Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ Community Blogs
Category >> DRJ Blogs
Jun 24
2014

Commitments: The Foundation of Business Continuity

Posted by Christy Smith in Untagged 

Christy Smith

This post was originally published on the RES-Q™ Services Blog.

Jun 23
2014

More Advice From A Risk Detective

Posted by Annie Searle in Untagged 

Annie Searle

 I finished a new article on insider threats a couple of weeks ago.  You can find it on our website (www.anniesearle.com) in the Research section, under "Articles by Annie."

I am on my to New York City via Boston tomorrow morning.  I'll be participating again this year in the Global Risk Forum hosted at New York University.  The theme of the forum is regional resilience, against a variety of growing threats that even highly prepared organizations now have to monitor.  I've been asked to contribute remarks around how even resilient firms can up their game at this time.

Jun 18
2014

Assessing Your Disaster Recovery and Business Continuity Strategy

Posted by Alex Belyarchik in Business Continuity , BRP , BIA , BCP , BCM Professionals , Awareness , Advice From A Risk Detective

Alex Belyarchik
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Jun 12
2014

Business Continuity of your cloud based services

Posted by John DiMaria in Untagged 

John DiMaria

I read a lot of articles on the key benefits of the cloud, and how cloud computing can be used help to ensure business continuity and speed disaster recovery and in some cases the cloud services themselves can become a major component of the disaster recovery plan for on-site systems and services, but cloud services are not perfect, and while they sometimes offer redundancy and data protection, they can also lead to problems caused by updates or network failures.

Remember last year when a disruption at Amazon shut down Instagram, Vine, Airbnb And IFTTT?

Jun 10
2014

The Relationship Between the Business Impact Analysis and Risk Assessment

Posted by Courtney Bowers in Business Impact Analysis , Business Continuity , Avalution Blogs

Courtney Bowers

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

The business impact analysis (BIA) and risk assessment are foundational elements of every effective business continuity program; however, in our experience, many business continuity planning participants experience a lot of confusion regarding the definitions, relationship, and expected outcomes between the two processes. This confusion often results in outcomes that fail to drive preparedness.

May 27
2014

Managing incidents across timezones

Posted by Lorna Leslie in Untagged 

Lorna Leslie

 

For the past week I have been working with a company in California and getting them ready for ISO22301 certification. I will speak more on the lessons learned from the certification in next week’s bulletin. In preparation for the audit I have been helping the local coordinator and senior managers develop their local business continuity plan for the loss of their Californian Headquarters. The other half of the company which is in Sweden has already been ISO22301 certified.

May 16
2014

Compliance Concerns Are Rising - Here's What You Can Do About It

Posted by Brandon Tanner in Untagged 

Brandon Tanner

Originally posted on Rentsys Recovery Services’ blog.

According to Accenture's 2013 Global Risk Study, regulatory requirements rank as a top-five risk category for financial, government, insurance and other industries. In fact, 30 percent more companies plan to increase their compliance efficiency.

May 15
2014

3 Steps to Incident Readiness

Posted by eBRP-Blogs in Untagged 

eBRP-Blogs

Business Continuity methodologies have been around for decades. Business processes, technology, culture, markets, media and communication have all changed – yet BCM is still virtually the same.It shouldn’t surprise anyone that ‘Selling BCM to the C-Suite” is a problem of epidemic proportions.

May 15
2014

4 Elements to Create an Incident Ready Program

Posted by eBRP-Blogs in Untagged 

eBRP-Blogs

enbrp

The purpose of anIncident Readiness Programis to enhance the ability to respond effectively toanybusiness disruption and restore those assets (Business Processes, facilities, technology, suppliers and people) that are critical to the delivery of that organization’s Products & Services.

May 12
2014

Reading and writing

Posted by Andy Osborne in Untagged 

Andy Osborne

By Andy Osborne, Acumen
Originally posted on Oz's Business Continuity Blog

I like writing. I like reading too, although with everything else vying for my attention, I don’t get nearly enough time to read for pleasure.