DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Millennials and Business Continuity: Risks and Opportunities

Originally posted on Rentsys Recovery Services' blog.

Back in 2015, Pew Research found that millennials had surpassed Gen Xers as the largest generation in the U.S. workforce. By next year, millennials are expected to meet a new milestone: the nation’s largest living generation in terms of population.

With that being the case, it’s time to think about how the rise of millennials in the workforce affects your business continuity strategy. Below we’ll explore the risks and opportunities this generation presents.

...
Continue reading
317 Hits
0 Comments

How flexible is your BCP?

How flexible is your BCP?

As Business Continuity professionals, we see a lot of plans. We develop plans for our clients, we help mentor clients on how to build their plans themselves, we review existing plans for gaps, and we audit plans. One consistent concern across all plans, regardless of their size, is it a flexible BCP. At what point is your plan too rigid? How do you know if you have just enough – or too much – information? Do you need responses for every single type and depth of scenario out there? If you don’t know the answers to any of these questions, don’t worry, we’re here to help!

What do we mean by flexible BCP?

For the purposes of this post, we are talking about how well your BCP allows you to adapt, and appropriately respond, to different types of incidents. You should be able to use the same BCP to respond to a fire, a train derailment, a power outage, or an active threat. This might seem a bit daunting; how can one plan possibly respond to all of these things? Simple! The answers are in your plan content and structure, and training.

 

Plan content and structure

Two key areas of a flexible BCP are in the response and recovery steps, and the supporting documentation. The response and recovery steps document exactly what steps you need to take when an incident occurs. But, these steps do not need to be so detailed that they are difficult to follow. For example, one of your steps might be “Inform vendors of the incident and provide temporary instructions.” You do not need to then list the name of every vendor you need to contact for every type of incident. Simply include a reference to your vendor database. That way, you select which vendors you contact depending on what has been impacted by the incident.

...
Continue reading
340 Hits
0 Comments

How to Plan for Ransomware in 2018

Originally posted on Rentsys Recovery Services' blog.

 

Heart monitors go off simultaneously. Doctors get error messages when trying to access patient records. Then all the computers in the facility go black. The following message appears in scrolling green text:

...
Continue reading
640 Hits
0 Comments

Three 2018 Business Continuity Predictions

Originally posted on Rentsys Recovery Services' blog.

From hurricanes Harvey, Irma and Maria to the WannaCry ransomware attack, business continuity planners around the nation had several opportunities to put their plans to the test in 2017. In 2018, three words will influence business continuity planning: community, reputation and collaboration. Here are three of our predictions for the upcoming year.

The Increase in Billion-Dollar Weather Events Will Require Businesses to Focus on Community

The 2017 hurricane season proved to be the costliest one to date. Total property losses and economic impact from Harvey and Irma alone are expected to climb as high as $200 billion. The impact of California’s wildfire season isn’t much less — $180 billion — and even before December’s wildfires, 2017 has already made a record as the costliest and deadliest wildfire season in California’s history. According to predictions by Allianz, these billion-dollar disasters will be the new normal.

...
Continue reading
628 Hits
0 Comments

Never, say never… 

Never, say never… 

Previously we wrote about the fall-out from the Lac Megantic rail disaster – the deadliest Canadian rail disaster since 1867.  Many lessons were learned from the two-year investigation that followed.  While less catastrophic, the recent post-Hurricane Harvey Arkema plant explosion near Houston, Texas, will also reveal its own take-aways.

However, even without results from investigations into the Arkema explosions, these incidents deliver a critical lesson: ‘Never say never’.

The 'perfect storm' in Lac Megantic

At Lac Megantic, there were 18 factors that led to the rail disaster, taking 47 lives and devastating an entire town.  Each factor, considered in isolation, never would have predicted the disaster that resulted: a short-cut on an engine repair; a small engine fire; an improper brake test; insufficient brakes set; a train left unattended at the top of a hill.  While any one of these factors would have not created the disaster that resulted, unfortunately, for the community and the rail company, many of them collided on one fateful night.

...
Continue reading
405 Hits
0 Comments

7 Emerging Trends in Disaster Recovery Industry

7 Emerging Trends in Disaster Recovery Industry

For most business executives, finding a way to keep their businesses running even in the event of a disaster cannot be overstated. In fact, disaster recovery and business continuity are fast becoming the most important IT conversation that business leaders are having to discuss with their staff as well as train them on the protocols to follow when a disaster strikes. On average, business organizations take 1-9 hours to recover from a disaster. Each hour costs an average of $700,000.

In any disaster recovery procedure, the first few minutes and hours after a business system crashes are extremely crucial. For most enterprises, the rest of the recovery process is determined by how well events unfold in the period immediately after the disaster hits the business process.

Failure to be adequately prepared for a disaster has the potential to wreak havoc on the reputation and financial standing of the organization. What’s more, a poorly managed disaster can scare customers away. A Business Continuity Institute poll conducted by risk experts found that 85% of the people who took part in the survey had concerns that their businesses were at risk of a cyber-attack within a period of 12 months from the time the poll was conducted.

...
Continue reading
2610 Hits
0 Comments

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

You’ve likely heard the terms before and may have a vague idea of their definition, but how do emergency response, disaster recovery and business continuity really work together during an incident? This blog post will walk you through these phases.

 

Putting Incident in Context

You are sitting in your office building and the fire alarm goes off. Following health and safety procedures, you head outside and smell smoke. You can see flames coming from the top two floors of the building. The fire department has arrived and is setting up to put the fire out. Your colleagues are moved away from the building, and anyone who is hurt is treated. You are left to wonder when, if ever, you’ll be able to come back to work.

Within three days your IT group has you set up with a laptop so that you can work remotely. You and your colleagues work together online and through conference calls. Eventually, after the damage to the office is fixed, you get a notice that everyone can return to work as normal.

...
Continue reading
638 Hits
0 Comments

New Year's Resolutions

We are just a few days away from 2017, wondering what it will bring.  Everyone is deciding what their New Year's resolutions will be.  What will you do differently in your personal life?  And what changes are you going to make in your business and professional life?  This is the perfect time to reflect on what went well for your company this past year; and what was less than perfect. It is also the prime time to do some planning and preparation.

Incidents have a global impact.

One only needs to look back on 2016 to remember how many natural disasters occurred.  This was one of the deadliest Atlantic hurricane seasons since 2005, spanning all the way from mid-January to the end of November.  Out of 1,766 deaths this season, 1,659 were attributed to Hurricane Matthew alone.  There were also massive earthquakes in Ecuador, Italy and the Solomon Islands, and rampant wildfires in the Southeastern United States.  At first blush when these incidents are looked at separately, the impact might not be considered all that high.  However when you really think about the global impact of incidents like earthquakes, sudden flooding, snowstorms, power outages, fires, and hurricanes, you quickly realize how these seemingly isolated incidents resulted in real impacts on your bottom line.

The New Year is the time to start.

I suggest you take this week to get ready for the year ahead. Do a threat risk assessment.  Really look at the results of this process and consider how these threats will impact your business and bottom-line.  Next, take action.  Work with a proven leader in the industry to put together a business continuity plan. When done effectively, the creation and implementation of this plan doesn't have a big impact on the day-to-day operations of your business.  Ultimately you will have the peace of mind that your company and its assets are protected in the event of disaster.

...
Continue reading
1313 Hits
0 Comments

3 Ways Your BCP Can Help You During The Holidays

Demonstrating return on investment is one of the main barriers to launching a new Business Continuity Plan (BCP) project. Many organizations have difficulty justifying the expense of building a BCP and funding it’s maintenance over time. A healthy organization that has never experienced an interruption may focus on the real possibility of a zero ROI. If an organization is able to dodge the proverbial bullet, it’s true, the project may never yield much return. However, even in the case of extreme luck, there are three distinct ways that a BCP helps you with non-emergency operations in your organization.

1 – Holiday Closures

With the holiday season upon us, business closures can be a difficult puzzle to solve. Whether in the manufacturing or service sector, it can be tough to determine how to shutdown and restart the business. Add in the need to share these impacts both inside and outside of the organization and this task can seem enormous. Thankfully, a solid BCP will give you the information you need to make this happen. The BCP tells you which critical processes need the most attention; it includes instructions for internal and external communications; and it lists all critical vendors, suppliers and customers that may need special attention. The BCP acts as a manual of steps for a short term holiday closure. The New Year will ring in the return to operations-as-usual.

One important item to note is that using the BCP in such closures serves as a plan exercise. This will help identify any pitfalls in the plan and inform the next iteration. Exercises ensure your plan becomes an even more robust and useful resource.

...
Continue reading
1147 Hits
0 Comments

Control in the Chaos

Emergency Management Market Skyrockets

When we heard the report based on new market research that the incident and emergency management market is projected to reach $114 billion by 2021, we weren’t surprised. But what people may not realize is why the market is exploding. The report notes the growth is due to “changing climatic conditions, increasing government regulations and norms, extensive usage of social media to spread information, and increased threats of terrorist attacks.”

Pretty sobering. Every one of those key drivers are out of our immediate control. We don’t like to feel out of control. In fact, the feeling of being out of control is a leading cause of anxiety and depression. It can lead us to act irrationally or at the very least, make us irritable. The truth is, we feel safe when we are in control.

An interesting study found climate change ranks among the top 20 greatest fears of U.S. adults and nearly 40 percent of people have anxiety about terrorism. These are serious numbers. So what can a company do to alleviate some of these fears?

...
Continue reading
1196 Hits
0 Comments

Lessons Learned from Matthew's Aftermath

Hurricane Matthew, a category 5 hurricane that disrupted life along the Western Atlantic for nearly two weeks last month, is an unwelcome reminder of the importance of business continuity planning and preparedness. In any disaster, there are many lessons learned for all persons and organizations involved. Here we look to Matthews’ to highlight some lessons we can all take away to enhance business continuity planning for not just hurricanes, but disasters of any kind.

For those who didn’t follow the hurricane, it’s effects were great and widespread. Wind gusts up to 107 mph were measured at Cape Canaveral, Florida. Water levels rose up to eight feet above normal levels as a result of the storm surge. Some areas reported up to 14 inches of rainfall, furthering flood risks and concurrent impacts miles from the coastline.

If directly inside this impact zone, many immediate effects can inhibit your business operations:

...
Continue reading
1252 Hits
0 Comments

All data is not created equally!

Your original job application is not as important as your company’s payroll database, or even the email database. So, why are you using the same storage policy for both?

 

IT organizations can actually drive up the cost of storage unnecessarily by treating all data as if it were the same and storing it all on the same media. Stop using one policy to rule all of your data. It might be simple, but it is killing your bottom line.

...
Continue reading
879 Hits
0 Comments

Ebola - The Classic Creeping Crisis

This week Charlie discusses how the Ebola crisis is creeping up on all of us. 
 
 
The situation in West Africa, with the ongoing spread of Ebola, bears all the classic symptoms of a ‘creeping’ or ‘rising tide’ crisis.

In Tolly’s Handbook of Disaster and Emergency Management Principles and Practice (edited by Lakha & Moore, 2004) a rising tide crisis is described as a: “Problem which creeps up gradually, such as occurs in the case of organised crime, corruption, a developing infectious disease epidemic or a steady stream of refugees into a country. There is no clear starting point for the crisis and the point at which it becomes a crisis may only be clear in retrospect.”

At present the disease is out of control in Sierra Leone, Liberia and Guinea. The latest news from the BBC says that in Sierra Leone there are five new cases of Ebola every hour and that a total of 765 new cases were reported in the West African state in the last week alone.

The problem is compounded by the fact that there are only 327 hospital beds in the country. The disease has killed 3,338 people so far. The situation is made even worse by the fact that 10% of Ebola deaths have been health professionals. Those trying to prevent the spread of the disease are being killed by it.

...
Continue reading
1358 Hits
0 Comments

What can the Scottish Referendum teach us about business continuity?

This week Charlie discusses the Scottish referendum results.

 

I have written about Scottish independence before, but thought I would revisit the topic now that the referendum has been and gone.

...
Continue reading
1159 Hits
0 Comments

Here are few tips to keeping your BC plan and program healthy!

Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success.  In this four part series I’ll introduce you to the four basic courses necessary when cooking up an appetizing and rewarding business continuity program. This week the focus is on doing what’s good for us…exercising and eating our veggies!

Continue reading
1701 Hits
0 Comments

Establishing the Business Case for the Business Impact Analysis

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Nearly all business continuity professionals understand the importance of the business impact analysis (BIA) as the primary means for laying the foundation of a business continuity program. However, many professionals struggle to receive executive buy-in, as well as the necessary resources and support for the process. This article dispels common myths in attempt to help remove barriers to obtaining support and contributes to the creation of the business case for performing the BIA in any organization.

If you would like to learn more about the purpose and expected outcomes of the BIA, please check out: The Relationship Between the Business Impact Analysis and Risk Assessment.

...
Continue reading
1475 Hits
0 Comments

Assessing Your Disaster Recovery and Business Continuity Strategy

  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
1154 Hits
0 Comments

The Relationship Between the Business Impact Analysis and Risk Assessment

By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

The business impact analysis (BIA) and risk assessment are foundational elements of every effective business continuity program; however, in our experience, many business continuity planning participants experience a lot of confusion regarding the definitions, relationship, and expected outcomes between the two processes. This confusion often results in outcomes that fail to drive preparedness.

Avalution acknowledges that there are many different ways to design and execute BIA and risk assessment processes, depending on the objectives for each. We also know that many experienced business continuity professionals have strong opinions on this topic, which may not fully align with our view. This article simply aims to provide Avalution’s perspective on how to best design and execute the BIA and risk assessment processes to achieve results that align with how management views business continuity risk.

...
Continue reading
2353 Hits
0 Comments

Why Plan? A Closer Look at Business Continuity

By Ross Ladley, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Business continuity is an often talked about risk management practice, especially with what appears to be an ever increasing number of serious disasters, including Superstorm Sandy, the California wildfires, and the Japanese Tsunami – and that’s only natural disasters! Disruptive incidents can stem from major events such as these, but they can also originate from events that are far less visible and widespread, including sprinkler malfunctions, power outages, supply shortages, and an IT disruption.

This perspective discusses why organizations make the decision – or should make the decision – to invest in business continuity planning.

...
Continue reading
1378 Hits
0 Comments

Using the Results of Your BIA to Develop Disaster Recovery Requirements

By Michael Bratton, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

So you’ve just completed your business impact analysis (BIA) – identifying recovery time objectives for a variety of processes and functions throughout your organization and captured the names of applications and systems that business owners state they just can’t live without. In addition, the IT department heard you were conducting a BIA and mentioned on a few different occasions that they were excited to see what the final results would be to help with their planning. You’ve taken all the applications and their reported recovery time and recovery point objectives and crammed them into a very lengthy spreadsheet, and then the inevitable happens… you realize that everything you have collected is a huge mess.

But, don’t worry, this is a common issue! This perspective will explore the process of taking that seemingly disorganized pile of data and organizing it into something that can be utilized by IT disaster recovery planners to help meet continuity goals. So, let’s get started!

...
Continue reading
1652 Hits
0 Comments