• PROTECT AND ENHANCE THE VALUE OF YOUR ENTERPRISE

    FREE CUSTOMIZED DEMO

    The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.

    LEARN MORE ABOUT FRONTLINE LIVE 5

Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

I wish I could tell you that my summer was spent vacationing in some exotic location without internet access; or I was deep in remote third world countries performing humanitarian work for international charities; or that I won the lottery and was out spending my new found fortunes ­ ­­- but, I can’t.  Instead, being a consultant who has to work when the work is available, I spent my summer busy with delivering client projects.

For me, that is a hopeful sign.  This bares hope of a sign that the economy is picking up and companies are now able to support projects, such as business continuity planning, that are often deemed deferrable during down-times.  This bares hope that budgets are starting to allow for monies to invest in consulting assistance for projects, such as disaster recovery planning, where the in-house expertise is lacking.  And, this bares hope that companies are starting to put more emphasis on and giving more attention to business continuity planning and related topics.

But, the end of summer vacations, the start of school, football season kicking off in the United States are all signs of the calendar changing to Fall.  And, in our profession, that means DRJ Fall World.  I am happy to report that I am typing up this blog page from my hotel room at the San Diego Sheraton Hotel and Resort at DRJ Fall World 2012.  It is Monday afternoon and we are off to a tremendous start.

...

Posted by on in DRJ Blogs

Disaster recovery is constantly being influenced by trends in the IT industry.  These trends are forcing businesses to reevaluate how they plan, test, and execute their disaster recovery plans.  The following are a few IT trends and how they are affecting the disaster recovery strategies for businesses in every industry.

...
Tagged in: Disaster Recovery

Posted by on in DRJ Blogs

cPanel is a Linux control panel used by many web hosting companies because not only is it one of the most intuitive control panels available, but also it is relatively cheap to use.  cPanel allows you to control and manage every aspect of your website and is compatible with Linux applications like Fedora, Mandriva, CetOS, and Redhat Enterprise Linux.  In addition, there is a plethora of plug-ins available online for this leading control panel.

The demand for cPanel on cloud computing platforms is very high due to the high amount of stability, security options, ease of deployment, speed, and wide array of features it offers.  From adding sub-domains and email accounts to installing scripts and checking bandwidth, the control and flexibility provided by cPanel is unsurpassed.

...
Tagged in: Data Backups

In 2010 following the earthquake devastation in Haiti, I became concerned about the use of tarps and similar temporary shelter materials because of the strong possibility of a hurricane later that same year. Haitians were spared the any serious hurricanes in 2010 and 2011, but in 2012, they were seriously impacted by Hurricane Isaac.

What I proposed in 2010 was to use ConEx containers for temporary shelter, feeling that they were in abundance and more durable than tarps.  I shared my thoughts at DRJ in Orlando with Hector Fulgencio and Cole Emerson.  Hector was familiar with ConEx containers from his work in the shipping industry. Cole has vast experience in disaster response.  The consensus among us was that there was indeed a surplus of containers in the U.S. and the military could offload them and place them using heavy lift helicoptors. This would not necessitate using the ports in Haiti which had been seriously damaged. Since ConEx containers are transported via the sea, there would also be no need for the damaged and overcrowded airport.

ConEx containers have been used successfully for shelter both by the military and by the private sector. If properly ventilated and secured to the ground, they are far more resilient than a temporary shelter made from a tarp.

...
Tagged in: Haiti Quake.

The goal of Measured programs is to develop a resiliency program that is efficiently sized to mitigate risk while monitoring critical data elements to manage risk as the business demands. Measured programs are developed and maintained by utilizing three steps.  The first step takes into account an organization’s current state of readiness and resources available to them. The second step reviews industry best practices and determines application to your organization.  The third approach requires the implementation of program monitoring and dashboarding to provide data intelligence for senior leadership to identify a change in the risk profile and its potential impact to the organization.  This data will drive actionable items to treat, transfer, terminate, or tolerate the risks at hand.

Hits: 1935

At a conference I recently attended there was a lot of conversation around PS-Prep which bled into the discussion of “Why get certified” or, the more generic question of, “Why perform business continuity planning?” An oft repeated answer to this question, echoed by business continuity planners around the world is, “Because without a plan you will not survive as a company.”

I think this is a disingenuous answer without any history to support it. Where exactly is the evidence of this fact? What historical data can you share with me, or the CEO you are trying to convince, that this is the case? I am confident that you can dig up cases of small companies that did not survive a disaster, but where is that story about the big guy who did not survive the disaster?

The one and only case study I can think of off the top of my head is Enron, but that was a disaster of a different kind.

...

Posted by on in DRJ Blogs

Since 2002, my S-Corporation carried "Errors and Omissions" or Professional Insurance coverage. As an independent BCP/DR consultant, are you adequately insured? In 2008, my insurance carrier expanded coverage (known as the Bell endorsement) to include insurance for several crisis and emergency conditions that might create a business loss and hence a claim. The items covered may be of interest to you. They were not available in all states.

 

As an independent BCP/DR consultant, do you have the following coverage?

...

Posted by on in DRJ Blogs

According to a Wall Street Journal article (see Penn State Warned On Accreditation at http://online.wsj.com/article/SB10000872396390444318104577589174048808462.html?mod=ITP_pageone_1 ), "Pennsylvania State University's accreditation is "in jeopardy," one of the nation's primary accrediting groups warned the school, in the latest fallout from the Jerry Sandusky child-sex-abuse scandal. "

The Middle States Commission on Higher Education, the WSJ reported, "said there was 'insufficient evidence' that Penn State was complying with standards related to governance and integrity, as well as meeting financial obligations. "

Should a risk management practitioner have seen this coming? Or is the threat just another "black swan" that no one could have anticipated?

...

Posted by on in DRJ Blogs

 

California is assessing homeowners who live in vulnerable, fire-prone areas a fee to cover the cost of fire protection services, including very expensive suppression of wild fires.  It’s about time someone acted to place the cost of protecting vulnerable properties on those who own them.

 

...

Posted by on in DRJ Blogs

In a business world that is embracing the cloud more and more every day, it is interesting to see that, while the cloud benefits companies in several ways, these companies seldom demonstrate their advantage from the cloud in terms of ROI (return on investment).  This may be because many of the benefits from cloud computing are intangible and may not be fully realized until further down the road.  

Therefore, to calculate returns from cloud computing, a business will most likely not employ the standard ROI calculations.  Instead, the company may use one of the following ways to determine ROI from cloud computing:

  1. Rate of adaption in the market:  With the flexibility that the cloud offers in terms of quick transitioning of capabilities, businesses can adapt to ever-changing market trends and therefore improve standing against competitors in the industry.  Consequently, increased revenue may be realized due to their ability to grab market share at an improved pace.
  2. Utilization and control of resources: The scalability of cloud computing allows businesses to avoid under or over utilizing resources, which in turn ensures effective capacity utilization and the avoidance of waste.
  3. Cost of ownership:  With little to no barriers to entry and the low skill level needed to configure and use cloud infrastructure, businesses can save the money that would otherwise be used for staff training, installation, and maintenance of the infrastructure.
  4. Growth potential:  As a business in today’s world, it is important to have room for growth.  Traditionally, if a business demanded additional resources (in terms of infrastructure and IT personnel), it may have taken weeks to acquire the infrastructure and to train/transition the staff.  However, with cloud computing, resources can be scaled almost instantaneously to accommodate the growing demands of the business.

Depending on the specific needs of your business, you may calculate ROI in any one of these ways, or another.  As you can see, it may be hard to quantify the returns on cloud computing, even if the benefits are quite substantial. 

...
Tagged in: Cloud Computing

Today’s small business owners face daily challenges in running their businesses, and one of the more difficult challenges is managing business continuity and disaster recovery planning; however, the primary focus for most business owners is on their core business competencies, not on becoming resiliency experts.

Because investments in business continuity and disaster recovery planning directly impact the bottom line, there is a constant need to achieve real business benefits and mitigate costs against a backdrop of time pressures and limited business continuity skills. To add to this pressure, many small businesses are now looking toward cloud services, and what they may offer. However, this can add even more complexity and apprehension in adopting business continuity and disaster recovery planning methods.

What other challenges to you face when convincing small business owners to adopt business continuity and disaster recovery practices?

Hits: 1512

Posted by on in DRJ Blogs

By Glen Bricker, Managing Consultant, Avalution Consulting
Article originally posted on Avalution Consulting’s Blog

The goal of any recovery plan, regardless of the size or nature of the organization, is to protect life, minimize damage from an event, and quickly resume the delivery of critical products and services to meet customer requirements.  How this is accomplished, however, not only depends on the nature of the organization, but also its customers, size and resources, and culture.  The objective is to build plans that are based on realistic requirements, fit within the organization’s culture, and remain cost effective and appropriate.  The remainder of this article will discuss these characteristics and how they are incorporated into recovery plans.

The key to a great recovery plan is building what is appropriate. For example, it would be inappropriate to implement five levels of command structure and multiple plans in a thirty person company, or expect a single team in a multi-site, global organization to do everything.  In a large organization recovery plans are typically broken down into multiple plans that are owned and maintained by specific departments – emergency response will be owned by a Facilities or Security group, crisis communications will be owned by Corporate Communications or Public Affairs, and operational recovery plans will be owned by the business units.  All of these elements will be controlled and directed by a central Crisis Management Team and Plan.  In a smaller organization a single plan could suffice for most of these activities with limited addenda for specific critical functions.

...

By Christopher Burton, Senior Consultant, Avalution Consulting
Article originally posted on Avalution Consulting’s Blog

Since 2005, Avalution Consulting has performed hundreds of business continuity exercises with organizations in every major industry and sector throughout the United States.  No matter the scope of the exercise or the level of complexity, several key elements enable the successful outcome of this important component of the business continuity lifecycle.  This perspective shares some of our lessons learned, highlights the importance of exercising and provides insight into our time-tested exercise methodology. 

Nearly every business continuity standards and regulatory body recognizes the need for exercises to validate and continually improve continuity plans, including the National Fire Protection Association (NFPA), the British Standards Institute (BSI), and even the Federal Financial Institution Examination Council (FFIEC).  Exercising is also one of the most visible activities in which a business continuity practitioner is involved; it’s where the rubber meets the road.

...

By Susan Giffin, Managing Consultant, Avalution Consulting
Article originally posted on Avalution Consulting’s Blog

We recently published a perspective (Business Continuity for Small Businesses – We Can Do Better!) on how most small and medium-sized organizations escape the complexity of larger organizations and thus have the opportunity to implement streamlined business continuity planning processes, which should include:

  • Prioritizing departments and activities;
  • Identifying and classifying dependencies;
  • Establishing an approach to recover the critical departments and the critical dependencies;
  • Writing a plan to ensure a repeatable implementation of the recovery approach, along with details on how to ‘restart’ the critical departments; and
  • Testing the plan with an exercise, identifying lessons learned and building experiences.

A software tool can enable these key steps in the planning process and provide a more efficient process to collect, use and maintain data. However, while organizations of all sizes utilize similar processes when it comes to business continuity planning, the same cannot be said for the use of tools.

...

By Robert Giffin, Director, Avalution Consulting
Article originally posted on Avalution Consulting’s Blog

If you have less than 500 employees, odds are you don’t have someone working full-time on business continuity. And, unless regulations require you to perform planning in some manner, your organization may not have a business continuity plan at all!

Due to complex and distributed operations in larger organizations, business continuity is often a full-time position because the processes needed to establish recovery priorities and implement recovery strategies are often just as complex. Fortunately, most small and medium-sized organizations escape such complexity and thus have the opportunity to implement streamlined planning processes. In fact, I would argue their needs are pretty simple:

...

Posted by on in DRJ Blogs

Are we ever really safe from each other, from an insider, from one of our own? Colleges exist to educate people, and they must be open to their own students. Protecting all members of the college community from one of their own who "snaps" and decides to terrorize from the inside is next to impossible. One could easily bring a dozen Glock 19 pistols onto a college campus undetected inside a flat-top guitar case. A number of shots could be fired before anyone familiar with a crisis response plan could respond.