Disaster Recovery Journal

I've been in this business for a tad more than 15 years.

I'm pretty good at what I do and I think, when I consider threats to an organization, I identify most most of them.

But sometimes things either get "missed" or given less attention than they deserve.

Continues at http://johnglennmbci.blogspot.com/2012/01/erm-bc-coop-value-of-sharing.html

Since you’re a visitor to the DRJ blog and website, it is generally understood that you’re here to learn more about the business continuity plan (BCP) and disaster recovery plan (DRP). The easiest way to get the basics on these two critical aspects to the longevity of any company or organization is to read the DRJ Glossary.

The DRJ Glossary provides a solid grounding on the key terms associated with BCP and DRP. For the purposes of this blog post, it is useful to include the definitions of each here:

By Sameer Sule

I have always emphasized the need for all businesses to make disaster recovery(DR) a priority and to have a written disaster recovery plan. Even though most business owners are aware of the need for disaster recovery planning, limitations of time, money and resources can put the actual DR implementation on the back burner. Small businesses may feel that they do not have the expertise in house to work on DR planning. They may also feel that the cost of Backup and Disaster Recovery (BDR) solutions is prohibitively expensive and is something that only larger businesses can afford. This is not the case anymore.  BDR technology has come a long way in recent years. The advent of cloud computing has not only enabled faster and accurate recovery of applications and data, but has also made it affordable for small business to deploy a BDR solution.   

Crisis Communications. Hmm, a pretty heavy term. This phrase makes me think of managing messaging, open communication lines, and being ready for the unexpected. What is interesting is that there are two types of crisis communications:

• the kind used by public relations agencies to protect the image of a famous/well-known person or organization.
• the kind of communications used when a disaster or threat becomes a reality.

At first glance it would appear that these two types of crisis communications are quite far apart. But actually, the techniques and methods used to protect and manage a public image are very similar to those practices used by a company that is experiencing a flood or service outage.

In an article headed "TEPCO shareholders to sue utility's directors for 5.5 tril. yen",  42 shareholders of Tokyo Electric Power Co. may sue the directors on their own for 5.5 trillion yen.

The stockholders contend that TEPCO calculated in 2008 that a tsunami of 15.7 meters could hit the nuclear power plant if a magnitude-8.3 quake occurred off Fukushima Prefecture, the board members failed to take countermeasures such as raising the height of tsunami barriers protecting the plant.

The tsunami that damaged the Fukushima was the result of a 9.0 earthquake.

The stockholders said that if they prevail, they will use the funds to compensate victims of the crisis.

While the stockholders' action may have to play out in court - did the board have any reason to suspect a stronger earthquake possible in the region? - the lesson for risk management practitioners is simple:
Article continues at http://johnglennmbci.blogspot.com/2012/01/erm-bc-coop

It’s that time of year again.

A new year, with new challenges to be met. So it’s the time of year when many organisations decide to reorganise or restructure the business, in order to meet those new challenges. Which is all well and good, but it could mean that the business continuity strategies, solutions and plans you had in place last year might not now fit the bill.

An out of date business continuity plan is, at best, of little use. And, at worst, it may even be dangerous if it gives a false sense of security. In many ways, an out of date plan is worse than no plan at all.

So it’s also the time of year for taking stock and making some resolutions, to ensure that changes to the business are reflected in the business continuity plans. As part of this, why not resolve to…

* Review previous business impact or risk assessment data (or, if you’ve never actually done a business impact analysis or risk assessment, to do one now)

* Carry out a plan health check or audit

* Do some training and awareness

* Conduct some exercises and tests

A new year brings new challenges and new opportunities. Why not take this opportunity to ensure that your business continuity plans are up to scratch?

Happy New Year.

.
My email just delivered notifications that a version of the avian influenza - bird flu - is making the rounds.

In separate emails , I read that

*  A Chinese bus driver who tested positive for the H5N1 bird flu virus died Saturday in a city bordering Hong Kong, health officials said, in the country's first reported case of the disease in humans in 18 months.

*  The Ministry of Health and Population of Egypt has notified WHO of a case of human infection with avian influenza A (H5N1) virus.‪ The case is a 29-year-old male from Dakahlia Governorate. He developed symptoms on 8 December 2011 and was admitted to hospital on 15 December 2011, where he received oseltamivir treatment. He was in critical condition and died on 19 December 2011.
It's time to dust off those Pandemic Plans so carefully crafted in 2008 and start the update process.

If the organization really is risk conscious, it won't have a Pandemic Plan.

Blasphemy? Heresy?

Not really.

Continues at http://johnglennmbci.blogspot.com/2012/01/erm-bc-coop-dust-off-pandemic-plans.html

By Sameer Sule

As I mentioned in my earlier blog (Part1), the Contingency Plan requirement is the seventh standard under the Administrative Safeguards requirement of the HIPPA security rule. The Security rule has Administrative, Physical and Technical safeguards . Each safeguard has its own standards. Each standard in turn has its own implementation specifications that are either required or addressable.  As mentioned in Part 1, addressable does not mean optional.

Happy new year to DRJ members and blog readers.

I just wanted to let you know about the Christmas competition on my own blog site (Oz's Blog at www.acumen-bcp.co.uk/blog) and give you the opportunity to have a go and win a fabulous prize!

For most people, holidays are a time away from the workplace.

A time to focus on things other than "The Job."

For the risk management practitioner, holidays are a risk.

LOW LEVEL RISKS

Some risks are have a relatively low level impact if - rather "when" - they occur.

The most frequently occurring risk is absence of decision makers.

Article continues at http://johnglennmbci.blogspot.com/2011/12/erm-bc-coop-holidays-as-risk.html