Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

The 2014 BCI Global business continuity Awards will be presented on Nov. 5, 2014, at London’s Science Museum as part of BCI World.

The BCI has published the list of individuals and organizations that have been shortlisted for an award. These are:

Business Continuity Consultant of the Year

  • Paul Trebilcock MBCI, Director, JBT Global
  • Thomas Keegan MBCI, Middle East Enterprise Resilience Leader, PwC
  • Bill Crichton FBCI, Managing Director and Principal Consultant, Crichton Continuity Consulting Ltd
  • Harvey Betan MBCI, Principal, H betan Inc
  • Ahmed Riad Ali MBCI, Manager, Ventures Middle East
  • Peter Frielinghaus MBCI, Senior BCM Advisor, ContinuitySA
  • Mohammed Chughtai MBCI, Managing Director of Business Continuity, RecoveryWorks Consulting

Business Continuity Manager of the Year

  • Werner Verlinden FBCI, Vice President Business Continuity Management, Reed Elsevier
  • John Zeppos FBCI, Group Business Continuity Management Director, OTE Group of Companies
  • Nisar Ahmed Khan MBCI, Business Continuity Management Leader, Kuwait Finance House
  • Abdulrahman Alonaizan MBCI, Head of Business Continuity Management, Arab National Bank (ANB)
  • Sylvain Prefumo MBCI, Head of Business, State Bank of Mauritius Ltd
  • Dave Morgan MBCI, Senior Business Continuity Program Manager, Delta Dental

Public Sector Business Continuity Manager of the Year

  • Brian Gray MBCI, Chief – Business Continuity Management, United Nations
  • James McAlister MBCI, Business Continuity Manager, Merseyside Police
  • Ian Goldfinch MBCI, Manager, ICT Continuity Planning, SA Health
  • Dr Clifford Ferguson AMBCI, Government Pensions Administration Agency

Most Effective Recovery of the Year

  • Bank of New Zealand
  • EDP Distribucao
  • Telus Communications
  • Barclays Bank of Kenya 
  • Commercial International Bank (S.A.E) - Egypt
  • Mobily
  • Telekom Deutschland GmbH

BCM Newcomer of the Year

  • Luke Bird MBCI, Business Continuity Executive, Atos
  • Mohammad Farhan Khan AMBCI, Senior BCM Consultant, Protiviti Middle East
  • Leanne Metz AMBCI, Associate Director, Enterprise Program Management Office, Mead Johnson Nutrition
  • Yasmine Elhamouly AMBCI, Business Continuity Manager, PwC
  • Mark Dossetor AMBCI, Manager Business Continuity, Department of Transport, Planning and Local Infrastructure (DTPLI)

Business Continuity Team of the Year

  • Franklin Templeton Investments
  • NBAD
  • Marks & Spencer
  • Commercial International Bank (S.A.E) - Egypt 
  • Barclays Bank of Kenya
  • ATO Business Continuity Management Team

Business Continuity Provider of the Year (BCM Service)

  • Continuity Shop
  • EHDF
  • Plan B Disaster Recovery
  • Avalution Consulting
  • Phoenix Quickstart
  • Linus Information Security Solutions 
  • Hewlett-Packard Australia - Continuity Services 
  • Sungard Availability Services 

Business Continuity Provider of the Year (BCM Product)

  • ezBCM
  • Phoenix
  • Sungard Availability Services
  • ResilienceONE® BCM Software 
  • Linus Information Security Solutions

Business Continuity Innovation of the Year (Product/Service)

  • PAN Software Pty. Ltd.
  • Cobalt
  • Pinbellcom Limited
  • Linus Revive Business Continuity Management System
  • Deloitte 

Industry Personality of the Year

  • Peter Brouggy
  • Chittaranjan Kajwadkar MBCI
  • Frank Perlmutter FBCI
  • Braam Pretorius
  • Ahmed Riad Ali MBCI
  • Andy Tomkinson MBCI
  • John Zeppos FBCI

More details

Aon Global Risk Consulting, in collaboration with the Wharton School of the University of Pennsylvania, has released its Aon Risk Maturity Index Insight Report, October 2014.

This year’s report indicates six main findings:

1. Confirmation of past analysis on the inverse relationship between a higher Risk Maturity Rating and lower stock price volatility, and a direct relationship between a higher Risk Maturity Rating and superior operational financial performance.

2. Confirmation of past analysis on the relationship between a higher Risk Maturity Rating and the relative resilience of an organization’s stock price in the immediate aftermath of significant risk events.

3. Identification that the 2013/2014 bull equity market environment may have an equalizing effect on an organization’s stock price and create a false sense of security around to need to invest in a robust, holistic risk management approach.

4. Introduction of new findings that evidence a correlation between board risk oversight practices and risk maturity.

5. Groundbreaking new research showing a direct relationship between risk-based forecasting and planning and firm volatility and earnings predictability.

6. Introduction of cross-over analysis to Aon’s Global Risk Management Survey that indicates while organizations appear to identify similar opportunities and risks an organization’s level of planning, preparedness and response to these risks is distinctly different.

The report was developed as a means of driving marketplace insight on the relationship between an organization’s risk maturity and factors that drive organizational performance. This edition of the report confirmed findings from previous analyses, which found that more mature risk management practices directly correlate to stronger financial results and organizational and stock price resiliency in response to significant risk events.

http://www.aon.com/riskmaturityindex/

The Army National Guard's first cyber protection team received its new shoulder sleeve insignia during a ceremony conducted by US Army Cyber Command/Second Army.

Lt. Gen. Edward C. Cardon, commanding general, US Army Cyber Command, cited the ceremony as a major milestone for Army cyberspace operations, Guard and Reserve forces and for the Army.

"It is another indication of the tremendous momentum that the Army is building to organize, train and equip its cyberspace operations forces," Cardon said. "Army Cyber Command is taking a Total Force approach to building and employing the Army's cyber force."

The new cyber protection team is the first of almost a dozen similar Army National Guard/active duty cyber protection teams, according to Cardon.

Cardon cited the experience that Army Guard soldiers bring with them from both the military and civilian sectors as being beneficial to the mission. "They bring a wide range of experience, not only from serving in the Army National Guard, but also from working in industry, state government or other government agencies," he said. The teams will be responsible for conducting defensive cyberspace operations, readiness inspections and vulnerability assessments as well as a variety of other cyber roles and missions.

www.army.mil/news/nationalguard

Ed. Note-today we have a guest post from noted ethics and compliance expert, as well as steel guitar player, Chris Bauer.

Okay, you know that you need to have effective compliance training but do you really know what will actually make it effective? The reality is that far too many compliance training program fail on multiple counts. With compliance as critical as it is, that is unacceptable. Thankfully, there are a few areas which, if attended to well, can correct many of the most-frequently seen problems with the development and execution of these programs.

Here are five of the areas I see getting missed time after time in compliance training programs.

Do you actually have a solid, working definition of what compliance is? I see ethics, compliance, and accountability as being ‘cross-defined’ all the time. Do they inter-relate? Absolutely and it’s even a great idea to inter-relate them in your training. However, until you are clear about what you mean by all three of those terms, your training will leave employees confused and confusion is never good for compliance training…

...

http://tfoxlaw.wordpress.com/2014/10/23/five-quick-and-easy-ways-to-sabotage-your-compliance-training/

Something was bound to happen eventually.  Isn’t that what disaster planning all about; prepare for the unplanned events that can throw things in chaos? After years of never experiencing any sort of terrorist actions, today that changed in Ottawa, Canada. Terrorists, which is what they attackers are being called at the moment, shot and killed a RCMP officer guarding the Canadian War Memorial and stormed the Parliament building, where Members of Parliament were actually on site. On Monday – Oct 20/14 – a radical ran down two Canadian soldiers in uniform; one later dying in hospital.

It pains me to know that a soldier guarding a memorial for fallen soldiers – in all wars – dies protecting that memorial.  Our thoughts go out to his family and loved ones.

...

http://stoneroad.wordpress.com/2014/10/23/canadian-disaster-and-emergency-planning-changes-forever-today-october-22-2014/

At the moment, there is no greater priority in enterprise IT than building out and leveraging the cloud. Organizations that make the transition successfully will reap the benefits of a more agile infrastructure and lower costs. Those that don’t will fall into obsolescence.

But the sheer number of options when it comes to cloud services and infrastructure is mind-boggling. Whether it is public, private or hybrid, SaaS, PaaS, IaaS or the numerous permutations within those groups, the roadmap to a successful cloud environment is far from clear.

Like any IT deployment, it all starts with the platform you choose. This is particularly crucial when it comes to the private cloud because it is the owned-and-operated rock upon which all other cloud services will be built. And it is why we’ve seen such a plethora of options lately, both from traditional IT vendors and the rising tide of cloud providers.

...

http://www.itbusinessedge.com/blogs/infrastructure/new-platforms-bring-public-vs.-private-clouds-into-focus.html

October 23, 2014

Business Travel Risks

There are a number of reasons organizations need to be paying attention to their employees’ travel risks, including health scares, natural disasters and political unrest. Since unpredictable events like these are now a global reality, many businesses are taking a hard look at business travel risks and ways they can protect their employees abroad.

In fact, 80% of travelers believe their companies have a legal obligation to protect them abroad, according to On Call International LLC’s report, “Travel Risk Management.” This means employees may blame their organization if their health or safety is compromised during a business trip. Because so much is at stake for companies that send staff members across the globe, it is important for employers to understand business travel risks and implement a travel risk management strategy to protect their workforce—and their company.

The study notes that companies need to be prepared to respond quickly and effectively to any travel-related incident. Responses should also put the needs of the employee first. Companies need to anticipate the risks and prevent them from occurring–or at least limit their potential impact.

...

http://www.riskmanagementmonitor.com/business-travel-risks/

(MCT) — Officials with the Iowa Department of Homeland Security and Emergency Management on Tuesday announced the development of an Alert Iowa statewide mass notification and emergency messaging system.

The new alert system can be used by state and local authorities to quickly disseminate emergency information to residents in counties that use the system, according to Homeland Security agency Director Mark Schouten, who announced the launch of the new alert system at the opening of the 11th Annual Iowa Homeland Security Conference.

The system is free of charge and available to all counties So far 34 of Iowa’s 99 counties have signed up to use the Alert Iowa system, officials said. Alert Iowa will allow citizens to sign up for the types of alerts they would like to receive. Messages can be issued via landline or wireless phone, text messaging, email, FAX, TDD/TYY, and social media.

...

http://www.emergencymgmt.com/safety/Iowa-Officials-Debut-Mass-Notification-System.html

During my very first Stage 1Audit for ISO 22301 I was naturally very curious. I was spouting out all sorts of thoughts and questions (no doubt much to the annoyance of my Manager and the attending Auditor at the time but I think it’s important to ask those questions when learning). One thing I have remembered from that experience was being told:

“Achieving the initial ISO 22301 certification is probably the easiest part. Everything is new, employees tend to be enthusiastic and management often seem to have it at the top of their list. It’s the repeat visits (AKA Surveillance or Continuous Assessment Visits) or the Extension to Scope Assessments that present the real challenge. Employees can lose interest, other competing demands take over in the boardroom and documents can sometimes get mothballed”

In hindsight the Auditor wasn’t wrong. As soon as that organisation first achieved certification it was quickly celebrated but then the profile simply lost some of its “fizz”. Other challenges or new exciting initiatives took over and while the BCMS continued to tick over things definitely appeared to slow down but then came the return visit…

As you can imagine with these kinds of things, there was a last minute flurry of activity to update plans, roll out awareness campaigns, and brief all managers to within an inch of their life about the possible questions they might receive!

...

http://blueyedbc.blogspot.com/2014/10/iso-22301-certification-challenging-to.html

New Organizational Resilience Standard launch announced

 
The publication date for the new British Standard for Organizational Resilience BS 65000 has been confirmed as 27th November 2014 and will be held in the City of London. 
The BS 65000 standard offers guidance on how organizational resilience can be enhanced through connecting the strategic goals of the business with wider thinking on the processes and resources that deliver value enhancing capabilities.  
Over the last few weeks the technical committee have been busy with the final amendments following the extensive of industry engagement over the past 12 months.  
BS 65000 identifies organizational resilience as dynamic concept that requires the integration and co-ordination various processes and resources that are often already in place.  Through the standard overall performance improvement can be gained by taking care to understand processes and activities in greater depth and with a particular emphasis on the relationships they have to other activities, resources and stakeholders. This will sound familiar to many Business Continuity professionals, but the essential difference is the breadth and depth required and recognition and embedding of a more strategic set of corporate values. Key to the standard is cutting through silos, structures and hierarchies with the aim of protecting and enhancing value chains.
...