Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Tuesday Workshops

3:00 - 5:30 p.m.

Workshop Session 1

Develop a Top-Notch Incident Management Team


Regina Phelps, EMSS

Regina-17RT1Do you have an incident management team (what in the old days was called a crisis management team)? Are you developing one or retooling the one you have? Then this is the workshop for you.

The goal of this workshop is to assist you in developing a topnotch team and process to manage incidents, large and small. We will look at who should be on the team and their roles and responsibilities. We will explore how they should be structured and will review the Incident Command System (ICS) methodology as a possible solution

We will then peel back the process for assessing an incident at your company including the triggers for escalation and who comes together to make the decision to activate the plan. This relatively straightforward process – assessing an incident – is often overlooked in companies. We will then explore the second critical step – planning – which is often completely absent in an incident or crisis management plan.

Attend this fast-paced session to learn everything you need to learn all you need to know about incident management teams!

  • Incident Management Teams: Roles, responsibilities and methodologies
  • Initial Assessment Team – who should be on the team?
  • Assessment Criteria – what is the criteria you should always consider?
  • The development of the incident action plan
  • How to facilitate and document an action planning session.

Regina Phelps, CEM, RN, BSN, MPA, president, Emergency Management & Safety Solutions is founder of Emergency Management & Safety Solutions, a consulting and training firm.

Phelps’ niche includes incident management team development, pandemic planning, emergency operations center (EOC) design, and the development of emergency exercises for large global companies.

This spring, she attended the one-week executive training program on Crisis Leadership at Harvard.

Workshop Session 2

Build an ISO 22301 Management System to Capture Executive Attention


Rob Giffin, Avalution

Brian Zawada, Avalution

robert_giffin_avalution_high_resZAWADA-BrianManagement Systems “concepts” have been included in nearly every business continuity standard written in the last four years – including ISO 22301 – but remain relatively unknown in our profession.

This workshop will introduce management systems processes and their unique benefit of forcing alignment with your executive’s expectations.

Management systems processes include scope and objectives definition, recurring management involvement, defining obligations, interested party engagement, policy, competency definitions, audit, management review, corrective actions – and above all, continuous improvement.

Workshop attendees will come away with an understanding of management systems principles and processes as well as the value of management system standards.

Each management system component and process will be introduced using case study content, as well as specific, practical ways to implement these processes in any environment. 

Robert Giffin, CBCP, CISA, is a co-founder and director of technology for Avalution Consulting, a firm specializing in business continuity consulting.

Brian Zawada, MBCI, MBCP, is the director of consulting for Avalution and a member of the Board of Directors for the USA Chapter of BCI. He is active in developing standards, and is a strong proponent of using standards to improve performance.

Zawada is the lead U.S. representative on the group charged with developing ISO 22301, as well as ISO 22313 and 22323 (Working Group 4 of ISO’s Technical Committee 223).

Workshop Session 3

Violence a Preventable Disaster: Understanding and Reducing the Risk


David Smith, Prof. Workplace Interaction

David-A-Smith-300dpiFar too often, there is misunderstanding about what organizations can or should do to reduce and manage the risk of violence in the workplace.

The good news is that much can be done to reduce the risk. Research on workplace violence has shown that warning signs and detectable inappropriate behaviors usually precede acts of violence.

This workshop will prepare participants to recognize the basic danger signals, enabling them to provide intervention or seek assistance before problems escalate.

Participants will receive proven methods to combat the rising tide of workplace violence and proactive steps that can dramatically reduce the risk of litigation and future legal claims.

David A. Smith, founder of Professional Workplace Interaction, Inc., (PWI) is an author and highly experienced dynamic speaker.

Smith has extensive experience in executive management, field operations, product launch and financial management at the corporate and small business levels.

He has conducted extensive leadership, behavioral risk management, business continuity and disaster planning training for the insurance industry, corporations, private businesses, university personnel, and government agencies across the United States and Canada.

Smith currently serves as chairman of the non-profit Honor Flight San Diego and has served on the Board of Directors of various corporate, marketing and other charitable organizations.

Smith’s corporate experience and expertise has been combined with PWI’s professionals including backgrounds in psychology, psychiatry, legal, law enforcement and education to develop PWI training and consultative programs.

Workshop Session 4

From BIA to Resiliency: How to Align IT with the Goals of your BC/DR Program


Sudhir Gadepalli, Ohio State Univ.

SudhirSo you completed the BIA. You identified critical business processes and determined recovery priorities. Are you confident that your technology recovery capabilities are fully aligned with the recovery requirements of you BC/DR program?

Technology recovery is a critical part of BC/DR planning, and a comprehensive IT service continuity management strategy facilitates the evolution of business resiliency.

As the saying goes - “Computers don’t recover from disasters, people do. But people need computers to recover from disasters”. Within the context of BC/DR planning, technology recovery is integral to continuity of business operations.

This two-part workshop will examine the importance of technology recovery within the context of BC/DR planning, and will explore various strategies and tactics to achieve infrastructure resiliency. Key takeaways include:

  • How to align IT recovery capabilities with business process recovery priorities.
  • How to create an “Executable” IT recovery plan.
  • How to apply enterprise architecture principles to develop a “target state architecture” that meets your RxO commitments:
  • DR models and frameworks.
  • Understanding, evaluating and advocating the impact of emerging technologies to enhance IT recovery capabilities.
  • Techniques to incorporate ITIL service continuity and change management into your resiliency program.

Sudhir Gadepalli is the associate director of IT Service Continuity Management in the Office of the Chief Information Officer at The Ohio State University. In this role, he is responsible for all aspects of the University’s IT Service Continuity Management program, and for providing leadership and strategic direction in the creation of a resilient computing architecture to support the University’s research and academic initiatives.

Workshop Session 5

Ready, Set, Exercise! How to Develop and Conduct a Successful BCP/DRP Exercise


Steve Goldman, Goldman Mgmt. Consultants

Steve-GoldmanThe DRJ attendee favorite and one of the longest running workshops! Successful crisis management and disaster recovery takes more than a plan: it requires realistic testing and validation.

How do you do that properly? Are your exercises smoke and mirrors or do they provide as-close-to-real situations as possible?

How does your program compare? How can you improve? During this hands-on workshop, you will learn how to set up and conduct a successful BCP/DRP exercise.

Students will master the aspects of effective exercise preparation and execution, including:

  • Types of drills and exercises
  • Elements of a successful exercise
  • Scope, objectives, and extent of play
  • Scheduling and coordination
  • The scenario development team
  • Scenario ideas and events you can use
  • Resources and props
  • How to conduct, evaluate, and critique
  • Imagination, creativity, and leadership
  • Dr. Goldman’s highly acclaimed Exercise Planning Checklist.

You will learn how to avoid common pitfalls during the development process and how to anticipate and resolve potential problems.

Exercise conduct, evaluation, and critiquing strategies will be discussed.

With his lively style and real-life examples, Goldman will lead the class through interactive discussions of successful exercise development.

Dr. Steve Goldman is a leading crisis management and BCP consultant and former global BCP manager for a Fortune 500 company.

Over his long career Goldman has developed, conducted, and evaluated drills and exercises ranging from one-hour tabletops to massive three-day exercises involving hundreds of responders from dozens of companies and government agencies.

Workshop Session 6

The ABCs of Operational Resilience


Nader Mehravari, IT Cadre

Nader-MehravariOrganizations, large or small, public or private, civilian or federal, continue to invest in a variety of independent preparedness planning activities including IT Disaster Recovery (DR), Business Continuity (BC), Crisis Management (CM), Pandemic Planning (PP), and Emergency Management (EM). However, given the extreme complexity of today’s business processes, and the global socio-economical challenges faced by organizations, a traditional disjointed stovepipe approach to preparedness planning is no longer viable; neither operationally nor financially. Successful protection of one’s enterprise now requires a fully integrated approach that incorporates unification, standardization, automation, and training while balancing affordability and risk management. Such an integrated approach to protection and sustainment of business operations is being referred to as “Operational Resilience.”

Operational Resilience is the emergent property of an organization that can continue to carry out its mission in the presence of operational stress and disruptive events. It is the overarching risk management practice of planning, developing, integrating, executing, and governing activities to ensure that an enterprise and the environment that it operates in are able to:

  • Identify and mitigate operational risks that can lead to system disruptions before they occur
  • Prepare for and respond to disruptive events (natural or man-made, accidental or intentional) in a manner that demonstrates command and control of incident response, and
  • Recover and restore mission-critical operations following a disruptive event within acceptable time frames.

This interactive tutorial-style workshop is intended to provide the audience with a comprehensive overview of modern operational resilience and associated concepts. Proven and practical approaches for planning, managing, and executing an integrated set of protection and preparedness planning activities across such domains as IT Disaster Recovery, Business Continuity, Crisis Management, Pandemic Planning, Emergency Management, Workforce Continuity, Supply Chain Continuity, Cyber Security, and Privacy Protection are discussed .

Dr. Nader Mehravari, MBCP, MBCI, is a subject matter expert and experienced practitioner in disaster recovery, business resiliency, continuity of operations, preparedness planning, information security, and associated operational risk management. He is currently with IT Cadre where he leads all resiliency activities. Previously, he had been with Lockheed Martin Corporation from 1992 through 2011 where he was corporate director for business resiliency.