Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 30, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Never, say never… 

Never, say never… 

Previously we wrote about the fall-out from the Lac Megantic rail disaster – the deadliest Canadian rail disaster since 1867.  Many lessons were learned from the two-year investigation that followed.  While less catastrophic, the recent post-Hurricane Harvey Arkema plant explosion near Houston, Texas, will also reveal its own take-aways.

However, even without results from investigations into the Arkema explosions, these incidents deliver a critical lesson: ‘Never say never’.

The 'perfect storm' in Lac Megantic

At Lac Megantic, there were 18 factors that led to the rail disaster, taking 47 lives and devastating an entire town.  Each factor, considered in isolation, never would have predicted the disaster that resulted: a short-cut on an engine repair; a small engine fire; an improper brake test; insufficient brakes set; a train left unattended at the top of a hill.  While any one of these factors would have not created the disaster that resulted, unfortunately, for the community and the rail company, many of them collided on one fateful night.

...
Continue reading
173 Hits
0 Comments

7 Emerging Trends in Disaster Recovery Industry

7 Emerging Trends in Disaster Recovery Industry

For most business executives, finding a way to keep their businesses running even in the event of a disaster cannot be overstated. In fact, disaster recovery and business continuity are fast becoming the most important IT conversation that business leaders are having to discuss with their staff as well as train them on the protocols to follow when a disaster strikes. On average, business organizations take 1-9 hours to recover from a disaster. Each hour costs an average of $700,000.

In any disaster recovery procedure, the first few minutes and hours after a business system crashes are extremely crucial. For most enterprises, the rest of the recovery process is determined by how well events unfold in the period immediately after the disaster hits the business process.

Failure to be adequately prepared for a disaster has the potential to wreak havoc on the reputation and financial standing of the organization. What’s more, a poorly managed disaster can scare customers away. A Business Continuity Institute poll conducted by risk experts found that 85% of the people who took part in the survey had concerns that their businesses were at risk of a cyber-attack within a period of 12 months from the time the poll was conducted.

...
Continue reading
1504 Hits
0 Comments

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

You’ve likely heard the terms before and may have a vague idea of their definition, but how do emergency response, disaster recovery and business continuity really work together during an incident? This blog post will walk you through these phases.

 

Putting Incident in Context

You are sitting in your office building and the fire alarm goes off. Following health and safety procedures, you head outside and smell smoke. You can see flames coming from the top two floors of the building. The fire department has arrived and is setting up to put the fire out. Your colleagues are moved away from the building, and anyone who is hurt is treated. You are left to wonder when, if ever, you’ll be able to come back to work.

Within three days your IT group has you set up with a laptop so that you can work remotely. You and your colleagues work together online and through conference calls. Eventually, after the damage to the office is fixed, you get a notice that everyone can return to work as normal.

...
Continue reading
453 Hits
0 Comments

Have You Automated Your Emergency Notifications? How This One Step Can Save Lives

Have You Automated Your Emergency Notifications? How This One Step Can Save Lives

Emergencies Aren’t The Time to Plan

We don’t often think of emergency response until there is an actual emergency which is the absolute worst time to figure it out. When you’re in a crisis, you and your co-workers are less likely to think as clearly as when you aren’t. An emergency “plan” is just that, a plan. It’s your guide to getting you and your employees out of harm’s way and keep the business up and running as best as possible. The more steps you can remove from the process through automation, the better off everyone will be.

While many organizations say they have an emergency procedure  in place, there are a few problems with many plans:

1. The plan isn’t really a plan. It’s more of an idea. “If we have to evacuate, we’ll just go into the parking lot.” That’s not a well-conceived plan. An appropriate plan must be well thought out, rehearsed, and include all of the most likely scenarios, plus the flexibility to extrapolate the procedure to unexpected events. This “all-hazards” plan requires more than one person to develop, in fact, a committee of in-house and remote stakeholders who can work together to come up with a comprehensive strategy and agree on the technologies that will make it happen.

...
Continue reading
924 Hits
0 Comments

New Year's Resolutions

We are just a few days away from 2017, wondering what it will bring.  Everyone is deciding what their New Year's resolutions will be.  What will you do differently in your personal life?  And what changes are you going to make in your business and professional life?  This is the perfect time to reflect on what went well for your company this past year; and what was less than perfect. It is also the prime time to do some planning and preparation.

Incidents have a global impact.

One only needs to look back on 2016 to remember how many natural disasters occurred.  This was one of the deadliest Atlantic hurricane seasons since 2005, spanning all the way from mid-January to the end of November.  Out of 1,766 deaths this season, 1,659 were attributed to Hurricane Matthew alone.  There were also massive earthquakes in Ecuador, Italy and the Solomon Islands, and rampant wildfires in the Southeastern United States.  At first blush when these incidents are looked at separately, the impact might not be considered all that high.  However when you really think about the global impact of incidents like earthquakes, sudden flooding, snowstorms, power outages, fires, and hurricanes, you quickly realize how these seemingly isolated incidents resulted in real impacts on your bottom line.

The New Year is the time to start.

I suggest you take this week to get ready for the year ahead. Do a threat risk assessment.  Really look at the results of this process and consider how these threats will impact your business and bottom-line.  Next, take action.  Work with a proven leader in the industry to put together a business continuity plan. When done effectively, the creation and implementation of this plan doesn't have a big impact on the day-to-day operations of your business.  Ultimately you will have the peace of mind that your company and its assets are protected in the event of disaster.

...
Continue reading
1156 Hits
0 Comments

Control in the Chaos

Emergency Management Market Skyrockets

When we heard the report based on new market research that the incident and emergency management market is projected to reach $114 billion by 2021, we weren’t surprised. But what people may not realize is why the market is exploding. The report notes the growth is due to “changing climatic conditions, increasing government regulations and norms, extensive usage of social media to spread information, and increased threats of terrorist attacks.”

Pretty sobering. Every one of those key drivers are out of our immediate control. We don’t like to feel out of control. In fact, the feeling of being out of control is a leading cause of anxiety and depression. It can lead us to act irrationally or at the very least, make us irritable. The truth is, we feel safe when we are in control.

An interesting study found climate change ranks among the top 20 greatest fears of U.S. adults and nearly 40 percent of people have anxiety about terrorism. These are serious numbers. So what can a company do to alleviate some of these fears?

...
Continue reading
1016 Hits
0 Comments

Mass Text Software Becoming Standard Protocol for Emergency Notifications

Key Drivers

I recently saw an article from Campus Safety magazine that discussed how college campuses are attempting to maximize the ROI of their alert systems. This isn’t a surprise, as it has become mandatory for schools to have some sort of mass communication system in place for emergencies. Sadly, school campuses from elementary through college have lost their sense of security after so many stories of campus violence. We’ve all mourned the tragedies of Sandy Hook, Columbine, and Virginia Tech. There have been 142 school shootings in the U.S. since 2013 and nearly every state has been affected.

On top of everything schools have to contend with each year , these horrific crimes have quickly placed campus security at the top of the priority list. The mass notification system market is responding and is expected to grow to nearly 10 billion USD by 2021, due in part to the growing demand for public safety and increased awareness for emergency communication solutions.

Squeezing Out ROI from Pinched Budgets

The drive to eke out as much ROI as possible from these communication tools is understandable given the strained resources of many schools. The article reminds us that email was the mainstay for all electronic communications prior to the 2007 Virginia Tech shooting. Our culture has evolved significantly since then, thanks to millennials who have set the standard for instant, real-time communications. While email still may have its place, it isn’t considered fast or reliable enough for emergency notifications.

...
Continue reading
1097 Hits
0 Comments

KingsBridge Disaster Recovery to Launch Shield 2.0 at DRJ Fall World

KingsBridge Disaster Recovery announces its signature Shield software, a Business Continuity and Disaster Recovery Planning tool, has undergone a complete redevelopment and will be available to new users starting this month. Shield has always strived to make planning simple, but now The Plan Builder is taking it to the next level following more than a year of planning, development and testing while always keeping “faster", “easier", “intuitive" at the core of their design decisions.  The KingsBridge team is excited to release this new and improved product to build better recovery plans faster.  With the mantra of “The Plan Builder”, Shield 2.0 gives users the ability to build a first draft of the plan right out of the box saving precious time and resources. KingsBridge understands that many Business Continuity project managers have conflicting priorities and tight deadlines. To answer the call for an easy to use, easy to manage plan, Shield 2.0 has enhanced capabilities for managing data and documents with easier navigation. And users couldn’t be happier. Here is what customers have to say about Shield 2.0;

 

  • Ease of use; the application isn’t too complex allowing users to access it only once or twice a year without the need for retraining.

    ...
Continue reading
916 Hits
0 Comments

Here are few tips to keeping your BC plan and program healthy!

Food is a universal language. So is man’s need to survive. Whether in the business world or the kitchen we need a simple recipe for business continuity success.  In this four part series I’ll introduce you to the four basic courses necessary when cooking up an appetizing and rewarding business continuity program. This week the focus is on doing what’s good for us…exercising and eating our veggies!

Continue reading
1554 Hits
0 Comments

Why Plan? A Closer Look at Business Continuity

By Ross Ladley, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

Business continuity is an often talked about risk management practice, especially with what appears to be an ever increasing number of serious disasters, including Superstorm Sandy, the California wildfires, and the Japanese Tsunami – and that’s only natural disasters! Disruptive incidents can stem from major events such as these, but they can also originate from events that are far less visible and widespread, including sprinkler malfunctions, power outages, supply shortages, and an IT disruption.

This perspective discusses why organizations make the decision – or should make the decision – to invest in business continuity planning.

...
Continue reading
1279 Hits
0 Comments

Using the Results of Your BIA to Develop Disaster Recovery Requirements

By Michael Bratton, Avalution Consulting
Originally posted on Avalution Consulting’s Business Continuity Blog

So you’ve just completed your business impact analysis (BIA) – identifying recovery time objectives for a variety of processes and functions throughout your organization and captured the names of applications and systems that business owners state they just can’t live without. In addition, the IT department heard you were conducting a BIA and mentioned on a few different occasions that they were excited to see what the final results would be to help with their planning. You’ve taken all the applications and their reported recovery time and recovery point objectives and crammed them into a very lengthy spreadsheet, and then the inevitable happens… you realize that everything you have collected is a huge mess.

But, don’t worry, this is a common issue! This perspective will explore the process of taking that seemingly disorganized pile of data and organizing it into something that can be utilized by IT disaster recovery planners to help meet continuity goals. So, let’s get started!

...
Continue reading
1494 Hits
0 Comments

Using ISO 27031 to Guide IT Disaster Recovery Alignment with ISO 22301

By Greg Marbais, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Many organizations struggle to define the best method to meet business expectations regarding information technology (IT) recovery. ISO 27031 provides guidance to business continuity and IT disaster recovery professionals on how to plan for IT continuity and recovery as part of a more comprehensive business continuity management system (BCMS). The standard helps IT personnel identify the requirements for Information and Communication Technology (ICT) and implement strategies to reduce the risk of disruption, as well as recognize, respond to and recover from a disruption to ICT.

ISO 27031 introduces a management systems approach to address ICT in support of a broader business continuity management system, as described in ISO 22301. ISO 27031 describes a management system for ICT readiness for business continuity (IRBC). An IRBC is a management system focused on IT disaster recovery. IRBC uses the same Plan-Do-Check-Act (PDCA) model as the business continuity management system described in ISO 22301. The objective of IRBC is to implement strategies that will reduce the risk of disruption to ICT services as well as respond to and recover from a disruption. Business continuity and IT professionals will find the use of the PDCA model very familiar but with necessary changes to support recoverability of ICT based on business requirements and expectations.

...
Continue reading
3380 Hits
0 Comments

Rudolph the red-faced business continuity manager (a Christmas tale – sort of!)

By Andy Osborne, Consultancy Director at Acumen

Once upon a time there was a senior manager called Rudolph who, on top of his other responsibilities, was put in charge of the business continuity project. Rudolph was a busy chap with a lot on his plate – he didn’t have time for detail. And anyway, disasters never happen do they? Well, only to other people. 

So rather than doing any proper analysis he leapt straight into writing a plan. In fairness, he also thought about the business continuity strategy -  for about five minutes. Then he took out the cheapest contract he could find for some ship-in IT equipment and wrote some lovely looking plans based on a number of un-validated (and, as it happens, invalid) assumptions. It didn’t take him long at all really. 

...
Continue reading
3060 Hits
0 Comments

Multi-Site Disaster Response and Coordination Best Practices

By Stacy Gardner, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Most organizations that have experienced a crisis would likely agree that advance planning is critical to enabling an effective response. When a disaster impacts several sites simultaneously, it makes coordination even more chaotic, so the importance of a defined structure increases. Organizations with multiple facilities or sites, especially those within “at-risk” regions, should take proactive steps to prepare their organization for events that require a widespread and coordinated response. Specifically, these preparedness steps include enabling coordination, communication, and adherence to organizational policies in advance of a disaster to ensure all sites implement appropriate response procedures. This article summarizes best practices that help enable sites to work together and execute common, approved response strategies to minimize impact and reduce confusion.

Define Authorities and Expectations
In organizations with centralized policies effective across several sites or facilities, it is important to define specific response authorities and performance expectations within human resources or business continuity policies. Specific policy changes include defining which individuals have authority to close a site as well as closure critieria, such as a public authority emergency declaration. Organizations should define criteria by which individual site leaders can act independently, such as in situations where employees are at risk for an immediate threat, and when additional approval and oversight is necessary from an executive leadership team, such as in advance-warning events.

...
Continue reading
1619 Hits
0 Comments

BCM/DR/ERM Terms: The Difference Between a Disaster Mgmt and a Crisis Mgmt (An Outsiders View)

Recently, I was asked to sit in on a meeting – not participate mind you – and listen to some discussions that were going on regarding a project.  The discussions revolved around requirements and were pretty intense and detailed at time.   The point is, there was a question asked about Disaster Planning and Business Continuity Plans (BCP) and if they had to include anything in their scope.  My ears perked up on this one…and yet, I had to keep quite.The question asked by one of the attendees was this, “What’s the difference between a disaster and a crisis?”  Of course, I wanted to answer this but a quick look and grin from the individual that asked me to attend, told me not to interrupt because she knew I was chomping at the bit to jump into the fray.What I found interesting was the explanation given by one of the meeting participants, who I found later, had no involvement in Disaster Recovery (DR), Business Continuity Management (BCM) or Emergency Response Management (ERM) for that matter.  They weren’t even up to speed on technology; he was a business analyst (BA).  But his description was something I thought I’d pass along to others because it really got the message across to people in the room; something many of us have stumbled over in the past when trying to explain our industry terminology to ‘outsiders.’   I’ve paraphrased all the comments by the meeting participants into two descriptions below.  Before I forget, I’m not stating one way or another whether he was right or wrong, just conveying some information that might help others when communicating the differences or terms related to DR, BCM and ERM.A Disaster Is…“An event that causes major problems for a company or community…”“A disaster is something that happens suddenly and you have to immediately respond to it…”“With a disaster you have impacts that are immediately apparent…”“…something major that stops us from working.”“…something that has gone beyond normal crisis management processes.”“Everyone is impacted and involved…”A Crisis (Management) Is…“…is the management of the disaster or emergency situation…”“…a group of knowledgeable leaders (Note: “leader’ wasn’t defined) that make decisions to ensure activities      start/complete when required…” “…a team that coordinates response  activities…”“…the Single Point of Contact for questions and guidance as to what to do…”“Following documented plans and procedures to help respond to the situation…”“…managing the situation before it becomes a full-scale disaster.”“…not everyone needs to be involved with the management of a crisis.”I thought it was rather interesting coming from someone not in the industry, especially knowing how much people get these terms (and others) confused.  At least not one asked what the difference is between a contingency plan and a recovery plan.The descriptions are rather simplified and effective.  People understood after a minute or two what was being discussed and it helped get the meeting moving.  With industry terminology, it can get very confusing because there are so many different variations on what both of these mean; even among industry experts, professionals and practitioners.   Corporations that offer DR/BCM/ERM services also end up using their own terminology as well, so that adds to the confusion.I thought this person didn’t too badly of a job of stating the difference.  Of course, I wanted to state a few things but since he got his message across to a large group that had difficulty understanding between the terms.By the way, when they were completed, they decided they didn’t need to include DR, BCM or ERM in their project (Hope that doesn’t become a jinx on their project…) **NOW AVAILABLE** “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility”and“Made Again Volume 1 – Practical Advice for Business Continuity Programs” by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3Available at www.stone-road.com, www.amazon.com & www.volumesdirect.com
1948 Hits
0 Comments

More than a Plan: Establishing a Disaster Recovery Program

By Glen Bricker, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Many organizations think having a disaster recovery plan is all the protection they need from disasters. However, there is so much more to disaster recovery than just a plan! That’s why most industry professionals see disaster recovery as an ongoing program or process that contains a number of distinct elements. Key process activities include:

  • Business engagement and establishment of business requirements (through business impact analyses and risk assessments), resulting in the definition of recovery time objectives, recovery point objectives, and downtime procedures (manual workarounds)
  • Identification, evaluation, and selection of appropriate recovery approaches to achieve business requirements, including  defined ongoing budget commitments and staff allocations
  • Development of plans for technical recovery and coordination of the recovery effort
  • Execution of ongoing exercising and training

In addition to process elements, the following governance activities are also typically performed:

...
Continue reading
2523 Hits
0 Comments

Your data protection solution could become a data protection problem

You have to plan your data protection. While this might seem like an obvious statement, most people don’t think about it until after they have a solution in place.

Did you sit down with your database administrator to get their requirements? Did you actually vet those requirements? Come on, you know they’re going to tell you they need full hot backups every night and to keep that data forever. Give me a break. They have no idea the cost and burden that puts on the infrastructure and the daily batch processing.

Planning is key 

...
Continue reading
2224 Hits
0 Comments

Big data, big changes, big trouble (in Little China)

Big data, big changes, big trouble (in Little China)

Every day you add more data to your infrastructure. Some analysts say it averages 20 percent year on year. There are certain types of organizations that can change up to 60 percent year on year. One way or another, data keeps growing and you keep buying more storage, and that can cause big trouble.

In 1986, the movie “Big Trouble in Little China” was released and changed the world. Its “B” grade kung fu moves and effects made everyone laugh, but there was a serious element to the movie too that translates into the world of IT. The main character Jack Burton said, “I'm a reasonable guy. But, I've just experienced some very unreasonable things.” This profound statement really does rock the IT world.

...
Continue reading
3946 Hits
0 Comments

Scalability–You grow, it grows!

When keeping pace with growing data, a major concern for IT organizations, in terms of both storage and data protection is how the data protection solution will handle the growth.

If your business has grown its capacity by 40-60 percent in each of the past three years, and it now supports billions of data objects, you need a solution that grows with you. This growing of capacity may be outpacing your data protection solution and you may need to find a way to scale your protection.

...
Continue reading
1859 Hits
0 Comments

License correctly and save money! What?

Can two of the same things have two different prices? Heck yes! Not only can they have different prices, but they can also be dramatically different. 

In the last few years, data protection solution providers have started to offer something besides “core-” or “server-” based. When buying software you need to consider all the options. One of the new options is capacity. 

When purchasing data protection solutions, look for a company that offers pricing options that allow you to pay for solutions in the manner that makes the most financial sense for you. In the past, licensing models were based on the number and power of processor cores in the servers being protected. They also had cost advantages for organizations with a relatively large amount of data and  small number of servers or for organizations with other software products licensed this way.

...
Continue reading
1808 Hits
0 Comments