Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6682)

RALEIGH, N.C. – North Carolina survivors who registered with FEMA for disaster assistance after Hurricane Matthew are encouraged to stay in touch with the agency to resolve issues, get updates on your application or provide additional information.

It is especially important for you to update FEMA with any insurance documentation information or settlements. FEMA disaster assistance covers only basic needs and cannot duplicate insurance payments.

You can also call the helpline to:

  • Receive information on the home inspection process

  • Add or remove a name of a person designated to speak for you

  • Find out if FEMA needs more information about your claim

  • Update FEMA on your housing situation

  • Get answers to other questions about your application

To update your status call the FEMA Helpline at 800-621-3362 for voice, 711 and Video Relay Service. If you are deaf, hard of hearing or have a speech disability and use a TTY, call 800-462-7585.

If you are changing addresses, phone numbers or banking information you should notify FEMA. Incomplete or incorrect information could result in delays in receiving assistance.

When calling the helpline you should refer to the nine-digit number you were issued at registration.  This number is on all correspondence you receive from FEMA and is a key identifier in tracking assistance requests.

For more information on the North Carolina recovery, visit fema.gov/disaster/4285 and readync.org. Follow FEMA on Twitter at @femaregion4 and North Carolina Emergency Management @NCEmergency.


Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

How could all those precisely formulated Information Technology Infrastructure Library recommendations lead to anything but success? Well, we can give you six possibilities right now.

They fall neatly into two categories with half of them being problems that could affect any organizational change, and half of them being issues more specific to ITIL.

First, let’s tackle the specific issues. Number one on our list is trying to implement ITIL as though it was a standard like ISO 27002 for security.



Thursday, 01 December 2016 00:00

An Orchestrated Cloud Is an Effective Cloud

In the old days, IT was tasked with managing infrastructure, primarily by controlling the physical devices that moved, processed and stored data. In the abstract cloud era, the name of the game is orchestration of the disparate systems and platforms that data invariably encounters as it makes the journey from raw information to valuable knowledge.

But while many of the actual orchestration processes will be automated using increasingly intelligent algorithms, IT still has a job to do in not only crafting the policies that will govern data and application movement but in selecting and provisioning a robust orchestration platform from an increasingly diverse set of vendor solutions.

According to Markets and Markets, the cloud orchestration sector is on pace to nearly triple by 2021, growing from $4.95 billion today to $14.17 billion, with a compound annual growth rate of 23.4 percent. The key driver, of course, is to craft the most efficient, effective use of cloud resources, although demand for self-service provisioning and high-speed application support is also part of the mix. As the digital economy unfolds, service fulfillment will come to dominate the IT landscape and companies that can provide rapid, reliable infrastructure at a moment’s notice will derive greater profitability with tighter margins and foster stronger brand loyalty among users.



Thursday, 01 December 2016 00:00

Atlantic Hurricane Season: The Long View

As the 2016 Atlantic hurricane season officially draws to a close just days after Hurricane Otto became the latest calendar year Atlantic hurricane on record to make landfall, the question on everyone’s lips is: are the seasons growing longer?

For if Otto, which struck southern Nicaragua as a Category 2 over Thanksgiving, is the last hurricane of the 2016 season, it will mark the end to the longest hurricane season on record the Atlantic Ocean has seen, according to NOAA.

The 2016 season had an early beginning—well ahead of its June 1 official start—when Hurricane Alex became the first Atlantic hurricane in January since Hurricane Alice in 1955.



The Business Continuity Institute - Dec 01, 2016 16:24 GMT

We have recently seen two significant cyber attacks on big businesses hitting the news, and these are just the ones we know about. The ability for hackers to gain access to systems through technical means is not to be underestimated, and specialists work tirelessly to build and maintain secure systems that are now integral to our business and personal lives.

What is often forgotten is the vulnerability of the very people who use and operate these systems, who by definition are often the easiest way for a hacker to secure the information they need to profit from their activity. People are the biggest weakness when it comes to cyber security and how many of us are regularly trained and updated on methods and the importance of protecting information?

Data security is vital to the success of your business, yet working practices in many organisations still demonstrate a lack of awareness and understanding:

How many of us have seen the ‘Post-it note’ approach to ensuring we don’t forget that important password stuck to the very computer terminal holding all the company data?

How many of us really understand the capability of hackers to contact our call centres and encourage our staff to release that extra bit of customer information?

There is no complete solution to this and we must all work on the basis that we will at one point or another be subject to a cyber attack, this is just a reality of the world we now live in and the risk versus reward for those who engage in this activity. To protect ourselves both personally and professionally, we must ensure that our organisations remain up to date and strong in terms of technical resilience, but just as important is ensuring our people are aware of the types of methods used by hackers to illicit information and build the resources for an attack.

We must have strong control measures in place for passwords and other access information and ensure our staff fully appreciate the potential impact if we get this wrong, but equally we must ensure our people understand the many other methods used, some of which are incredibly clever. The damage caused can be fatal for a business with complete loss of confidence from your hard earned customer base.

Chris Regan AMBCI is the Director of Blue Rock Risk Limited, a specialist crisis and risk management consultancy which runs a programme called Cyber Aware that focuses completely on the people side of cyber security. Chris works with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted by email at info@bluerockrisk.com or by telephone 0117 2440154.

Wednesday, 30 November 2016 00:00

BCI: The maturing world of business continuity

The Business Continuity Institute - Nov 30, 2016 16:31 GMT

It’s been two years since winning the BCI Global Newcomer of the Year Award, and just as long since I featured in the Business Continuity Institute’s '20 in their 20s' publication, so I’ve decided to re-read my contribution to see what’s changed.

In 2014 it was clear to me that the academic world of business continuity was rapidly maturing. My undergraduate degree had a BC-specific module much like many other courses at the time. The BCI was also developing its very own diploma, and you only had to do a quick search online to realise the growing number of universities offering BC-dedicated postgraduate courses, and see just how popular the subject was becoming.

Add to this the emergence of the Business Continuity Management Academic Journal and it’s easy to see how some individuals were embarking on an exclusively theoretical BC journey for several years before ever even working a single day in the field. As a junior professional at the time I was becoming concerned about not having the right skills to take the next step in my career.

Professional immaturity and hindsight

So what has changed? On a personal level, my views on the development of junior professionals in our field has matured and I certainly see things differently now. At the time I remember being particularly frustrated by what felt like a lack of structured development and clear direction available to me. The BCI mentoring scheme was in its infancy at the time and I was probably one of the first to sign up along with the available mentors. My BC mentor wasn’t really sure what to do with me as the process was meant to be 'self-driven' by the mentee, and I wasn’t sure where to take it so I didn’t get very far with that. I’m pleased to say the mentoring framework by the BCI has made steady progress over the last couple of years and I have now signed up to the Mentor-Match scheme as a mentor should anyone wish to have me!

In 2014 I was also desperate for a competency self-assessment to help me understand exactly where to improve. I had already passed the CBCI with merit, but I still wasn’t any clearer on personal strengths and weaknesses other than that I could remember the contents of the Good Practice Guidelines. It’s because of this perceived lack of support, validation and long term development goals that I started to wonder if becoming a BC professional was even a real career.

I realise now of course that I rather naively expected the industry to mark out every inch of my career path and to explain to me at checkpoints how I was doing. I’ve since spoken to many undergraduates during my guest lectures over the last two years and I’ve come to realise that I’m not alone in this assumption. In fact, I get the impression that a number of people out there still have this level of expectation which I think needs to be levelled. This is a very self-driven process!

However, before even embarking on a career in BC/resilience, many students and graduates are looking to the industry for a solid step by step development structure, providing them with a warm cosy feeling that they have long term career journey ahead of them. I think this expectancy is partially driven by the current wealth of graduate recruitment schemes available which clearly offer this kind of structure (just take a look at the PwC, KPMG schemes etc). Although I’m yet to see any major firms offering a scheme specifically involving BC.

I also think the universities are partly responsible. They all look to reassure their students of life beyond the books by suggesting that there is a structure in place for them to develop which isn’t always the case. I’ve had some conversations with students who genuinely believe they will be guided by the hand through their career, which we all know simply doesn’t happen in the way they think.

I also expected too much from the BCI, senior colleagues and mentors. Their time and resources are extremely limited and so their efforts are essentially wasted if not used in the right way. Again, I fell into the trap of assuming the seasoned veterans would tell me exactly what I needed to do. I still believe we need to think smart and redesign the development journey for our members but that also requires us spell out what a BC professional actually looks like and how to get there. I think this alone is a major challenge given the emergence of popular concepts such as organizational resilience and cyber. We are still very much in the process of finding our place in that particular evolution so it might be a touch too difficult to fully define what is essentially a moving target.

More recently, there were some worthwhile discussions at BCI World 2016 during the #hire2retire session which looked at the business continuity career path. I would urge everyone to take a look. A very good insight from these discussions was captured by PwC’s Rebecca Robinson who recognises the need to remain flexible, but also to get out there and broaden your experience. Again this goes back to being a sell-driven professional.

Self-driven career positioning

If anything, the last two years have taught me the importance of self-driven career development. I needed to undertake some self-evaluation and decide on what direction I needed to take. My main aim for the future is to become a highly effective resilience manager with a good understanding of the threat landscape for the business in which I work. It’s because of this approach that I started to identify some seriously worrying knowledge gaps (namely IT security or cyber). I started to notice that more and more of my business disruptions/major incidents at work specifically related to IT/data breaches or threats thereof. I found myself constantly at the whim of the Chief Technology Officer and other technical staff to assure me that controls were in place, which of course found to be lacking when incidents really did occur.

I’ve spent the last year being immersed into cyber security so I can get ahead of the game. I’ve retrained in, CompTIA Security +, CSX – Cyber Security Fundamentals and CRISC and I now work closely on new and emerging technology in banking networks. I’m already stronger for the experience and I can comfortably challenge the views expressed by those in the business who are deemed technical who often try to bamboozle other management with 'tech-speak'. Ultimately this will make me a more effective resilience manager in the future when the right role comes my way. 

Luke Bird MBCI received the 2014 BCI Global Award for Best Newcomer and is a self published author in business continuity and has several articles published on the BCI and Continuity Central websites. He has successfully delivered and maintained a full programme of ISO 22301 certification and fully completed a series of major Work Area Recovery rehearsals around the UK . Luke is also widely known for his 'BlueyedBC' brand where he uses his online presence to share learning and experience among professionals in the industry and often attends universities to provide guest lectures to undergraduates studying the discipline.

Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization’s assets. Whereas risk management aims to control the damages and financial consequences of threatening events, risk avoidance seeks to avoid compromising events entirely.

When determining your risk mitigation strategies, don’t confuse the strategies of risk avoidance or risk acceptance with risk ignorance. Risk ignorance is a situation where the knowledge about the risk (and any underlying phenomena and processes) is poor. Just because there are no remediation strategies currently in place does not mean that a conscious decision has been made to accept the risk.

We perform assessments regarding risk and risk impact on a daily basis. We then use those assessments to determine our choice of action. A good example is wearing a seat belt. We might observe that experienced drivers are more likely to understand the risks inherent in car travel, and thus choose to wear seat belts, whereas the less experienced driver (think teenagers) may have to be reminded constantly of those risks– at least in my house. These are contrasting examples of risk avoidance (seat belt use) and risk ignorance (no seat belt use). Neither should be confused with risk acceptance (car travel is dangerous, but I don’t want to wrinkle my clothes, so I’m not going to wear my seat belt).



Today, many organizations are taking a look at cloud from a new lens. Specifically, organizations are looking to cloud to enable a service-driven architecture capable of keeping up with enterprise demands. With that in mind, we’re seeing businesses leverage more cloud services to help them stay agile and very competitive. However, the challenge revolves around uptime and resiliency. This is compounded by often complex enterprise environments.

When working with cloud and data center providers, it’s critical to see just how costly an outage could be. Consider this – only 27% of companies received a passing grade for disaster readiness, according to a 2014 survey by the Disaster Recovery Preparedness Council. At the same time, increased dependency on the data center and cloud providers means that overall outages and downtime are growing costlier over time. Ponemon Institute and Emerson Network Power have just released the results of the latest Cost of Data Center Outages study. Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to the new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).

Throughout their research of 63 data center environments, the study found that:



As the Atlantic, eastern Pacific and central Pacific 2016 hurricane seasons end today, NOAA scientists said that all three regions saw above-normal seasons.

For the Atlantic, this was the first above-normal season since 2012. The Atlantic saw 15 named storms during 2016, including 7 hurricanes (Alex, Earl, Gaston, Hermine, Matthew, Nicole, and Otto), 3 of which were major hurricanes (Gaston, Matthew and Nicole). NOAA’s updated hurricane season outlook in August called for 12 to 17 named storms, including 5 to 8 hurricanes, with 2 to 4 of those predicted to become major hurricanes.

Five named storms made landfall in the United States during 2016, the most since 2008 when six storms struck. Tropical Storm Bonnie and Hurricane Matthew struck South Carolina. Tropical Storms Colin and Julia, as well as Hurricane Hermine, made landfall in Florida. Hermine was the first hurricane to make landfall in Florida since Wilma in 2005. 

Atlantic hurricane season

Several Atlantic storms  made landfall outside of the United States during 2016: Tropical Storm Danielle in Mexico, Hurricane Earl in Belize, Hurricane Matthew in Haiti, Cuba, and the Bahamas, and Hurricane Otto in Nicaragua.

The strongest and longest-lived storm of the season was Matthew, which reached maximum sustained surface winds of 160 miles per hour and lasted as a major hurricane for eight days from Sept. 30 to Oct. 7. Matthew was the first category 5 hurricane in the Atlantic basin since Felix in 2007.

Matthew intensified into a major hurricane on Sept. 30 over the Caribbean Sea, making it the first major hurricane in that region since Poloma in 2008. It made landfall as a category 4 major hurricane in Haiti, Cuba and the Bahamas, causing extensive damage and loss of life. It then made landfall on Oct. 8 as a category 1 hurricane in the U.S. near McClellanville, South Carolina.

Matthew caused storm surge and beach erosion from Florida through North Carolina, and produced more than 10 inches of rain resulting in extensive freshwater flooding over much of the eastern Carolinas. The storm was responsible for the greatest U.S. loss of life due to inland flooding from a tropical system since torrential rains from Hurricane Floyd caused widespread and historic flooding in eastern North Carolina in 1999.

“The strength of Hurricane Matthew, as well as the increased number of U.S. landfalling storms this season, were linked to large areas of exceptionally weak vertical wind shear that resulted from a persistent ridge of high pressure in the middle and upper atmosphere over Caribbean Sea and the western Atlantic Ocean,” said Gerry Bell, Ph.D., lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center. “These conditions, along with very warm Caribbean waters, helped fuel Matthew’s rapid strengthening.”

Eastern and central Pacific Hurricane Seasons

The eastern Pacific hurricane basin, which covers the eastern Pacific Ocean east of 140 degrees West, produced 20 named storms during 2016, including 10 hurricanes of which 4 became major hurricanes. July through September was the most active three-month period on record for this basin. NOAA’s eastern Pacific hurricane season outlook called for 13 to 20 named storms, including 6 to 11 hurricanes, 3 to 6 of which were expected to become major hurricanes.

Pacific hurricane season

The central Pacific hurricane basin covers the Pacific Ocean west of 140 degrees West to the International Date Line. This basin saw seven tropical cyclones (includes tropical depressions and named storms) during 2016. All seven became named storms, and included three hurricanes of which two were major hurricanes. Tropical Storm Darby made landfall on the Big Island of Hawaii, marking the first time in recorded history that two storms in three years struck the Big Island (Darby in 2016 and Iselle in 2014). NOAA’s central Pacific hurricane season outlook called for 4 to 7 tropical cyclones. That outlook did not predict specific ranges of named storms, hurricanes and major hurricanes.

NOAA's mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Twitter, Facebook, Instagram and our other social media channels.

In Henry IV Part 1, Owen Glendover, the leader of the Welsh rebels, joins the insurrection against King Henry. Glendower, a man steeped in the traditional lore of Wales, claims to command great magic. Therefore, mysterious and superstitious, he sometimes acts in response to prophecies and omens. In the play, Glendover boasts to Hotspur, “I can call the spirits from the vastly deep.” Hotspur deflates Gelendover with, “Why, so can I or so can any man; But will they come when you call them?”

Any business owner or senior leader can call the same spirits of strategy from the vastly deep, but business outcomes tattle. They tell us that too often the spirits don’t come. Or, they come, but no one knows what to do with them once they’re there. Successful leaders realize they can’t command magic, but they can create a magical alchemy to turn the raw materials of a strategy into gold and then tie the succession plan to it. Here’s how:



Page 1 of 33