Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

Jon Seals

SAN FRANCISCO – A staggering 43% of companies have experienced a data breach in the past year, an annual study on data breach preparedness finds.

The report, released Wednesday, was conducted by the Ponemon Institute, which does independent research on privacy, data protection and information security policy.

That's up up 10% from the year before.

The absolute size of the breaches is increasing, said Michael Bruemmer, vice president of the credit information company Experian's data breach resolution group, which sponsored the report.

"Particularly beginning with last quarter in 2013, and now with all the retail breaches this year, the size had gone exponentially up," Bruemmer said.

He cited one large international breach few Americans have even heard about. In January, 40% of South Koreans—a total of 20 million people—had their personal data stolen and credit cards compromised.



WAYNE, Pa. – Sungard® Availability Services™ (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, today announced it is partnering with Kahua, Inc. to support Kahua's global collaborative Platform-as-a-Service (PaaS) offering by providing expert management of infrastructure, network and application security.

In search of robust data and security support, Kahua turned to Sungard AS for managed hosting services in a colocation environment. Sungard AS acts as an extension of Kahua's IT team, delivering security services, disaster recovery, firewall, and Log and Threat Manager by Alert Logic.

"The value Sungard AS brings us for availability and security best practices is unrivaled," said Scott Unger, co-founder and CEO of Kahua, Inc.  "With a small IT team, we turn to Sungard AS for their professional and seasoned security expertise, the ability to scale operations up and down as needed, and their international reach to support our global expansion," he added.  "This is a true partnership – we leverage Sungard AS for their security and network consultative experience to assist us with our highly complex environment."

Kahua is one of the first cloud-based platforms to deliver on the full promise of B2B collaboration, allowing individual stakeholders in a construction project to own, control and seamlessly share project workflows, data and applications between stakeholders. Kahua's technology enables each business entity to independently maintain and own their Kahua system, apps and data related to a project.

"Like many companies today with a smaller IT staff, Kahua trusts Sungard AS to manage its complex IT infrastructure," said Jack Dziak, executive vice president, global products, Sungard AS. "Sungard AS enables companies like Kahua to focus on their own business so they can grow and scale exponentially, while we focus on their availability and security needs."

The Kahua project management and collaboration platform serves customers in the commercial construction, EPCM (Engineering/Procurement/Construction/Management), government and transportation fields. By seamlessly connecting multiple stakeholders, Kahua's platform removes a tremendous amount of redundancy and cost.

Sungard AS leverages its scale and global reach to address its approximately 7,000 customers' cloud, managed hosting and recovery-services needs.  For additional information on Sungard AS, please visit www.sungardas.com.

About Kahua
Kahua is the first cloud-based platform to deliver on the full promise of business-to-business collaboration. This next generation project management and collaboration platform manages all of the documents, communications and costs associated with a project. By enabling each project stakeholder to create, manage and control its own independent applications and data, organizations can connect worldwide in a collaborative environment. For more information, visit www.kahua.com.

About Sungard Availability Services
Sungard® Availability Services™ (Sungard AS) has more than 30 years of experience providing flexible availability services that help ensure organizations keep applications always on, always available. The company leverages its proven expertise to provide managed IT services, information availability consulting services, business continuity management software and disaster recovery services to clients in North America, Europe and India. Sungard AS helps customers improve the resiliency of their mission critical systems by designing, implementing and managing cost-effective solutions using people, process and technology to address enterprise IT availability needs.

 To learn more, visit www.sungardas.com or call 1-800-468-7483. Connect with us on Twitter @Sungardas, LinkedIn and Facebook.

Sungard Availability Services is a trademark of SunGard Data Systems or its affiliate, used under license.   The Sungard Availability Services logo by itself and Recover2Cloud are trademarks of Sungard Availability Services Capital, Inc. or its affiliate. All other company and product names may be trademarks of their respective companies with which they are associated.

Research conducted by Databarracks has revealed a significant disparity between organizations’ attitudes and approaches to business continuity and disaster recovery. The findings indicate that while medium and large organizations are confidently implementing business continuity plans, small organizations are putting themselves at risk by failing to follow suit.

The findings are part of Databarracks’ fifth annual Data Health Check report, which surveys over 400 IT professionals in the UK on the changing ways in which technology is used by businesses today.

The results revealed that only 30 percent of small organizations had a business continuity plan in place, compared with 54 percent of medium and 73 percent of large businesses. Perhaps even more concerning is that when asked if the organization intended to implement a BCP in the next 12 months, over 40 percent of small organizations had no intention to do so.

Other key findings included:

  • Hardware failure (21 percent), software failure (19 percent) and human error (18 percent) were reported as the top causes of data loss;
  • Large organizations are more than twice as likely to have tested their disaster recovery plans in the last year compared to small organizations;
  • ‘Lack of time’ was deemed to be the biggest factor for all organizations not testing their disaster recovery plans (35 percent), this was closely followed by ‘cost’ (18 percent) and ‘lack of skilled staff to carry out testing’ (18 percent).


IBM has announced the opening of its new Cloud Resiliency Center in Research Triangle Park (RTP), North Carolina. The new facility provides state-of-the-art business continuity capabilities in the cloud to protect companies from potential costly disruptions.

IBM’s new Resiliency Center integrates cloud and traditional disaster recovery capabilities with innovative physical security features. With cloud resiliency services, the recovery time of 24 to 48 hours that was once deemed the industry standard has shrunk dramatically to a matter of minutes.

Open 24 hours a day, seven days a week, the Resiliency Center team will monitor developing disaster events and then mobilize as needed to ensure that the infrastructure for all customers is configured to handle the latest threats to keep data, applications, people and transactions secure.

IBM has also announced that it will be opening two new cloud based resiliency centers in Mumbai, India and Izmir, Turkey.


Technology helps organisations to get more done in less time. However, technology alone cannot guarantee business continuity. Solid business processes also contribute to resilience, but there’s another kind of ‘glue’ that can make the difference between enterprises that stand or fall when the going gets tough. It’s organisational culture, or “the way we do things round here”. This is an element that business continuity managers must factor into their planning, for at least two reasons. Firstly, and as we’ve just said, it’s because it’s important – in fact, essential – to BC. Secondly, because someone whose support the BC manager must get is also likely to make organisational culture a top priority.



Tuesday, 23 September 2014 15:08

You Should Never Ignore IT Security Warnings

I was hardly surprised to see Home Depot-related emails showing up in my inbox over the weekend. After all, it may be the largest breach ever, with at least 56 million credit cards compromised.

It also now appears that Home Depot is the new poster child for what happens to a company, both in terms of data loss and of its reputation, when it ignores the warnings that it is at a high threat level.

According to a number of reports, Home Depot management had been warned for years – years – that its network was vulnerable to a serious cybersecurity attack. But it appears that upper management refused to take these warnings seriously. The New York Times reported:

In recent years, Home Depot relied on outdated software to protect its network and scanned systems that handled customer information irregularly, those people said. Some members of its security team left as managers dismissed their concerns. Others wondered how Home Depot met industry standards for protecting customer data. One went so far as to warn friends to use cash, rather than credit cards, at the company’s stores.



It’s referred to as the Big One, the cataclysmic earthquake that will devastate Los Angeles when the ground around the San Andreas Fault gives a dramatic heave.

Seismologists agree that it’s a matter of when, not if, it happens, and that the resulting damage will be incalculable in the city of more than 4 million residents and 400,000 businesses.

Emergency response will have to come on multiple fronts at once. Beyond the immediate imperative of saving lives, the emergency community will need to coordinate activities in the realms of transportation, health, finances and diverse other sectors to stabilize the city. Water will be a particular concern in an area that relies largely on outside sources for its supply.



(MCT) — Nobody knew what to call it in 1859, when the most dramatic solar storm on record shocked telegraph operators, set their paper ablaze and lit up the horizon with brilliant auroras.

Sky watchers now know the sun can belch out dozens of solar flares and related eruptions every year, including one that put electricity grid monitors on alert this month.

Bursts known as a coronal mass ejections especially can destabilize the power grid by causing vibrations in the Earth's magnetic field, as NASA explains. Those vibrations cause invisible electric currents that can overwhelm circuitry and lead to prolonged shutdowns.

Solar researchers say their challenge is figuring out which bursts threaten disruption on the scale of the so-called Carrington Event, which bedeviled telegraph operators and crippled communication systems in 1859.



(MCT) — With canned peaches and tuna, marshmallows and Spam, professional chefs competed Saturday to show Houstonians that they can eat more than just peanut butter and jelly during a natural disaster.

Chef Kate McLean of Tony's won the 2nd annual Ready Houston Preparedness Kit Chef's Challenge at Market Square with a dish judge Albert Nurick said he "could see on the menu exactly as it is."

"The creativity is off the hook on this one," said Nurick, writer for the H-Town Chow Down blog.

On a fold-out table with a camp stove and average household cookware, McLean created a play on fish and chips. She and her competitors — David Grossman of Fusion Taco, Jonathan Jones of El Big Bad, Travis Lenig of Liberty Kitchen & Oysterette and Kevin Naderi of Roost — had 25 minutes to cook after lifting a tablecloth off a surprise stack of non-perishable items.



How Closely is Your Organization's BCM Program Aligned to ISO 22301?

The International Consortium for Organizational Resilience (ICOR) is committed to increasing the resilience of organizations in an effort to increasing the resilience of communities world-wide.  As part of this commitment, ICOR has created a process to formally recognize an organization's Self-Declaration of Conformity to ISO 22301.  This process is intended to support and promote eventual third-party certification by providing organizations a tool to improve their Business Continuity Management (BCM) programs and to conform to ISO 22301 requirements.

The ICOR Self-Declaration of Conformity (SDoC) to ISO 22301 is available to organizations of all sizes globally.  It is a process where an organization declares formally that its Business Continuity Management System (BCMS) meets the requirements of ISO 22301:  Societal Security - Business Continuity Management Systems - Requirements.

One element of this process is the development of an ISO 22301 Maturity Model that organizations can use to self-assess the capability and maturity of their Business Continuity Management System (BCMS) using the International Standard ISO 22301 as a reference.  The ISO 22301 Maturity Model excel tool was created using the Virtual BCMM as a reference. 


Determination of an ICOR verified Self-Declaration of Conformity

Determination of meeting the requirements is based on a combination of the following scores and criteria:

  1. Completion and submission of ISO 22301 Maturity Model with a minimum overall score of 2.5 with no single competency area scoring less than 2.0.  3.0 is a perfect score.
  2. Successful completion of Biographical Data and review by ISO 22301 Auditor
  3. Successful completion of BCMS Information and review by ISO 22301 Auditor
  4. Submission of Required Documents or "Proofs" and review by ISO 22301 Auditor

Upon successful completion of the online application (including completion of the ISO 22301 Maturity Model) your application will be evaluated by an ISO 22301 Lead Auditor with credentials earned from ICOR, BSI, or PECB.  Estimated time for evaluation is less than 30 days.  

If your application is verified, your organization's self-declaration of conformity will be listed on the ICOR SDoC webpage.  In addition, your organization will receive a certificate verifying your self-declaration and may use the ISO 22301 SDoC "mark" as evidence of the ICOR verification.  Verification is valid for 3 years.


Link here for more information  

Email all questions to ISO22301@theicor.org.   


ISO 22301 Maturity Model only:  $995.00 USD 

ISO 22301 Application:  $2,495.00 USD (Includes Maturity Model)