Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

Posted by on in DRJ Blogs

In Schoharie, New York, where over 200 homes were damaged by Hurricane Irene in 2011, the community is demonstrating resiliency today, Halloween, in the throes of Hurricane Sandy. With so many homes, streets, sidewalks, and other potential hazards due to flooding, the community celebrated Halloween with "Trunk or Treat." Several community residents bring their vehicles to a central parking lot, decorate their trunks, tailgates or hatch backs, and invite children to "Trunk or Treat" by stopping at each vehicle. Many homes were uninhabitable in 2011, and many still are. Without safe passage along debris-laden streets in the village, the idea provides a safe and enjoyable way for children to have fun on Halloween.

This is one terrific example of resiliency. Others observed this year are the e-mails sent by insurance companies and banks to customers who may have been impacted by Hurricane Sandy. My insurance agency sent me an e-mail with instructions on how to contact them and how to file a claim if damages occurred due to Hurricane Sandy. Banks have sent messages to customers indicating relaxation of due dates on credit cards if the customer loses access to either electronic or postal payments.

These examples of preparedness and response illustrate what FEMA is referring to in the Whole Community doctrine and what DRJ conference courses and articles have espoused for several years. We all need to participate in disaster preparedness, response and recovery.


Posted by on in DRJ Blogs

The majority of the east coast of the United States is dealing with the effects of Hurricane Sandy. Many folks are without power and worse still, people have died. To help you stay up-to-date with the latest  news and updates regarding Sandy, take a look at the links below.

Tagged in: hurricane sandy

Sometimes after you migrate your business data and applications to the cloud via cloud servers, it is easy to forget that data security is something that should be consistently monitored.  There are a few things to consider after your company’s migration to the cloud to ensure your data stays safe at all times. 


  1. Credentials:  Your username and password should be complex and unique for every service or site you use credentials for.  This way, if the credentials for one account get compromised, the rest of your accounts remain safe.  If you are worried that login information will be lost or forgotten, there are apps and software available to help with password management.  

  2. Be careful where you login:  Often times, users login from devices that are not their own, which could be saving login information through the web browser and therefore, jeopardizing the data’s security.

  3. Security Questions:  Avoid implementing security questions for your accounts that can be answered by simply conducting an online search.  For example, if the answer to your security question can easily be found on your Facebook, Twitter, or LinkedIn profile, choose a different question.

  4. Encryption:  Encryption software scrambles and codes your credentials so that they are harder to procure, which helps your data remain uncompromised.

  5. Anti-Virus and Anti-Spy Software:  All access to the cloud comes from your local system first.  Therefore, if your system is at risk, so is your data in the cloud.  Anti-virus/anti-spy software is important to keep out trespassers and to block unsafe sources that can download software and steal personal information from your computer. 


Tagged in: Cloud Hosting

Posted by on in DRJ Blogs

I just downloaded the updated Rules and Regulations spreadsheet... To say there is a lot of great content and information in this spreadsheet would be an understatement. This Rules and Regulations spreadsheet was compiled by a team of industry experts (all members of the DRJ EAB). 

The most recent update to this resource was in August 2012, and I thought it would be a good idea to write about different rules and regulations that you might not know about, have been recently amended or added or you might not fully understand. (Yes, this is me urging you to post comments about which rules and regulations you would like me to investigate and write about for you!) 

For the first look at the rules and regulations that impact everyone in the BC space, this post focuses on ISO 22301. 


Posted by on in DRJ Blogs

Recently, DR/BCP professionals have sent me inquiries about how to handle crisis management or crisis communication, especially during a DR event.  DR/BCP professionals may be highly involved in managing a data or system recovery and unable to devote attention to managing the entire crisis that may result. They need crisis management professionals on their team.  It wouldn't be practical to have a crisis management professional on each DR/BCP team, but it w0uld be an excellent time to partner with the corporate or organizational crisis management/crisis communication professional.

I've done Incident Management Team training for private sector organizations, sometimes at several of their critical facilities across the nation.  The Incident Command System (ICS) model provides a framework for integrating crisis management, crisis communication and DR/BCP operations when disaster strikes.  Most private sector organizations have found ICS to be extremely helpful and affordable if it has be tailored to their business and presented by consultants who understand both the private and public sector uses of ICS.  Private sector CEOs also see the benefit in being compatible with public emergency response organizations.

Crisis management is NOT DR/BCP.  It is a necessary subset.  In my experience, ICS can be taught from the bottom up, rather than the traditional top-down, command and control orientation.  I teach private sector Incident Management Teams that the key figure in response is the Operations Section Chief (the DR/BCP CIO or designee in the case of an IT emergency). This is the person and section that can "fix the problem," as Ed Devlin would say. All other ICS positions are there to support the Operations Section. I like the Incident Commander (ICS term) to be thought of as an "Incident Manager."


Posted by on in DRJ Blogs

The GAP in DR/BCP/EM Technology

Recently I attended a concert at my grandchildren’s school in a small, rural community in Upstate New York.  A small child in the row behind me was using what appeared to me to be a tablet computer. Amazed by the use of technology, even by very young children, I had thoughts of how widespread the use of sophisticated technology had become, even in remote areas.  There have been times when I felt government agencies and some businesses assumed the presence and use of technologies to be far greater than actual.  I challenged a DHS employee on the use of GIS and various mapping capabilities, stating that rural communities lacked such capabilities. He replied that his information was just the opposite, that the use of GIS and other mapping functions was very popular and widespread.

From my experience in rural counties, computing capacity is not as great as reported by the DHS.  This raises the question of capabilities of small and medium-sized businesses to use sophisticated systems often displayed in the DRJ exhibit hall and in articles about systems including rapid notification, GIS, and applications for emergency and business continuity planning and response.  Is preparedness as well equipped as we often assume?


It is clear to see why businesses put so much emphasis on backing up their data – they need their data to be secure so that their customers can rely on them.  Therefore, an effective disaster recovery plan is essential for every business that relies on stored data.  Furthermore, a successful disaster recovery solution requires additional resources identical to those used during daily operations.  

While there is a wide selection of disaster recovery solutions, cloud hosting provides the most flexibility and ease of use, while remaining cost-effective.  As opposed to purchasing two physical servers (one as your day-to-day server and the other as your backup), cloud servers provide the benefit of being able to easily create multiple servers in the cloud without needing to lease/own physical servers. 

In the same way that server redundancy provides failover protection for business continuity and disaster preparedness, cloud hosting provides increased stability and security, as well as improved scalability.  The redundancy delivers a backup for anything that may occur, such as a natural disaster or a security hack that comprises data.

Tagged in: Cloud Servers

The 1980’s Tylenol poisoning murders spurred panic, wide-spread fear, and perhaps the best-ever corporate response to a major public relations crisis. James E. Burke, then CEO of Tylenol-maker Johnson & Johnson, died on September 28 at the age of 87. He will be best known for his strong, decisive leadership and what has widely been recognized as a model of exceptional corporate crisis management. Fortune magazine named him one of history’s 10 greatest CEOs.

There are 5 truths we can learn from Mr. Burke’s handling of the poisoning disaster—lessons in the right way to handle a public relations nightmare.


A lesson we can take away from the recent severe weather and fires across the country is disasters can happen anytime, anywhere. No one can control where or when emergencies may happen but we can take steps in advance to prepare. Today, I am excited to announce a step towards better preparing local communities before disaster strikes – the 2012 Community Resilience Innovation Challenge.

This new opportunity is designed to assist local areas in building and revitalizing community-based partnerships through innovative initiatives and programs designed to advance the nation’s resilience to disasters. Funding levels range with a maximum of $35,000 and applications are open to all local, state, and tribal agencies and governments, business entities, associations, organizations and groups.

The Challenge program is supported by the Rockefeller Foundation and FEMA and will be administered by the Los Angeles Emergency Preparedness Foundation to encourage local communities to engage in creative activities that enhance disaster resilience. FEMA’s goal through the Community Resilience Innovation Challenge program is to emphasize the importance of planning and engaging the whole community, across all social sectors, to effectively respond to disasters.


Life as a BCM practitioner in any organisation can sometimes feel like you have been sentenced to solitary confinement. Often working in isolation and surrounded by your ‘adversaries’, it can be a lonely role as you struggle to embed BCM into your organisation and to win over some of your strongest critics. Coupled with the need to be a ‘jack of all trades’ that requires you to be knowledgeable, persuasive, inspirational, and highly-organised as well as a skilled facilitator, being a BCM practitioner can be a really tough job.

Just when you feel your energy levels dwindling and see your enthusiasm ebbing into the distance, along comes the BCM World Conference and Exhibition – the one that reaches the parts other conferences cannot reach, filling you with renewed energy and rekindling your passion for the discipline that is the love of your life.

The BCM World Conference reunites you with your allies, puts you alongside the ‘already convinced’ and ‘converted’ and offers you temporary release from your ivory towers, allowing you to dip into the cool pool of BCM and immerse yourself in a world where you feel safe and understood.


Posted by on in DRJ Blogs

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted to help address concerns regarding health care data security and privacy.  As part of the administrative safeguards of this act, health care facilities are responsible for backing up their data and having a disaster recovery plan in place for responding to emergencies. 

In general, health care facilities are responsible for maintaining the availability, integrity, and confidentiality of their patients’ Protected Health Information (PHI).  If a patient arrives in the Emergency Room in the middle of the night, the physician needs to be able to access the patient’s electronic health records quickly so that they can address their needs effectively. 

Therefore, data backups are imperative and a disaster recovery plan is essential to ensure that Protected Health Information can be recovered and restored in a reasonable amount of time if an unexpected event occurs.  The health care facility’s disaster recovery plan should outline data priority and failure analysis, testing activities, and change control procedures. 

Tagged in: HIPAA Data Security

After every conference I undoubtedly get a variation of the same question, "How was the show? How was the attendance?" And every year I give the same response...... "Show was great. Wish the attendance was a bit higher." I think we all know that BCP and DR are some of the first casualties of budget cuts. Well, conference privileges get cut before BCP and DR. As we go into budget season for most organizations I suggest you fight a bit harder to attend local and national conferences. Sure we all benefit from the content and keeping up with the latest technology but one of the most under-valued benefits of attending conferences is the networking that just happens. Networking doesn't just happen in the sessions or at the vendor exhibits. It can certainly also happen at the bar, or at the Gym, or while checking out the local surroundings. This networking is very hard to report back on, but I believe in this virtual world we live in now that one hand shake at a conference can create an everlasting relationship..... For the record this blog is purely the opinion of Fairchild Consulting and the Arnold's had nothing to do with influencing this blog ;o)

Hits: 1702

Posted by on in DRJ Blogs

It is extremely important for businesses to have a Disaster Recovery (DR) plan in place for situations where downtime or data loss may affect the business’ ability to continue operating smoothly and effectively.  To protect your data, it is essential that you know what you’ve got, understand what’s at risk, and then create a Disaster Recovery plan to keep risk at a minimum.

Disaster Recovery ties directly into business continuity because with so many businesses relying on their websites and/or the Internet in general, the loss of data could greatly affect their revenue.  The reality is that if your information system is taken down due to a flood, malware, hack attack, etc., you have both a business continuity and disaster recovery issue on your hands.

When putting together a Disaster Recovery plan, there are several key factors that will need to be considered so that the plan is as effective as possible.  Take the following factors into consideration when creating a DR plan for your business:


Posted by on in DRJ Blogs

I was first given responsibility for disaster recovery planning in 1985 while working at, what was then known as, Bank of Virginia in Richmond, VA. We were a UNISYS shop and had a mainframe recovery subscription with a company whose name I no longer remember that had a UNISYS recovery facility in Warminster, PA. I have been working in the fields of disaster recovery, business continuity, emergency response and crisis management, in a corporate management or consulting capacity ever since. You do the math to determine how many years’ experience that equates to – I am not sure I want to!

But, even after all those years, I am still learning new things, new techniques, better solutions, better methodologies, etc., each and every day. And, through conferences such as the just completed 2012 DRJ Fall World, I accelerate that learning process and I meet more and more people that help me grow and learn along the way.

Way back in 1985, I started attending industry conferences, user groups and professional training seminars. Throughout the years, I have attended numerous DRJ conferences – first as a practitioner; then, after gaining experience and confidence, as a presenter; and then, after being employed by DR and BCP services organizations, as a vendor. This year, although I am back in the consulting industry with a new company – I attended the conference once again in a practitioner capacity – and had a wonderful experience.

Tagged in: DRJ Conference

By Brian Zawada & Jacque Rupert, Avalution Consulting
Article originally posted on Avalution Consulting’s Blog

The introduction of ISO 22301 (Societal security – Requirements – Business continuity management system) more closely aligns business continuity to the broader risk management discipline. A major contributor to this alignment is the standard’s requirement to understand the organization’s “risk appetite” (a term not used in BS 25999). 

ISO 22301’s definition of risk appetite (Section 3.49) is the “amount and type of risk that an organization is willing to pursue or retain”. The standard makes reference to risk appetite in two sections:


I wish I could tell you that my summer was spent vacationing in some exotic location without internet access; or I was deep in remote third world countries performing humanitarian work for international charities; or that I won the lottery and was out spending my new found fortunes ­ ­­- but, I can’t.  Instead, being a consultant who has to work when the work is available, I spent my summer busy with delivering client projects.

For me, that is a hopeful sign.  This bares hope of a sign that the economy is picking up and companies are now able to support projects, such as business continuity planning, that are often deemed deferrable during down-times.  This bares hope that budgets are starting to allow for monies to invest in consulting assistance for projects, such as disaster recovery planning, where the in-house expertise is lacking.  And, this bares hope that companies are starting to put more emphasis on and giving more attention to business continuity planning and related topics.

But, the end of summer vacations, the start of school, football season kicking off in the United States are all signs of the calendar changing to Fall.  And, in our profession, that means DRJ Fall World.  I am happy to report that I am typing up this blog page from my hotel room at the San Diego Sheraton Hotel and Resort at DRJ Fall World 2012.  It is Monday afternoon and we are off to a tremendous start.


Posted by on in DRJ Blogs

Disaster recovery is constantly being influenced by trends in the IT industry.  These trends are forcing businesses to reevaluate how they plan, test, and execute their disaster recovery plans.  The following are a few IT trends and how they are affecting the disaster recovery strategies for businesses in every industry.

Tagged in: Disaster Recovery

Posted by on in DRJ Blogs

cPanel is a Linux control panel used by many web hosting companies because not only is it one of the most intuitive control panels available, but also it is relatively cheap to use.  cPanel allows you to control and manage every aspect of your website and is compatible with Linux applications like Fedora, Mandriva, CetOS, and Redhat Enterprise Linux.  In addition, there is a plethora of plug-ins available online for this leading control panel.

The demand for cPanel on cloud computing platforms is very high due to the high amount of stability, security options, ease of deployment, speed, and wide array of features it offers.  From adding sub-domains and email accounts to installing scripts and checking bandwidth, the control and flexibility provided by cPanel is unsurpassed.

Tagged in: Data Backups

In 2010 following the earthquake devastation in Haiti, I became concerned about the use of tarps and similar temporary shelter materials because of the strong possibility of a hurricane later that same year. Haitians were spared the any serious hurricanes in 2010 and 2011, but in 2012, they were seriously impacted by Hurricane Isaac.

What I proposed in 2010 was to use ConEx containers for temporary shelter, feeling that they were in abundance and more durable than tarps.  I shared my thoughts at DRJ in Orlando with Hector Fulgencio and Cole Emerson.  Hector was familiar with ConEx containers from his work in the shipping industry. Cole has vast experience in disaster response.  The consensus among us was that there was indeed a surplus of containers in the U.S. and the military could offload them and place them using heavy lift helicoptors. This would not necessitate using the ports in Haiti which had been seriously damaged. Since ConEx containers are transported via the sea, there would also be no need for the damaged and overcrowded airport.

ConEx containers have been used successfully for shelter both by the military and by the private sector. If properly ventilated and secured to the ground, they are far more resilient than a temporary shelter made from a tarp.

Tagged in: Haiti Quake.

The goal of Measured programs is to develop a resiliency program that is efficiently sized to mitigate risk while monitoring critical data elements to manage risk as the business demands. Measured programs are developed and maintained by utilizing three steps.  The first step takes into account an organization’s current state of readiness and resources available to them. The second step reviews industry best practices and determines application to your organization.  The third approach requires the implementation of program monitoring and dashboarding to provide data intelligence for senior leadership to identify a change in the risk profile and its potential impact to the organization.  This data will drive actionable items to treat, transfer, terminate, or tolerate the risks at hand.

Hits: 2189