A business had no excuse for not being prepared for hurricanes a decade ago. After Hurricane Katrina and Hurricane (and then Superstorm) Sandy, there is even less rationale to not take the necessary steps, especially if the business is located in the area most likely to be pounded. Unfortunately, that area seems to be getting bigger.
Last Saturday was the beginning of hurricane season, and May 26 to June 1 was National Hurricane Preparedness Week. Unlike some crises, such as fires and power outages, hurricanes and other weather-related challenges are vaguely predictable. That’s a good thing. The other good news is that a tremendous amount of information is available on hurricane preparedness and, more generally, on business continuity/disaster recovery.
As part of my ongoing research into data privacy laws in Asia Pacific (AP), I spoke with chief information security officers (CISOs), consultants, lawyers, and governance, risk, and compliance (GRC) professionals. This is critical to gauge key decision-makers’ awareness and understanding of the ever-evolving data privacy regulations and policies across 15 different jurisdictions in the region.
Some senior people have admitted to me that their organizations have not traditionally taken data privacy issues terribly seriously within their AP operations. However, in a clear sign that this is beginning to change, GRC practitioners are starting to see increased demand for their compliance-related services from both government and business sectors, particularly since late 2012. Regardless of where you stand on this spectrum, the reality is that the awareness levels of data-related regulations – and the level of compliance required to abide by these regulations – varies widely across the region.
Do you know how your business technology would fare if a true disaster were to hit? With the rate technology and your applications change and evolve, your DR plan may need a dusting off and updating. If your plan is outdated or relies on older assumptions, you may have gaps in your protection.
Misconception #1: Backup-as-a-Service and Recovery-as-a-Service are the same.
A good DR plan is not about backups, but rather it’s about getting back up and running as quickly and efficiently as possible. The placement of that one space makes a big difference.
The following is from an email sharing how the National Weather Service (NWS) measures a tornado's direction, path, width, etc.
For the most part tornado path width is determined by the measurable damage observed during the storm survey. Our WFOs will integrated into that assessment any additional evidence they can get (e.g., video, photos, radar data, survivor accounts) to make their best determination. That goes for all the characteristics of the tornado - path length, path width, EF-Scale rating, etc - that they report. Here is our Norman WFO's El Reno event web page - http://www.srh.noaa.gov/oun/?n=events-20130531
Below is the NWS policy guidance for our storm survey teams to utilize with regard to determining tornado path length and width. The full NWS Storm Data policy can be accessed here: http://www.nws.noaa.gov/directives/sym/pd01016005curr.pdf
Selecting a candidate to protect the organization
The perennial question is once again causing clutter in the ether. The question:
Must a practitioner be an IT expert?
In a word: No.
Perhaps the practitioner should be an MBA to handle the business side? Is a degree even necessary?
Maybe an SPHR to understand the human relations concerns?
How about a CompTIA Security+ certification for security issues?
Is a PMI or Six Sigma black belt necessary to manage the project or program?
Same answer. No, No, No, and No again.
So what qualifications should a practitioner possess?
Most companies would describe responding to e-Discovery requests as time-consuming, expensive and something they would rather avoid altogether if at all possible. But if that’s not enough to make it a leading cause of indigestion among corporate executives, there are potential compliance risks that can result from responding to e-Discovery requests that are potentially as great or greater than the risk of mishandling the e-Discovery obligations themselves.
Executives cannot address the risk without first understanding the key ingredients in this recipe:
Joint MEDITECH-BridgeHead implementation enables consolidation of four different backup systems onto centralized, easy-to-manage BridgeHead platform
WOBURN, MA – BridgeHead Software today announced that Samaritan Medical Center in Watertown, NY, has implemented the BridgeHead Healthcare Data Management (HDM) platform with MEDITECH ISB (Integrated Serverless Backup) for its EMR system, as well as protection for its enterprise data. Consolidating four disparate backup systems onto the single BridgeHead platform has enabled Samaritan to streamline data management, cut backup times while preserving application performance and simplify data center operations.
Samaritan had previously implemented BridgeHead ISB (Integrated Serverless Backup) for its MEDITECH HCIS. The ISB protocol is certified by MEDITECH as being critical for ensuring the recovery of accurate patient data, by orchestrating the protection of that data from multiple MEDITECH File Servers at a single point-in-time. Building on its MEDITECH protection, Samaritan deployed BridgeHead HDM to unify protection and recovery for hospital applications, such as eClinicalWorks, MedHost, and Picis Surgical Services applications, as well as its Exchange Servers. BridgeHead FileStore was implemented for archive and efficient recovery of medical images from Samaritan’s Fuji PACS.
The full Samaritan Medical Center case study on all the benefits experienced from working with the BridgeHead HDM platform has been documented in new case study. These include time savings, improved data availability, streamlined storage environment, and reliable, fast recovery of data.
“Before consolidating our data protection on the BridgeHead Healthcare Data Management platform, it took two guys three hours a day to monitor and manage Samaritan Medical Center’s three different backup systems,” said Jeff Wood, technical services manager, Samaritan Medical Center. “Now with one system, it’s 15 to 20 minutes a day to manage everything. We even protect our Fuji PACS images with BridgeHead, all on a single platform.”
“By moving all its healthcare systems onto the same BridgeHead Healthcare Data Management Platform as its Meditech EMR, Samaritan Medical Center has managed to simplify and streamline its data protection processes,” said Mike Ball, PhD, BridgeHead Software senior vice president, North America. “As a result, Samaritan Medical Center is saving both time and money while simultaneously opening the door for a more strategic approach to its long-term data management practices.”
Read the full Samaritan Medical Center customer story at:
About BridgeHead Software
With 20 years’ experience in data and storage management, and 12 years in healthcare, BridgeHead Software is trusted by over 1,000 hospitals worldwide. Today, BridgeHead Software helps healthcare facilities overcome challenges stemming from rising data volumes and increasing storage costs while delivering peace of mind around how to store, protect and share clinical and administrative information.
BridgeHead’s Healthcare Data Management (HDM) solutions are designed to work with any hospital’s chosen applications and storage hardware, regardless of vendor, providing greater choice, flexibility and control over the way data is managed, now and in the future. For more information, visit http://www.bridgeheadsoftware.com or follow on Twitter at @BridgeHeadHDM.
22 military-style portable structures contributed in partnership with AmeriCares
KIRKLAND, Wash. – On Sunday May 19th, an EF4 tornado struck near the city of Shawnee, Oklahoma, damaging or destroying more than 30 homes, killing one person and injuring six others. The following afternoon an EF5 tornado struck nearby Moore, Oklahoma, killing 24 people and injuring 377, while destroying over 12,000 homes. Just two days later, another storm dumped over 2 inches of rain on the disaster sites. An immediate need became apparent for emergency shelters near and within the disaster locations for staging recovery crews and storing the vast amount of perishable goods donated by charity groups.
Immediately following the disaster, Alaska Structures Inc. donated 22 military-style portable structures to support the recovery efforts in Oklahoma. Alaska Structures managed the donation in partnership with AmeriCares, a non-profit disaster relief and humanitarian aid organization. The emergency shelters were delivered and set up by Alaska Structures' employees at a variety of locations identified by AmeriCares as having a need. Collectively, the structures provide 12,675 square feet of total floor space, with the provision of air-conditioning, lighting and electrical outlets.
The donated emergency shelters are steel-frame, fabric structures, designed to withstand 100-mph winds and engineered to provide service for 10 years or more. The tan, quonset-style military tents are similar to Alaska Structures' shelters deployed by the US Armed Forces throughout the world. Collectively, the shelter equipment along with the electrical and air-conditioning systems donated are valued at approximately one half million dollars.
It is expected that the recipients of the donation will retain the equipment once this disaster recovery work has been completed. The shelters survived the second wave of storms passing through the Oklahoma City area on 31 May, which included torrential rain and hail, along with very high winds. The durability of the Alaska Structures will allow them to be used not only during the many months required for this particularly recovery effort, but also for future disaster events in the years to come.
About Alaska Structures Inc.
Alaska Structures (AKS) designs, engineers and delivers the highest quality fabric building systems for extreme environments. Since it was founded in 1975, over 45,000 AKS shelters have been tested and proven in over 60 countries around the world, including more than 30,000 Alaska Military Shelters and 15,000 Alaska Environmental Control Units in Afghanistan and Iraq. For more information see www.AlaskaStructures.com.
As millions of baby boomers plan the sale of their businesses over the coming years, a trillion-dollar opportunity for them and their advisors, those who identify, measure and reduce risks will earn the highest values, while those relying on hope alone stand to lose millions and suffer seller's remorse
SAN DIEGO – Business owners have a major life event they each face: "How much can I receive for my company?" A critical step is obtaining an independent, qualified business appraisal. CPAs and attorneys then can recommend a transition plan that saves time, money and client worry.
"Our valuation reports are cutting edge because no other firm specifically identifies a company's value drivers and risks. These metrics become an owner and advisor roadmap. Thrifty owners err applying rules of thumb and software to save money. Neither captures the 800+ factors we consider. For every $1.00 paid in fees, we commonly find $200 to $10,000 in potential value. Let's take Relationships. We'll examine client concentration, vendor reliance, company culture, management depth, staffing turnover, advisor involvement and banking leverage. These factors reflect how the owner has managed and minimized risk; the lower the risks, the higher the pricing multiple and the higher the value," shares Carl Sheeler, Ph.D., ASA, a nationally recognized 20+ year business valuation expert.
Sheeler states, "Owners frequently overestimate their companies' values and underestimate the time needed to prepare and sell their companies. They might spread the risk, cash in some of their chips and have Private Equity or staff acquire a minority interest. The infused funds and skin in the game causes company values to climb manyfold in a few years. Reducing risks can easily change a pricing multiple from 3x to 7x earnings. Owners become excited knowing what they need to do and harnessing the knowledge of their trusted advisors, family and key staff to do it."
Business Valuations Ltd. has seven offices nationwide. Since 1954, it has served midmarket business owners and their advisors for tax, transaction and transfer purposes as well as disputes. Dr. Sheeler has been the firm's steward since 1992 and was the 2012 Worth Magazine's Leading Advisor. His doctoral dissertation addresses private company illiquidity. He authored the Valuation Chapter for the AICPA's and California Bar's Succession Planning Manuals.
New features will help organizations strengthen and streamline their information security, risk, and compliance programs across internal business lines and third-party vendors, in accordance with industry standards and best practices
PALO ALTO, Calif. – In response to increasingly complex and dynamic IT security and threat environments, MetricStream has announced its enhanced IT GRC solution, which will empower organizations and employees with a broad range of new advanced tools and functionalities.
The enhanced solution facilitates enterprise-wide oversight of IT risks and threats, and provides powerful analytics to help organizations efficiently model threat scenarios and risks, and determine the most effective response. The solution also integrates content from sources such as NIST and CERT, as well as COBIT 5 and the Shared Assessments' Standard Information Gathering (SIG) 2013 questionnaire and Agreed Upon Procedures (AUP) 2013, to help organizations build a truly word-class IT GRC program.
The increasing frequency and sophistication of cybersecurity attacks and data breaches have made it more critical than ever for organizations to proactively secure their IT environments, and effectively comply with regulations and standards such as PCI DSS, HIPAA, NERC, FISMA, and ISO 27001. In line with these requirements, MetricStream provides an integrated portfolio of solutions to streamline, integrate, and strengthen end-to-end IT GRC processes.
MetricStream IT GRC Solution now offers many new and enhanced features, including:
Sophisticated security and risk analytics based on Big Data architecture: The solution aggregates massive volumes of security and threat data from a wide variety of sources (e.g., social media, vulnerability scanners, threat advisories), using Big Data architecture based on Hadoop or MongoDB frameworks. It then maps this data to enterprise assets for comprehensive risk assessments and analysis. MetricStream's cutting-edge predictive security and risk analytics engine leverages the statistical modeling and analysis tool, "R," and filtering and correlation framework, MapReduce, to sort through these Big Data sets, and support threat scenario and risk modeling, enabling the management team to make strategic, data-driven decisions.
Real-time threat intelligence from social media and information security monitoring: MetricStream's social media GRC engine utilizes advanced natural language processing capabilities to analyze social media conversations, facilitate risk evaluations, and trigger issue remediation workflows. The solution also monitors IT infrastructure performance, user activity, and sensitive data flows, enabling pattern anomalies to be detected, analyzed, and remediated early.
Enhanced monitoring of virtualized assets in the cloud: The solution's enhanced and comprehensive monitoring capabilities enables improved security configuration assessments, continuous controls monitoring, risk management, and threat and vulnerability tracking assets across the vast and complex virtualized IT environment. In doing so, it helps organizations quickly detect new and emerging security risks, and maintain consistent compliance with external regulations and internal policy requirements.
Vendor risk management: The solution provides advanced capabilities to assess, identify, manage, and monitor vendor risks across both traditional and cloud based vendors. It also streamlines and standardizes vendor risk scoring and reporting, and provides an integrated vendor risk profile at the enterprise level which, in turn, helps management proactively identify those high-risk vendors which require additional resources and oversight.
New integrations with NIST, CERT, and support for SCAP standards: The MetricStream solution provides updates on new security threats and guidelines through its integration with automated feeds from NIST and CERT. It also provides support for NIST SCAP standards, vendor hardening guidelines, and security configuration baselines. Additional integrations with various third-party threat and vulnerability management tools, threat advisories, and cyber threat monitoring solutions help organizations gain complete visibility into their enterprise-wide IT risk and compliance posture.
Quarterly releases/ updates of IT GRC content: The MetricStream solution includes the latest release of the Unified Compliance Framework which simplifies IT compliance, and reduces resources and costs by standardizing a common set of controls across all regulations and policies. The solution also includes licenses to SIG 2013 and AUP 2103 from Shared Assessments, which provides the world's most comprehensive standards for vendor risk evaluation. The SIG and AUP, which are based on multiple industry standards, enable objective and consistent evaluations of third-party IT risks and controls.
"Organizations today want a solution that can not only support and enable all IT GRC activities, but also scale across the enterprise, integrating security and threat data, and providing actionable intelligence to support decision-making," said Vasant Balasubramanian, Vice President of Product Management at MetricStream. "MetricStream's new and enhanced IT GRC solution provides the oversight, agility, speed, and flexibility to meet these requirements so that organizations can thrive amidst our increasingly complex and dynamic IT security and threat environments."
MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Management Solutions for global corporations. MetricStream solutions are used by leading corporations such as UBS, P&G, Constellation Energy, Pfizer, Philips, BAE Systems, Twitter, SanDisk, Cummins and Sonic Automotive in diverse industries such as Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-tech and Manufacturing to manage their risk management programs, quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as several million compliance professionals worldwide via the www.ComplianceOnline.com portal. MetricStream is headquartered in Palo Alto, California and can be reached at www.metricstream.com.