Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

We spend hours developing plans and strategies – preparing for possible emergency events that we hope will never happen. Many of our colleagues, and let’s be honest, even some of our management team, believe this planning is of little value. They feel that we only need the documentation to “check the box” for an audit. The implied desire is to get it done as quickly and with as little use of resources as possible. We may fall into the trap of being influenced by those feelings, generating what seems like good documentation that, when looking deeper and more objectively, is really just a lot of words that may not be usable.

For this week’s blog, the functional item we are considering is communication. We all know that during an emergency event communication will be critical, and we understand the basic groups and type of information we must communicate. Though the items below may seem obvious, many do not take the time to ensure that the appropriate planning is in place – it is assumed that everything will work when needed.



Big Data implementations are invariably built around Hadoop, Apache Spark and other open source solutions. And since these constructs must integrate into the broader enterprise data ecosystem at some point, is it possible that open source will come to rule the data center as a matter of course?

The idea might not be as outlandish as it sounds. As business models across multiple industries come to rely on the insights gleaned from predictive analytics and broadly federated data infrastructure, proprietary systems may emerge as more a help than a hindrance. And while open systems tend to require quite a bit of in-house knowledge for both provisioning and management functions, many of these tasks are likely to be automated in the coming decade, providing for more user- and enterprise-friendly environments.



CyrusOne has acquired a big parcel of land in Northern Virginia, the biggest and most coveted data center market in the US, the company announced Tuesday. The parcel gives the data center provider room to expand in a key region where it is currently at capacity.

The Northern Virginia data center market is continuing to snowball. It is a high-demand data center location because of the big cluster of data centers and network infrastructure that are already there.

Companies that have data centers there want to continue expanding there, and ones that don’t want to access the rich ecosystem that’s grown in Northern Virginia over the years.



It’s 2016, yet IT experts are still challenged with how to effectively and efficiently cool their data center. The cooling process accounts for 40 percent of all power consumed by data centers, so this question is a top priority for operators. Ensuring optimal cooling in a data center not only lowers operational expenditure, but it reduces the strain on equipment cooling mechanisms, extending the lifespan of the hardware; and freeing up power for IT equipment, increasing equipment uptime. The decision to invest in cooling infrastructure is easy, however, choosing the method with which you regulate temperature within the data center can be more challenging.

Cooling and efficiency strategies are constantly evolving, with companies like Microsoft going so far as to drop a self-contained data center into the ocean. However, you do not need to plunge your equipment into the sea or move to the Arctic to keep yours cool. Hot-aisle containment (HAC) and cold-aisle containment (CAC) are the primary methods used by leading businesses to reduce energy and optimize equipment performance within the data center. This proven and highly effective methodology of cooling has emerged as a new best practice within the industry.



Wednesday, 15 June 2016 00:00

Risk Landscape: Coverage Trends to Watch

Being aware of your company’s new and changing risks is critical for sound risk management. As the year progresses, we have identified growing risks facing companies, and their directors and officers, that are likely to impact policyholders. These risks include cybersecurity, Telephone Consumer Protection Act (TCPA) lawsuits, drones, wage and hour lawsuits and food recalls. The risks and issues to watch out for are expanded below:


Cyberattacks against businesses doubled in 2015 and are expected to continue to increase as attackers become even more sophisticated. Watch out for:

Phishing scams and social engineering fraud. In social engineering scams, hackers utilize phishing, purporting to be legitimate employees or third parties try to trick businesses into wiring funds or allow access to their systems. Although many businesses have crime insurance that covers “computer systems fraud,” ambiguous provisions or liability limits may restrict coverage. Some courts have held that fraud coverage applies only when intrusions are unauthorized, but not when an unwitting employee falls prey to an online scam.

Data breaches. Companies should also be conscious about their coverage for data breaches, which increasingly present significant exposures. Insurers often contest whether data breaches constitute “publication” of private information, and, if so, whether an insurer’s duty to defend applies. This is particularly important as the storage of consumer data is a lynchpin of many businesses’ operations and marketing.
Businesses need to ensure that their commercial insurance policies adequately cover their business risks and consider purchasing dedicated cyber policies.



CSR is something that companies today are taking more and more seriously. It is no longer just a way to get better press from journalists, it is a fully fledged strategy to effectively run a company, creating a sustainable and pleasant environment for both employees and customers.

Traditionally we have seen that this has revolved around charity work, sustainable business practices, environmental efforts, and supply chain management. However, in recent years, it has become a question of transparency. Essentially, if we can't see what a company is doing, it cannot be trusted. Data has had a big impact on this, allowing people to see how a company is operating without bias.

However, it is not only in the use of data to show good CSR, but increasingly their use of data is part of good CSR.



Wednesday, 15 June 2016 00:00

BCM 2000: Essentials of BCM Series


Implementing ISO 22301, 22313,
22320, 22398, 27031, 31000, 19011 & 17022
Includes BCI's 2013 Good Practice Guidelines 
Looking for a course that is based on international standards?
Looking for templates and examples on how to develop a Business Continuity Management System that meets the requirements of the standards? 
Do you like to have fun (and maybe even laugh out loud!) when you learn?
Then BCM 2000: Essentials of Business Continuity Management is the course for you!  Download the Brochure 

Course Description 
BCM 2000: Essentials of Business Continuity Management provides you with knowledge to develop a standards-based, auditable, and actionable business continuity program for your organization.
This course is the critical starting point to developing a program that can be certified ISO 22301. It is comprised of 10 individual modules that can be taken as a series or in combination over time.

Essentials of Business Continuity Management provides the foundation necessary for new or current professionals interested in either developing a career in Business Continuity Management, seeking certification, or for those professionals responsible for developing a business continuity program for their organization.

It is designed to expose the participant to all aspects of a holistic BCM program and to be a solid "how to"guide for building a business continuity program for all types of organizations.

Student activities are included throughout the course and are designed as knowledge checks to reinforce lesson materials and to provide attendees with hands-on activities that will enable them to become familiar with and apply these principles in their jobs.

Delivery Structure
Essentials of BCM is offered as an elearning course that includes the following elements: Download the Brochure
  • Voice over ppts teaching online
  • pdf's of the course book
  • Templates of how to implement the requirements of the standards (sample policies, reports, etc.)
  • Multi-media that is relevant & fun!
  • BCI's 2013 Good Practice Guidelines 
  • Case study
  • Open for Business Toolkit
  • Course review activities to evaluate for comprehension
  • Practice exam questions (for DRII's Qualifying Exam)
  • Online essay for CEU credit  
  • Email access to a qualified expert for questions
  • Online ISO 22301 Lead Implementer Certification Exam included in course fee 
Certification Requirements
Successful completion of the BCM 2000 series with a passing grade on the online ISO 22301 Lead Implementer exam completes the educational component for certification as an ISO 22301 Lead Implementer.

Holders of the ISO 22301 Lead Implementer certification are entitled to apply for statutory membership with the BCI at the AMBCI or MBCI level, subject to evidence of required experience.
With ISO 22301 as an international standard allowing companies to demonstrate their ability to cope with major threats; as well as provide a management systems approach to business continuity management, this course provides you with what you need to develop a program that complies with these certification standards.

Register Here

And if you have questions, don't hesitate to call or send an email.
Lynnda Nelson, President
The International Consortium for Organizational Resilience
866.765.8321 US/Canada  +1630.705.0910 International Calls
BCM 2000: Essentials of Business Continuity Management Series
BCM 2011: Business Continuity Program Development
BCM 2021: The Business Impact Analysis
BCM 2022: The Risk Assessment
BCM 2023: Developing Strategies / Options to Protect the Organization
BCM 2031: Plan Design, Program Structure, & Required Documentation
BCM 2032: Incident Response, Management & Communication
BCM 2033: Business Continuity & Recovery Plans
BCM 2035: Writing the ICT Continuity / IT DR Plan
BCM 2041: Awareness, Training, Testing & Exercising
BCM 2042: Program Evaluation, Improvement & Audit
BCM 2011:  BCM Program Development 
In order to develop a Business Continuity Management System, it is important to understand the requirements of management systems, the core concepts of business continuity, and how to determine the scope of the program, develop policy, and the requirements for leadership and governance. BCM 2011 provides an overview of each of these topics as the foundation for developing and managing the BCMS.  Register Here

BCM 2021:  The Business Impact Analysis
The BIA process is covered from beginning to end with a focus on the identification of the organization's key products and services and the critical activities and resources that support them.  Examples of BIA data gathering questions, methodology, analysis and reporting provided.  Register Here

BCM 2022: The Risk Assessment
Using the ISO 31000 standard on Risk Management as its basis, this course describes the process of conducting a risk assessment and analyzing the results to mitigate risks.  From risk identification, risk description, risk analysis, risk evaluation, risk communication, and risk reporting, this course covers the entire risk assessment process using an enterprise risk management approach.   A key requirement of the standards is the identification of the organization's risk appetite or acceptance and this course provides the methodology for this identification.
In addition, BCM 2022 includes a review of different quantitative and qualitative methods for analyzing risk. Register Here 

BCM 2023:  Developing Strategies / Options to Protect the Organization
This course introduces the student to the challenges of selecting the appropriate strategies / options
for the continuity and recovery of business processes, critical functions, operations and the supporting information technologies within the specified recovery time objective.  Building on the information gathered during the BIA and risk assessment, BCM 2023 explores how to evaluate the different strategies necessary for mitigating risk, continuing operations when possible, and recovering operations if interrupted. BCM 2023 reviews strategies for people, property, assets, technology and information, reputation, suppliers, and financial viability.  Register Here

BCM 2031:  Plan Design, Program Structure & Required Documentation
In order to develop the actual plan documents the organization will need to decide on the approach, methodology and the plan document structure. BCM 2031 outlines the necessary roles and responsibilities of the members of the organization, the key elements that must be included in every plan type, and how to meet the requirements for managing documentation.   Register Here

BCM 2032:  Incident Response, Management & Communications
Implementing procedures for responding to an incident of any kind, managing the incident, and ensuring successful communication with all interested parties before, during and after the incident is an essential requirement for all business continuity programs. BCM 2032 also ties to the requirements of ISO 22320 on Incident Management and PAS 200 on Crisis Management & Communications.  The objective of BCM 2032 is to develop and implement procedures for response to and stabilization of the situation following an incident or event, including establishing and managing an Emergency Operations Center and local command centers during the crisis. Register Here

BCM 2033:  Business Continuity & Recovery Plans
All of the procedures developed as part of strategy development need to be documented in the business continuity and recovery plan. BCM 2033 reviews the requirements for business continuity plans and how to document procedures according to ISO 22301.  Register here

BCM 2034:  ICT Continuity / IT DR Plans & Procedures 
The focus of the ICT Continuity and the IT Disaster Recovery Plan is on the IT infrastructure that supports the business operations and ensuring that the plan in place protects the key infrastructure of
the organization. ISO 27031 on ICT Continuity outlines the methodology for ensuring that the ICT infrastructure supports the BCM infrastructure to ensure that there are no unsupported critical processes and the RTOs can be met. BCM 2034 reviews the guidelines for ICT continuity under ISO 27031, ISO 27001, and NIST 800-34. Register here

BCM 2041:  Awareness, Training, Testing & Exercising 
Building a BCMS culture is an essential component of ensuring a successful program. Determining competence of all parties involved in the business continuity management system and increasing competence through awareness, training, testing, and exercising is a key component of this process and is vital to the success of the BCMS. BCM 2041 also aligns to the guidance of ISO 22398 for developing exercise programs.  Register here

BCM 2042: Program Evaluation, Improvement & Audit 
It is impossible to keep the BCM program current and actionable or to move to a management system without monitoring, measuring, analyzing, and evaluating the BCMS. BCM 2042 explores the requirements for internal audit and management review of the BCMS. Also included are the requirements for writing the audit report based on ISO 19011 and ISO 17022.  Register Here
Save 10%
Did you know that you can save 10% on all ICOR courses if you are a member of one of the following organizations?  Contact them to find out how or email info@theicor.org.
  • ICOR
  • ACP
  • ASIS
  • BRPA
  • IAEM
  • IFMA
Become an ICOR Member Today!
US-based health service provider chooses Solgari’s communication software technology to help drive regional expansion


LONDONSolgari, the provider of the world’s first complete business communications cloud software solution, has today announced the delivery of an integrated and compliant cloud telephony and web collaboration solution to Cascade Health Services across a number of US locations.


Over the last 12 months, US-based health service provider, Cascade Health Services, has been undergoing significant growth with the opening of a number of new healthcare services. As a result, it needed to readdress its communications technology. The company chose Solgari due to the fact that its communication software allows new service sites and users to go live immediately, while also covering HIPAA compliance requirements around the encryption of client data that may be stored in the cloud call archiving service. Solgari provides all services to Cascade Health Services through one integrated cloud software platform, reducing complexity and removing the need for maintenance on-site, resulting in significant cost savings.


“Cascade Health Services is expanding rapidly and the use of compliant and flexible cloud based technology is important in meeting our goals,” said Amanda de Castro, Director of Clinical Operations at Cascade. “With HIPAA regulations, all our providers must conform to the highest security and compliance standards. Solgari’s cloud software platform has a long and successful track record in delivering compliant solutions within the healthcare space, in addition to providing all the communication services we need over the internet.”


Solgari is the only global cloud business communications vendor that delivers business telephony, call and video conferencing, desktop sharing, contact centre, IVR, call archiving, call encryption, PCI DSS compliance and carrier requirements through an integrated software platform. Customers pick and choose the services they require, where and when they need them, saving time, resources and cost.


“Our cloud business communication software solution for the healthcare industry provides a great example of the power of our platform and we are delighted to deliver this capability to Cascade Health Services,” said Vance Harris, CTO at Solgari. “Our services are ideal for fast growing companies with heavy regulatory requirements, whilst providing them with a reliable, scalable and cost effective system.”


About Cascade Health Services

Cascade is a leading provider of supplemental and permanent medical, therapy and support staff in the US. Founded in 1988, Cascade is one of the largest and most established health services agencies in the Midwest.


About Solgari

Solgari has developed the technology, network and partnerships to deliver the world’s first complete enterprise cloud business communications software solution. No boxes, no licenses, no software upgrades, no capital expenditure, Solgari is unique. Solgari is a licensed telco, integrated with a scalable and modular cloud software platform, providing every service from Cloud Telephony, Call & Video Conferencing, Desktop Sharing up to the most intelligent Contact Centre, covering call encryption and meeting FCA, SEC, Central Bank and PCI DSS Compliance. Solgari’s customers can pick and choose the services required, where and when through a subscription based model. For more information, please visit the company website and learn more about Solgari’s solutions at www.solgari.com.

ARMONK, N.Y. - IBM Security (NYSE: IBM) today announced the results of a global study analyzing the financial impact of data breaches to a company’s bottom line. Sponsored by IBM and conducted by the Ponemon Institute, the study found that the average cost of a data breach for companies surveyed has grown to $4 million, representing a 29 percent increase since 2013.

Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014.1 As these threats become more complex, the cost to companies continues to rise. In fact, the study2 found that companies lose $158 per compromised record. Breaches in highly regulated industries were even more costly, with healthcare reaching $355 per record – a full $100 more than in 2013.

Slow Response and Lack of Planning Cost Companies Millions

According to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – saving companies nearly $400,000 on average (or $16 per record). In fact, response activities like incident forensics, communications, legal expenditures and regulatory mandates account for 59 percent of the cost of a data breach.2 Part of these high costs may be linked to the fact that 70 percent of U.S. security executives report they don’t have incident response plans in place.3

The process of responding to a breach is extremely complex and time consuming if not properly planned for. Amongst the required activities, a company must:

  • Work with IT or outside security experts to quickly identify the source of the breach and stop any more data leakage

  • Disclose the breach to the appropriate government/regulatory officials, meeting specific deadlines to avoid potential fines

  • Communicate the breach with customers, partners, and stakeholders

  • Set up any necessary hotline support and credit monitoring services for affected customers

Each one of these steps takes countless hours of commitment from staff members, taking time away from their normal responsibilities and wasting valuable human resources to the business.

Incident response teams can expedite and streamline the process of responding to a breach, as they’re experts on what companies need to do once they realize they’ve been compromised. These teams address all aspects of the security operations and response lifecycle, from helping resolve the incident, to satisfying key industry concerns and regulatory mandates. Additionally, incident response technologies can automate this process to further speed efficiency and response time.

The study also found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million).

The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.

The study found that companies that had predefined Business Continuity Management (BCM) processes in place found and contained breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without BCM. 4

Analyzing the Cost of a Data Breach

The annual Cost of a Data Breach study examines both direct and indirect costs to companies in dealing with a single data breach incident. Through in depth interviews with nearly 400 companies across the globe, the study factors in costs associated with breach response activities, as well as reputational damage and the cost of lost business.

“Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent 'cost of doing business' in the cybercrime era," said Dr. Larry Ponemon. "The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

For more details on the study, the full report is available on the IBM X-Force Research Library. Country-specific reports are also available for the United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia), Canada and South Africa.

This year, IBM increased its investment in the Incident Response market with the acquisition of Resilient Systems. Resilient’s Incident Response Platform (IRP) empowers security teams to analyze, respond, and mitigate incidents faster and more efficiently. The newest version of the platform, announced today, includes Resilient Incident Visualization, which graphically displays the relationships between Indicators of Compromise (IOCs) and incidents in an organization’s environment.

“The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don’t have a plan in place to deal with this process efficiently,” said Ted Julian, Vice President, Resilient an IBM Company. “While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event.”

IBM also recently launched IBM X-Force Incident Response Services, which include consulting and managed security services to help clients manage all aspects of responding to a cyber breach.

About IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 20 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. For more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

About IBM Resiliency Services

IBM Resiliency Services offers an innovative portfolio of resiliency solutions and services, including Business Continuity Management, that assist virtually every aspect of business disruption Today, more than 6,000 IBM resiliency professionals build, deploy, and manage industry-leading cloud capabilities to help you maintain continuous business operations and improve overall resiliency for your organization. For more information, visit http://ibm.co/1cqLDOz and follow @IBMServices.

Intelligent HCI With Tiering Appliance Changes the Paradigm of Price/Performance

INDIANAPOLIS, Ind. – Scale Computing, the market leader in hyperconverged storage, server and virtualization solutions for midsized companies, today announced an SSD-enabled entry to its HC1000 line of hyperconverged infrastructure (HCI) solutions for less than $25,000, designed to meet the critical needs in the SMB market for simplicity, scalability and affordability.

The HC1150 combines virtualization with servers and high performance flash storage to provide a complete, highly available datacenter infrastructure solution at the lowest price possible. Offering the full line of features found in the HC2000 and HC4000 family clusters, the entry level HC1150 provides the most efficient use of system resources -- particularly RAM -- to manage storage and compute resources, allowing more resources for use in running additional virtual machines. The sub-$25,000 price point also includes a year of an industry-leading premium support at no additional cost.

"The SMB and midmarket communities are those that Scale Computing has long championed as worthy of enterprise-class features and functionality. The challenge is that those communities also require that the solution be affordable and be easy to use as well as manage," said George Crump, President and Founder of Storage Switzerland. "Scale Computing has raised the performance bar the its offerings with the addition of SSDs to its entry-level hyperconverged appliances but it did so without stripping out functionality. Scale Computing is ready to be a leader in this space by enhancing their product family while keeping costs within reach."

Scale Computing's HC3 platform brings storage, servers, virtualization, and high availability together in a single, comprehensive system. With no virtualization software to license and no external storage to buy, HC3 solutions lower out-of-pocket costs and radically simplify the infrastructure needed to keep applications optimized and running. The integration of flash-enabled automated storage tiering into Scale's converged HC3 system adds hybrid storage including SSD and spinning disk with HyperCore Enhanced Automated Tiering (HEAT). Scale's HEAT technology uses a combination of built-in intelligence, data access patterns, and workload priority to automatically optimize data across disparate storage tiers within the cluster.

The HC1150 was not the only new addition to the HC1000 family. The new HC1100 which replaces the previous HC1000 model, provides a big increase in compute and performance. Improvements include an increase in RAM per node from 32GB to 64GB; an increase in base CPU per node from 4 cores to 6 cores; and a change from SATA to 7200 RPM, higher capacity NL-SAS drives. With the introduction of the HC1100 comes the first use of Broadwell Intel CPUs into the HC1000 family. All of the improvements in the HC1100 over the HC1000 model come with no increase in cost over the HC1000. Additionally, the HC1150 scales with all other members of the HC3 family for the ultimate in flexibility and to accommodate future growth.

"While some vendors are beginning to look to the SMB marketplace as a way to supplement languishing enterprise sales, we have long been entrenched with the small businesses, school districts and municipalities to provide them with user-friendly technology and reasonable IT infrastructure costs to ensure that they can accomplish as much as larger organizations," said Jeff Ready, CEO and co-founder of Scale Computing. "We have helped more than 1,500 customers with fully featured hyperconverged solutions that are as easy as plugging in a piece of machinery and managing a single server. Our latest HC1150 further fulfills that promise by combining virtualization with high-performance flash to provide the most complete, highly available HCI solution at the industry-best price."

Scale Computing's HC1150, as with its entire line of hyperconverged solutions, is currently available through the company's channel with end user pricing starting at $24,500. For additional information or to purchase, interested parties can contact Scale Computing representatives at https://www.scalecomputing.com/scale-computing-pricing-and-quotes

About Scale Computing
Scale Computing is the industry leader in complete hyper-converged solutions with thousands of deployments spanning from the SMB to the distributed enterprise. Driven by patented technologies, HC3 systems install in minutes, can be expanded without downtime, self-heal from failures, and automatically optimize workloads to maximize price-performance.