Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ Community Blogs
Tags >> Business Continuity
Oct 08
2014

Ebola - The Classic Creeping Crisis

Posted by Lorna Leslie in Business Continuity

Lorna Leslie
This week Charlie discusses how the Ebola crisis is creeping up on all of us. 
 
 
The situation in West Africa, with the ongoing spread of Ebola, bears all the classic symptoms of a ‘creeping’ or ‘rising tide’ crisis.

In Tolly’s Handbook of Disaster and Emergency Management Principles and Practice (edited by Lakha & Moore, 2004) a rising tide crisis is described as a: “Problem which creeps up gradually, such as occurs in the case of organised crime, corruption, a developing infectious disease epidemic or a steady stream of refugees into a country. There is no clear starting point for the crisis and the point at which it becomes a crisis may only be clear in retrospect.”

At present the disease is out of control in Sierra Leone, Liberia and Guinea. The latest news from the BBC says that in Sierra Leone there are five new cases of Ebola every hour and that a total of 765 new cases were reported in the West African state in the last week alone.

Sep 26
2014

What can the Scottish Referendum teach us about business continuity?

Posted by Lorna Leslie in Preparedness , Business Continuity

Lorna Leslie

This week Charlie discusses the Scottish referendum results.

 

Aug 27
2014

Recipe for Recovery: A Cookbook for a Winning Business Continuity Program

Posted by Linda Laun in DR , Disaster Recovery , Business Continuity Planning , Business Continuity Management , Business Continuity

Linda Laun

Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success.  In this four part series I’ll introduce you to the four basic courses necessary when cooking up an appetizing and rewarding business continuity program. This week the focus is on doing what’s good for us…exercising and eating our veggies!

Aug 08
2014

Establishing the Business Case for the Business Impact Analysis

Posted by Courtney Bowers in Business Impact Analysis , Business Continuity , Avalution Blogs

Courtney Bowers

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Nearly all business continuity professionals understand the importance of the business impact analysis (BIA) as the primary means for laying the foundation of a business continuity program. However, many professionals struggle to receive executive buy-in, as well as the necessary resources and support for the process. This article dispels common myths in attempt to help remove barriers to obtaining support and contributes to the creation of the business case for performing the BIA in any organization.

Jun 18
2014

Assessing Your Disaster Recovery and Business Continuity Strategy

Posted by Alex Belyarchik in Business Continuity , BRP , BIA , BCP , BCM Professionals , Awareness , Advice From A Risk Detective

Alex Belyarchik
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Jun 10
2014

The Relationship Between the Business Impact Analysis and Risk Assessment

Posted by Courtney Bowers in Business Impact Analysis , Business Continuity , Avalution Blogs

Courtney Bowers

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

The business impact analysis (BIA) and risk assessment are foundational elements of every effective business continuity program; however, in our experience, many business continuity planning participants experience a lot of confusion regarding the definitions, relationship, and expected outcomes between the two processes. This confusion often results in outcomes that fail to drive preparedness.

May 08
2014

Why Plan? A Closer Look at Business Continuity

Posted by Courtney Bowers in Disaster Recovery , Business Continuity Planning , Business Continuity , Avalution Blogs

Courtney Bowers

By Ross Ladley, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Business continuity is an often talked about risk management practice, especially with what appears to be an ever increasing number of serious disasters, including Superstorm Sandy, the California wildfires, and the Japanese Tsunami – and that’s only natural disasters! Disruptive incidents can stem from major events such as these, but they can also originate from events that are far less visible and widespread, including sprinkler malfunctions, power outages, supply shortages, and an IT disruption.

Mar 13
2014

Using the Results of Your BIA to Develop Disaster Recovery Requirements

Posted by Courtney Bowers in DR , Disaster Recovery , Business Continuity , BIA , Avalution Blogs

Courtney Bowers

By Michael Bratton, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

So you’ve just completed your business impact analysis (BIA) – identifying recovery time objectives for a variety of processes and functions throughout your organization and captured the names of applications and systems that business owners state they just can’t live without. In addition, the IT department heard you were conducting a BIA and mentioned on a few different occasions that they were excited to see what the final results would be to help with their planning. You’ve taken all the applications and their reported recovery time and recovery point objectives and crammed them into a very lengthy spreadsheet, and then the inevitable happens… you realize that everything you have collected is a huge mess.

Jan 08
2014

Using ISO 27031 to Guide IT Disaster Recovery Alignment with ISO 22301

Posted by Courtney Bowers in ISO 22301 , Disaster Recovery , Business Continuity , Avalution Blogs

Courtney Bowers

By Greg Marbais, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Many organizations struggle to define the best method to meet business expectations regarding information technology (IT) recovery. ISO 27031 provides guidance to business continuity and IT disaster recovery professionals on how to plan for IT continuity and recovery as part of a more comprehensive business continuity management system (BCMS). The standard helps IT personnel identify the requirements for Information and Communication Technology (ICT) and implement strategies to reduce the risk of disruption, as well as recognize, respond to and recover from a disruption to ICT.

Dec 24
2013

Rudolph the red-faced business continuity manager (a Christmas tale – sort of!)

Posted by Andy Osborne in Disaster Recovery , Business Continuity Plans , Business Continuity Management , Business Continuity

Andy Osborne

By Andy Osborne, Consultancy Director at Acumen

Once upon a time there was a senior manager called Rudolph who, on top of his other responsibilities, was put in charge of the business continuity project. Rudolph was a busy chap with a lot on his plate – he didn’t have time for detail. And anyway, disasters never happen do they? Well, only to other people.