Spring World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 29, Issue 1

Full Contents Now Available!

Jon Seals

Tuesday, 03 November 2015 00:00

BCM 2000: Essentials of BCM Series

mplementing ISO 22301, 22313,
22320, 22398, 27031, 31000, 19011 & 17022
Includes BCI's 2013 Good Practice Guidelines 
Looking for a course that is based on international standards?
 
Looking for templates and examples on how to develop a Business Continuity Management System that meets the requirements of the standards? 
 
Do you like to have fun (and maybe even laugh out loud!) when you learn?
Then BCM 2000: Essentials of Business Continuity Management is the course for you!  Download the Brochure 

Course Description 
BCM 2000: Essentials of Business Continuity Management provides you with knowledge to develop a standards-based, auditable, and actionable business continuity program for your organization.
This course is the critical starting point to developing a program that can be certified ISO 22301. It is comprised of 10 individual modules that can be taken as a series or in combination over time.

Essentials of Business Continuity Management provides the foundation necessary for new or current professionals interested in either developing a career in Business Continuity Management, seeking certification, or for those professionals responsible for developing a business continuity program for their organization.

It is designed to expose the participant to all aspects of a holistic BCM program and to be a solid "how to"guide for building a business continuity program for all types of organizations.


Student activities are included throughout the course and are designed as knowledge checks to reinforce lesson materials and to provide attendees with hands-on activities that will enable them to become familiar with and apply these principles in their jobs.

Delivery Structure
Essentials of BCM is offered as an elearning course that includes the following elements: Download the Brochure
  • Voice over ppts teaching online
  • pdf's of the course book
  • Templates of how to implement the requirements of the standards (sample policies, reports, etc.)
  • Multi-media that is relevant & fun!
  • BCI's 2013 Good Practice Guidelines 
  • Case study
  • Open for Business Toolkit
  • Course review activities to evaluate for comprehension
  • Practice exam questions (for DRII's Qualifying Exam)
  • Online essay for CEU credit  
  • Email access to a qualified expert for questions
  • Online ISO 22301 Lead Implementer Certification Exam included in course fee 
Certification Requirements
Successful completion of the BCM 2000 series with a passing grade on the online ISO 22301 Lead Implementer exam completes the educational component for certification as an ISO 22301 Lead Implementer.

null
Holders of the ISO 22301 Lead Implementer certification are entitled to apply for statutory membership with the BCI at the AMBCI or MBCI level, subject to evidence of required experience.
With ISO 22301 as an international standard allowing companies to demonstrate their ability to cope with major threats; as well as provide a management systems approach to business continuity management, this course provides you with what you need to develop a program that complies with these certification standards.

Register Here

And if you have questions, don't hesitate to call or send an email.
Sincerely,
Lynnda Nelson, President
The International Consortium for Organizational Resilience
Education@theicor.org
866.765.8321 US/Canada  +1630.705.0910 International Calls
BCM 2000: Essentials of Business Continuity Management Series
BCM 2011: Business Continuity Program Development
BCM 2021: The Business Impact Analysis
BCM 2022: The Risk Assessment
BCM 2023: Developing Strategies / Options to Protect the Organization
BCM 2031: Plan Design, Program Structure, & Required Documentation
BCM 2032: Incident Response, Management & Communication
BCM 2033: Business Continuity & Recovery Plans
BCM 2035: Writing the ICT Continuity / IT DR Plan
BCM 2041: Awareness, Training, Testing & Exercising
BCM 2042: Program Evaluation, Improvement & Audit
BCM 2011:  BCM Program Development 
In order to develop a Business Continuity Management System, it is important to understand the requirements of management systems, the core concepts of business continuity, and how to determine the scope of the program, develop policy, and the requirements for leadership and governance. BCM 2011 provides an overview of each of these topics as the foundation for developing and managing the BCMS.  Register Here

BCM 2021:  The Business Impact Analysis
The BIA process is covered from beginning to end with a focus on the identification of the organization's key products and services and the critical activities and resources that support them.  Examples of BIA data gathering questions, methodology, analysis and reporting provided.  Register Here

BCM 2022: The Risk Assessment
Using the ISO 31000 standard on Risk Management as its basis, this course describes the process of conducting a risk assessment and analyzing the results to mitigate risks.  From risk identification, risk description, risk analysis, risk evaluation, risk communication, and risk reporting, this course covers the entire risk assessment process using an enterprise risk management approach.   A key requirement of the standards is the identification of the organization's risk appetite or acceptance and this course provides the methodology for this identification.
In addition, BCM 2022 includes a review of different quantitative and qualitative methods for analyzing risk. Register Here 

BCM 2023:  Developing Strategies / Options to Protect the Organization
This course introduces the student to the challenges of selecting the appropriate strategies / options
for the continuity and recovery of business processes, critical functions, operations and the supporting information technologies within the specified recovery time objective.  Building on the information gathered during the BIA and risk assessment, BCM 2023 explores how to evaluate the different strategies necessary for mitigating risk, continuing operations when possible, and recovering operations if interrupted. BCM 2023 reviews strategies for people, property, assets, technology and information, reputation, suppliers, and financial viability.  Register Here

BCM 2031:  Plan Design, Program Structure & Required Documentation
In order to develop the actual plan documents the organization will need to decide on the approach, methodology and the plan document structure. BCM 2031 outlines the necessary roles and responsibilities of the members of the organization, the key elements that must be included in every plan type, and how to meet the requirements for managing documentation.   Register Here

BCM 2032:  Incident Response, Management & Communications
Implementing procedures for responding to an incident of any kind, managing the incident, and ensuring successful communication with all interested parties before, during and after the incident is an essential requirement for all business continuity programs. BCM 2032 also ties to the requirements of ISO 22320 on Incident Management and PAS 200 on Crisis Management & Communications.  The objective of BCM 2032 is to develop and implement procedures for response to and stabilization of the situation following an incident or event, including establishing and managing an Emergency Operations Center and local command centers during the crisis. Register Here

BCM 2033:  Business Continuity & Recovery Plans
All of the procedures developed as part of strategy development need to be documented in the business continuity and recovery plan. BCM 2033 reviews the requirements for business continuity plans and how to document procedures according to ISO 22301.  Register here

BCM 2034:  ICT Continuity/IT DR Plans & Procedures 
The focus of the ICT Continuity and the IT Disaster Recovery Plan is on the IT infrastructure that supports the business operations and ensuring that the plan in place protects the key infrastructure of
the organization. ISO 27031 on ICT Continuity outlines the methodology for ensuring that the ICT infrastructure supports the BCM infrastructure to ensure that there are no unsupported critical processes and the RTOs can be met. BCM 2034 reviews the guidelines for ICT continuity under ISO 27031, ISO 27001, and NIST 800-34. Register here

BCM 2041:  Awareness, Training, Testing & Exercising 
Building a BCMS culture is an essential component of ensuring a successful program. Determining competence of all parties involved in the business continuity management system and increasing competence through awareness, training, testing, and exercising is a key component of this process and is vital to the success of the BCMS. BCM 2041 also aligns to the guidance of ISO 22398 for developing exercise programs.  Register here

BCM 2042: Program Evaluation, Improvement & Audit 
It is impossible to keep the BCM program current and actionable or to move to a management system without monitoring, measuring, analyzing, and evaluating the BCMS. BCM 2042 explores the requirements for internal audit and management review of the BCMS. Also included are the requirements for writing the audit report based on ISO 19011 and ISO 17022.  Register Here
Save 10%
Did you know that you can save 10% on all ICOR courses if you are a member of one of the following organizations?  Contact them to find out how or email info@theicor.org.
  • ICOR
  • ACP
  • AFCOM
  • ASIS
  • BRPA
  • BRPA SW
  • IAEM
  • IFMA
  • NEDRIX 
Become an ICOR Member Today!
Company’s World-Class Support Team Directly Provisions, Manages and Supports Microsoft Cloud Offerings

OMAHA, Neb.  — Cosentry, the leading provider of IT solutions in the Midwest, today announced its participation in the Microsoft Cloud Solution Provider program. Through the program, Cosentry will now offer Managed Office 365 Services along with its Managed Azure Services to customers. Microsoft’s program enhances Cosentry’s hybrid cloud offerings by enabling the company to sell combined offers and services, as well as directly provision, manage, support, and bill Microsoft products and services.

Cosentry combines expertise in Microsoft technology, customer requirements, and nine strategically located data centers across the Midwest to deliver the Microsoft Cloud Platform customized to meet specific customer needs.

“Cosentry has worked closely with Microsoft to technically validate our services and enable best-practice solutions for hybrid cloud deployments, including connections to Microsoft Azure global cloud,” said Brad Hokamp, CEO, Cosentry. “The combination of our hybrid cloud consulting and managed services expertise simplifies the adoption of the public cloud for our customers, allowing them to focus their internal resources on more strategic initiatives that support business growth and market differentiation.”

Through the Cloud Solution Provider program, Cosentry integrates Microsoft Cloud technologies to support mission critical and data-intensive workloads—without requiring the purchase of additional add-ons. The collaboration is a value-added extension to in-house IT teams and allows organizations to work on more strategic initiatives rather than the tactical aspects of migration, deployment and upgrades. Cosentry will now offer the following services:

Managed Azure Services:

·         Best practice architecture planning, implementation, migration, operation and optimization

·         Tailored governance to meet companies specific needs

·         Monitoring, response and resolution support provided 24/7/365

·         Security/compliance requirements for policy management

·         Account and identity management for Azure

·         Azure Billing is consolidated into the total Cosentry statement

·         Optional services include: implementation and support of data backup and disaster recovery

Managed Office 365 Services:

·         Initial environment assessment and performance recommendations

·         Consulting services for ensuring Office 365 is customized for unique requirements

·         Expertise in migration and deployment

·         Architecting hybrid environments synchronizing Office 365 with on premise Exchange

·         Configuration and monitoring

·         Automatic upgrades and maintenance

·         Real-time troubleshooting

“The Cloud Solution Provider Program puts our partners at the center of the customer relationship,” said Phil Sorgen, corporate vice president, Worldwide Partner Group at Microsoft Corp. “Through participation these partners have demonstrated dedication to helping our mutual customers successfully move to the cloud.”

In addition, today’s announcement broadens Cosentry’s integrated Managed Services portfolio which currently includes:

     Managed Cloud Services

     Managed Operating Systems

     Managed Database Services

     Managed Security Services

     Managed Network Services

     Managed Disaster Recovery Services

About Cosentry

Cosentry is the leading Midwest IT Solutions Provider, offering solutions that allow our clients to focus on their core business. Our customers can feel confident, knowing their IT Infrastructure is operating at the highest level of reliability, performance, and security. Cosentry has over a decade of experience providing data center services including Colocation, Cloud, Managed Hosting, and Managed Services. We operate as our client's local business partner, taking the time to truly understand their business while tailoring our solutions to meet each client's unique business and technical requirements. Whether virtualizing, consolidating, optimizing, or fully outsourcing data center and IT infrastructure, businesses can rely on Cosentry for help with resilient and versatile solutions. For more information, contact us at (866) 500-7661 or visit us at http://www.cosentry.com.

All product and company names herein may be trademarks of their registered owners.

(TNS) - It’s a day etched into the memories of all who watched the tragedy’s progression, and it’s a day that has forever changed the lives of America’s first responders.

It was on that day – Sept. 11, 2001 – that New York City’s police and fire departments rushed to the scene of the greatest terrorist attack on American soil, anxious to save as many trapped and incapacitated residents as possible from the burning World Trade Center towers.

But there was one notably significant problem – the two agencies couldn’t communicate with each other.

...

http://www.emergencymgmt.com/safety/Indianas-Howard-County-to-move-into-future-with-P25-radio-system.html

Tuesday, 03 November 2015 00:00

Hyperscale With CloudPlatform and HP Moonshot

Moonshot

HP’s Moonshot hardware is an interesting one. Each server by itself is a densely packed chassis with lots of microservers. And each can house as many as 1800 servers in a single 47U rack. It’s aimed workloads like IoTs, lightweight web serving and big data analytics.

Using CloudPlatform’s Baremetal capability, these servers can be provisioned with as much ease as spinning up a VM. Layered with the other orchestration capabilities like isolated networking and multi-tenanting that becomes one powerful solution that gives enormous flexibility to users who would like to make use of physical hardware directly for some of their workloads.

...

https://www.citrix.com/blogs/2015/11/03/hyperscale-with-cloudplatform-and-hp-moonshot/

Tuesday, 03 November 2015 00:00

Broker Survey: Insurers Writing More For Less

Business interruption, commercial property, general liability, umbrella, and workers’ compensation were the lines brokers most often noted had a decline in rates in the third quarter of 2015, according to the latest Commercial P/C Market Index Survey from the Council of Insurance Agents & Brokers.

Broker comments came as The Council survey found rates decreased across all lines by an average of 3.1 percent in the third quarter, compared with a 3.3 percent decline in the second quarter of 2015.

Large accounts saw the largest decreases at 4.1 percent, followed by medium-sized accounts at 3.8 percent, and small accounts at 1.4 percent.

...

http://www.iii.org/insuranceindustryblog/?p=4209

Do you remember those days when IT administrators had to deploy enterprise applications and had to continuously monitor the health of the workloads to ensure they are running at optimal performance and had to manually scale to meet changing demands? Indeed, they must have been be really tough days!

But here comes Citrix Lifecycle Management (CLM), which is going to alleviate all of your pains.

Trust me, I said “all” of your pains, and that’s just what we mean. CLM automates the delivery of application workloads through out-of-the-box Citrix verified Blueprints, and monitors the health, performance and availability of application workloads in real-time.

Today I am going to show you briefly how to gain advantage from CLM through operations, monitored metrics, and alerts for these metrics. This blog is just a cursory overview to demonstrate the immense value which CLM offers.

...

https://www.citrix.com/blogs/2015/11/03/sneak-peek-into-a-few-gems-of-citrix-lifecycle-management/

Attending BCI World? There's an app for that

With only a week to go until the BCI World Conference and Exhibition, have you decided what sessions you would like to attend yet? There are so many to choose from, it’s a difficult decision to make. To improve your conference experience, we have once again invested in an app to assist delegates with their planning, enabling them to stay up to date with the latest conference news, find out more about who is speaking or exhibiting, and network with fellow business continuity and resilience professionals.

The app includes biographies of speakers, details of exhibitors, and maps showing where everything is. The app can be used to take notes, create a calendar and bookmark those speakers, exhibitors or sponsors of interest. Over the two days there is a lot to take in so the app can be used to record all this.

Delegates can further enhance their networking opportunities by registering their details and so allow them and their colleagues to connect with one another during the conference and once it is over.

The app is available by visiting the App StoreGoogle Play or, if you don't have an Android phone or iPhone, you can still access it online.

ASIS International and RIMS have jointly announced the publication of the new ASIS/RIMS Risk Assessment ANSI Standard. This standard provides guidance on developing and sustaining a coherent and effective risk assessment program.

The ASIS/RIMS Risk Assessment Standard provides a framework and process for organizations to establish an ongoing program to evaluate risks and conduct individual risk assessments. The standard complements the ISO 31000 risk management standard and the ISO 31010 standard cataloguing risk assessment methodologies by providing a blueprint for the risk assessment process.

“Managing risk is about managing uncertainties in order to achieve strategic, tactical and operational objectives.  This includes identifying opportunities, minimizing potential losses, and building a more resilient organization and supply chain.  It is essential that decision-makers have accurate and dynamic information on uncertainties and their potential outcomes in order to help better assure their organizations thrive and survive,” stated ASIS Global Standard Initiative Commissioner Dr. Marc Siegel. “The ASIS/RIMS Risk Assessment Standard provides a blueprint for addressing enterprise-wide risk at all levels and regardless of the source.”

The standard presents a basis for a universal and integrated approach to risk management, including: building a risk assessment program; understanding the context for risk assessments; conducting a risk assessment, and using risk assessment outcomes for decision-making.

ASIS and RIMS members get one free download through their respective websites.  Others are welcome to purchase the standard through either organization’s online stores.

Tuesday, 03 November 2015 00:00

Three Words to Improve Disaster Outcomes

If I could say just three words to prepare someone for disaster it would be these: Disasters change things. All of the reasons for not being prepared, and for not following emergency instructions in a disaster (too hard, too expensive, no need), are tied to those words.

If you don’t believe disasters change things, you assume that you can handle whatever happens, and any investment into handling that better is unnecessary. This is our normalcy bias at work. Normalcy bias makes us believe that it won’t happen to us, and that if it does it won’t be that bad. That if we dial 911, help will come and that our actions will always have the same results, regardless of the circumstances.

Normalcy bias is more than believing that the rain will stop before the river floods; it’s assuming that there is nothing but smooth pavement under the water on the road, and being sure that your car can make it through. It’s thinking that the warning is probably overblown, and that you have plenty of time to evacuate because you know how long the route will take. Normalcy bias is not understanding that disasters change things.

...

http://www.emergencymgmt.com/disaster/Three-Words-to-Improve-Disaster-Outcomes.html

Strategic Relationship Extends Druva’s Public Cloud Portfolio for Data Governance and Availability

 

Sunnyvale, Calif. – Druva, the leader in converged data protection, today announced an expanded public cloud presence with the addition of a new strategic alliance, Microsoft Azure. Teaming with one of the world’s largest software providers, the company will extend its Druva cloud solutions to Microsoft’s public cloud and infrastructure platform.  This new relationship provides Druva customers with greater choice for global storage options to better meet their data storage, privacy and security needs, and also offers choice regarding their preferred infrastructure vendor.

The ever-growing number of compliance and legal requirements are forcing companies to retain ever more data, as well as be aligned to regional data privacy regulations.  This, coupled with an explosion in data growth, means organizations trying to keep pace with expanding traditional on-premise storage infrastructure is rapidly becoming unsustainable.  The public cloud has quickly become the more viable and secure option for this data and its governance and archival needs.  With Druva’s new Azure relationship, customers now have a wider set of choices to best meet their data growth, security and regionally specific regulation requirements.

“Druva has always taken a proactive approach to help our customers address their data availability and governance needs – and that involves offering customers strong data protection and security in the cloud for their sensitive workloads,” said Jaspreet Singh, CEO, Druva. “Our work with Microsoft Corp. underscores our commitment to broadening our cloud-related options and giving customers additional choice for deploying in the cloud securely and conveniently. Druva has quickly grown to become the defacto standard for data protection workloads in the public cloud.”

Azure will extend the data storage footprint of Druva inSync, the #1 rated analyst endpoint and cloud service data protection solution that integrates secure, scalable, high-performance backup, file sync across all user data, remote file access, data loss prevention, eDiscovery and automated compliance monitoring.  This new relationship provides increased flexibility of inSync deployments, new go-to-market channels and offers more regions to store customer sensitive data.

“The Microsoft Azure Marketplace delivers direct access to the cloud-ready applications and services customers are asking for,” said Steve Guggenheimer, Corporate Vice President and Chief Evangelist, Microsoft. “Druva built natively to the public cloud to take advantage of its elasticity, global presence and security to handle petabytes of customer data efficiently, which are also foundational elements of our Azure offering. Our mutual customers will reap the benefits of our joint efforts with cloud scalability and flexibility, always-on reliability, and international compliance support.”

Additional benefits of Druva availability on Azure include:

  • Security: Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards including Australia IRAP, UK G-Cloud, and Singapore MTCS. Microsoft was also the first to adopt the uniform international code of practice for cloud privacy, ISO/IEC 27018, which governs the processing of personal information by cloud service providers.
  • Global Availability: Broad international Microsoft datacenter locations provide 21 storage regions around the globe, including Canada and China --  enabling Druva customers to meet data residency needs posed by evolving regional data privacy regulations.
  • Microsoft Customer Advantage: Enterprise customers who have standardized on the Microsoft platform can utilize their contract license credits towards their Druva purchase.

Pricing and Availability:

Druva inSync plans begins at $6/user per month. Azure support will be generally available in 45 days.  To learn more about Druva public cloud choices, visit http://www.druva.com/elastic-cloud-platform/.

About Druva
Druva is the leader in converged data protection, bringing data-center class availability and governance to the mobile workforce. With a single dashboard for backup, availability and governance, Druva’s award-winning solutions minimize network impact and are transparent to users. As the industry's fastest growing data protection provider, Druva is trusted by over 3,000 global organizations on over 3 million devices. Learn more at www.druva.com and join the conversation at twitter.com/druvainc.