Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

Posted by on in DRJ Blogs

As a reader of the DRJ blog, you know that we're busy getting ready for DRJ Fall World. Our 51st conference is happening very soon so we thought it would be useful to remind you of the information you need to have a successful conference experience.

When: September 7 -10, 2014

Where: Hilton San Diego Bayfront (1 Park Boulevard)

Tagged in: DRJ Fall World

Corporate executives largely understand the importance of backups. Even though businesses recognize why they need data protection only a few have implemented a seamless backup, archive and disaster recovery system. Why? The lack of time, resources and energy appear on the surface to be the problem. Too many other IT and datacenter issues get in the way. At the source, however, the problem may simply be repeating pitfalls that foil successful implementations.

Here are three of the ultimately game-ending pitfalls that companies have experienced when implementing data backup and restoration incorrectly. These problems take the wind out of the sails for an IT datacenter.

Pitfall #1 : Not selecting the right backup method


Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success. The second “course” of this four part series takes a look at how picking the right strategy for your business continuity plan is key for its success. Also, to help deliver the “main course” I’ve invited a special guest chef -  IBM’s own, Chef Watson. 

Posted by on in DRJ Blogs

Don't know if you've heard the news but DRJ Fall World is just around the corner - September 7 - 10 in San Diego. We've fine-tuned our agenda, have a got a great line-up of industry experts to lead the numerous sessions, and we're rolling out the red carpet during our hospitality events. 

And to top things off, we've extended the $100 registration savings discount to August 14. This means you have two more days to take advantage of the discounted registration fee. 

As you know we want you to get the most value possible at our conferences. This is why we want you to take advantage of the DRJ Fall World pre- and post-conference courses. These courses allow you to extend your learning and to make the most of your travel and education budget.

Tagged in: DRJ Fall World

Originally posted on Rentsys Recovery Services’ blog.

In today’s world, many, if not most, companies are either part of a regulated industry or have been identified as a critical vendor in a customer’s supply chain. These organizations are audited by regulatory bodies such as the Federal Deposit Insurance Corporation and the Office of Civil Rights or by another third-party auditor.

If your company falls into one of these two categories, you’re likely aware that most auditors look to see if your organization has implemented sound risk management and mitigation controls for safeguarding mission-critical data and business processes.

Tagged in: Cloud Computing

Posted by on in DRJ Blogs

Just like the kids who are anxiously looking at the calendar and counting down the number of summer vacation days left - we're also counting. The only difference is that we're excitedly counting the days left until DRJ Fall World 2014

Our 51st conference is being held in San Diego, CA from Sept. 7  - 10. Yes, very very soon. This means that we want you to be ready and prepared for our industry-leading conference. Make sure you've sent in your registration from and have reserved your hotel room at the Hilton San Diego Bayfront

Along with the many learning opportunities available to you at DRJ Fall World, don't forget about the networking you'll be able to do. Thanks to the hospitality events, the welcome reception, the exhibit hall and our networking breakfasts/lunches - you'll leave the conference with an updated contact list of peers and experts who can help you out at anytime.

Tagged in: DRJ Fall World

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Nearly all business continuity professionals understand the importance of the business impact analysis (BIA) as the primary means for laying the foundation of a business continuity program. However, many professionals struggle to receive executive buy-in, as well as the necessary resources and support for the process. This article dispels common myths in attempt to help remove barriers to obtaining support and contributes to the creation of the business case for performing the BIA in any organization.

If you would like to learn more about the purpose and expected outcomes of the BIA, please check out: The Relationship Between the Business Impact Analysis and Risk Assessment.


Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success.  In this four part series I’ll introduce you to the four basic courses necessary when cooking up an appetizing and rewarding business continuity program.   Let's get started... Remember the "devil(ed egg) is in the detail".


Posted by on in DRJ Blogs

It's not just that airplanes have been disappearing, or shot down, or that the infectious disease Ebola is out of control in parts of Africa, or that Tel Aviv travel was suspended by major airlines when shelling came too close to the airport . Travel risk has always been an issue for corporations whose employees are spread round the globe.  In this morning's New York Times article, Joe Sharkey goes inside a gathering of corporate travel managers to better understand their concerns, including legal and ethical risks, given the last week or so of travel events.


If you're traveling on your own and don't have a corporate travel office to rely upon to filter out threats and make best recommendations, then your best bet is to go to the Department of State's website and read through the threat analysis they perform on countries you might visit. 


Some conferences are known for the learning component. Others have a reputation as being great for networking. What sets DRJ Fall World (and Spring World) apart from these conferences, is that our conferences are widely recognized for both the learning and networking aspects.

We've designed our conference schedule to ensure that you can maximize your learning opportunities with sessions run by leaders in the industry who are recognized for their knowledge and their ability to teach and share information. To extend this learning and to foster strong networking we've arranged for ample opportunities for you to meet with industry experts, your peers and industry service providers to discuss issues/trends/themes within business continuity and disaster recovery. 

So when you're looking at the Fall World conference agenda, remember that your learning opportunities extend beyond the conference room to casual meet-ups, the hospitality events, the exhibit hall and other networking opportunities. 

Tagged in: Fall World

Posted by on in DRJ Blogs

We don't really want to keep pointing out the date... but, July is almost over and August will be here very soon. To be more specific, August 7 will be here soon and if you want to save $100 on your DRJ Fall World registration, you need to register before August 7.

For those of you who have already registered and those of you who do register before August 7, your names will be entered in a draw to win a Kindle Fire HD. That's right, not only do you save on your conference registration and first choice at the sessions, but you also get the chance to win a prize! 

Along withe registration discount for our 51st conference, we've also arranged for special savings on your hotel room at the Hilton San Diego Bayfront and discounts on car rentals and airfare. 

Tagged in: DRJ Fall World

Posted by on in DRJ Blogs

It might only be July, but you know how the summer is - the days seem to pass by very quickly and before you know it - it's September. This is why now is the time to download the DRJ Fall World Agenda and to take advantage of our registration savings. 

Our 51st conference will be held from September 7 - 10 at the Hilton San Diego Bayfront. We received such excellent feedback on this new venue that we've decided to return for a second year. This stunning hotel and conference center has all the amenities you need for a successful learning and networking experience at DRJ Fall World. Along with outstanding rooms, you'll discover the nearby restaurants, the salt water pool, and the perks of being close to the San Diego Embarcadero. We have arranged for a special room rate for conference attendees, so we recommend you book your room sooner than later to take advantage of this special pricing

With a central theme of Building Your Program Using Best Practices, we have put together an agenda that offers you a range of learning opportunities that allow you to gain insight from the industry's top experts. Choose from workshops, general sessions, and break-out tracks that all focus on the latest trends, techniques and views on business continuity and disaster recovery. 

Tagged in: DRJ Fall World

This week Charlie gives you some of the key things to avoid when writing your plans.

Last week I helped plan and deliver a workshop for the Scottish Continuity Group. The theme of the day was to give the delegates ideas of ways to improve their plans. Presentations were given on a number of aspects of planning - including short plans, using business continuity software, the army way of planning and different ways to set out your plans. I gave a talk at the beginning of the workshop to set the scene. It was entitled “The Seven Deadly Sins of Business Continuity Plans” and I thought I would share the main points with you.

Sin 1 – Unnecessary information


Posted by on in DRJ Blogs

Charlie giving some key hints and tips for ISO22301 certification.


Early this week I was in Fremont, California supporting a company through their ISO22301 audit. We have been working with them for a year to get them ready for the audit. Monday and Tuesday were the days that the auditor was on site. We had already taken half of the company (the part based in Sweden) to ISO22301 certification, so were fairly confident that we would pass the audit. A different auditor is always an unknown entity. This meant that the audit was, as always, approached with a little apprehension.


This post was originally published on the RES-Q™ Services Blog.

A commitment is defined as being responsible for something; to pledge or obligate oneself to something; to entrust; to consign.


Posted by on in DRJ Blogs

 I finished a new article on insider threats a couple of weeks ago.  You can find it on our website (www.anniesearle.com) in the Research section, under "Articles by Annie."

I am on my to New York City via Boston tomorrow morning.  I'll be participating again this year in the Global Risk Forum hosted at New York University.  The theme of the forum is regional resilience, against a variety of growing threats that even highly prepared organizations now have to monitor.  I've been asked to contribute remarks around how even resilient firms can up their game at this time.

Once I'm back next week, I'll be accelerating work on a new book for executives, about operational risk.  More on that soon.

Hits: 1030
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Hits: 596

I read a lot of articles on the key benefits of the cloud, and how cloud computing can be used help to ensure business continuity and speed disaster recovery and in some cases the cloud services themselves can become a major component of the disaster recovery plan for on-site systems and services, but cloud services are not perfect, and while they sometimes offer redundancy and data protection, they can also lead to problems caused by updates or network failures.

Remember last year when a disruption at Amazon shut down Instagram, Vine, Airbnb And IFTTT?

Ultimately it is the user’s (data owner) responsibility to address their data as part of the overall business continuity management system.


By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

The business impact analysis (BIA) and risk assessment are foundational elements of every effective business continuity program; however, in our experience, many business continuity planning participants experience a lot of confusion regarding the definitions, relationship, and expected outcomes between the two processes. This confusion often results in outcomes that fail to drive preparedness.

Avalution acknowledges that there are many different ways to design and execute BIA and risk assessment processes, depending on the objectives for each. We also know that many experienced business continuity professionals have strong opinions on this topic, which may not fully align with our view. This article simply aims to provide Avalution’s perspective on how to best design and execute the BIA and risk assessment processes to achieve results that align with how management views business continuity risk.


Posted by on in DRJ Blogs


For the past week I have been working with a company in California and getting them ready for ISO22301 certification. I will speak more on the lessons learned from the certification in next week’s bulletin. In preparation for the audit I have been helping the local coordinator and senior managers develop their local business continuity plan for the loss of their Californian Headquarters. The other half of the company which is in Sweden has already been ISO22301 certified.

As well as developing a local plan for their California Headquarters, I was building into the plan how an incident that impacted on Sweden would be managed. A number of senior managers are based in California, their marketing department is there and they are NASDAQ listed.  This means that any disaster which could have a major impact on company operations has to have a California element. This applies to worldwide sales offices, as well as their Swedish office, where most of their IT is housed.
In developing their plan I suddenly realised that this was the first plan I have ever written that spans across time zones. Plans I have written in the past have involved the incident team, especially the strategic team, working almost office hours with a slightly early start and a later finish. On the whole no interested parties wanted to hear from them in the middle of the night, so they could go home ready for the next day. As people prepare to pack up and go home for the day in Sweden, the working day in California is just beginning. If you worked long hours over both time zones then the team would be working 24/7. With a small senior management team this would not be possible.
Working with a company that has such an international operation has given me a lot of food for thought about the handling of incidents.
1. Think about how you are going to manage an incident if it is going to be across many time zones.
2. The second point is about managing the media. When I was talking to the senior managers as part of the exercise it occurred to me that most media case studies and learning points come from businesses that service customers rather than business to business companies. This company does something quite obscure and before working with them I didn’t know what their technology did. That got me thinking, would anybody in the media actually be interested in an incident that involved them? I thought that the only people who would be interested are their customers, the industry and their investors. An incident involving them is never likely to make the news so they have to think about their reputation amongst a very small pool of people rather than the “court of public opinion”. This makes their communications strategy easier as there are fewer players but also more difficult in that it is difficult to hide an incident in a small industry.  There will inevitably be a lot of speculation, especially from your rivals! If you are a B2B organisation, you should think about how your communications strategy could differ from the usual ones you hear about.
3. My final point was this, how do you tell the customer? This company provides an ongoing support service to their customer in terms of bug fixes and new security upgrades. An incident could delay these. If there is an incident that could delay routine fixes for a short while, do you tell your customers or not? They may not notice the incident at all. On the other hand if you’re spending millions with a supplier, would you not think you are entitled to hear about any potential delay in a bug fix or a support call? We decided after a long debate it depends on the circumstances. This I think is a very difficult call. The lesson to be learnt here is that you should think through different types of scenarios and practice this during exercises.