This is some blog description about this site
Charlie discusses how the UK power supply crisis could affect your organisation.
A couple of weeks ago one of the lead stories in the news was the fire at Didcot B Power Station, a gas power station in the South of England. The station, which within the last couple of days has just been brought back on line, now has the power output of about 350MW; roughly half its normal capacity of around 700MW. The issue of power supply to the UK has been in the news for the last couple of days. The spare power capacity within the UK a couple of years ago was 17%, has now been reduced to 5%, and this may lead to the possibility of loss of power or brownouts.
A brownout is an intentional or unintentional drop in voltage in an electrical power supply system intentional brownouts are used for load reduction in an emergency. They can have a number of different effects on electrical systems, which can vary from the lights dimming, to burnouts of electrical motors. Equally worrying is that it can affect digital circuits in unexpected ways, such as make an electric motor run backwards, or it can cause them to produce false readings.
The management of power supply within the UK has been a creeping crisis for many years. The governments have failed to invest in new power supply, lacking the political will power to build new power stations, which are usually controversial. Cracks in a number of nuclear power stations have put some stations out of action leaving the country with limited spare capacity. The further loss of generating capacity coupled with a very cold winter, leading to increase in demand, could cause brownouts to occur or areas to lose power.
So what should we as business continuity people be doing?
1. Perhaps the first action is to ensure you have an up to date inventory of your existing standby generators and any generator contracts you have in place. Once you have identified where you have standby generators, look at when they were last run and how well they are maintained. It is also important to check when the calculation was made on the size of the generator to be purchased and is the generator meant to power the whole building or only parts of it. Often generators were purchased and several years later the power requirement for the building has increased making the generator inadequate to power the whole building. You need to check whether the generator has been tested “on load” powering the whole building with all the normal machinery up and working so you can make sure it can power the whole building. Often generators are tested to see if they will start and run but they are not actually tested “on load”.
2. Once you have made sure that your generator can power the whole building or at least the critical bit, it is worth checking back through your BIA to check the critical services are being hosted in the building, or does the building have a standby generator for historical reasons and no priority activities are being undertaken in the building. There may be an opportunity to move higher priority activities into the building to take advantage of the protection the generator gives.
3. Once you have established which of your sites have standby generators then you can look at the impact off loss of power or a brownout would have on your operations. This may lead to business cases needing to be written and funding granted for the installation of standby generators. The only caveat on generators, I once heard a statistic that up to 50% of standby generators don’t work when they are call to work in an emergency so make sure that yours is well maintained!
4. Earlier in the bulletin we talked about the possibility of having generators on call but hot having a permanent one on site. Trying to hire on the day of the incident may be difficult as, if the incident is widespread, then everyone may be trying to hire them and the number and types you require may not be available. If you think hired in generators are a solution then you may consider several issues; having them “pre-plumbed”, the power requirements of the building before the incident occurs so you know the size of generator and on the day of the incident all is required is the call to be invoked and for the generator to be plugged into a socket and then the building is connected to power.
One of our many roles as business continuity managers is to "horizon scan" and identifies new threats. Possible power issues have been highlighted on the news and it is our role to review the threat for our organisation and suggest appropriate mitigation measures.
Charlie Maclean-Bristol, FBCI, FEPS, Director of Training, PlanB Consulting. PlanB Consulting is able to provide continuity planning risk assessments, advice and contingency plans for any organization. www.planbconsulting.co.uk
Charlie Maclean-Bristol, FBCI, discusses whether the time has come for business continuity managers to make contingency plans for an Ebola pandemic.
Spain is now dealing with the first case of direct infection of Ebola in Western Europe; the first Ebola death has occurred in the United States; and the World Health Organization has warned that ‘Ebola is now entrenched in the capital cities of all three worst-affected countries and is accelerating in almost all settings’. So has the time come for business continuity managers to make contingency plans for a possible future Ebola pandemic? I think the answer to this question is, yes, we should be.
I am not suggesting that you immediately go out to the supermarket and buy lots of tinned food and water, barricade the house, be prepared to operate on battery power and bottled gas and then lie low.
What I am suggesting is that we should be quietly thinking about how a possible Ebola pandemic might affect our organization; thinking through what an Ebola plan might look like; and monitoring the situation to ensure that you are ready to react if the situation escalates further.
So what at this stage should business continuity managers be doing?
1. One of the first tasks we should be doing as business continuity people is looking at what our possible exposure to Ebola is. What is our staff exposure to the disease, do we have staff travelling in areas, which have had cases of Ebola? As the disease spreads further, which most commentators are saying that it will do, then cases of Ebola may arise in a variety of places. We may have to react quickly if our staff are in the same area or they may be stranded by a country travel ban.
2. What is our supply chain exposure to the disease and does it involve West Africa? Again, like staff travelling, as the disease spreads and turns up in expected areas then it may affect our supply chain.
3. If the disease was to take hold in our country how would it affect our organization and would it create more work for us or less? If we work in an organization that would be responding to a pandemic (for example healthcare services) or are a supplier to such an organization, then it is likely our workload will increase. If our organization supplies essential services or part of the country’s ‘critical infrastructure’ such as power, food, water, etc. then we will be under a lot of pressure from government to keep working. Whilst if our organization does not supply something critical then we can perhaps temporarily close down our organization without a major impact beyond our own employees. Any contingency planning should reflect how it affects the individual organization!
4. Once we understand our exposure, then we should be engaging with senior managers in our organization and discussing our organization’s exposure and what action we should be taking at the moment. It we have no exposure then perhaps we should be agreeing to continue to monitor the situation. We may want to agree at this stage what sort of events might trigger further action. If we have a larger exposure then perhaps we should start some contingency planning and engaging with those parts of the business or people who may be at risk.
5. I think at this stage it is very important that we are not seen to panic or to overreact, as this might undermine any other contingency planning for other events; may undermine the credibility of the individuals involved in contingency planning; and may undermine any further escalation within the organization if this is required. Especially if there is a risk to our organization, some measured communication to staff informing them of appropriate risk reduction measures to take, any travel bans and what to do if they think they have been in contact with someone with the disease may help reassure them that you are thinking about the risk and taking appropriate action.
6. It may be appropriate for your organization to carry out some contingency planning to cover scenarios such as loss of a key supplier; if a staff member becomes infected; or if parts of your organization were quarantined. This may involve dusting off influenza pandemic plans and other contingency plans and seeing how appropriate they are in response to Ebola and amending the plans accordingly. I suspect if there was a full pandemic, government would in the main very much dictate the response and precautions to be taken by businesses and individuals.
7. I think, in the end, if we do nothing else we should monitor the situation on a day by day basis; so that we can react quickly if Ebola might, or is likely to, have an impact on our organization.
Charlie Maclean-Bristol, FBCI, FEPS, Director of Training, PlanB Consulting. PlanB Consulting is able to provide continuity planning risk assessments, advice and contingency plans for any organization that has an exposure to Ebola risk. www.planbconsulting.co.uk
The Dallas hospital treating the Ebola patient has just announced that the patient died.
The Liberian public health and airport security personnel in Liberia did their jobs, and checked outgoing passengers at three distinct checkpoints. But airport personnel can do little when patients lie or the patient didn't know that what was thought to be malaria was actually Ebola.
We've patted ourselves on the back in this country for the sophistication of our medical capabilities, yet as I listened to the story today of the patient being sent away from the hospital in Dallas when his isolation and treatment might have meant that he would have lived, I thought once again of Dr. Atul Gawande's book, The Checklist Manifesto.
This type of error is called one of ineptitude, as opposed to one of ignorance, presumably. We don't know if this was an Ebola-specific checklist; one prepared by the hospital itself; or one from the Center for Disease Controls. A quick read of Gawande's book might be very helpful, especially if the checklist has more than 5-7 items on it, without what Gawande calls "pause points." His book is full of stories of how pilots, builders of skyscrapers and surgical teams perform extremely complicated feats, and how using checklists that involve every member of the team makes a difference. His work in this respect for the World Health Organization has made a large impact: deaths after surgeries have been reduced significantly by the implementation of several simple procedures that are part of the checklist.
I would also recommend the book to the new acting director of the Secret Service and to the panel that is currently being constituted to review the disturbing procedural/process failures over the last several years for the organization charged with guarding the president. It may be that those procedures or processes have become shopworn. Certainly it must be the case that, unless on a form of high alert (the United Nations responsibility, for example) agents' situational awareness is at an all time low. Whether this is a factor related to the move from Treasury to the Department of Homeland Security or not is difficult to estimate, but will undoubtedly be reviewed by the panel.
The tipping point I mentioned last week seems more vivid as weeks go by. Yet there was one piece of good news this morning: that it appears Nigeria, the most populous and also most well-off African country in terms of infrastructure and medical personnel, has contained Ebola. We just can't move quickly enough to get more personnel, hospitals, emergency operations centers and supplies deployed in the remaining countries.
In Tolly’s Handbook of Disaster and Emergency Management Principles and Practice (edited by Lakha & Moore, 2004) a rising tide crisis is described as a: “Problem which creeps up gradually, such as occurs in the case of organised crime, corruption, a developing infectious disease epidemic or a steady stream of refugees into a country. There is no clear starting point for the crisis and the point at which it becomes a crisis may only be clear in retrospect.”
At present the disease is out of control in Sierra Leone, Liberia and Guinea. The latest news from the BBC says that in Sierra Leone there are five new cases of Ebola every hour and that a total of 765 new cases were reported in the West African state in the last week alone.
The problem is compounded by the fact that there are only 327 hospital beds in the country. The disease has killed 3,338 people so far. The situation is made even worse by the fact that 10% of Ebola deaths have been health professionals. Those trying to prevent the spread of the disease are being killed by it.
When the present outbreak was first known about there was little interest in Europe and the Americas. Although the disease has a high mortality rate, and there is little known about it, previous outbreaks have always been kept under control quite quickly.
This outbreak has been the worst to date and Western countries only started paying attention when the crisis started to affect them. Britain had William Pooley, the nurse who contracted Ebola in Sierra Leone but has since made a full recovery. While for the USA there were two missionaries who were brought back home for treatment and a man who returned from Liberia with the disease and is presently in a Texan hospital. The outbreak now features regularly in the news.
The USA has deployed troops to Liberia to set up field hospitals and healthcare facilities. Earlier this month, Britain said it would build facilities for 700 new beds in Sierra Leone but the first of these will not be ready for weeks, and the rest may take months. According to experts, one and a half million people could be infected by January if the disease is not halted.
I think for us, as business continuity people, a creeping crisis is one of the most dangerous types of events. It slowly builds and you suddenly find yourself in the middle of a major incident when you should have recognised it earlier. Not recognising the crisis early on may compound the effect on the organisation and lead to increased negative coverage. This is especially true when the crisis involves death or injury to customers or members of the public.
So what should you do to prevent this happening?
1. Understand your organisation’s possible vulnerabilities and make sure that any incident involving them is analysed to see if it might turn into a major incident or crisis.
2. Have mechanisms in place that look for common incidents across the organisation, especially if you are a large organisation operating at multiple sites or across many different countries. By encouraging all parts of the organisation to report issues and by analysing them centrally, you can identify patterns before your customers or the media do.
3. Think ‘worst case scenario’ and ‘what if something else happened at the same time?’ If we understand these then we can monitor the event and if they seem to be heading in the wrong direction then we can prompt the organisation to take early action and prevent the incident becoming a crisis.
4. There needs to be someone within the organisation who is responsible for identifying potential creeping crises, who can flag up potential events. This may be allocated to you or may rest elsewhere within the organisation.
With this monitoring and horizon scanning in place hopefully we can identify incidents before they become a crisis and have a major impact on our organisation.
Charlie is one of the Directors of PlanB Consulting. PlanB Consulting is a boutique consultancy specialising in providing business continuity, disaster recovery, ISO22301 and crisis management consultancy to clients in the UK and beyond.
This week Charlie discusses the Scottish referendum results.
I have written about Scottish independence before, but thought I would revisit the topic now that the referendum has been and gone.
After a long and hard fought campaign, Scottish voters backed remaining in the union by 2,001,926 votes to 1,617,989.
The result has prompted a lot of questions about what direction the country should take, with many suggesting that all UK countries should be given more powers.
As well as questions there are of course lessons to be learned, particularly in terms of the management of the referendum, which are relevant to us as business continuity people:
1. The most obvious observation is that there was a major failure of risk management by David Cameron and his advisors. As he thought the pro-independence supporters were going to lose the vote (the opinion polls were roughly 70% 'No' and 30% 'Yes' at the time) he decided not to put ‘Devo Max’ on the ballot paper. This was probably the preferred option for the majority of people. He thought the vote would not shift much, the ‘No’ vote would win comfortably and he didn’t then need to give Scotland more powers. After he originally agreed to the wording of the question, the support for independence grew and as the vote drew closer it looked increasingly likely that independence would happen. It seemed like this possibility was not taken into account when the question was being agreed and the basis for the election was negotiated. If you take a risk and the odds seem to be stacked in your favour you have to consider what you are going to do if the odds seem to shift against you.
2. Two weeks before the poll, with the ‘Yes' campaign looking increasingly strong, it seemed that there was no contingency plan in place. Momentum is very important in politics and it seemed to be firmly behind the ‘Yes’ vote. This caused the three party leaders to seemly panic and abandon Prime Minister's question time in order to hot foot it to Scotland and passionately argue for the Union. They pledged they would give extra powers to Scotland and said they would lay out a timetable for implementing the granting of these powers. To most people this seemed a panic measure and as though they had suddenly woke up to the fact that they might lose. Horizon scanning, as we should all be doing, and some local knowledge, might have told them that the passion for this debate was stirring in Scotland. The ‘Yes’ campaign had a very successful grassroots campaign which was turning many voters’ heads. Contingency plans and identifying the danger early on would have prevented the visit by the three leaders as being seen as a panic measure.
3. After an incident it is often said that organisations are never the same again. Pressures and the impact of the events have a lasting impact on the people who are involved. In Scotland this is most definitely the case. A whole section of people have been energised by the debate and want to pursue their goals of social justice and independence further. I was hearing on the radio that many people are in mourning as they genuinely felt that there was going to be a vote for independence, even if that was not what the opinion polls were telling them. The debate and the vote have changed Scotland. How this will manifest itself and the legacy of the referendum will become clear in the next few years. The important lesson for us is to learn that after an incident your organisation is likely to change and the change may be fundamental.
4. Lastly there is a very important lesson for incident communications from the event. During an incident people hear what they want to hear. Anything which reinforces their point of view is listened to and they don’t hear the logically-reasoned counter argument. It seemed to me that certain sections of the ‘Yes’ campaign would only listen to facts which supported their own argument and blocked out any that disagreed with them. When all three parties said Scotland couldn’t continue to use the pound, their reaction was not to propose an alternative currency but to claim those saying this were bluffing. When a number of senior members of the EU said that Scotland would not automatically become part of the EU they again claimed that this was not true and quoted another source which said they would automatically become members. We need to recognise that people may think they are victims in an incident and blame your organisation. However much you say it is not your fault, they have set in their mind it was your organisation which caused it and they will not listen to any communications from you. Just because you put out a firm rebuttal with lots of reason why it is not your fault there is no guarantee that the ‘victims’ are listening. You may have to redouble your communications or use different methods and channels to reach them. You may just have to recognise that in the end they will always believe what they want to believe and that any communications may never change their mind!
We will see how the situation pans out over the next few months.
Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success. In this four part series I’ll introduce you to the four basic courses necessary when cooking up an appetizing and rewarding business continuity program. This week the focus is on doing what’s good for us…exercising and eating our veggies!
DRJ Fall World is just around the corner, so now is the perfect time to turn our attention to the companies who help us ensure we can provide you with a top-notch learning and networking experience.
Gold Sponsor: Send Word Now: Headquartered in New York City, and founded as a direct result of personal experiences during 9/11, Send Word Now is the leading worldwide provider of on-demand alerting for crisis communication. The company’s easy-to-use, web-based emergency notification solutions and mobile applications are today utilized by businesses, government agencies, universities and non-profit organizations to ensure fast, effective and two-way communication when it is needed the most. Send Word Now's enterprise-class and award-winning notification service is capable of transmitting tens of thousands of voice and text messages in minutes, while ensuring a full audit trail for after-action reporting and follow-up. Its conferencing and workflow solutions keep everyone informed and connected to the people and information necessary for safety and resilience. At Send Word Now, a Silver Sponsor of DRJ Spring World 2014 and Gold Sponsor of DRJ Fall World 2014, every message counts.
- Coop Systems: myCOOP is COOP System’s breakthrough continuity planning software. The patented design was built from the ground up by world-class eCommerce developers.
- Dell: Good communication is at the heart of every successful business. Eliminate the hassle, risk and stress of email management and be prepared to communicate with your team anytime anywhere with Dell Cloud-Based.
- Deloitte: Deloitte is widely acknowledged as a leader in security by prominent analyst firms. Breadth of capabilities across the disciplines of risk management, IT consulting and organizational transformation allows us to define an approach that can efficiently and effectively align people, process and technology.
- EBRP: eBRP Solutions Inc. provides web-based tools and utilities, as well as consulting services. ESN develops tools and utilities focused on core requirements.
- Forsythe: Since 1971, Forsythe offers technology and business consulting services, technology leasing and products from all leading IT infrastructure manufacturers.
- IBM Business Continuity and Resiliency Services: In a world where data is the new natural resource and “always on” is standard, IBM has the proven expertise, knowledge and technology to ensure the continuous availability of your business. IBM’s portfolio ranges from innovative cloud services to full-scale compute, data and applications resiliency and recovery solutions. Please come visit us at booth 401/403 or ibm.com/services/continuity to find out how IBM can help keep your business ready, running and resilient in any condition.
- MIR3: MIR3 is the premiere provider of intelligent notification and response software for business operations or any area that needs reliable two-way notification.
- Strategic BCP/ResilienceONE: Strategic BCP leads the way in elevating the productivity and relevance of business continuity management (BCM) professionals. We help save time and money.
- Sungard Availability Services: Sungard Availability Services offers a complete portfolio of solutions to help keep people and information connected and achieve uninterrupted access.
Honestly, the sponsor and partner list for DRJ Fall World 2014 is a rather lengthy one, so we suggest you click on over to the Sponsor page to learn more about the great companies coming together to give you a fantastic conference experience. We're super thankful to our sponsors for their contributions and for the enabling the creation of DRJ Scholarship Program.
Looking forward to seeing you in 14 days in San Diego for a great few days of focused learning, discussion and networking. If you haven't registered - not to worry, there is still time! And don't forget to watch this video to get a sneak peak of what we've got planned for you.
As a reader of the DRJ blog, you know that we're busy getting ready for DRJ Fall World. Our 51st conference is happening very soon so we thought it would be useful to remind you of the information you need to have a successful conference experience.
When: September 7 -10, 2014
Where: Hilton San Diego Bayfront (1 Park Boulevard)
What: The industry's leading conference that brings together the top experts in BC/DR for information-packed days of learning, networking, and relaxing. With a theme of Building Your Program Using Best Practices, you'll leave San Diego with the skills, knowledge and confidence to equip your company with a program that really does work.
Why: Because constant learning is one of the keys to personal and professional growth. Meet with your peers and industry leaders to share ideas and learn from each other. Talk about what has worked in your organization and what hasn't worked. To learn about the latest tools, software, and services that can help you do your job more effectively and efficiently. Because DRJ has the skills, experience, and mojo to give you a conference that is all about value for your dollar and time.
Cool Stuff: Download our Guidebook App and use this handy mobile app to stay up-to-date with the latest news and happenings at DRJ Fall World. Update the schedule with your selected sessions, break-out tracks and workshops. Connect with your peers and grow your contact list. Review the conference maps in advance and plan your visit to our packed Exhibit Hall.
Conference Agenda: Download the agenda and plan out your days at DRJ Fall World.
Fun Times: Not only is DRJ Fall World all about learning, but it's also about relaxation and downtime. We've scheduled two hospitality events for you - a Welcome Reception on Sunday evening and a Hospitality event hosted by Send Word Now on Monday evening. Relax in one of the many nearby restaurants and pubs, take in a walk, jog, or all-out run on the nearby paths, take a dip in the heated saltwater pool, or check out the San Diego Embarcadero.
Sneak Peak: Watch this video to get a sneak peak of what you'll experience in San Diego in early September.
We'll see you in very soon in San Diego! It's going to be a great few days of learning, networking, and connecting.
Corporate executives largely understand the importance of backups. Even though businesses recognize why they need data protection only a few have implemented a seamless backup, archive and disaster recovery system. Why? The lack of time, resources and energy appear on the surface to be the problem. Too many other IT and datacenter issues get in the way. At the source, however, the problem may simply be repeating pitfalls that foil successful implementations.
Here are three of the ultimately game-ending pitfalls that companies have experienced when implementing data backup and restoration incorrectly. These problems take the wind out of the sails for an IT datacenter.
Pitfall #1 : Not selecting the right backup method
Most commonly, organizations do not select the method of backup which will work best for them. Organizations mostly think in terms of media-based holding tanks for their backed up or archived data. That is, they visualize their data in full, incremental or differential categories.
Full backups copy entire data sets and are resource intensive and time-consuming. The thinking follows to then capture the incremental changes made since the last full backup. After a week of incrementals they then conduct a full back up on a weekly or periodic basis. However, these incremental backups are time-consuming to restore. Therefore, many organizations opt for differential backup, which is similar to incremental backup, but it contains all data that has changed since the last full backup, not just the last incremental backup. Here again, the issues of resource hogging and time consumption that plague incremental backups resurface. At times, differential backups can even stretch to the next working day and slow down the entire system.
Organizations would do well to consider innovations such as synthetic full backup and incremental-forever backup. Synthetic full backup is similar to incremental backup, but reduces restore time by combining the existing full backup with the data from the incremental backups. Incremental-forever backup entails a full backup only one time when implemented, but then completes incremental backups forever.
There are many factors to consider when it comes to selecting the right backup system.
Organizations need to consider factors such as retention time according to service level contracts, the technology at their disposal, the nature of operations and other factors when deciding on the data backup and restoration system to use.
Pitfall #2 : Ignoring the "Restoration" Part of the Equation
Most organizations consider only the time it takes to restore the data when selecting an appropriate data backup and restoration system. Data restoration, however, goes beyond the restore time. For instance, the organization may want to review and perform file level restores rather than restoring the entire data set. Disasters do not always lead to the requirement of full backups. For instance, a system that does not allow file level restores may be useless if you want to get hold of a single file or data set that is corrupted or deleted inadvertently.
Pitfall # 3: Not Having a Data Retention Policy Upfront
Another ignored area when considering the issue of backup and recovery is the data retention policies. In the age of big data, a considerable chunk of most organizations data is considered junk and of no future use, but organizations continue to hold onto it. A well thought out data retention policy that retains only important and useful data, weeds out duplicate data and ensures the legal and compliance requirements with regards to data archiving and retention are met would streamline the data backup and retention policy effectively.
STORServer backup appliances, powered by the IBM Tivoli Storage Manager platform and CommVault Simpana 10, incorporate integrated backup, archive and disaster recovery capabilities that not only make this crucial process easy, seamless and fast, but also results in considerable cost savings. Contact us today to learn more.
Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success. The second “course” of this four part series takes a look at how picking the right strategy for your business continuity plan is key for its success. Also, to help deliver the “main course” I’ve invited a special guest chef - IBM’s own, Chef Watson.
Don't know if you've heard the news but DRJ Fall World is just around the corner - September 7 - 10 in San Diego. We've fine-tuned our agenda, have a got a great line-up of industry experts to lead the numerous sessions, and we're rolling out the red carpet during our hospitality events.
And to top things off, we've extended the $100 registration savings discount to August 14. This means you have two more days to take advantage of the discounted registration fee.
As you know we want you to get the most value possible at our conferences. This is why we want you to take advantage of the DRJ Fall World pre- and post-conference courses. These courses allow you to extend your learning and to make the most of your travel and education budget.
The 1.5 day long pre-conference courses are held on Saturday Sept. 6 from 9:00 a.m. to 5:00 p.m and Sunday Sept. 7 from 8:30 a.m to 11:30 a.m. These courses require an additional registration fee.
Here's a look at our pre-conference courses:
- Everything You Need To Know To Design A Successful Exercise: in this interactive and dynamic course you’ll learn how to design a successful exercise from the ground up. You’ll leave the workshop with a draft of your next exercise planned and a copy of Regina’s new book. (Presenter: Regina Phelps, CEM, RN, BSN, MPA, president, Emergency Management & Safety Solutions. Cost: $1495 per person.)
- Advanced IT Disaster Recovery And Technology Resiliency Planning And Certification Workshop: with a focus on advanced IT DR planning concepts within the realm of BC and DR planning, this workshop examines the role of technology in facilitating BC and DR planning. You’ll develop strategies to build a strong technology centric DR program and there is the opportunity to gain certification as a “Certified IT Disaster Recovery Planner”. (Presenter: Sudhir Gadepalli, chief mentor and strategy officer of Enterprise Resiliency Services. Cost: $1695 per person.)
- IT/DRP/Certified Business Resilience IT Professional: in this Certified Business Resilience IT Professional (CBRITP) course you’ll learn how to develop, test and maintain an IT disaster recovery plan for recovering IT and telecommunications systems and infrastructure in the event of a disaster or business disruption. You will receive a workbook and a take-home disaster recovery plan template and you can optionally take the CBRITP certification exam. (Presenter: Rick Wellman, senior business continuity and resilience trainer and consultant for Sentryx. Cost: $1695 per person.)
Be sure to visit the DRJ Fall World website to register for our pre-conference courses and to get more details on these top-notch learning opportunities. We're super excited to be presenting our 51st conference and really looking forward to seeing you and meeting you in San Diego.
Originally posted on Rentsys Recovery Services’ blog.
In today’s world, many, if not most, companies are either part of a regulated industry or have been identified as a critical vendor in a customer’s supply chain. These organizations are audited by regulatory bodies such as the Federal Deposit Insurance Corporation and the Office of Civil Rights or by another third-party auditor.
If your company falls into one of these two categories, you’re likely aware that most auditors look to see if your organization has implemented sound risk management and mitigation controls for safeguarding mission-critical data and business processes.
However, as more and more companies and their vendors adopt cloud solutions, you might be wondering what factors auditors consider when evaluating whether or not a cloud solution is compliant.
As a provider of private cloud vaulting and recovery services for regulated industries like finance and healthcare, Rentsys Recovery Services is, in auditors’ eyes, an extension of our customers’ organizations. As such, we’re expected to protect and recover each organization with the same level of scrutiny as the institution or practice’s employees. Because it’s imperative our services are conducted in a safe and sound manner while complying with applicable laws and regulations, we’ve become familiar with the key areas auditors view as potential issues.
Use the guidelines below as a starting point for determining whether or not you or your vendors will pass muster with your auditors.
- How sensitive is the data that will be placed in the cloud (e.g., confidential, critical, public)?
- What controls are in place to ensure is properly protected?
- Is any data whose disclosure could harm the organization or its customers appropriately encrypted or protected?
- Are there controls in place to ensure the integrity and confidentiality of the data?
- Is the data stored or processed overseas?
- Does the cloud solution have an adequate and tested plan to ensure the continuity of operations as well as its ability to recover and resume operations if an unexpected disruption occurs?
- Does the plan account for the availability of essential communications links?
- Does the cloud solution meet regulatory requirements for safeguarding customer information and other sensitive data?
- What controls does the service provider have to ensure the integrity and confidentiality of the data?
- Have the internal controls been evaluated by another auditor?
When determining the feasibility of cloud for your organization, most auditors will expect you to perform thorough due diligence and a risk assessment. Keep in mind that though security, availability and privacy are key elements of sound risk management and risk mitigation controls for cloud services, you may need to consider other elements specific to your industry. A thorough risk assessment should bring those considerations to light.
Just like the kids who are anxiously looking at the calendar and counting down the number of summer vacation days left - we're also counting. The only difference is that we're excitedly counting the days left until DRJ Fall World 2014.
Our 51st conference is being held in San Diego, CA from Sept. 7 - 10. Yes, very very soon. This means that we want you to be ready and prepared for our industry-leading conference. Make sure you've sent in your registration from and have reserved your hotel room at the Hilton San Diego Bayfront.
Along with the many learning opportunities available to you at DRJ Fall World, don't forget about the networking you'll be able to do. Thanks to the hospitality events, the welcome reception, the exhibit hall and our networking breakfasts/lunches - you'll leave the conference with an updated contact list of peers and experts who can help you out at anytime.
Here's a closer look at a few of the sessions available to you at Fall World 2014:
- Are you Insane? It's Time to Think Differently Before Doing Any BIAs!: it's time to take a different look at your BIAs, including the key decisions that need to be made before asking a question, why it matters to fully understand the organizational hierarchy, and the risks associated with taking short-cuts. Discover what the ramifications are for not taking the time to understand the footprint of your organization and what the ultimate goal is of your BIA. (Managerial Session 1 - Intermediate/Advanced. Presenters: Michael Gifford, MBCI, CBCP is a director within enterprise readiness services for U.S. Bancorp and Stacie Herzog, CBCP is a business continuity manager for U.S. Bancorp.)
- From Samba to Waltz: Choreographing Disparate Activities to Create A Holistic, Top-Notch Enterprise Continuity Program: disparate activities within an organization have a tendency to become outmoded and ineffectual. Learn how drawing on the available IT resources, leverage existing tools, creatively use human capital, along with refined data collection and aggregation, and well defined messaging, you can effectively create a resilient firm-wide continuity program. (Managerial Session 2 - Intermediate/Advanced. Presenter: Marc Kantor is the head of business resilience (business continuity and crisis management activities) for Voya Financial.)
To learn more about the sessions, break-out tracks, workshops, and pre/post-conferenc courses available at DRJ Fall World, download our conference agenda.
Don't forget to mark September 7 - 10 on your calendar! We look forward to seeing you in San Diego.