Disaster Recovery Journal

Wednesday, April 10, 2013 2:00 PM - 3:00 PM EDT

ISO 22301 details a quality, globally accepted, auditable BCMS standard Like all ISO's, it results from expert work and blessed by 160+ countries.

Organizations can benefit from global acceptance, good practices, and management experience.

This webinar covers the overall need for automation to support ISO 22301, with an exploration of six major program management areas where software can be exceptionally helpful for the new standard, as follows:

• BIA and RA analysis (8.2.2, 8.2.3)
• Resources and planning (8.3.2, 8.4.4)
• Testing and exercise management (8.5)
• Incident response/communications (8.4.2, 8.4.3)
• Audit reporting (9.2)
• Corrective actions (10.1)

Additional areas for potential automation will also be covered.

Wednesday, February 13, 2013 2:00 PM - 3:00 PM EST

Why focus on just one standard, when you could comply with any or all of them

Discover a better way to interpret the alphabet soup of ISO, FFIEC, COBIT, COSO, NFPA, NASD, DRI, BCI, Basel II and other standards to your greatest advantage, in one insightful hour that addresses:

• ISO22301:2012—is it really the gold standard for your industry? Explore whether a one-standard-fits-all solution is desirable, or even practical.
• Harnessing the best attributes of standards, best practices, and frameworks for your BC, DR, and EM plans.
• Evaluating BC standards. Learn how one company has already mapped multiple business continuity standards to 101 essential characteristics, and how you can build upon that logic in your BC plans.

Benefit from the strategies behind the BCP Genome framework and how that approach can help you develop more practical and thorough business continuity plans. Reserve your time for the “Business Continuity Standards Untangled” Webinar, today.

Presented by Frank Perlmutter (CBCP) (MBCI), co-founder of Strategic BCP® and ResilienceONE® BCM software, and a nationally recognized speaker who draws upon more than 15 years of BCM experience, including his role as Manager of Disaster Recovery/Continuity of Operations Planning for the U.S. Department of the Treasury.

 

Construction , law questions to consider

John Glenn, MBCI
Certified Business Continuity Planner

Most of our business continuity plans include evacuation procedures of some sort.

Many are simply "get out and gather in the parking lot." Only a few organizations have true "shelter-in-place" options.

I use the term "options" deliberately, because "shelter-in-place" is more than just staying inside a building.

Shelter-in-place demands a safe environment.

HazMat threats

For many planners considering a shelter-in-place option, the risk comes from hazardous materials. If the organization is located along a busy highway, railway, canal or seaway, if it is near a sea or airport, or if it is situated near chemical plants or other operations which emit dangerous gases, the hazmat risk must be considered the primary reason to include a shelter-in-place option.

But there are other reasons. Two near the top of my list are tornados and earthquakes.

Unfortunately, there still are other reasons, such as bombs. The bomb may not be intended for your facility, but if your facility is in close proximity to it … bombs are non-discriminatory.

An occasional correspondent told me of two "shelter-in-place" incidents which occurred with his organization, a large insurance company.

One incident goes back to Sept. 21, 2006 and a "fire down below" event in Philadelphia. A fire and related gas buildup caused explosions in the sewer lines beneath the city's streets. The explosions were so powerful that they sent man hole covers flying into the air and shook nearby buildings.

My correspondent's organization has offices in two adjacent high-rise buildings. Each building apparently has independent management; one building was evacuated, the other was not.

The evacuees left the relative safety of the buildings for the dangers of the street and flying "maintenance hole" covers, each weighing more than 100 pounds (55 kilo).

On the other hand, since at the time no one knew what was going on, those who remained in the building could have been killed had the building collapsed. (This seems to make a good case for identifying the danger before making a move; rather like touching a door to see if it is cool before opening it to an area that may be engulfed by fire.)

The second incident happened in another town when someone placed a bomb across the street from my correspondent's facility.

It wasn't much of a bomb – he said the folks in the office reported it looked like a small gasoline can – and it was not intended for this organization, but it was a threat and the people of the office did go to a safe room.

‘Safe’ Rooms

The first consideration of any shelter-in-place option is to determine the safe room specifications.

From what risks is the "safe room" supposed to provide safety?

In most parts of the United States and Canada, the most common threat is a tornado. Tornado-proof rooms have been around for some time and their value is proven.

In California and, actually, many other places in North America, earthquakes are a concern. Perhaps not as high on the probability scale as tornados, but requiring consideration. Earthquake-resistant structures are commonplace in Japan and are gaining acceptance in parts of North America.

Elsewhere, along rivers, railroad tracks, major highways, and near ports of all types, hazardous material accidents are a threat. Locations near chemical plants must be considered at risk for a hazmat accident.

The best time to plan for a safe room – regardless of threat – is before a structure is designed. Unfortunately, business continuity planners rarely are invited to express their thoughts at this stage. (Perhaps we should make ourselves available to architects as a "value-added service.")

Creating a "safe room" in a low-rise building - according to the U.S. National Fire Protection Association (NFPA), a building less than 75 feet/25 meters high - as the building is being designed should be a simple and relatively low-cost option. Retro-fitting a safe room into an existing structure is another matter.

"Safe rooms can be included in the design of high-rise structures,” according to Janice Olshesky at the Olshesky Design Group in Alexandria, Va. “The effectiveness of the shelter will depend on the ability of the building in which the safe room is located to withstand damage and remain standing. While the shelter must be able to resist debris impact, it is not reasonable to expect the safe room to withstand the weight of the building crashing down upon it.

 "There are many ways the building can be structurally strengthened in new design. These ways would include incorporating continuity, redundancy and ductility into the design which would allow a damaged building to bridge over a failed element and redistribute loads. This will limit the debris that might otherwise fall down upon the hardened safe room," Olshesky explained.

As far as retrofitting an existing structure, she said that safe rooms can be retrofitted into existing low-rise and high-rise buildings. An existing area that is retrofitted to serve as a shelter is unlikely to provide the same degree of protection as a shelter designed as new construction.

"While retrofitting existing buildings to include a shelter can be expensive and disruptive to users, it may be the only available option. When retrofitting existing space within a building is considered, interior conference rooms, stairwells and other areas that can be structurally and mechanically isolated provide the best options.

“I do not know what the cost would be" she added.

Is it Legal?

Can you force someone to stay inside when they want to leave?

What happens if Jane Doe needs to go pick up little Susie at day care while the building is locked down? Of if Frank of Finance needs to take Frank Jr. to hockey practice? Or simply that according to Mabel, "it's time to go home, so I'm going."

Can an employer or employer's agent – a business continuity planner, for example – force a person to say inside when the person may be injured by going outside? How about preventing a person from leaving because in the process of going out, the risk – chemical, human, something we can't foresee – will enter the safe area? For that matter, can someone be obliged to stay with the group during an evacuation?

I am not a lawyer and I don't play one on TV, but I will make one suggestion: if your organization anticipates having a safe room, have policies and procedures in place spelling out - in simple, unambiguous language – what is expected of all personnel and make certain that all personnel acknowledge that they have read, understood, and accept the policies and procedures.

And hope there are no claustrophobic clients or vendors in the building when the lockdown commences.

Something to consider when creating the policies and procedures to allow or deny a person to endanger themselves and others by leaving the safe room: if people have to stay inside past their normal shift, do they get paid? Can they make personal calls? What about food – will the junk food machines be unlocked and staff allowed to raid them? And, by the way, what about people with special diets?

Nothing's simple.

Evacuating to the Parking Lot

At the beginning of this exercise I hinted that having people stroll out to the packing lot may not be the best way to design an evacuation plan.

First, there needs to be a buddy system to help assure that everyone exits the facility. There also needs to be "hall monitors" or "fire wardens" who have the authority to "clear the halls" of lingerers. Very senior management must sign up for evacuation exercises and join the peons in filing outside. If the boss can stay inside on an inclement day, why not me? Right?

Second, people need to have something between them and the building they just abandoned.

If there is a fire, there could be an explosion. If there is an explosion, there could be flying debris. The evacuees need to put some protection between them and the flying debris (even if it "only" is glass from a broken window).

Congregating in a parking lot adjacent to the evacuated building probably is congregating too close to danger. On the other hand, the cars in the lot might provide some protection from projectiles. Other things sometimes found in/near parking lots also may be helpful – dumpsters are fine, but generators are "iffy" since where you have generators you usually have fuel and that is a hazard on several levels.

Congregating in a parking lot has an additional disadvantage – emergency responders (fire, police) will be coming with their equipment and having the building's occupants blocking the way will prove counter-productive.

The U.S. Occupational Safety and Health Administration (OSHA) has a publication which recommends ways out of a high-rise building (75 feet/25 meters or higher). As with most U.S. government publications, the 2-page Evacuating High-Rise Buildings Fact Sheet is available to download for free from the Internet at http://www.osha.gov/OshDoc/data_General_Facts/evacuating-highrise-factsheet.pdf/

John Glenn, MBCI, has been helping organizations of all types avoid or mitigate risks to their operations since 1994. Comments about this article, or others at http://JohnGlennMBCI.com/ may be sent to JohnGlennMBCI@gmail.com.

ADVERTISEMENT

Do you know how much downtime costs your company every year? Most companies are shocked when they find out. A study by Infonetics Research* found that medium businesses (101 – 1,000 employees) are losing an average of 1% of their annual revenue, or $867,000, to downtime, with an average of nearly 140 hours of downtime every year. In addition to the financial losses, downtime creates a number of other risks including lost productivity due to idle employees, loss of customer confidence, liability and fraud due to lost records and data, and safety concerns due to no surveillance or critical communications. So what is 1 hour of network downtime worth to your company?

Having a continuity of communications plan in place should minimize the risks of network downtime, and help organizations like yours focus on their core business. To be effective, it should meet some basic criteria:

• Provide cost effective broadband access for multiple applications
• Provide near 100% uptime per remote locations
• Establish an always on back up network that is 100% diverse from the terrestrial network
• Keep communications running with constant access to data, video, voice and radio, even when local network services are down
• Provide a solution that is easy to manage, deploy and operate on an ongoing basis

To keep operations running in the event of a telecommunications disruption satellite has proven to be an ideal solution that provides continuity of communications and ensures critical applications stay online. With today’s latest technology, companies can seamlessly and cost-effectively integrate satellite into hybrid networks and combine it with common carrier technologies (DSL, cable, T-1, fixed wireless etc.). The network can be configured to support varying requirements and support different applications beyond network backup. Organizations benefit from having a highly reliable high availability network that ensures telephone and critical data applications always stay online. Overall, a satellite continuity solution provides the following benefits:

• Makes communications across locations easy
• Enables applications to perform optimally
• Minimizes lost revenue or additional costs from downtime
• Protects internal & customer data
• Ensures operations during short or longer incidents

With Spacenet, a leading provider of wireline and wireless networks, organizations now have more options for cost-effective and reliable network backup via satellite. It recently introduced the new Prysm Pro network appliance which enables seamless network backup between wireline and wireless networks.

As an example, Regis Corporation, the beauty industr's global leader in beauty salons, hair restoration centers and cosmetology education, selected Spacenet’s Prysm Pro to be used at over 7,000 nationwide locations to support automatic hybrid switching between its wireline and wireless technologies for network backup. In addition, it is simultaneously leveraging Prysm Pro for integrated WiFi hotspot services for customers, integrated Analog Telephone Adapter (ATA) for VoIP functionality, and POS hardware for its retail applications.

Spacenet also offers transportable satellite communications providing the ability to deploy quickly to an emergency site and communicate effectively.

As an example, a large independently owned food retailer needed a reliable communications network to support its emergency response initiatives. The ultimate objective was to provide disaster relief in emergency situations including access to critical supplies such as medicine and food. The customer deployed Spacenet’s high performance satellite network in support of disaster-relief efforts during hurricanes Dolly and Ike. The transportable satellite communications solution enabled the retailer to support critical communications including high-speed broadband data during the hurricane relief efforts. The system worked extremely well and enabled data communications to be up and running within minutes.

Overall, satellite services can play a critical component in helping a company maintain communications in any situation. The right solution will enable your company to focus on its mission and avoid the risks of network downtime.

For more information, contact Spacenet at 866.480.2263 or visit www.spacenet.com/drj.

About Spacenet®
Spacenet is a leading provider of broadband network solutions for US based business, industrial and government customers. We offer a complete product and services portfolio for applications ranging from primary communications for corporate applications and secure data transfer, to hot stand-by solutions for continuity of operations and network backup, or field deployable solutions for disaster recovery and emergency management. For more information visit www.spacenet.com.

*Source: Medium Businesses Lose $867,000 a Year to Network Downtime, Infonetics Resarch, 2006

Special Reports

• Japanese EQ – What next? Focus on what is important.
• Insurance Recovery for Recent Earthquake and Tsunami- Related Losses in Japan
• When is Enough Planning Enough? Why Events Turn Into Disasters!
• Japan Earthquake and Tsunami
• Japan Earthquake and Tsunami Podcast
• The Japan EQ and Tsunami – A Strong Case for Preparedness
• Japan Earthquake and Tsunami: Facts and Figures
• The Great Japanese EQ – What we have learned already and what should you be thinking about before work on Monday
• Historic Quake Devastates Japan
• Lessons Learned: First Days
• Preparing for an earthquake
• Japan upgrades earthquake to 9.0; USGS keeps number at 8.9; Volcano erupts in the South of Japan; Rolling blackouts nine prefectures – Whew!
• The first supply chain shoe drops: no food, water, gas, electricity or body bags in Japan – the wealthiest Asian country dealt a major blow
• Disasters occur 24 hrs/day, 7 days/wk…where do you turn for info? What are some of the best sources for timely & accurate information?
• Special Reports of the 1995 Kobe Earthquake

Articles

• Initial Estimates of Claims from Japan Quake
• Covering the links broken in Japan’s supply chain
• Insurers Await True Picture of Japan Quake
• Japan: Disaster Pros Step up
• Gov't needs nuke and risk management expert to keep public informed
• Best 8 emergency preparedness maps: Nuclear fallout, Pa. earthquakes
• Japan's Earthquake, Tsunami and Nuclear Crisis: Some Considerations for Insurers
• Emergency Management and Health Physics
• Japan disaster: Recovery 'could take five years'
• Japan managers pass test in aftermath of earthquake
• Fallout of Japan nuclear crisis
• Earthquake Damages at the Japanese Port of Sendai
• Japan plant crisis hits close to home for U.S. nuclear workers
• And now it's time for the hard decisions
• After the flood: triage for disaster recovery
• JAPAN: Research cannot predict the worst - expert
• Airlines Change Course on Japan Travel
• Shock absorbers making buildings earthquake-proof
• Japan Catastrophe Should Cause USA to Re-Examine Policies and Standards
• Crisis in Japan: The Global Impact
• Japan's Crisis: What You Need to Know
• Companies Plan Evacuations in Japan
• Thinking About the Business Impact of the Crisis in Japan, Reluctantly
• Blackstone, BNP Evacuate Workers From Tokyo As Nuclear Crisis Worsens But Goldman And Citi Won't Leave
• Disasters’ Costs to Fall on Japan’s Government
• Climbing Numbers Offer Insight into Japan's Disaster Recovery
• Data centres face shut down in Japan
• Earthquake, tsunami and nuclear threats spur business contingency plans into action
• Japan's global firms strive for 'business as usual'
• Japan Earthquake Shows Business Reengineering Relies on Bogus Thinking Similar to Financial Engineering
• Japanese Earthquake (2011): Mother Nature Escalates the Worst Case Scenario
• Japanese EQ & Nuclear Plant Meltdown: Is this making you curious about radiation & ways to limit contamination? More than likely, yes.
• In Japan, the public bears most of the risk of earthquakes
• Official: U.S. safe from Japanese radiation
• From nukes to plastics — more economic effects of the Japanese quake, tsunami
• Many Japanese CE Facilities Damaged, Closed
• U.S. sends aid to Japan, reacts to deadly quake, tsunami
• Sensors detecting nuclear tests detect tsunamis, too
• Japan Quake Serves as Wakeup Call for IT Managers
• Hotel Crisis Management Needs Moving to the Next Level
• FEMA and Federal Partners Support States, Territories in Tsunami Response
• Expert Q&A: How Tsunami Warnings Work

When an 8.9 magnitude quake struck Japan on March 11, it triggered massive destruction and loss of life. The historic tremor was the strongest quake ever to hit Japan, and the fifth largest to strike any country since 1900. The country’s prime minister has said the crisis is the worst to strike Japan since World War II.

Recovery efforts began immediately to rescue thousands of citizens stranded in debris or swept away in the devastating tsunami that followed the quake.  At last count, the death toll stood at 2800 confirmed deaths with an estimate of more than 9,000 still unaccounted for in the worst hit areas of the country. The tsunami brought waves of more than 23 feet in some regions.

Soon, the recovery efforts will move into the rebuilding stage. In the meantime, it is mind-boggling to watch as the country suffers such a blow. The images that reach us are heartbreaking. We watch as the photos and news coverage show entire towns destroyed, buildings crumbled like matchsticks, and villages washed away as a sea of rage sweeps through them.

The country’s problems are compounded by the damage to two nuclear reactors in Japan.  Both stricken reactors were flooded with sea water as an emergency action to avoid full meltdowns of the nuclear cores. Japanese officials have said the release of radioactivity outside the plants has been modest, but still measures twice the level Japan considers safe. Massive evacuations of the areas surrounding the plants have continued for days since the tremor first struck.

The earthquake is estimated to be the most expensive quake in history. Early numbers say the total destruction is more than $100 billion. This includes more than $20 billion in damage to residences, $40 billion in damage to infrastructure and the rest comes from damage from fires and the tsunami.

The loss of life can never be recovered and many areas of Japan will never be the same. But as business continuity planners, we know there will be rebuilding and it will showcase numerous lessons learned for all of us around the globe.

In this special section, DRJ first wants to acknowledge the horrific loss of life and property that Japan has suffered. Secondarily, we are offering a place for information-sharing and an exploration of how disasters of this magnitude can affect a country on every level:  humanitarian, economically, and environmentally.

Continue to check back over the next few days as business continuity experts from around the globe share their thoughts and ideas about the devastation in Japan. This is sure to be a fascinating look into a historic situation and the recovery process that follows.

When an 8.9 magnitude quake struck Japan on March 11, it triggered massive destruction and loss of life. The historic tremor was the strongest quake ever to hit Japan, and the fifth largest to strike any country since 1900. The country’s prime minister has said the crisis is the worst to strike Japan since World War II.

Recovery efforts began immediately to rescue thousands of citizens stranded in debris or swept away in the devastating tsunami that followed the quake.  At last count, the death toll stood at 1800 confirmed deaths with an estimate of more than 9,000 still unaccounted for in the worst hit areas of the country. The tsunami brought waves of more than 23 feet in some regions.

Soon, the recovery efforts will move into the rebuilding stage. In the meantime, it is mind-boggling to watch as the country suffers such a blow. The images that reach us are heartbreaking. We watch as the photos and news coverage show entire towns destroyed, buildings crumbled like matchsticks, and villages washed away as a sea of rage sweeps through them.

The country’s problems are compounded by the damage to two nuclear reactors in Japan.  Both stricken reactors were flooded with sea water as an emergency action to avoid full meltdowns of the nuclear cores. Japanese officials have said the release of radioactivity outside the plants has been modest, but still measures twice the level Japan considers safe. Massive evacuations of the areas surrounding the plants have continued for days since the tremor first struck.

The earthquake is estimated to be the most expensive quake in history. Early numbers say the total destruction is more than $100 billion. This includes more than $20 billion in damage to residences, $40 billion in damage to infrastructure and the rest comes from damage from fires and the tsunami.

The loss of life can never be recovered and many areas of Japan will never be the same. But as business continuity planners, we know there will be rebuilding and it will showcase numerous lessons learned for all of us around the globe.

In this special section, DRJ first wants to acknowledge the horrific loss of life and property that Japan has suffered. Secondarily, we are offering a place for information-sharing and an exploration of how disasters of this magnitude can affect a country on every level:  humanitarian, economically, and environmentally.

Continue to check back over the next few days as business continuity experts from around the globe share their thoughts and ideas about the devastation in Japan. This is sure to be a fascinating look into a historic situation and the recovery process that follows.

The Disaster Recovery Engineer is responsible for developing, implementing and supporting the enterprise IT disaster recovery management (DRM) program. This program must support the timely IT operations recovery following the occurrence of an IT outage or disaster..
ESSENTIAL DUTIES AND RESPONSIBILITIES
• Assist in the design and implementation of the Global disaster recovery program including policies, strategies, plans, tests, metrics, standards, and maturity assessments.
• Conduct business impact analyses and assist business units to determine critical business processes and applications, review actual recovery against documented acceptable recovery time periods, and establish IT resources required for the successful resumption of business operations in the event of a disaster.
• Coordinate, facilitate and provide detailed direction for disaster recovery testing of critical systems. Works with IT staff to assure recovery procedures are effective for the restoration of critical IT-supported business processes and applications.
• Assist with developing and maintaining IT disaster recovery plans, documentation standards and procedures and providing training and guidance to IT staff.
• Develop corporate plans and templates; work with both corporate and remote business units to ensure they understand the requirements and best practices and assist in the development of their program, procedures and processes. Review contracts and offerings from external recovery providers.

www.mylan.com

Email/Website: gary.shaar@equifax.com

Subject Area: Disaster Recovery

Description: TITLE: Disaster Recovery Coordinator

COMPANY: Equifax
LOCATION: Alpharetta, GA
CONTACT: gary.shaar@equifax.com

The Disaster Recovery Coordinator will be responsible for coordinating and maintaining mainframe and midrange recovery processes and procedures between the disaster recovery services provider and Equifax. This will include the coordination of the development, maintenance, and testing of recovery processes for the mainframe and midrange infrastructure. In addition, the Disaster Recovery Coordinator will manage the Change Control process as it relates to DR infrastructure, and serve as the liaison between Equifax and the disaster recovery services provider.

Responsibilities:
• Assist with the planning, coordinating, and execution of DR tests and/or actual events.
• Assist in the development of exercise objectives between recovery vendor and Equifax.
• Assist in implementing a problem tracking process for DR testing and coordinate post-test issues resolution meetings.
• Prepare and deliver a post-test report detailing all successes and issues encountered.
• Implement updates to the Disaster Recovery Plan following a recovery exercise.
• Review changes in corporate resources with the management of those areas to assure the effectiveness of the recovery procedures.
• Responsible for providing manuals, configuration specifications, software specifications, written procedures or other information required for the execution of recovery processes.
• Work with vendors of disaster recovery services and facilities to ensure best practices are followed.

Required Skills and Experience:
• Bachelor’s Degree in Business, Management Information Systems, or related field: or the equivalent in education and work experience.
• 5-7 +years of Disaster Recovery experience, with an emphasis on mainframe/midrange recovery.
• Significant knowledge of current disaster recovery planning methodologies and technologies.
• Knowledge of Business Continuity best practices and Business Impact Analysis (BIA) methodologies.
• Significant understanding of Change Management process - Required
• Project Management experience.
• Certified Business Continuity Professional (CBCP), or willingness to obtain certification - Preferred
• Familiarity with the Archer application – Preferred