Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

October 22, 2014

Another BCP Anagram

Yes, I realize that the last thing we need in Business Continuity Planning practices is another anagram, but, hey, what’s the fun in writing a blog if you can’t cause trouble?  So here goes – another BCP anagram …

I have been stating for a while now, that the BCP Methodology needs to be revisited.  I think that the tried and true practice of conducting BIAs is a bit flawed.  In practice, I think, the methodology attacks middle management and department level areas in the organization without first establishing corporate-wide and senior level objectives for business during a crisis.  When we ask people to establish RTOs and RPOs (more of those lovely anagrams – see the chart below) what are they basing their answers on?  When we ask for impacts of being down, to set those recovery objectives, what business objectives are they being designed to meet?

I think that the BCP Methodology needs to add a step in the beginning of our analyses in which we establish – are you ready for it, here it comes, the new anagram, in three, two, one – our ABOs, Adjusted Business Objectives.  I think part of the fallacy in our current process is that RTOs (or MADs if you prefer that anagram) are set with the assumption that the company is still aiming to hit its established business objectives for the year.  And, I think that is wrong.  During times of crisis, I think management’s expectations of what the company should achieve are adjusted.  During times of crisis, we may not have the same Income Targets, Profit Targets, Sales Targets, Margin Targets, Production Targets, etc.

...

http://safeharborconsulting.biz/blog2/2014/10/21/another-bcp-anagram/

The Hamilton Project at the Brookings Institution and the Stanford Woods Institute for the Environment released a new report Oct. 20 that addresses how Western states can confront the crippling drought that threatens the nation’s entire water system.

The report is comprised of three papers, each of which examines particular strategies for coping with ongoing drought conditions. The first paper, Shopping for Water, advocates using market forces to manage water resources and lessen the impact and frequency of water shortages. The second paper, The Path to Water Innovation, highlights the need for innovative new technologies for promoting efficiency and conservation and suggests reviews of regulatory practices and creating statewide offices for water innovation. The third paper looks at nine economic facts about water in the United States with “the aim of providing an objective framing of America's complex relationship with water.”

In conjunction with the release of the papers, a forum was hosted on Oct. 20 at Stanford University to discuss the topics and issues within the report. Authors of the paper were joined by other water experts, as well as California Gov. Jerry Brown, who opened the forum with his vision of the landscape of water in the west.

“Water is going to be a major issue that is going be addressed in the California Legislature, in Congress – water issues don’t get solved in one place. It’s a complicated interplay of governmental jurisdiction at every level,” Brown said.

...

http://www.emergencymgmt.com/disaster/Confronting-Wests-Water-Crisis-EM.html

The Ebola epidemic in Africa and fears of it spreading in the U.S. have turned the nation’s attention to the federal government’s front-line public health agency: the Centers for Disease Control and Prevention (CDC). But as with Ebola itself, there is much confusion about the role of the CDC and what it can and cannot do to prevent and contain the spread of disease.  The agency has broad authority under federal law, but defers to or partners with state and local health agencies in most cases.

Julie Rovner answers some common questions.

...

http://www.emergencymgmt.com/health/What-CDC-Can-Do-Fight-Ebola.html

As the number of companies suffering a data breach continues to grow – with U.S. retailer Staples now reported to be investigating a breach – so do the legal developments arising out of these incidents.

While companies that have suffered a data breach look to their insurance policies for coverage to help mitigate some of the enormous costs, recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, notes the I.I.I. white paper Cyber Risks: The Growing Threat.

A post in today’s Wall Street Journal Morning Risk Report, echoes this point, noting that a lawsuit between restaurant chain P.F. Chang’s and its insurance company Travelers Indemnity Co. of Connecticut could further define how much, if any, cyber liability coverage is included in a company’s CGL policy.

...

http://www.iii.org/insuranceindustryblog/?p=3822

Cloud-based Solution Simplifies ILM, Data Storage and Addresses HIPAA Compliance Challenges

BATON ROUGE, La. – Venyu, a leader in business continuitycloud-based virtualization, and battle-tested data recovery, today announced that Hendrix Orthodontics has adopted VenyuCloud to provision virtual servers, comply with HIPAA regulations and run its full suite of dental applications. The full case study can be viewed here.

Located in Kennett Square and West Grove, PA, Hendrix is small, growing orthodonticpractice facing many of the same Infrastructure Lifecycle Management (ILM) challenges associated with most large businesses. The company faced a choice:  Undertake an expensive infrastructure upgrade -- likely to recur every five years -- or evolve into a more centralized, secure and HIPAA-compliant IT environment. Hendrix elected to transition approximately 50 PCs and three data servers from its unsupported Windows XP operating system into the cloud, in addition to hosting its company files, patient records, charts and x-rays.

“Based on everything I’d read, the global transition to a cloud-based environment is inevitable. Despite this, people kept telling me the complexities associated with my type of data made the cloud option impossible,” said Dr. Jeff Hendrix, Hendrix Orthodontics. These fears were alleviated when Hendrix turned to VenyuCloud. 

VenyuCloud enables secure and highly-available IT-as-a-Service (IaaS) to create a scalable and HIPAA-compliant outsourced infrastructure. The model lets companies like Hendrix pay only for the processing power consumed, all while leveraging the power of VMware virtualization, full redundancy and high-availability.

With the help of Venyu, the practice began moving all core data applications to the cloud, including documents and files, billing, video presentations -- as well as specific industry tools, such as:  Carestream OrthoTrac Office, Dolphin Imaging and Aquarium, Ormco Insignia with Damon System, QuickBooks, Microsoft Office, and Invisalign.

“What’s truly amazing is that storing and accessing x-rays and patient records to and from the cloud is seamless; taking only seconds no matter where we are.  The infrastructure is much faster and more reliable than our previous in-house server solution,” Hendrix noted.

Within several months, the practice fully consolidated multiple data servers into one cloud-based system and all workstations are now simple machines which require no maintenance.  In addition, VenyuCloud delivers an elastic service so Hendrix can easily adjust the bandwidth and processing power to meet specific application requirements.

“VenyuCloud made it simple to manage what used to be a highly cumbersome process.  In the past, I used to walk in circles across both offices to upgrade and reboot our PCs and servers.  With Venyu, those problems are now obsolete,” Hendrix concluded.

“Hendrix is a perfect example of how a small business can avoid the costly and repetitive process of upgrading IT hardware and software,” said Scott Thompson, CEO, Venyu. “Leveraging the cloud for IT needs, companies can devote more time to concentrate on their core competencies by effectively and efficiently outsourcing their IT burden.”

About Venyu
Venyu is a premier provider of data center, managed hosting, cloud, virtualization and data protection solutions. By leveraging Venyu's portfolio of innovative, ROI-focused solutions, including VenyuCloud and RestartIT, within secure, highly available data centers, organizations can reduce IT costs while increasing security and scalability. For more information about Venyu and its industry-leading offerings, please visit www.venyu.comYour Data Made Invincible™.

By Paul Kirvan.

The Ebola outbreak shows how esoteric threats shelved in the ‘it will never happen’ folder can erupt to cause major disruption. Two other such threats spring to mind and it may be a good time for a reminder of these:

Solar storms

Solar flares traveling from the sun to the earth contain massive amounts of energy that have been known to disrupt electronic systems. Such an event could potentially cripple the world’s electrical grids for years, causing billions (trillions?) in damages.

Back in 2010, the US House of Representatives’ Energy and Commerce Committee voted unanimously to approve a bill allocating $100 million to protect the US energy grid from this rare but potentially devastating occurrence. The Grid Reliability and Infrastructure Defense Act, or H.R. 5026, aimed "to amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cybersecurity and other threats and vulnerabilities."

...

http://www.continuitycentral.com/feature1239.html

Risk management is developing into a strategic function within European organizations. At the same time, risk management can contribute much more as its strategic role grows. Currently, risk managers are not satisfied with the level of mitigation for six of the top 10 risks ‘that keep their CEO awake at night’.

These are the key findings from the 2014 Risk Management Benchmarking Survey conducted earlier this year by the Federation of European Risk Management Associations (FERMA). Now its 7th edition, the FERMA Benchmarking Survey this year received a record number of 850 responses from 21 European countries.

Using the results of the survey, FERMA has published its first European Risk and Insurance Report. FERMA President Julia Graham says, "FERMA has said that risk managers are becoming risk leaders - the European Risk and Insurance Report provides evidence to support that view. It, therefore, also endorses FERMA's objective to shape and support risk management as a profession."

...

http://www.continuitycentral.com/news07400.html

Would a football player take to the field without attending training? Would an actor take to the stage without going to rehearsals? Would a pilot take to the skies without having practiced how to fly a plane? I’m sure any sensible person would answer ‘no’ to these questions. Before you know you're good enough to take on a role, you need to have practiced it first. Similarly, before you know your business continuity plan is fit for purpose, you need to have practiced it too.

We all know that every organization should have a business continuity plan – common sense dictates that when disaster strikes you would want to continue functioning as normal as possible. But how many organizations actually test their plans? They can be time consuming, they can be expensive, it can be difficult to get management buy-in and you can often be frustrated by the lack of enthusiasm from the general workforce who just want to get on with their jobs without your disruption. According to a recent study by Databarracks, less than a third of respondents to a survey (29%) claimed they had tested their plan in the last twelve months.

...

http://www.thebci.org/index.php/about/news-room#/news/putting-your-plans-to-the-test-95573

When was the last time you saw a survey on Information security in enterprises? It’s a topic that often means different things to different people. For some it’s antivirus software to stop malware getting in, while for others it’s strict secrecy to stop marketing strategies from getting out. Yet data breaches can happen anywhere in a company and in a multitude of ways. Here are a few aspects that may help broaden your perception of some of the risks.

...

http://www.opscentre.com.au/blog/information-security-what-do-you-think-its-all-about/

In a previous post, I discussed ways that small to midsize businesses (SMBs) can take their offices paperless. One of the biggest issues that companies face is finding a better way to store all those files than a clunky file cabinet full of papers.

Many companies rely on servers and cloud services to store their vast collections of files. One up-and-coming company, eFileCabinet, provides software and web services for SMBs to create, organize and store their important documents.

In an email interview with Matt Peterson, president and CEO of eFileCabinet, I discussed why many SMBs haven’t gone paper-free, the future of digital document management and how the eFileCabinet service works.

I asked Peterson why he felt more SMBs haven’t embraced a completely paperless office. In his opinion, people are afraid of change and find conversion of current paper files to be overwhelming:

...

http://www.itbusinessedge.com/blogs/smb-tech/efilecabinet-ceo-explains-why-digital-document-management-is-the-future.html