Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

With cyber threats on the rise putting businesses and industries at risk, it is more important than ever that organizations protect their information and that of their customers. It is no surprise, then, that ISO’s standard for information security, ISO/IEC 27001, has become so widely used. A new standard just published will take that a step further, helping to apply the requirements of this flagship standard to specific sectors.

Offering more tailored protection for specific sectors (e.g. finance, transportation and healthcare, and infrastructure projects such as smart cities) to ward off threats to their information has become a political, business and economic imperative, driving a need for sector-specific cyber standards. The recently published ISO/IEC 27009 will help standards developers do just that, providing the necessary advice and guidance on how to create standards that apply ISO/IEC 27001 to individual sectors.

ISO/IEC 27009, Information technology – Security techniques – Sector-specific application of ISO/IEC 27001 – Requirements, joins the ISO/IEC 27000 family of standards to help maximize the effectiveness of ISO/IEC 27001. It explains how to include requirements and controls additional to those in ISO/IEC 27001 that are applicable to specific sectors, enabling them to achieve consistency when developing standards in this family.

Prof. Edward Humphreys, Convenor of ISO/IEC SC 27/WG 1, the working group that developed the standard, said ISO/IEC 27001 is the international common language for information security management, so ISO/IEC 27009 will enhance this common language across the sector landscape and shape the development of standards for sector-specific information security and privacy.

“We have already developed several sector-specific standards, such as ISO/IEC 27011 for telecoms, ISO/IEC 27017 for cloud computing and ISO/IEC 27019 for the energy sector. These standards are examples of where controls, additional to those in ISO/IEC 27001, have been defined to meet the requirements of the specific sectors concerned. In developing these standards, it became clear that a harmonized structure and language, based on ISO/IEC 27001, and specific guidance would make the development of future sector-specific standards more effective, and avoid duplication.

“ISO/IEC 27009 will ensure that the development of new, and the revision of existing, sector-specific standards can all adopt an approach that is consistent with ISO/IEC 27001. Therefore, it will provide advice on how to add to, refine or interpret the requirements of ISO/IEC 27001 and how to add or modify the implementation guidance of ISO/IEC 27002 for sector-specific use.”

ISO/IEC 27009 can be purchased from your local ISO member or through the ISO Store.

Position based on Ability to Execute and Completeness of Vision

Philadelphia, Pa. – Strategic BCP® has been recognized again as a Leader in the 2016 Gartner Magic Quadrant for Business Continuity Management Planning (BCMP) Software, Worldwide. Strategic BCP’s BCMP software evaluated for this Magic Quadrant was ResilienceONE v.7.1; the current version is 8.0—one of thirteen vendor offerings evaluated.

In their report, Gartner states: “BCMP software is part of a growing category of IRMS focused on supporting a broader enterprise risk management (ERM) program, including operational risk. BCMP software is well positioned to address not just availability risk, but also the broader set of operational risks.”1

We are thrilled to be distinguished as leaders by Gartner three years in a row,” said Frank Perlmutter (CBCP, MBCI), president and founder of Strategic BCP. “ResilienceONE’s methodology saves time and money by streamlining cumbersome activities and providing sophisticated functionality to simplify complicated tasks. Our software innovations stem from listening to our customers and joining them as partners for BCM success.”

Experts from Strategic BCP have mapped, streamlined, and automated over 40 compliant BCMP job activities including program management, data gathering, analysis and reporting, testing, and maintenance. Customers report gains of over 94% in efficiency using ResilienceONE over current methods and other tools and are up and running in weeks with no implementation or configuration fees.

According to Gartner, it must be noted that, on average, 23% of the total implementation cost comes from professional services required to configure or customize the software for customer-specific BCM needs.

Access to the 2016 BCMP Magic Quadrant report is offered in a Newsletter from Strategic BCP featuring Gartner research that includes:

  • Gartner’s criteria for a fully-featured BCMP solution

  • In-depth reviews of each participating vendor

  • Current trends in the BCMP market

  • Case studies from Cisco, Gap, and DLL

  • BCM Professional’s Playbook Series

  • The BCP Genome: A Strategic Foundation

ResilienceONE’s BCMP capabilities are accessible for evaluation by scheduling a personal demonstration with an enterprise consultant.

About the Magic Quadrant

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1. Roberta J. Witty, John P. Morency; “Magic Quadrant for Business Continuity Management Planning Software,” Gartner, Jul. 11, 2016, pp. 5 of 37.

About Strategic BCP

Strategic BCP® is an award-winning Business Continuity Management Planning company. Our software, ResilienceONE®, enables real-time business resiliency and recovery with built-in intelligence and integrated mobile solutions offered in the Cloud or On-Premise. Our experts have mapped, streamlined, and automated over 40 compliant BCMP job activities including program management, data gathering, analysis and reporting, testing, and maintenance. ResilienceONE incorporates your expertise with no blank slate framework headaches or excessive required configurations. Strategic BCP’s professional services organization helps navigate obstacles within BC to Disaster Recovery and Strategic IT Planning.

In today’s regulatory climate, the Chief Compliance Officer faces increased personal liability for corporate wrongdoing. There are ways CCO’s can minimize personal risk on the job — but the process begins before accepting a CCO job offer in the first place.

Just as CCOs perform due diligence with third parties on behalf of their employers, they must perform their own due diligence on any potential employer during a job interview.

As a compliance-focused executive recruiter, I know the Yates Memo isn’t simply changing the way CCO’s do their jobs; it’s changing the way they look for jobs – so I asked compliance professionals around the world this month to share their best due diligence questions.



According to the results of a recent survey of 3,027 employees in the U.S., U.K., France and Germany (1,371 end users and 1,656 IT professionals), fully 62 percent of end users acknowledged that they have access to company data they probably shouldn't be able to see.

The study, conducted by the Ponemon Institute and sponsored by Varonis Systems, also found that 76 percent of IT pros said their organization had experienced the loss or theft of company data over the past two years, a significant increase from 67 percent who gave the same response in a 2014 study.

Eighty-eight percent of end users said their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, confidential business documents, or other sensitive data. Just 29 percent of IT professionals said their organizations enforce a least-privilege model to ensure that insiders only have access to company data on a need-to-know basis.



Finding an effective way to store vast amounts of energy is one of the most important and toughest pieces of the renewable-energy puzzle. Until it’s solved, users that need power around the clock will have to rely on regular grid power to pick up the slack when sun isn’t shining or wind isn’t blowing.

It is this piece of the puzzle that Microsoft is going after with its latest investment in research of alternative energy sources for its data centers. The company has partnered with    two companies and a university on a pilot program to research and test a new battery technology to see if it could provide a viable way to provide effective energy storage for its enormous global data center fleet.



Friday, 12 August 2016 00:00

How does the Brexit affect your business?

The world is constantly changing and as Business Continuity professionals it is our job to adapt and grow with it. About a month ago, the United Kingdom decided to leave the European Union. This event was known as the “Brexit”. The Brexit has sparked massive change and political uproar, quickly becoming an event to consider when creating and updating plans. But what does the Brexit mean for your company?

The Brexit not only affects Europe, but the entire corporate world. Leaving the EU umbrella provokes change to the UK’s laws that may directly impact your business. Some examples include trading agreements, laws concerning the way EU business is conducted in the UK, labor laws and immigration laws. These impending changes could negatively impact your business and prevent it from running the way it has been.



Friday, 12 August 2016 00:00

The Rise of Business-Driven IoT

Here are some common assumptions about the Internet of Things. Everybody wants in on it and, in the negative column, security and privacy are a nightmare.

There are problems with those conclusions, according to Jerry Chase, CEO and Kevin Walsh, ‎Vice President Marketing at Bsquare. Sure, the IoT field is trendy, but that isn’t enough to entice most industrial companies to invest in it. “Our view is that nobody is buying IoT,” Chase says—or at least not the operations departments, P&L centers, and business unit managers at industrial firms that the company is targeting. He continues: “Instead they’re buying better business outcomes.”

Furthermore, while security and privacy are hurdles, most of Bsquare’s industrial clients view those items like a box to check off rather than huge concerns. “I don’t think too many of [our customers] are all that concerned about security. It’s an interest for IT teams, but they already use standard protocols,” Walsh says. “It is a pretty tightly controlled secure environment. I think a lot of the alarmism is in the consumer space.”



More than half (51 percent) of IT managers polled recently said that data security is better in public cloud infrastructures than in their own corporate data centers, according to a new report released today.

The SADA Systems, Inc. survey of more than 200 enterprise IT professionals also found that 43 percent of respondents use third-party consultants to manage public cloud infrastructure.



Friday, 12 August 2016 00:00

When Disaster-Response Apps Fail

When a terrorist struck Nice, France, on July 14, a new French government app designed to alert people failed. Three hours passed before SAIP, as the app is called, warned people in and around Nice to the danger on the city’s waterfront during Bastille Day festivities.

This aspect of the tragedy highlights an emerging element of disaster preparation and response: the potential for smartphone apps, social media sites and information technology more broadly to assist both emergency responders and the public at large in figuring out what is happening and what to do about it.

A group I am in, with researchers from varied disaster-response backgrounds (including military, urban, wilderness and hospital service), has surveyed what’s already available on the market and found smartphone apps that can help providers and the public alike. Some help medical professionals deal with ordinary day-to-day work, viewing guidelines and medication databases, performing calculations, remotely monitoring patients’ vital signs and displaying radiology images. Others can help responders deal with chemical, biological, radioactive, nuclear and explosive disasters, which is useful for members of FEMA teams like the one I’m on. Apps for the public help them prepare for disasters, notify them of imminent problems, reconnect them with family members, and even help keep track of pets during emergencies.



(TNS) - Richwood, W. Va., residents still digging out from a late June flood are finding more problems to deal with.

Mayor Bob Henry Baber said one of the newest problems are dirt, mud, sand and large rocks that are clogging the town's storm drains.

“The Jet Truck can’t break up what’s inside those drains,” Bob Henry Baber said. “The drain that’s on Oakford Avenue has a creek coming out. That caused two more houses to receive flooded basements.”

While that’s causing a headache, an even bigger problem is bubbling under the river.