Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

ASIS International has announced the publication of a revised version of the ANSI/ASIS Chief Security Officer - An Organizational Model. This standard provides a model for organizations to use when developing a senior leadership function responsible for providing comprehensive, integrated risk strategies to protect an organization from security threats.

This standard replaces the 2008 ANSI/ASIS Chief Security Officer Organizational ANSI version.

“Early on, it was determined that the standard’s purpose was to state the risks that need to be managed within an organization — of any size — and based on those risks, determine the skills and competencies needed to manage those risks,” said Jerry Brennan, technical committee chair, and chief executive, Security Management Resources. “By identifying who owns what, who is accountable, and what is shared, organizations can then determine what is needed within its ‘senior security executive’ position and the competencies that are best suited for that role.”

The standard’s model for a senior leadership position is presented at a high level and designed as a guide for the development and implementation of a strategic security framework. The structure is characterized by appropriate awareness, prevention, preparedness, and necessary responses to changes in threat conditions. Specific considerations and responses are also addressed for deliberation by individual organizations based on identifiable risk assessment, requirements, intelligence, and assumptions.

“The perspective through which organizations evaluate and integrate operational risk within their strategic plan continues to be a dynamic process which not only impacts the role of the ‘senior security executive’ but also the position or positions that may assume that role,” said Charles Baley, ASIS Standards and Guidelines Commission Liaison and chief security officer, Farmers Group, Inc. “This Standard focuses on the importance of the function and not a single title or position.”

Applicable to both private and public sector organizations, the standard provides a methodology to evaluate and respond to a spectrum of threats to tangible and intangible assets on both a domestic and global basis.

View the executive summary (PDF).

CIO — Recently I saw yet another slide presentation showcasing the decline of enterprise IT spending and the comparable increase in public cloud business. The conclusion? Enterprises just don't have money to spend and it's killing enterprise vendors.

This is fundamentally not true. What's really happening is that users are increasingly using public cloud services, and the expenses they incur are being reimbursed, so the money's theirs. I've also seen several studies showing that moving to the cloud is expensive — twice what it would cost to build services internally, according to an internal analysis I recently reviewed, and five times as much if one uses the Oracle alternative.



After reading this blog post, if you would like more detail, fellow Forrester analyst Christian Kane and I have collaborated on two short reports describing the acquisition of AirWatch through the lens of mobile workforce enablement and a second report through the lens of mobile security. Enjoy the reports, and as always... we love to read your comments!



Discussions about IT and business alignment are almost taboo these days. I suppose people have heard too much about it in the past decade.

Yet, that’s exactly the kind of discussion data experts seem to be calling for when it comes to how IT manages data.

“Over the past year it is becoming increasingly clear that we have to stop thinking as data managers and start thinking as data designers,” writes Forrester analyst and data management expert Michele Goetz in a recent Information Management article. “What matters is what data drives for the business first and then design a data system around that. We need to educate ourselves on what the business does with the data.”



The widening gap between economic losses and insured losses from natural catastrophes is our topic du jour.

Guy Carpenter’s GCCapitalIdeas.com just published this chart showing that approximately 70 percent of global economic losses from natural catastrophes were uninsured between 1980 and 2013:



Almost from the very beginning of the modern virtualization movement, technology futurists wondered what it would be like to have a completely virtualized data center. What would be the benefits, and the major challenges, to building entire compute/storage/networking infrastructure complete in logic?

Those questions are about to be answered now that the IT industry is taking seriously the idea of the software-defined data center (SDDC). In fact, the concept is now openly discussed as the next major segment within the increasingly diversified enterprise infrastructure market.



Organizations are turning to Big Data because they believe more information will improve decision-making, whether it’s whom to target for a sale or whether a product should be recalled.

But what if the real value of the data isn’t in providing us with more information, but in replacing us as decision makers?

Andrew McAfee, co-director of the Initiative on the Digital Economy in the MIT Sloan School of Management, goes way meta in two recent Harvard Business Review blog posts that question not just how to use data — but who should be using it.



Bell Canada has selected ERMS Corporation (www.ermscorp.com) to again support their
400+ team in Sochi, Russia during the 2014 Winter Olympic Games, as they did for the
2012 Summer Olympic Games.

“Providing a broad range of live and on-demand content to smartphones, tablets, TV and
computer screens for Canadian customers means the Bell team in Sochi will be very
mobile and highly active throughout the Olympic venue, “ says Sylvain Rollin, President
of ERMS Corporation. “With heightened security concerns, the ERMS Advantage
notification system will provide Bell, and its team, with the reassurance and reliability
they need to communicate anywhere, at any time, on any device,” he added.

EMRS Advantage will provide Bell with easy-to-use mission critical tools for real-time
team communication. Advantage allows the large Bell Olympic coverage team to report
their status on a regular basis which in turn enables Bell’s security team to quickly
determine who may need assistance and focus their attention on employees who have
not reported their status. In the event of an emergency, the emergency notification
system can be used to rapidly notify Bell’s team to help ensure their safety, to poll
recipients, or to automatically have recipients transferred to a conference call or
support personnel. All while helping to speed recovery with real-time reporting and
crisis management collaboration tools.

Bell used ERMS Advantage successfully during the 2012 Olympics for daily critical and
non-emergency communication.

About ERMS Corporation:
ERMS Corporation (www.ermscorp.com), a Canadian company, is the developer and
provider of Advantage — the industry’s most comprehensive and adaptable emergency
and incident mass notification system.

ERMS Advantage is comprised of 7 tightly-integrated modules (Messenger, Roll Call,
Crisis Manager, Mapper, HotLine, myAdvantage, and Library). Through flexible pricing
structures, the industry’s most inclusive API, and Advantage’s advanced functionality,
ERMS provides organizations with the ability to use the emergency notification system
in a way that suits them best.

Advantage is sold as a complete end-to-end solution that empowers business continuity,
crisis communication, and disaster recovery professionals to, quickly and reliably,
prepare, execute, and report on the notification portion of their continuity and recovery

ERMS Corporation is winner of the 2013 Motorola Award for Public Safety Technology,
presented by CATAAlliance Innovation and Leadership.

What Is Emergency Mass Notification?
Emergency and Incident Mass Notification Services (EMNS) automate the distribution
and management of important alerts and critical messages to multiple recipients on
multiple device types. Secure message distribution can be activated via browser (on a PC
or mobile device) or via phone. Use cases include emergency/crisis events, business
operations notifications, business-context-based alerting, IT service alerting,
reverse/enhanced public emergency calls, and employee/public safety.

Supply Chain Resilience Management Elearning Course 
ICOR and Resilinc, Corp have partnered to bring you the world's only elearning course that focuses on the mitigation of supply chain risk. With the recent world-wide disasters that have severely impacted supply chains globally, it is time to learn how to mitigate supply chain risk. 

Supply Chain Resilience Management course (SCRM 2000) is designed to ensure that all students have a complete understanding of the supply chain risk and resiliency practices and techniques used by leading companies today. Offered as a "live" eLearning course over a two-week timeframe, SCRM 2000 combines the benefits of "learning from home" and interaction with a "live" classroom environment using ICOR's interactive eLearning education system.

Supply chain resilience is the ability of a company to protect the continuity of supply and achieve sustained operational performance in the event of global multi-tier disruptions of any type at any frequency from ongoing to catastrophic. SCRM 2000 aligns to the guidance and requirements of ISO 28000, PD 25222, & ISO 31000. After completing this course, students will be able to apply supply chain resiliency techniques and best practices to their organization or to their consulting practice.    

The course is intended for individuals who are currently engaged in supply chain or procurement functions, business continuity and risk management, or who are in other functional areas but have an interest in gaining additional insights regarding proactively addressing future supply chain disruptions. 

Based on University Elearning Programs, Supply Chain Risk Mitigation is an interactive "live" elearning opportunity.  SCRM 2000 is the only ANSI Accredited Certificate Program in supply chain risk management.

How does it work?
This interactive elearning course runs over a two week timeframe - Monday, February 3 - Friday, February 14, 2014.  There is extended 5 days of time to complete the essay exam after February 14, 2014.  Access course materials at times convenient to you and complete the following activities each week:
  1. Virtual Instruction:  View and listen to Resilinc expert teach for approximately 1 hour each week.
  2. "Live" Discussions with Students World-Wide:  Participate in a virtual classroom discussion and answer 2-3 discussion questions each week.
  3. Learn from Experts: There is 60-100 pages of reading material assigned each week to supplement the instruction.  Learn from industry experts and the latest research.
  4. Provide Supply Chain Resilience and Risk Mitigation Strategies to the Leadership of your Organization:  As part of the course you will be required to write an essay exam to respond to an issue in supply chain risk mitigation by senior management.  The work completed in this course can be applied to the mitigation of supply chain risk and ensure supply chain resilience for your organization.

Course Outline 
  • A holistic review of supply chain management risk and resilience chain management: Introduction, standards, and definitions
  • Creating a supply chain resilience program - organizing for success
  • Measuring supply chain risk - measures, metrics, and hot spots
  • Proactively planning for supply chain resilience - plan before the crisis
  • How to react quickly to supply chain disruptions and organized crisis response - handling disruptions after the fact
  • Supply chain risk mitigation approaches - techniques for reducing potential risk and future impacts
  • Case studies in supply chain risk and resilience - apply the course concepts
Target Audience 
Intended for individuals who are presently engaged in supply chain or procurement
functions, business continuity, risk management or who are in other functional areas
but have an interest in gaining additional insights regarding proactively addressing
future supply chain disruptions.

Credentialing and Accreditation
Successful completion of the Supply Chain Resilience Management Course requirements and passing the exam with an 80% or higher earns students an ANSI Accredited Certificate and the designation of Supply Chain Risk Associate (SCRA).

Registration Information  
Course Fee Information
Members of ICOR and ICOR Education Partners:  $805.50
Non-Members: $895.00

Class Dates:  February 3-14, 2014  
This class runs once each quarter.  The next scheduled class will run in June 2-13, 2014 

Online Registration

Questions?  Contact Education@theicor.org or call toll free (North America) 1.866.765.8321 or +1.630.705/0910 (outside North America)

About Resilinc

Resilinc is the leading provider of supply chain resiliency solutions and delivers scalable enterprise solutions that enable supply chain professionals to gain visibility across multiple tiers of their complex, global supply chains. With a comprehensive offering that encompasses multi-tier supply chain mapping, single points of failure analytics, global disruption event monitoring and management, mitigation workflow, and part-level supply chain compliance programs such as conflict minerals.   

Resilinc Resilinc has become the leader in comprehensive supply chain resiliency solutions. Resilinc helps customers achieve supply chain resiliency through innovative and patent-pending technology, an extensive resiliency-driven supply network, and a proven comprehensive enterprise scale solution that delivers strong value to both clients and supplier partners. For more information, visit www.resilinc.com .


About the Instructor:   Bindiya Vakil 

Bindiya Vakil is CEO and founder of Resilinc and is a recognized thought leader in the area of supply chain risk management. She has been a practitioner in high-tech supply chain management with companies including Flextronics, Cisco and Broadcom.  

Ms. Vakil has a master's degree in supply chain management from MIT and her research focus has been on risk quantification and product resiliency.

Texas Continuity Crosswalk Standards Now Supported


HERNDON, Va. – The developer of myCOOP™, the most advanced Business Continuity Management System (BCMS) software in the world, is announcing special Crosswalk support for Texas statewide agencies. A 15 minute Crosswalk overview recording is now available.


Webinars lasting 30 minutes are scheduled this week for interested parties as follows:

 "COOP has had Texas statewide agency customers for years. Late in 2013 we became aware of a new mandatory Texas standard called Crosswalk covering continuity planning for all statewide agencies. We have found a great fit with the capabilities of our myCOOP package," said Chris Alvord, CEO of COOP Systems. "Our first release in support of Crosswalk is now available."

All mandatory and optional Texas Continuity Planning Crosswalk features are met including:

  • Texas Labor Code (Section 412.054)
  • Texas Admin Code (Rule §202.24)
  • Federal CGC 1: Continuity Guidance for Non-Federal Governments, July 2013
  • FEMA Continuity Assistance Tool, September 2013
  • Key Elements of Department Pandemic Influenza Operational Plans, FEMA
  • Exercise Management
  • Memorandum of Agreements
  • Audit Reporting

In coming days COOP will be announcing availability through a large Texas Cooperative Contract reseller. Also, in addition to these basic Crosswalk functions, statewide Texas agencies can also take full advantage of additional myCOOP database capabilities covering the full lifecycle of the Professional Practices.

  • BIA/Risk survey distribution and collection
  • Planning integrated with dynamic tabular changes
  • Training, Exercise and Maintenance management
  • Options including Incident Command, Smart Phone, Advanced Audit, Advanced Workflow, and Mass Notification

ABOUT COOP SYSTEMS - - Scalable, Flexible, Reliable, Proven

COOP Systems, headquartered in Herndon, VA, is a leading provider of myCOOP, the BCM solution used by a growing list of clients globally. With a proven reputation for reliability and ability to support clients' existing BCM practices, COOP Systems' clients believe myCOOP is simply the best BCM software in the world.