Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

Jon Seals

On May 5, 2014, Target announced the resignation of its CEO, Gregg Steinhafel, in large part because of the massive and embarrassing customer data breach that occurred just before the 2013 U.S. holiday season kicked into high gear. After a security breach or incident, the CISO (or whoever is in charge of security) or the CIO, or both, are usually axed. Someone’s head has to roll. But the resignation of the CEO is unusual, and I believe this marks an important turning point in the visibility, prioritization, importance, and funding of information security. It’s an indication of just how much:



Small and medium sized business (SMBs) in the UK are missing out on possible insurance deals that could be available to them if only they had a business continuity plan in place. This is according to a survey conducted by Cloud Direct of more than 500 UK SMBs.

The survey of 558 business and IT decision-makers revealed that 54% of respondents were unaware there were insurance benefits to having a business continuity plan, yet the British Insurance Brokers’ Association (Biba) has long committed to supporting business resilience measures with reduced insurance premiums and excesses. To promote this stance in 2012, they conducted a joint survey with the Cabinet Office, which found that 83% of insurers questioned would give a discount or improve terms to a business interruption policy if a business continuity plan were in place.




Many business activities and the resources that support them can be disrupted by severe weather. In fact, a survey by the Chartered Management Institute, in association with the BCI, BSI and the Cabinet Office, found that 54% of businesses reported being disrupted by severe weather in 2012, making it the number one cause of business disruption for the fourth year running. Most recently the winter of 2013/14 has been reported as the wettest winter in England and Wales since records began with heavy rainfall and storms causing widespread flooding and disruption.

It is not possible to say that climate change alone is causing the increase in these disruptive events. Other changes are putting more value at risk, such as increasingly lean and complex supply chains and development in vulnerable locations. However, what is clear is that both the frequency of severe weather events and the value at risk are increasing. This has implications for business continuity and broader business objectives.

Organizations need to be prepared for severe weather regardless of the cause. This can involve making physical, operational or strategic changes and includes actions that tackle the likelihood of damage or disruption as well as those aimed at managing its impacts. It can include preparing for opportunities as well as threats.

In partnership with BSI, the Environment Agency has developed a Smart Guide on Adapting to Climate Change using a business continuity management system. Aimed at BC professionals, the guide is freely available and is intended to help:

  • Understand how climate change is influencing their risks
  • Take the lead on managing such risks
  • Be confident that their BCMS will remain effective during disruptive events
  • Make the case for additional resources to implement BC or adaptation measures
  • Communicate effectively about risk management from severe weather and the approach to climate change adaptation both internally and externally.

The Smart Guide can be downloaded for free from here.

Being able to show a valid certificate for business continuity management is becoming increasingly important. Firstly, you can expect to parlay your hard-won certificate into financial advantage for your company in several ways. Secondly, many customer organisations also now insist that you demonstrate business continuity certification as a condition for doing business. The BS 25999-2 standard has been a popular benchmark of excellence in this area. However, this standard has now been superseded by ISO 22301:2012. If you currently hold BS 25999-2 certification, the BSI (British Standards Institution) states it will expire by 31st of May, 2014. The solution is to recertify under ISO 22301:2012. What does that mean in terms of impact?



BCM 4050 is ANSI Accredited & Aligned to ISO 22301 and other BCM standards!


Already hold a BCMM® "License"?  Update to a BCMM® Assessor by taking a 2 hour elearning course and gain access to the new BCMM® PS-Prep Audit Ready Version

Does Your Business Continuity Program Measure Up?
Learn How to Benchmark and Audit Business Continuity Programs
Comply with ISO 22301, PS-Prep Standards, and the Title IX Voluntary Preparedness Initiative in the USA 
BCM 4050: Business Continuity Maturity Model® Assessor's Training is perfect for BCM professionals who would like to measure the effectiveness of their BCM program against standards and also benchmark their program against others in the same industry.  An assessment meets the requirements for internal audit as well as provides documentation demonstrating program improvement.

The BCMM® is an assessment tool which provides a standard approach to measure an organization's Business Continuity Program maturity and to provide direction for creating and maintaining a BC program as a sustainable process. The BCMM® also collects meaningful benchmark data that can be used to compare how your organization matches up with similar organizations.  Download the Brochure!


Attendees earn an ANSI accredited certificate as a BCMM Assessor by successfully passing a 50 question multiple choice exam. 

Already a "Licensed" BCMM Assessor?
Since 2004 when the BCMM® was first published, new standards for business continuity have emerged. The BCMM® was updated in 2011 to align to globally accepted standards: ISO 22301, ASIS SPC.1; BS 25999; and NFPA 1600. The BCMM® version 2.0 provides you with the steps to take on the path toward resilience and compliance with international standards, including those recognized by PS-Prep™.

The BCMM® is now also an effective tool to help ensure compliance and to measure readiness for a third-party audit against one or more of these standards. To access the 2.0 BCMM® you must first complete a 2 hour online course and pass the online exam. In addition, as a result of successfully completing this course, your "license" will be changed to the ANSI Accredited BCMM-Assessor designation. Find out more!

2014 Course Schedule

June 18-19, 2014              Toronto, ON                               Toronto Airport Marriott
July 17-18, 2014               Mexico City, Mexico                   DRP Consultores
August 13-14, 2014           St. Louis, MO                            Eric P. Newman Education Center
August 21-22, 2014           Peru                                         Intellity
September 6-7, 2014         San Diego, CA                          Before DRJ Conference
October                            Panama                                   After DRJ Conference
October 6-7, 2014             Colombia                                  Intellity
November 6-7, 2014          Mexico City, Mexico                  DRP Consultores
December 10-11, 2014      San Ramon, CA                        San Ramon Conference Center

Class meets 8:30 AM - 4:30 PM Day 1 and 8:30 AM - 3:00 PM Day 2.

Register Now!

Course Fee: $1,495.00 USD includes all course materials, breakfast, lunch, and refreshments and a one year access to the Maturity Model. ICOR members save 10% 

Questions?  Contact Lynnda Nelson at 866-765-8321 or Education@theicor.org

If you would like to have this program brought to your organization, contact Lynnda Nelson at 866-765-8321 or Lynnda@theicor.org.
Lynnda Nelson, President
The International Consortium for Organizational Resilience
Virtual Corporation's Business Continuity Maturity Model
The purpose of the (BCMM®) is to provide a meaningful tool to objectively and consistently measure the organization's disaster-readiness or state-of-preparedness. 


The Business Continuity Maturity Model® (BCMM®) was developed in 2004 with the support of Virtual Corporation and in collaboration with professionals, representing Public Sector and Private Industry BC Practitioners, BC Industry Trade and Education Leaders, BC Professional Services Providers, and Virtual Corporation Staff.
It has recently been updated to align with global BCM standards - ISO 22301, BS 25999, NFPA 1600:2010, and ASIS SPC.1.  The BCMM Assessor's Training is also in the process of becoming accredited by ANSI as a certificate course to audit small businesses for PS Prep and also as a self-assessment tool to prepare for an external third party audit.  Outside of the USA, the BCMM® can now be used to audit your program against ISO 22301, BS 25999,  ASIS SPC.1, or NFPA 1600.         
The Model meets the following goals: 
1.  Provides a diagnostic tool for objective evaluation of business continuity program effectiveness.
2.  Generates consistent data from which meaningful benchmark analyses can be drawn.
3.  Answers the following key questions for senior management: 
      a.  Where are we now? What level of BC program maturity do we currently possess?             
      b.  What do we want to be? What level of BC program maturity is our ultimate goal?
      c.  What path do we follow to get there? How should we progress most effectively to the      next level? 
Become a BCMM® assessor and add the ability to review and audit business continuity programs to your consulting practice or increase your intrinsic value as an internal business continuity professional or internal auditor. 
Participants who have successfully completed the 2-day training program are trained in the methodology of performing both review and audit level assessments using the Business Continuity Maturity Model® and may also be allowed to conduct PS Prep Audits for PS Prep first party self-declaration for small businesses (once DHS determines this criteria) as well as be prepared to conduct a self-assessment in preparation for a third party external audit.    
In addition to providing the benchmarking data, two different assessments can be completed: 


Review Assessment based on more informal data collecting and an Audit Assessment based on a detailed review and analysis of supporting documentation. The Audit Assessment is aligned to ISO 22301,  BS 25999, ASIS SPC-1, and NFPA 1600 standards.
The Assessment process provides valuable information on how to improve your program by generating the data necessary to create a multi-year improvement plan along with the budget required to do so.   

The BCMM® has both a open access version accessible by anyone and a proprietary version accessible to trained assessors only.  The open access model is a downloadable pdf that can be found at .  
The proprietary version, accessible only by trained assessors, includes access to the Model, the Assessment Master Questionnaire, the Assessment Software, the BCMM Calculator and Assessment, and the Proofs Acquisition and Analysis Checklist - including cross mapping tools for the standards, the standards to the Model, and the standards themselves.  

About the Business Continuity Maturity Model ® (BCMM)  
The BCMM® is an assessment tool which provides a standard approach to measure an organization's Business Continuity Program's maturity and to provide direction for creating and maintaining a BC program as a sustainable process.    

The BCMM® also collects meaningful benchmark data that can be used to compare how your organization matches up with similar organizations. 

Why conduct a BCMM ® Assessment?
  • Conduct internal audits  
  • Prepare for a third party external audit  
  • Evaluate business and supply chain partners
  • Assist corporate governance
  • Align with regulatory requirements
  • Obtain executive buy-in
  • Support program design
  • Prepare for PS Prep certification ISO 22301 certification  
*A certificate valid for one year will be mailed to participants after successful completion of the course which includes passing the Assessor's Final Examination.  This certificate can be renewed for a $100 annual fee and allows assessors access to the online BCMM assessment & audit too. 
The BCMM® was developed by Virtual Corporation. Virtual Corporation is a global leader in business continuity program consulting and software. Virtual has helped numerous enterprises ensure that they can recover from business disruptions by designing and implementing innovative sustainable solutions. 
Virtual project engineered the creation of the Business Continuity Maturity Model® (BCMM®) and published it in 2004. There are currently assessors in 10 countries. Virtual offers the BCMM® open access model, available in both English and Spanish, on their website.    

For a complete course description download the brochure. 
*Interested in an in-house training?  Call to find out how to bring this course to your location. Call now and set up your own training!

For questions about the course, please contact Lynnda Nelson at 866.765.8321 or +1630.705.0910 or.
Save 10%
Did you know that you can save 10% on all ICOR courses if you are a member of one of the following organizations?  Contact them to find out how or email info@theicor.org.
  • ICOR
  • ACP
  • ASIS
  • BRPA
  • DRIE 
  • IAEM
  • IFMA
  • ISACA 
Become an ICOR Member Today!

SAN FRANCISCO – Scandit (www.scandit.com), developer of the leading software-based barcode scanning and data capture platform for smartphones, tablets and wearable computing devices, has today launched the new, fourth version of its Barcode Scanner SDK, Version 4.0, for the Android platform. This incorporates dynamic features including full-screen scanning, further improvements to its unique blurry scanning functionality and optimized support for all Android devices including Google Glass.

The launch of the Barcode Scanner SDK 4.0 represents the next generation in barcode scanning, delivering unparalleled scan performance to a wide range of business sectors from retail and logistics through to manufacturing and healthcare.

“With every new version that we introduce, we make further disruptive inroads into the traditional, dedicated hardware device scanner market,” said Samuel Mueller, CEO at Scandit. “The sophisticated features that we have built into Version 4.0 are available at a fraction of the cost while relinquishing none of the accuracy, quality and functionality associated with traditional devices. And while many of these features are designed to support the growing trend for BYOD (Bring Your Own Device) scanning in the commercial sector, they will be equally appealing to consumers, too.”

Among the significant new features of the Scandit SDK 4.0 for Android are:

  • Full screen scanning – Whereas previously barcodes were only decoded in the center of the camera, the new version enables them to be detected and decoded in the entire camera image, speeding up the process. This feature has been available for iOS for some time, but the new version enables feature parity for Android.
  • Blurry barcode scanning of industrial barcode formats – The new release makes Scandit’s novel, patented approach to software-based barcode decoding that was specifically developed for operation with smartphones and tablets and relies on real-time image processing also available for CODE39 and CODE128 barcode formats. It results in laser-like decode range and speed – even with low-resolution cameras that have no autofocus.
  • PDF417 support – The new version is capable of scanning PDF417 barcodes including those with tiny features, such as those typically found on drivers’ licenses and travel tickets.
  • Google Glass – The scanner can now decode barcodes of normal size up to 50 cm away from Google Glass, vastly improving performance.

“We anticipate enormous growth for Google Glass and other wearable devices, particularly in the manufacturing and logistics sectors where hands-free inventory management is becoming essential,” continued Mueller. “We have designed the new version to deliver functionality of the highest quality, guaranteeing ease of use and accuracy, and we call this ‘Pick by Vision’.” To see Pick by Vision on Google Glass go to: http://www.scandit.com/barcode-scanner-sdk/wearable-device-support/

The Scandit SDK 4.0 has been designed to work across all devices using the Android Operating System v2.3 and higher. Currently, Scandit supports over 3,500 different Android device types. The new version is available immediately, and Scandit is currently working closely with developers, systems integrators and customers to deliver the new generation of data capture applications.

About Scandit
Scandit enables retail, manufacturing and logistics businesses to maximize operational performance and drive new revenue streams via enterprise-grade barcode scanning, OCR and data capture software for smartphones, tablets and wearable devices. With more than 12,000 licensees in 80 countries, Scandit processes hundreds of millions of scans per year. Its mobile scan technology and associated cloud services combine to deliver the platform of choice for many of the world’s most prestigious brands, including Ahold, Bayer, Coop, Homeplus (Tesco), NASA and Saks Fifth Avenue. Founded in 2009 by a group of researchers from MIT, ETH Zurich and IBM Research, today Scandit and its network of global integration and technology partners are pushing the boundaries of mobile AIDC (automatic identification and data capture), delivering ground-breaking identification and data capture applications to customers. Scandit is headquartered in Zurich, Switzerland, and has just opened a new office in San Francisco. For more information visit

Innovative solution expected to enable Facebook to quickly add capacity at its data center sites 

COLUMBUS, Ohio – Emerson Network Power, a business of Emerson (NYSE: EMR) and a global leader in maximizing availability, capacity and efficiency of critical infrastructure, today announced that it is working with Facebook to design and deploy the company’s second data center building in Luleå, Sweden.

“Luleå 2” will be the pilot for Facebook’s new “rapid deployment data center,” (RDDC), which was designed and developed in collaboration with Emerson Network Power’s data center design team.  Facebook’s RDDC incorporates a number of modular design elements, including pre-fabricated materials and on-site assembly, to enable an increase in the speed of deployment and reduction in material use.

“We worked with Facebook to understand their wants and needs, and we collectively developed an integrated, cost-effective, tailored solution,” said Scott Barbour, global business leader of Emerson Network Power.  “This collaboration with Facebook illustrates our competencies in modular construction and showcases next-generation thinking.  Emerson is able to deliver innovative, global, turnkey data center solutions comprising design, construction, critical infrastructure equipment, building management system, and services.”

“Because of our relentless focus on efficiency, we are always looking for ways to optimize our data centers including accelerating build times and reducing material use,” said Jay Park, director of data center design, Facebook. “We are excited to work with Emerson to pilot the RDDC concept in Luleå and apply it at the scale of a Facebook data center.”

Luleå 2 will span approximately 125,000 sq. ft. and Emerson will deliver over 250 shippable modules, including power skids, evaporative air handlers, a water treatment plant, and data center superstructure solutions.  It will be built next to Facebook’s first data center building in Luleå, which came online in June 2013.  Like its predecessor, Luleå 2 will be one of the most efficient and sustainable data centers in the world, powered by 100 percent renewable energy and featuring the latest in Open Compute Project server, storage, mechanical, and electrical designs.

For more information on Emerson Network Power products and solutions that support the data center, visit www.EmersonNetworkPower.com .

SILICON VALLEY, Calif.ParStream, provider of the leading Real-Time Database for Fast Data Analytics, today announced a strategic partnership with global Business Intelligence (BI) vendor, Yellowfin.

Yellowfin has certified its market-leading, easy-to-use BI solution on ParStream’s relational database, which is based on its patented High Performance Compressed Index (HPCI) technology. HPCI is a bitmapping structure that allows data to be analyzed in its compressed state, skipping the decompression – and often time resource-consuming – stage of analytics. The partnership means ParStream and Yellowfin will be offered as a comprehensive, end-to-end solution for big data analytics.

The alliance will enable organizations to process massive amounts of stored and streaming data, in structured and semi-structured formats, in real-time. This data can then be delivered throughout the enterprise in the form of highly intuitive visualizations to empower decision-makers with timely, fact-based actionable intelligence. Users are now able to achieve greater ROI on their data assets.

Michael Hummel, CEO and Co-Founder at ParStream, said:

“The partnership with Yellowfin underscores our commitment to bring to market the most robust analytics platform to support businesses of all sizes with their big data initiatives. With Yellowfin’s BI as a virtualized platform, Fast Data – simultaneous analysis of historical and live, streaming data – can now be accessed, monitored, visualized, and utilized with ease. As vast amounts of raw data can be hard to understand and contextualize, Yellowfin’s ability to make that information highly understandable and actionable – with its intuitive dashboards, collaborative BI features, and mobile applications – is critical.”

Joerg Bienert, CTO and Co-Founder at ParStream, stated:

“In the business analytics space, there are two inescapable truths: Organizations are attempting to act on increasingly large volumes of data in continually shrinking timeframes. At the same time, organizations realize the value in enabling more people to use that data to make faster, better decisions. Yellowfin’s focus on data consumers – business people from non-technical backgrounds – was an important factor in the partnership decision.”

Yellowfin CEO and Co-Founder, Glen Rabie, commented:

“This partnership will help make crucial insights, derived from big data analytics, available to businesses and decision-makers of any discipline. Yellowfin’s consumer-oriented approach to reporting and analytics, combined with ParStream’s HPCI technology and low infrastructure requirements, enables us to deliver a world-class big data analytics platform that’s financially and technologically accessible to everyone. Together, ParStream and Yellowfin make pervasive real-time analytics on big data achievable for organizations of all sizes.”

For more information, visit www.parstream.com and www.yellowfinbi.com.

Paris – ICC BASIS (Business Action to Support the Information Society) has congratulated Brazil on the recently concluded NETmundial meeting and its contribution to the discussion of principles and values relating to the evolution of Internet governance processes. While consensus was not reached on all issues discussed at the meeting among stakeholders, spirited discussion and collaborative drafting resulted in a breadth of opinions as well as an outcomes document that will serve as a useful input to other forums and meetings addressing governance principles, issues, and processes. Business was pleased that the outcomes document not only reinforced the importance of meaningful multistakeholder participation in existing Internet governance processes and forums, but that it also reaffirmed the importance and value of the annual, UN-linked Internet Governance Forum (IGF).

The International Chamber of Commerce (ICC) and its BASIS initiative have also praised NETmundial for aiding further consensus and dialogue on central issues being addressed at multiple, global forums, including the protection of the Internet as a vehicle of innovation and economic growth, respect for the rule of law, the importance of maintaining cross-border and global flows of information, and the vital importance of protecting and advancing the multistakeholder model in policy discussions.

“The success of NETmundial should not be measured in declarations or new commitments, but in how it helps to advance the multistakeholder model and set in motion talks that will add value to existing processes,” said Joe Alhadeff, Chair, ICC Commission on the Digital Economy. He added: “The meeting has reinforced the importance and validity of existing mechanisms, including the Internet Governance Forum, and the need for constructive dialogue on how to strengthen them.”

Despite divergent views on the content of a proposed roadmap for the evolution of Internet governance, business was gratified to see the importance placed on the orderly transition of the NTIA functions related to IANA. This was another important topic in the roadmap and business was encouraged by inclusion of all the NTIA operational conditions that must be met in this regard, including the need for a multistakeholder successor.

Voices not always heard in the global Internet governance debate were given a platform to join discussions that will directly influence policy development. Less developed economies, as well as the small business community and global citizens, were able to take advantage of opportunities to participate in the dialogue, both onsite, and via remote participation.

Alhadeff added: “ICC BASIS recognizes that NETmundial marked an important moment in the discussion of Internet governance, which has helped drive multistakeholder participation and encouraged greater geographic reach for Internet policy discussions.”

As an active participant in the discussions, ICC BASIS represented the international business community at NETmundial, working within its membership and with other global businesses and organizations, to contribute to dialogue that will feed into Internet governance meetings going forward, as appropriate.

Baton Rouge-based Insurer Chooses Venyu’s Managed Services and Data Backup to Secure and Support Company’s Growth

BATON ROUGE, La. –Venyu, a leader in business continuity, cloud-based virtualization, and battle-tested data recovery services, today announced that Baton Rouge-based StoneTrust Commercial Insurance has chosen the company to provide managed hosting services and cloud-based data backup to support their business operations. Venyu helped the company save more than $50,000 by eliminating costly IT capital upgrades as well as hiring additional IT support staff to manage a larger, in-house data center. For more information, please see the full case study: http://www.venyu.com/case-studies.

Stonetrust provides statutory workers’ compensation insurance for construction, wholesale, retail, manufacturing, and other service related businesses currently with more than 4,700 active policies.  As the company grew, the need for an outsourced, reliable backup, and managed hosting provider became clear. Stonetrust meet these needs with Venyu’s premier hosting site in Baton Rouge, Louisiana, which provides a fully-redundant, secure infrastructure with immediate scalability.

Reliable data backup consists of Venyu’s cloud-based data recovery solution, RestartIT®.  As an essential element of any disaster recovery plan, Venyu’s data backup automatically saves all data changes, while securing information in the company's commercial-grade data centers.  Should a man-made or natural disaster prevent StoneTrust from accessing its on-site data, Venyu can quickly export all needed information to a Mobile Vault for instantaneous restoration and access.  

“Given the real threat of catastrophic events in our region, disaster recovery isn’t just a ‘nice-to-have,’ but a necessity to keep business going,” said Sukhy Dhillon, CIO, StoneTrust Commercial Insurance. “With Venyu, we don’t worry about data being lost or unavailable in the event of emergency.  No matter what the situation – we know Venyu’s got us covered.”

“StoneTrust’s customers rely on them, which means they need to have access to vital data at all times,” said Scott Thompson, CEO, Venyu. “With our managed hosting and backup, StoneTrust eliminates outages because all data is safely held and accessible in Venyu’s data centers. StoneTrust can focus on what they’re known for: providing quality customer service.”

To find out more or connect with Venyu for back-up, recovery, colocation and managed services, please visit www.venyu.com.

About Venyu
Venyu is a premier provider of data center, managed hosting, cloud, virtualization and data protection solutions. By leveraging Venyu's portfolio of innovative, ROI-focused solutions, including VenyuCloud and RestartIT, within secure, highly available data centers, organizations can reduce IT costs while increasing security and scalability. For more information about Venyu and its industry-leading offerings, please visit www.venyu.comYour Data Made Invincible™.