured to leverage this new, more flexible environment that gives the SDDC its cachet.

Until lately, however, the application side of the SDDC has been largely invisible, with most developments aimed at the platform itself. Last week, however VMware announced an agreement with India’s Tata Consulting Services (TCS) to develop pre-tested and pre-integrated applications for the SDDC. Under the plan, TCS will provide architectural support and operational expertise to help organizations transition legacy apps into virtual environments powered by VMware solutions, namely vSphere, NSX, Virtual SAN and the vRealize Suite. The deal also calls for the creation of a Center of Excellence to link data centers in Milford, Ohio and Pune, India to handle beta test and workload assessment functions.

...

http://www.itbusinessedge.com/blogs/infrastructure/application-support-in-the-software-defined-data-center.html