Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

Continuity Central has launched its annual business continuity trends survey which looks at the changes the profession can expect to see in the year ahead. One week into the survey the results are looking interesting. So far, responses show that most respondents expect to see some changes in the way their organization manages business continuity during 2014. Just over half (51 percent) expect to see small changes and almost a quarter (23 percent) expect to see large changes. Trends that are emerging in terms of the changes that business continuity professionals expect to see include: 10 percent are anticipating changes in incident / crisis management processes; 8 percent expect to see greater integration with the wider business; 5 percent expect ISO 22301 implementation projects to drive change in 2014. Business continuity budgets The majority (53 percent) of respondents state that their 2014 spending will be the same as 2013. However more than a third say that their business continuity budgets will be increased: 22 percent state that spending will be higher in 2014 compared to 2013; and 15 percent state that it will be much higher. Recruitment Three quarters (77 percent) of respondents believe that their organization’s business continuity team will remain the same size in 2014. However a fifth (21 percent) expect the team to grow with new additions being made. Only 2.5 percent of respondents expect their business continuity team to shrink. Please take part in the survey: go to https://www.surveymonkey.com/s/businesscontinuityin2014 To read the results of last year’s survey click here.

Natural and manmade disasters underscore the challenges of seamless disaster recovery in the real world. Having a comprehensive business continuity plan isn't just an IT concern; though. Nothing less than the survival of your company is at stake.

By Ed Tittel and Kim Lindros

CIO — We rarely get a head's up that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways.

This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan. The lack of a plan doesn't just mean your organization will take longer than necessary to recover from an event or incident. You could go out of business for good.



Cloud services whether PaaS (platform), SaaS (software), DraaS (disaster recovery) or another ‘as a service’ option are part of the business landscape now. However, in the vast majority of cases, using them means that your data is stored outside your organisation. No matter what the cloud vendor’s reputation, security must be evaluated, confirmed and applied. Here’s a list of ten security questions to help you safeguard your data, your confidentiality and quite possibly your business.



PHILADELPHIA – The Department of Homeland Security’s Federal Emergency Management Agency will evaluate a Biennial Emergency Preparedness Exercise at the Limerick Generating Station.  The exercise will take place during the week of November 18, 2013 to test the ability of the Commonwealth of Pennsylvania to respond to an emergency at the nuclear facility.

“These drills are held every other year to assess government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III.  “We will evaluate state and local emergency response capabilities within the 10-mile emergency-planning zone of the nuclear facility.”

Within 90 days, FEMA will send their evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions.  The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 11:30 a.m. on November 22, 2013 at the Hilton Garden Inn Valley Forge/Oaks, 500 Cresson Blvd, Phoenixville, PA 19460.  Scheduled speakers include representatives from FEMA, NRC, and the Commonwealth of Pennsylvania.

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response.  Written comments may also be submitted after the meeting by emailing FEMAR3NewsDesk@fema.dhs.gov or by mail to:

MaryAnn Tierney
Regional Administrator
615 Chestnut Street, 6th Floor
Philadelphia, PA 19106

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at fema.gov/radiological-emergency-preparedness-program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Follow us on Twitter at twitter.com/femaregion3.


By Ali S. Khan

Waives battering wooden pier and houses

Seeing images of the devastation in the Philippines reminded me of my own experiences with Hurricane Katrina and the Asian Tsunami. During both of those events, I had the honor to join CDC (and WHO in the case of Indonesia) teams to help re-establish crucial public health services and support the impacted communities. Disaster recovery isn’t just about rebuilding damaged homes and businesses; it has everything to do with health.

When something as devastating as Typhoon Haiyan occurs, it can be daunting to consider what a recovery effort might look like. Providing for basic needs and preventing potential injuries and outbreaks are usually at the forefront of any recovery plan. Despite the widespread devastation and lack of infrastructure people still need access to food and water. Groups with special needs, such as pregnant women or the elderly, still need care. These basic needs can present a host of health problems in the face of disaster. And as people begin to get their lives back in order, injuries from cleanup efforts and potential outbreaks due to contaminated food or water sources are a constant concern.

Men and women in a makeshift clinic wearing face masks

Clinic set up in Haiti following the cholera outbreak. Photo by Kendra Helmer/USAID

Stabilizing and Surveillance

The initial health response usually centers on setting up field hospitals, to take care of those who need immediate medical attention. We then turn our attention to disease monitoring efforts to understand the needs within the community and provide critical public health services. These services initially focus on environmental health concerns such as food and (especially) water safety, worker safety, and injury prevention.  

Following an event such as a hurricane or typhoon – where you have excess flood waters – communities must be vigilant about preventing the spread of water borne illness (think E. coli or cholera), which often cause diarrhea and severe dehydration. Although these are two seemingly treatable symptoms, they can be difficult to manage when infrastructure is down and basic supplies (such as clean water) are hard to come by. Crowded and unsanitary conditions can also lead to the spread of disease. Following Hurricane Sandy, several recovery centers had to act quickly to halt the spread of norovirus, a common “stomach bug” that can spread quickly in close quarters. We’ve also learned about the risk of spread of communicable diseases within shelters and the need to provide select immunizations.

building and cars destroyed by a tornado

broken glass, metal, and other debris can pose a serious risk of infection following a disaster.

Cleanup can be a mess

Aside from possible disease outbreaks, one of the most common health problems we saw post-Katrina were injuries related to cleanup, people falling from ladders, carbon monoxide poisoning from generators, and cuts and lacerations people got moving through the rubble. Following a disaster health officials are often on the lookout for cases of tetanus or other wound infections. In 2011, after the F5 tornado struck Joplin, Missouri, a deadly fungal outbreak was discovered among those who had sustained wounds from the cleanup effort. Public health officials work around the clock after a disaster to warn the public of these dangers and track potential disease outbreaks before they get out of hand.


As the Philippines grapple with the mammoth effort of rebuilding their homes, roadways, and towns, they will first have the task of addressing the health needs inherent to a major disaster.  Disease pathogens and hazards are opportunistic and strike when we are at our most vulnerable. My thoughts are with the people of the Philippines and the aid workers helping to get the country back on their feet.

If you would like more information about recovery efforts or how you can help, please visit: http://www.usaid.gov/haiyan/External Web Site Icon.

What if organizations don’t need a chief data officer so much as they need an executive team that understands and relies on data?

I stumbled backwards into this idea by misreading a shortened UK CIO headline: “Bank of England doesn't need a CDO, claims CIO.” As happens too often with tech, it turns out CDO is short for chief digital officer, not chief data officer.

Chief digital officers have more to do with transforming paper tasks to digital. If you want to read more about their job duties, ZDNet published a good trends piece about the role.



Damage in the Philippines from Typhoon Haiyan is widespread, with new information emerging daily. Insured losses, however, are expected to be low, with the greatest impact on smaller reinsurers, according to insurance industry reports.

A.M. Best said in a briefing that it expects insured losses to be minimal, as non-life insurance is less than 1% of the country’s gross domestic product.

“Insured losses in the Philippines will be spread across many segments, including per­sonal lines, fire and property, and marine hull. Fire/property and marine hull will be well reinsured through the major global reinsurers and through Lloyd’s, which will also absorb some marine losses on a primary basis. Net losses to primary insurers will be limited, and some commercial losses also may be covered through captives or other forms of self-insurance,” the report said.



CIO — With the increase in cloud computing and BYOD in the workplace, it's become increasingly difficult for IT departments to keep track of and manage software and hardware -- and maintain a secure environment.

So what can CIOs and other IT leaders do to identify and manage Shadow IT -- software and hardware not directly under the control of IT -- and mitigate the potential risks? CIO.com asked dozens of IT, mobile and cybersecurity professionals to find out. Here are their top six tips for managing Shadow IT in the enterprise.

1. Monitor your network -- to find out if or where you have a Shadow IT problem. "Regardless of whether employees use company-issued or personal (i.e., BYOD) hardware, organizations need to identify where all their data resides -- [in house], in the data center, at the edge or in the cloud," says Greg White, senior manager, product marketing, CommVault, a provider of data and information management software.



I’ve been thinking about the fight between Amazon Web Services and IBM for the CIA and other U.S. government business and it strikes me that something is really screwy. I’m not talking about the bid process, which both IBM and the General Accounting Office (GA0) called out. I’m talking about how, in the age of Manning and Snowden, no Web service provider should have made the cut for a CIA service no matter how benign. The very fact that Amazon had to go to war with the GAO, which you’ve got to believe will have implications for how supportive they will be to other CIA budgetary requests, points to a real failure to understand the dynamics here.

It should have been too politically risky and it suggests that the unique services that a company in IBM’s class provides were taken for granted or completely ignored, which likely goes to its complaint about the bid process, in which Amazon shouldn’t have been able to comply—not technically, but in terms of meeting the security and compliance requirements unique to the federal government.



DENVER – In the two months since heavy rains brought flooding, Colorado survivors have received more than $117.4 million in state and federal assistance and low-interest loans and an additional $35.1 million in FEMA’s National Flood Insurance Program (NFIP) payouts.

To date, more than $52.7 million in Individual Assistance (IA) grants has helped more than 15,000 Colorado households find safe, functional and sanitary rental units or make repairs to primary homes and cover other disaster-related expenses, such as medical needs or personal property loss. Nearly $48.7 million of IA grants have been issued in housing assistance and $4 million in other needs assistance, such as medical or personal property loss. Flood survivors have also received disaster unemployment assistance and disaster legal services.

The U.S. Small Business Administration (SBA) has approved $64.7 million in disaster loans to Colorado homeowners, renters, businesses of all sizes and private nonprofit organizations. Of that amount, $54.3 million was in loans to repair and rebuild homes and $10.4 million in business and economic injury loans. Approved loan totals in some of the impacted areas are currently $40 million in Boulder County, $8.9 million in Larimer County and $7.7 million in Weld County.

In addition:

  • FEMA housing inspectors in the field have looked at more than 24,000 properties in the 11 designated counties for Individual Assistance.
  • In coordination with the State and local officials, FEMA Disaster Survivor Assistance specialists have canvassed Colorado neighborhoods, helping 37,180 survivors connect with recovery services. Survivors have talked to local, state, nonprofit, nongovernmental and FEMA specialists at the Disaster Recovery Centers (DRCs). At the DRCs, in the field and on the phone, FEMA provides information in Spanish and many other languages.
  • More than 50 national, state and local voluntary and faith-based organizations have spent 269,330 hours helping people as they recover from the flooding. The 27,655 volunteers are providing donations, volunteer management, home repair, child care, pet care, counseling services and removal of muck and mold from homes.
  • In the 18 counties designated for Public Assistance, 190 Applicant Kickoff Meetings have been conducted and so far FEMA has obligated $9,451,743 for eligible projects for debris removal, emergency protective measures and the repair of critical public-owned infrastructure.
  • FEMA and the State’s Private Sector team has contacted organization leaders from 33 Chambers of Commerce, six Economic Development Centers and 38 colleges and universities to share disaster assistance information.
  • The Federal Disaster Recovery Coordination group is coordinating disaster recovery across the entire federal family of agencies, facilitating long-term relationships among agencies, identifying technical expertise and funding opportunities; suggesting strategies for addressing specific needs, and generally encouraging a whole community approach to disaster recovery.
    • Coordinating agencies represented in FDRC include U.S. Army Corps of Engineers, U.S. Department of the Interior, U.S. Department of Housing and Urban Development, and U.S. Department of Commerce.
  • Speakers Bureau has received 71 requests from local officials throughout the affected area and 363 State/FEMA specialists and SBA representatives have spoken at town hall meetings and other venues. More than 7,600 attendees received information about FEMA’s IA program, Hazard Mitigation, flood insurance and SBA.
  • Mitigation specialists have counseled 15,250 survivors during outreach efforts at area hardware stores and more than 4,300 survivors at Disaster Recovery Centers in Colorado.
  • In the first 60 days of the Colorado flooding disaster, there have been 96,375 total page views on the disaster web page, fema.gov/disaster/4145, or an average of 1,606 daily. More than 500 tweets in the last 60 days were posted on the FEMA Region 8 Twitter feed, an average of eight daily tweets. The R8 Twitter feed has increased its followers to 9,000, an increase of nearly 600 new followers in the past 60 days.
  • At the request of the State, the 11 counties with FEMA IA designations are Adams, Arapahoe, Boulder, Clear Creek, El Paso, Fremont, Jefferson, Larimer, Logan, Morgan and Weld.
  • At the request of the State, the 18 counties with FEMA Public Assistance (PA) designations are Adams, Arapahoe, Boulder, Clear Creek, Crowley, Denver, El Paso, Fremont, Gilpin, Jefferson, Lake, Larimer, Lincoln, Logan, Morgan, Sedgwick, Washington and Weld.

County-By-County Breakdown of State and Federal Grants

Adams County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Arapahoe County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Boulder County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Clear Creek County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



El Paso County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Fremont County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Jefferson County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Larimer County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Logan County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Morgan County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Weld County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:


Register with FEMA by phone, 800-621-3362, from 5 a.m. to 8 p.m., MST, seven days a week.  Multilingual phone operators are available on the FEMA helpline. Choose Option 2 for Spanish and Option 3 for other languages. People who have a speech disability or are deaf or hard of hearing may call (TTY) 800-462-7585; users of 711 or Video Relay Service can call 800-621-3362.

Register online: DisasterAssistance.gov. Register by Web-enabled device, tablet or smartphone: type m.fema.gov in the browser.