DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (451)

Over the years I’ve heard the same question, “What do you want to do with your life?” When I was younger, I always responded quickly, “I want to be an Astronaut.” Or, “I want to be a Movie Star.”

Now when you ask me that question, I will respond with, “I have absolutely no idea.”

My name is Angela Prass. I will be a Junior at Syracuse University this fall studying Information Management and Technology. Recently, I received an internship opportunity at BC in the Cloud, along with two other talented individuals.

Along my long journey in college of not knowing what to do for the rest of my life, I stumbled upon a class titled, “Enterprise Risk Management.” I received a good grade in this class and wanted to explore this concept on a real-world scale. I thought to myself, “I like to take risks. This is something I’d be interested in.”



Do you know how, in your non-business life, there is a difference between “friends” and “Facebook friends”?

There is something similar in business continuity when it comes to third-party vendors.

Your organization might purchase goods and services from 500 outside companies, but how many of these do you really depend on? How many are vital to your company’s ability to carry out its core mission?

If your organization is like most I work with, the answer might be about a dozen.

Can you guess why I’m mentioning this, or why it matters?

Of the main business continuity dimensions, one is by far the most neglected. Do you know which one?

If you answered Program Administration, Crisis Management, IT Disaster Recovery, Business Recovery, or Fire and Life Safety, you’re wrong, I’m sorry to say.



A national survey of more than 1,127 adults found that slightly more than half (51 percent) believed it was very likely or somewhat likely that a disaster could impact them in the next five years, but most (53 percent) indicated they don’t have emergency plans in place and couldn’t go more than just a few days without medication.

The survey was the third annual for Healthcare Ready, which was established after Hurricane Katrina by trade associations composed of the bio-pharmaceutical supply chain and the American Red Cross.

“It shocked me that we saw half of the respondents say that they thought a catastrophe could impact their community in the next five years,” said Healthcare Ready Executive Director Nicolette Louissaint. “But the preparedness numbers have not shifted significantly in the last three years since we’ve been doing the poll.”



How to Achieve Compliance

Greg Sparrow addresses the issues of the General Data Protection Regulation (GDPR) and preventative actions that must be taken to ensure organizational compliance. Through a “GDPR Readiness Survey” sponsored by CompliancePoint, Greg touches on the research findings and draws probability conclusions.

The General Data Protection Regulation (GDPR) is an EU-based regulation that requires businesses to protect the personal data and the privacy of any European Union natural persons when transactions occur within EU states. Data protected under the GDPR includes identifiable information (names, addresses, dates of births), web-based data, health and genetic data and biometric data. These bylaws were officially enforceable as of May 25, 2018 and apply to all businesses interacting and performing marketing tasks to EU data subjects. The GDPR is based on the precedent that private information always is, or should be, private and that individuals have rights surrounding that data. The exact words according to the GDPR are that “data protection is a fundamental right.”

Despite a two-year grace window that companies were allotted to prepare for GDPR compliance when the regulation was first approved in 2016, a recent survey study titled “GDPR Readiness Survey” shows that very few are 100 percent compliant. The survey found that only 29 percent of the participants were actually aware of the GDPR, 44 percent said they were somewhat aware and 29 percent said they were completely unaware. The survey also found that only 24 percent of businesses felt that they were prepared for the GDPR, and 31 percent felt they were somewhat prepared. This is compared to the 36 percent of business that said they did not feel prepared and another 9 percent that said they were unsure. These numbers seem to be alarming simply due to the fact that one infraction can cost a noncompliant business millions in revenue. It can be assumed that companies who are not fully aware or fully prepared face enormous risk when working with any customers who may be based in the EU.



(TNS) - The approach to wildfire suppression in Kansas suffers from leadership fragmentation and the lack of financial resources and personnel to effectively coordinate response to massive blazes churning across the prairie, a legislative audit said Wednesday.

The examination was ordered after Kansas suffered record wildfires in 2016 and 2017 that burned a total of 800,000 acres, caused $80 million in damage, destroyed 6,000 miles of fencing, and killed one person and about 5,000 cattle.

Andy Brienzo, an auditor with the Kansas Legislature's auditing division, said the state's program to control wildfires generally fell short of centralized operations in Texas and three other states. He said Kansas' operation was inadequate to meet demand for emergency services, and this shortfall meant local government was compelled to absorb more of the cost than in comparable states.



(TNS) - As temperatures creep into the upper 90s and it feels like it is 110 outside, many are retreating to the indoors, but others have to bear the heat for their work.

Emergency responders are on the front line to help people. To do that job, some of them carry up to 60 pounds of equipment during extreme temperatures.

"Most firefighters carry between 50 and 60 pounds of equipment and when you add the sweat on it, it gains weight," Director of Cleveland County Emergency Management Perry Davis said.

At a fire on Phifer Circle Monday, a dozen firefighters swapped in and out fighting the blaze to make sure they didn't put themselves in danger.



Organizations of all sizes are increasingly turning to third-party vendors to handle tasks which would formerly have been performed in-house. Such tasks can range from payroll and accounting to email to presentation and meeting software.

In handing these tasks over to third-party suppliers, organizations are also passing along the obligation to provide business continuity (BC) and recovery capability for the services they provide—a responsibility they are generally glad to get off their plates.

From the BC perspective, there is nothing inherently wrong with an organization turning to outside vendors to meet their needs. However, too often organizations take the approach of “out of sight, out of mind” with their third-party vendors, and in doing so they are running a considerable risk.

Third-party suppliers have the potential of being an Achilles’ heel for your organization, meaning they are a small area of vulnerability that could potentially cause a significant amount of damage.



The Technology Disrupting the Health Care Industry

Blockchain tech is disrupting multiple industries, and perhaps none more so than health care. Organizations using the technology for storing medical records are experiencing the benefit of complete data security, of course. Another noteworthy advantage is unprecedented data portability.

We’re living in a crypto, bitcoiny, blockchainy world that’s spinning out disruptions faster than McDonald’s serves Big Macs.

They say the first Bitcoin transaction was 10,000 Bitcoins per uno pizza. Now, 6 Bitcoins buys you a sports car. Man, was that a costly pizza back then!

Ever notice those odd, locking vertical boxes in doctor’s offices? Sometimes you’ll see them located behind where the receptionist sits? Or perhaps they’ll be in a room all by themselves.

They’re known as file cabinets, circa 2017, which were once places for storing sensitive and important information, such as our medical records.

Today those cabinets are dinosaurs. They’re rapidly being replaced by a disruptive new way of storing and accessing medical records based on an entirely new platform made possible today by blockchain technology.



Thursday, 21 June 2018 15:21

Doctor Blockchain Will See You Now

Developing a community’s confidence in an opt-in emergency notification system is essential to success, but not having complete buy-in from the users of the system can slow its development as well.

Ottawa County, Mich., emergency management and first responders faced both of those when they implemented the Smart911 system, developed by Rave, in 2014. But momentum seems to be picking up with public safety and emergency management personnel solidly behind the system and the public headed in that direction too.

Just under 5,000 residents have signed on to the system, but last week more than 200 signed up in a 24-hour period, which was “great progress,” according to the county’s Emergency Management Director Nick Bonstell.



For some businesses, the hybrid storage array offers the best of both worlds. In comparison to the all-flash array – clearly the highest performance option – a hybrid array allows a lower cost, yet also enables some impressive performance. It's the classic "transitional" storage solution as flash becomes ever more dominant in storage infrastructures, yet hard disk drives remain abundant.

Yet for all its advantages, a hybrid storage array isn't the automatic choice. Let's explore the hybrid vs. all-flash array question.



(TNS) - Apps such as Uber, “Pokemon Go” and Snapchat can pinpoint where users are down to the side of a block. But 911 dispatchers have to rely on distant cell towers, sometimes-faulty GPS and the caller — who is likely in distress — to figure out where calls are coming from.

In an effort to thrust 911 call centers into the 21st century, Apple announced Monday that the next major update to iPhone software will allow users in the U.S. to automatically share location data with emergency responders. Software and a data clearinghouse built by New York startup RapidSOS will let 911 centers receive callers’ locations.



(TNS) - Always ready. Always there.

That’s the motto of the National Guard, and for 48 days — and counting — soldiers and airmen from this component of the military have been doing safety and relief work amid volcanic threats and destruction on the east side of Hawaii island.

More than 200 Guardsmen have been assisting Hawaii County Civil Defense with jobs that include monitoring dangerous gas emissions from lava flows, manning security checkpoints, building emergency housing and conducting search-and-rescue missions.

Many of these servicemen and women are volunteers and are from around the state, including some who live on the active volcanoes that make up the Big Island and never imagined they would be responding to a lava eruption disaster in their own community.



According to hurricane research scientists at Colorado State University, the 2018 hurricane season is set to be slightly above average in activity.

Thankfully that’s better than the 2017 season, which cost more than $282 billion and caused up to 4,770 fatalities.  Whether we see two named storms or ten, preparation is your greatest ally against potential devastation.  Start by using these automated message templates for your organization’s mass notification system.

Using Hurricane Notification Message Templates

When using message templates, there are a few basic guidelines to follow. Start by keeping the message length to a minimum. This ensures recipients can get the most information in the least amount of time. In addition, SMS messages cannot exceed 918 characters; longer messages are broken up into multiple messages that may create confusion.

By creating message templates prior to severe weather, you can generate detailed and informative alerts for every step in your emergency plan. Then in the wake of a hurricane, these messages are ready to be sent to the right audiences. Recipients receive only those messages that apply to them, which helps to eliminate confusion during a stressful time.



Cybersecurity Committees on the Rise

We’re seeing a growing trend: organizations across diverse industries are beginning to establish committees dedicated specifically to cybersecurity. Some are assigning audit committees to the task, but there’s good reason in many cases to create a new committee. Whatever governance model is adopted, independent oversight is imperative.

“Cybersecurity risks pose grave threats to investors, our capital markets and our country.”

This is the opening sentence of the SEC’s Interpretive Guidance on Public Company Cybersecurity Disclosures dated February 21, 2018. While the SEC’s focus is primarily on effective disclosure controls and procedures for accurate and timely disclosures of cyber risks and material events, the magnitude of this topic has deep operating and compliance ramifications. The big question in boardrooms is who precisely should be responsible for cybersecurity oversight?

Many companies rationalize that cybersecurity oversight should reside with their audit committee since there are SEC disclosure ramifications. However, does this make sense considering that cyber risks extend well beyond financial reporting and SEC disclosures?  While there is no single correct answer considering the large array of risk environments, industries, organizational sizes and operating models, it is clear that cybersecurity committees are becoming more popular. A search of recent proxy statement filings with the SEC revealed 12 companies disclosing cybersecurity committees, five of which were created in the last year. This article sheds some light on these filings, as well as some considerations for cybersecurity governance.



Tuesday, 19 June 2018 15:51

Governing Cybersecurity

(TNS) — We find ourselves in another hurricane season, and Pender County, N.C., is preparing.

Are you? Are we all?

Pender just paid $18,000 to install a flood gauge on the N.C. 210 bridge over the Black River near Currie.

Last time we read about that section of 210, it was under water. Hurricane Matthew in 2016 swelled the Black River over its banks, less than 20 years after 1999’s Hurricane Floyd sent the Northeast Cape Fear and other rivers flowing into fields, homes and highways across Eastern North Carolina.

We commend Pender County for paying for the gauge even though, as Board of Commissioners Chairman George Brown noted, the state usually pays for those instruments.

The device is the county’s second one and is one of 560 river and coastal gauges that provide real-time water level information to warn residents who live and work nearby, as well as first responders and other emergency officials who need to know when roads are becoming impassible.



(TNS) — In the 13 years since Hurricane Katrina hit South Mississippi, much has changed.

A quick drive down U.S. 90 is a constant reminder of the past — the things that are new and that have been rebuilt and the places that are memories of life before the storm.

One of the things that changed significantly besides the landscape is technology. Facebook was in its infancy in 2005, having been launched the year before the storm, and most social media users were using MySpace. It would also be another two years before Apple released the iPhone and helped to usher in the era of smartphones and tablets.

For many Coast residents, cellphone service was spotty, at best, in the days and weeks after Hurricane Katrina. And internet service for phones was practically nonexistent.

With Colorado State University’s Tropical Meteorology Project predicting a "busy" hurricane season for 2018, which began June 1, how will cellphone service be affected in South Mississippi?



Climate change is a growing threat for national and local governments alike.

Entire communities can be devastated by extreme weather events, including hurricanes, droughts, and wildfires, each of which are exacerbated by climate change. While natural disasters themselves are a main concern for government agencies, the public may still be at risk long after a storm has passed. Debris and toxic materials can linger in the aftermath, posing potential health hazards for communities as they attempt to rebuild.

For government agencies, this means placing more focus on preparedness and response and addressing the safety of residents and staff during the recovery phase. During Hurricane Harvey in 2017, for example, the death toll continued rising even after the storm had passed. To prevent additional injuries, emergency officials must be aware of any hazards that exist in the wake of these disasters and inform the public accordingly.



Lessons From The Giant

While not every organization is a nearly 2 billion user, social media giant like Facebook, there’s a lesson to be learned for all organizations from recent events: in today’s data-driven business environment, customer trust matters more than ever before. In this article, Gartner’s Stephanie Quaranta outlines steps privacy and compliance executives need to take in order to protect the value of their customer relationships and ultimately minimize their company’s exposure to privacy risk.

By now, the saga of Facebook and Cambridge Analytica is familiar to us all. In 2013, University of Cambridge researcher Aleksandr Kogan collected personal data from 270,000 Facebook users through a personality test app called “thisisyourdigitallife.” At the time, Facebook’s policies allowed app developers to collect data not just from users who had explicitly consented, but from those users’ friends as well. Kogan assigned test takers and their friends to psychographic segments using the collected data, then sold that information to a political consulting firm called Cambridge Analytica.

Though Facebook discovered this at the end of 2015, it chose not to alert impacted users. Instead, Facebook simply asked Cambridge Analytica to delete the data. Only in March of this year, after an exposè by The New York Times and The Observer of London reported on the data harvesting and Cambridge Analytica’s use of that information to micro-target voters in advance of the 2016 Brexit vote and US presidential election, did Facebook go public with what had happened.

The immediate backlash was fierce. Facebook stock plummeted 18% in 11 days, wiping out $80 billion in value. The hashtag #deletefacebook emerged, with Google searches on how to delete your profile more than quadrupling in the week the scandal broke. Regulators and lawmakers across the globe opened investigations into Facebook’s privacy practices.



Monday, 18 June 2018 14:52

What Happened At Facebook?

There is no better time to prepare for an economic downturn than when business is good. With the severity of the 2007–2008 financial crisis still fresh on the minds of many directors and executives, how should companies prepare for an economic downturn in the cool of the day rather than reacting in crisis mode in the heat of the moment?

At this time, most established business plans do not contemplate an economic downturn. However, some observers are forecasting a recession in the United States within the next couple of years – say, by 2020. Everyone is watching interest rates, trade, government spending, geopolitical tensions and other “tea leaves” carefully. The truth is, no one knows what the future has in store. But memories of the severity of the last downturn and its consequences for most organizations have not faded. That’s why, for most companies and their management teams and boards, a contingency plan makes good business sense, as it positions them to act decisively when recessionary storm clouds begin to loom on the horizon.

Contingency plans are certainly not new, as organizations have been developing them for a long time. Plans are documented with specific action steps that are triggered if certain harmful events occur. Such events might include natural disasters (floods, earthquakes, etc.), cybersecurity breaches, terrorist activities, fire, fraud, theft or embezzlement. Notably, these perils may never occur, but the plan stands ready nonetheless if they do. Plans are also developed to address market opportunities, should they arise.



On June 12, Advisen held a webinar entitled “Big nasty claims. What are the large loss trends in the casualty sector?” To qualify as big and nasty, the casualty claims stem from injury and/or property damage resulting from incidents such as train derailments, chemical spills and food contamination, frequently involving multiple parties, and costing $100 million or more each.

Advisen’s large loss dataset yielded some interesting insights into trends in this area, and Jim Blinn, Advisen’s moderator, was joined by two Allied World claims experts, James Minniti and Paul DeGiulio.

Advisen’s dataset reveals that pharmaceutical and medicine manufacturing, transportation equipment manufacturing, and machinery and electronics manufacturing are the top three industries involved in large claims, with public administration in fourth place.



Charlie Maclean Bristol, FBCI, FEPS, explains how you can improve your business continuity plans by altering the format and following five key steps.

When developing business continuity plans, I try to make them accessible, practical and easy to use. For a long time, I followed a traditional format, with the first few pages being filled up with scope, assumptions, objectives and the like. The problem with this format is that you have to wade through several pages before getting to the bit of the plan which would actually be used during an incident.

After a while, it occurred to me that when you make use of the plan in anger, what you don’t need to read first is a set of assumptions in the plan. By then it is a bit too late to ponder on whether the assumptions are right! This is when the radical idea came to me, of putting what you need first early in the plan; and then other information and the reference material at the end. From this idea, five steps were born:'



The 2018 FIFA World Cup has now started, with four weeks of football to enthuse fans across the globe. Behind the sporting glory and the celebrations, there will be a firm spotlight on the resilience not just shown by the teams, but also the wider infrastructure in place to make it all happen. Dr. Sandra Bell looks at the lessons that organizations can take from the event.

As with any global sporting event, attention always turns to the host city and their readiness to host such an occasion -  everything from stadium capacity and accessibility, to hospitality in the stadium is called into question. However, while the onus is currently on Russia to host a smooth and successful event, the World Cup should be seen as a catalyst for all businesses to improve the long-term resilience of both their workforce – their ‘teams’ -  and their own infrastructure.

So, what lessons can businesses learn from the World Cup about readiness to be resilient?

Dealing with emerging security threats

Security threats have always been a factor for major hospitality events, but even in recent years these threats have changed both in nature and severity. FIFA has already discussed upping the security for the World Cup, with growing cyber security attacks on infrastructure becoming increasingly prevalent.

The World Economic Forum's (WEF) Global Risks Report 2018 names cyber attacks and cyber warfare as a top cause of disruption in the next five years, coming only after natural disasters and extreme weather events. In this same vein as World Cup organizers, businesses cannot just look at what has gone on before but need to constantly keep one step ahead of new threats. The nature of attacks is constantly evolving, with Internet of Things devices and critical supply chains becoming frequent targets - and no industry will be immune.

As more applications migrate to the cloud, it’s crucial that security moves further up the agenda for business leaders. Cyber threats continue to evolve, and defences will need to be a central component of any digital and business strategy to ensure you aren’t the one caught out.



Organizations are increasingly focusing on becoming resilient; that is, to be able to anticipate, adapt and respond both to incremental and sudden changes or disruptions. But while many organizations are starting to understand what these three components of organizational resilience are, few understand the need to integrate them in order to ensure resilience is actually achieved. Even fewer understand how to structure this collaboration. Philippa Chappell looks at how to achieve this.

The challenge is that while each of the three components of organizational resilience is critical, they are typically the responsibility of different role-players. The ‘anticipate’ component, which involves scoping the threat landscape and putting a risk strategy in place, is handled by the enterprise risk management department. ‘Adapt’, which focuses on operational resilience, would be governed by the COO and the business units concerned. ‘Response’ is addressed by the business continuity manager and covered by the business continuity plan.

In dealing with any threat, it is vital that each of these areas works closely with the others. For example, in the case of a cyber attack, it is vital that the organization knows what cyber risks it faces: What confidential information and intellectual property are held in the systems, and what controls are in place. It would be necessary for the risk management team to collaborate with IT in this case, and the results of its work would inform the actions taken by the operations team. The latter would have to consider the vulnerabilities and identify any single points of failure, such as central legacy system on which all other systems depend. It would also have to put contingency plans in place in the event of an attack.

Clearly, for maximum organizational resilience, these role-players must collaborate across the whole process.



Recently I was walking through the airport, I was in a hurry, of course, and I was running late for my flight.  I had my backpack on, my left hand pulling my carry on, and my phone in the right hand.  For productivity purposes I was walking, reading, responding to emails, and then BOOM! – someone walked right into me.  OK maybe I walked into them, I’m not certain.  Thankfully we both were ok, courteous, and we apologized simultaneously.  Both of us were not paying attention, we had weak peripheral vision, and very poor Situational Awareness.  My lesson was learned. I am not going to be using my phone in any way while walking anywhere any more.  Just like I don’t touch my phone at all while driving my car.  Ok maybe I take a quick glance at my Waze App, but I should stop doing that too.  It’s better to take a wrong turn and get lost than to get into an accident.  Right?  I mean come on, I am in the business of risk mitigation.

In today’s world, we always must be cognizant of Situational Awareness.  Situational Awareness or situation awareness (SA) is the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their status after some variable has changed.  SA is also a field of study concerned with understanding the environment critical to decision-makers in complex, dynamic areas from aviation, air traffic control, military, police, and firefighting.  Heck it’s incorporated into our Incident Management component and maps within BC in the Cloud.  Situational awareness also covers the more ordinary but nevertheless complex tasks such as driving a car, riding a bike, sports, or just walking through the airport.  Someone smart once said ‘Common Sense is not so Common’.  Some say that quote came from Voltaire, some say it was Mark Twain AKA Samuel Clemens.  Anyways, it is such a true statement, and that’s probably a huge reason why we all have jobs in this industry.



Monday, 18 June 2018 14:44

Situational Awareness

Do you wear your seatbelt when driving or riding in a car?

If you are like over 85 percent of the people in the United States, then you do, according to the National Highway Traffic Safety Administration (via Wikipedia).

Does your organization’s business continuity program use the tool of residual risk to quantify the amount of exposure you have to natural, man-made and technological disasters?

If your program is like over 85 percent of programs in the U.S., then you don’t, according to informal surveys I take when I speak at business continuity functions around the country. In fact, I would say that over 95 percent of programs do not measure residual risk.



Deloitte’s Satish Lalchand outlines steps organizations can take to prepare an effective foundation for analytics-driven investigations and fraud monitoring, in the second installment of an article series on the future of forensics.

In recent years, traditional corporate antifraud measures have lost ground against ploys like procurement fraud, employee expense fraud, financial statement fraud, bribery and asset misappropriation. To identify potentially fraudulent transactions, organizations and regulators alike are leveraging integrated, data-driven analytics approaches—which work effectively if the data to be analyzed is top notch.

Data challenges in efforts to monitor fraud and conduct investigations include: vast amounts of data; inadequate data capture and storage; limited data accessibility; gaps in skills required to process and analyze big data; static reporting; and, lack of diverse data to correlate findings.



(TNS) - On the ground once marked by devastation, a new city is rising.

The 1989 Loma Prieta earthquake battered the gritty South of Market district, damaging the Embarcadero Freeway that walled off downtown San Francisco from the bay and left city leaders with a choice: Do they repair and retrofit it, or envision something bolder?

They chose to go in a new direction. And nearly three decades after the temblor, this civic bet is beginning to take shape. The most obvious example is San Francisco’s new skyline, clustered in the South of Market area by design and now fueled by tech money.

The new $1-billion Salesforce Tower, which dwarfs any other skyscraper in the city, is getting the most attention. But it’s only part of the story. There is also a grand bus station and rooftop park set to open this summer.



In case you missed it, MHA Consulting CEO Michael Herrera last month conducted a webinar called “Your New BFFs – Compliance and Residual Risk.” (BFFs means Best Friends Forever, for those who haven’t been keeping up with their modern slang.)

The webinar is now available as a half-hour video which you can watch for free here.

The video is an excellent introduction to two concepts which are at the heart of contemporary business continuity management:

  • The importance of adopting and complying with a business continuity standard, and
  • The benefits of using the concept of residual risk to truly understand the capabilities of your business continuity program and develop a roadmap for its improvement.

We invite you to look at the video and check out the associated slide deck, since there is no substitute for letting Michael walk you through these concepts, if they are new to you.

However, because the content of the webinar is so fundamental, we thought it might be helpful in today’s post to give a thumbnail sketch of the concepts.



Improving safety is a key objective of most industries and boosting the quality of the products and services that contribute to safety is necessary to achieve it. The nuclear sector is set to benefit with a new ISO standard that does just that.

While major accidents in the nuclear sector are rare, the consequences are unimaginable, making the nuclear industry a highly regulated business. This includes the safety and quality requirements of those in the supply chain that supply products and services important to the sector’s safety.

A freshly published standard applies the principles of one of the world’s most renowned quality standards, ISO 9001, to the nuclear sector, combining best practice in quality with the specific requirements of the nuclear industry.



Manufacturing companies have a lot to consider when it comes to physical security. Not only do they have to think about protecting the people working in the facility and the products that they are producing but also their customer and employee information, financial records, product information/trade secrets, and much more.

Now, consider the added pressure of the daily news headlines reporting security breaches. Every day there seems to be another organization that becomes a victim to hackers. Leadership teams face tough decisions on how to allocate their security budget to try and protect their business from being the next one at risk. With cyber breaches happening so often, it’s understandable why companies are increasing cybersecurity budgets, but they shouldn’t put all their eggs in one security basket.

When physical devices fail, it has the potential to put all security investments at risk. Think about a manufacturers server room. There may be data encryption and authentication to provide reliable security, but if someone breaks into the facility, those security measures are useless.

For manufacturers, protecting physical security also means protecting information, personnel and product. 

As manufacturing becomes increasingly connected, it’s vital that manufacturers adopt more modern security practices that go beyond a traditional perimeter security approach. It’s safe to assume that cybercriminals will hack into your network at some point. Therefore, it’s important to make sure that the most important data is locked up in a way that hackers couldn’t touch it, even if they break in. 



In 2018, MetricStream Research surveyed 120 respondents from 20 different industries to understand the level of GDPR awareness and preparedness across enterprises. A majority (53%) of the respondents who have implemented governance, risk, and compliance (GRC) solutions reported that they would be GDPR compliant by the May 25 deadline.

Download this report to learn more about the survey findings, including:

• The state of GDPR awareness and engagement
• The state of GDPR readiness
• GDPR compliance challenges, benefits, and spend

Access the complimentary copy of the report today.


Among the concerns about disaster-recovery, the assurance of recovery is the most important one for businesses. Data movers focus only on the test fail over procedure. In order to have resilience recovery, organizations must have disaster recovery simulation on weekly or monthly basis. Moreover, short periods of DR tests, Provides the organization, the confidence and experience necessary to respond to real emergency. Practice makes perfect.

Organizations should be able to identify failure in the recovery plan prior to actual disaster situation. It is a very challenging journey to walk through from the unknown and the risky position, to 100% Recovery assurance! The demand for a thorough, frequent automatic DR test tool become to be urgent as highly important. Organizations would like to get ready to any disaster situation. To be recovery guarantee.

During real disaster, a lot of unexpected problems will popup. you must know at least you are DR READY. Reliable disaster recovery is critical for business survival. Organizations don’t get second chance when disaster strike. During that critical demanding moment, a lot of unexpected problems will popup.

Without periodic testing, time has a way of eroding a disaster-recovery plan’s effectiveness. Most of the organizations don’t know to tell is they really DR READY.

Environmental changes can prevent servers to turn-on properly, network problems like mac address, IP address, DHCP and dissimilar infra. Application unable to run or DB inconsistent: sometimes we have notices customers who changed the number of servers that run a certain application. They didn’t know they haven’t updated the secondary site. DC that can't recover, that can shut down the entire site. Personnel dependency; Sometimes its personnel turnover, missing knowledge, availability - is he onsite or is he away. And in the end, all you get is a yearly test, which is far from being enough.

An intelligent DR test should include:

  • Automation testing that cut resources and save money
  • Determining the feasibility of the recovery process
  • Identifying areas of the plan that need modification or enhancement
  • Demonstrating the ability of the business to recover
  • Identifying deficiencies in existing procedures
  • And increasing the quality and knowledge of the people who execute the disaster-recovery

When disaster occurs, the organization got one chance to recover. DR Readiness is critical for business survival. Only short periods DR test can address that need.

Shay UriUri Shay is the chief executive officer of EnsureDR ltd., a software that simulates a disaster recovery process, automatically and frequently.

Wednesday, 13 June 2018 14:19

Are You Disaster Ready?

(TNS) - As teams from the Federal Emergency Management Agency set out to do their first tours of the damage from powerful storms that devastated some Connecticut towns last month, two members of the state’s congressional delegation said every effort was underway to get federal assistance to help with the cleanup.

“The costs are in the tens of millions, if not the hundreds of millions of dollars,” U.S. Sen Richard Blumenthal said Monday morning outside the public works department in Hamden, one of the hardest-hit towns. “We don’t know the precise numbers but that’s why FEMA is here. They are going to be fanning out across the state.”

FEMA was called in at the request of the state and will spend the better part of the week doing preliminary assessments. They were joined by a number of teams from the state.

“We are committed to stay here as long as it takes to accomplish this mission,” said Diego Alvarado, a spokesman for FEMA.

Alvarado said the process for the state to get federal assistance is still in its early stages. The visit this week provides Gov. Dannel P. Malloy with the information to seek a disaster declaration and then the information goes to the president’s office for the necessary proclamation to approve assistance, officials said. The process, they said, could take months.



By TIFFANY BLOOMER, President, Aventis Systems

There’s screaming in the background. A window breaks. A peak around the cubicle reveals coworkers fleeing in terror while others hide hopelessly under their desks.

No, it’s not the end of the world. … It’s your network. Your systems failed, and critical, sensitive business data is lost permanently. It’s a data apocalypse, and your company is infected.

For any business to survive, it has to have availability. It must be up and running at all times for its customers, as well as its employees. Connections to business information must be reliable and continuous. This means backing up workstations and laptops, but also server and storage data, which is equally important.

With the exception of its employees, a business’s data is its most important asset, and a major loss can be fatal. Some 60% of small businesses that lose their data will shut down completely within just six months, yet the majority of small businesses still don’t backup their data. Why?

The good news is that downtime and lost data, productivity and revenue can be avoided if you are adequately prepared. Here are some top data backup survival tools every small business needs to avoid a data apocalypse:


Data Backup: Easy as Pi

To create a safe zone around your data, back up following this simple rule: Keep your data in three different places, on two different forms of media, with one stored offsite.

A single data center leaves you much more vulnerable than if your data is backed up in multiple places. IT best practices dictate redundancy — which includes the physical space. When the grid goes down and the zombies advance, it won’t help to have all your backup data stored in your office building.

To be safe, keep your original data plus multiple backups current at all times and store one offsite — as far away as possible! For added protection, store it in a weather-proof and fireproof safe at another geographic location.


Survival Tool #1: Backup Hardware

The first thing you need in your survival kit is the right storage device for your business environment and budget. There are four main types of backup hardware:

  • NAS — Network Attached Storage (NAS) is most often used for shared file systems joined by an ethernet network connection. It also works well for advanced applications such as file shares. Any server with attached storage can be used as NAS, allowing multiple servers or workstations to access data from a single network. The most scalable storage solution for SMBs, NAS storage equipment comes in a variety of configurable drive options and interfaces, is very versatile and includes a management interface.
  • SAN — Storage Attached Network (SAN) is a dedicated storage network for those requiring high-end storage capabilities. It provides block-level access to data at high speeds. Making large amounts of data more manageable, block-level storage allows you to control each block, or group, of data as an individual hard drive. SAN solutions are ideal for enterprise organizations because of their ability to transfer large data blocks between servers and storage.
  • DAS — Direct Attached Storage (DAS) is used to expand existing server storage with additional disks. It’s compatible with any server and is favored for its cost-saving benefits. It allows you to extend the size of your current box without an additional operating system. When used with a file server, DAS still allows user and application sharing.
  • Tape — Tape backup might be more “old school,” but it’s making a comeback in some SMB environments — primarily because it is offline. With tape, data is periodically copied from a primary storage device to tape cartridges, so you can recover it in case of a failure or hard disk crash. You can do manual backups or program them to be automatic. Tape is the least expensive way to store your data offsite because it’s light and compact, allowing you to take it with you or ship it to a holding space.
Survival Tool #2: Backup Software

If you have the right backup hardware in place, you need backup software you can trust to recover your data without compromising security.

Veeam Availability Suite is an excellent backup option for virtual machines (VMs) and physical servers. Software is managed through the same space as virtual backups. When disaster strikes, Veeam has your back with:

  • Guaranteed Availability — Get access to fast recovery time and recovery point objectives for all VM systems in less than 15 minutes for all applications and data.
  • Absolute Privacy — With licensing, your backup data is always secure with unique end-to-end encryption.
  • Long-Term Retention — Data is retained for as long as you need it with advanced native-tape support and direct-storage integrations with industry-leading storage providers like EMC, Hewlett Packard Enterprise and NetApp.
  • Built-In Disaster Recovery — With the high-level license, disaster recovery testing is built-in, and Veeam guarantees recovery point objectives of less than 15 minutes for all applications and data, as well as simplified proof of compliance with automated reporting.
Survival Tool #3: Cloud Services

When zombies, floods, hurricanes or other catastrophes wipe out the office, you’ll be glad you backed up your data offsite. Backing up everything in the cloud ensures it is always safe — no matter what happens.

What is cloud disaster recovery?

Simply put, cloud disaster recovery is a way to store and maintain copies of electronic data in a cloud storage environment to keep it safe. This way, if your system goes down, you can easily recover your company’s mission-critical data.

Why trust the cloud?

Some major benefits to managed services in the cloud include:

Business Continuity

While you’re recovering from an on-premise failure, cloud storage options will allow you to access mission-critical data and applications. As a result, your business can continue to function.

Lower Upfront Costs

Upfront costs are low, and ongoing costs are predictable, so you can more accurately budget your IT dollars.

More Time to Prep

By outsourcing data protection duties, your IT team can focus on more strategic issues.

Be Prepared

A system failure or loss of data can have catastrophic consequences on your business. To ensure you’re not left in the dark, learn more about the other tools you need and the steps you should take with this free e-book.

Choose backup hardware, software, a managed service provider and cloud storage to make sure your data is protected — no matter what or where disaster strikes. Also, don’t forget to test the local and remote backups to ensure the data you’re storing is usable.

You may not be able to predict the next tornado or save the world from walkers, but you can make sure your data survives!

About the Author

Tiffany Bloomer is president of Aventis Systems. Aventis Systems provides IT services and equipment to small and medium businesses around the world.

What could Barbra Streisand, John Wayne, Star Wars and The Sting possibly have in common? More than forty years ago, they were the most popular entities in popular culture as measured by the inaugural edition of The People’s Choice Awards.

Earning the People’s Choice award in the cloud storage/backup category provides confirmation that Cloud Recovery – AWS exceeds our customers’ expectations for managing their growing data, and driving down the cost of cloud-based recovery.

The People’s Choice Awards were created in 1974 to recognize the people and works of popular culture, as voted on by the public. And while the entertainment industry has always been well-represented in the culture wars, the business world now has its own People’s Choice Awards: The People’s Choice Stevie® Awards for Favorite New Products, a feature of The American Business Awards®, the U.S.A.’s top business awards program. Sungard Availability Services (Sungard AS) is proud to receive this year’s People’s Choice award for cloud/storage backup for its Cloud Recovery – AWS solution.

Debuting in 2002, the most recent worldwide public vote in The People’s Choice Stevie® Awards for Favorite New Products was conducted last month. The highest number of votes decides the winners in a variety of product categories. More than 58,000 votes were cast, and Sungard AS’ Cloud Recovery AWS was selected as the overall winner in the Cloud Storage/Backup category.



(TNS) - Imagine a job that involves managing the worst day of someone’s life dozens of times every day. Answering phone calls from scared or angry people for 10 hours or more at a time and coordinating a rapid response from multiple agencies. One mistake or misstep could have potentially fatal consequences.

This is the job description of a 911 dispatcher.

“They are a critical link in the public safety chain that is often overlooked because they’re not driving police cars or fire trucks,” said Flathead Emergency Communications Center Director Elizabeth Brooks. “They’re the first responders. They’re the first on scene even though they’re not physically there, and the quality of your response often starts with a skilled 911 dispatcher.”

However, the voice answering the phone belongs to a human being, one that must find a way to handle every crisis that occurs within their community.



(TNS) - Director of the Scioto County, Ohio, Emergency Management Agency Kim Carver said this week there is federal disaster relief money headed to Southern Ohio. It’s arrival just may take longer than expected, she added.

“All Scioto County jurisdictions will be eligible for reimbursement for up to 87.5 percent of costs associated with response and recovery to the flooding in February, including flood defense costs in the city of Portsmouth and village of New Boston,” Carver said in comments made when the state was approved for FEMA assistance in mid-April.

A declaration of emergency was signed by President Trump April 19 in response to flooding and landslides that slammed the area Feb.14-25. However, Carver said recently FEMA is using a new service model to deliver funds relating to the February disaster.



The world’s much anticipated International Standard for occupational health and safety (OH&S) has just been published, and is set to transform workplace practices globally.

ISO 45001:2018, Occupational health and safety management systems – Requirements with guidance for use, provides a robust and effective set of processes for improving work safety in global supply chains. Designed to help organizations of all sizes and industries, the new International Standard is expected to reduce workplace injuries and illnesses around the world.

According to 2017 calculations by the International Labour Organization (ILO), 2.78 million fatal accidents occur at work yearly. This means that, every day, almost 7 700 persons die of work-related diseases or injuries. Additionally, there are some 374 million non-fatal work-related injuries and illnesses each year, many of these resulting in extended absences from work. This paints a sober picture of the modern workplace – one where workers can suffer serious consequences as a result of simply “doing their job”.

ISO 45001 hopes to change that. It provides governmental agencies, industry and other affected stakeholders with effective, usable guidance for improving worker safety in countries around the world. By means of an easy-to-use framework, it can be applied to both captive and partner factories and production facilities, regardless of their location.



Monday, 11 June 2018 14:40

ISO 45001 is now published

Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure

Disasters come in many forms. Corruption, theft, loss, or natural disaster can all take down your applications and destroy your data. In an ideal world, your data protection infrastructure would immediately restore all applications and data right at the time and point of failure.

But this is the real world. It is possible to immediately failover an application and to continuously replicate its data for near-zero loss. But these operations are resource-consuming and expensive. Realistically IT needs to set different recovery time and point objectives according to their budget, resources and application priority.

We call these two objectives Recovery Time Objective (RTO) and Recovery Point Objective (RPO). They are related, and both are necessary to application and data recovery. They are also different metrics with different purposes.



The 2017 hurricane season was one for the record books, with four major storms and three more minor ones impacting the U.S. and the Caribbean.

What’s worse, several of them hit land in more than one location — causing additional devastation. There were hundreds of millions of dollars in damage and over 100 deaths attributed to the four main storms alone, making 2017 the costliest hurricane season on record for the United States. Ten of the total 17 named storms for the year reached what is considered hurricane force. When you consider the amount of damage and loss of life, you have to consider: is there any way that businesses and individuals could have been more prepared?

The Major Hurricanes of 2017

The four major hurricanes of 2017 were named Harvey, Irma, Maria and Nate. Starting life as tropical cyclones off the shoreline of the U.S. and the Caribbean, they devastated locations such as Puerto Rico, the Dominican Republic, Louisiana and South Texas. Hurricane Harvey lingered over Texas and Louisiana, making landfall multiples times and causing over $180 billion in damages. More than 30,000 support personnel at the federal level were mobilized to help with cleanup and support efforts. Hurricane Irma came next, with serious storm damage occurring in the Florida Keys and the Caribbean, specifically on the island of Barbuda where more than 90% of buildings were damaged. Irma was “only” a Category 4 storm, but she left behind nearly $200 billion in damages, killed 129 people and caused 40,000 federal personnel to be mobilized.

Hurricane Maria had a catastrophic impact on Puerto Rico, where the Category 4 hurricane stripped the island’s 3.4 million inhabitants of power and basic necessities. While the small country continues to rebuild, it will take years to restore everything that was damaged. Nineteen thousand federal personnel were dispatched to help support the area, where an estimated $95 billion in damages were caused by the storm. Hurricane Nate was the weakest of the four, barely reaching a Category 1 with limited power to cause widespread devastation. Louisiana, Mississippi and Alabama were hardest hit by the 90 mph winds. Damage was worse in South America where Nate was strongest — causing extensive flooding, landslides and 45 deaths.



It’s Time to Take Data to the Next Level

The self-service technology culture allows each business user to access data for analytical purposes. Yet it has created an abundance of rogue data sets across enterprises that may contain outdated or inaccurate information and that fall outside of organization’s data governance structure. With the introduction of the right data intelligence strategy and stewardship, enterprises can improve data quality, build trust and enable collaboration that will impact the bottom-line.

Data is the lifeblood of an organization. It is at the heart of executive decision-making, risk evaluations, customer engagement, regulatory requirements and efficient operations. Yet, not all data used for these business decisions and reporting is made equal.

According to a recent TDWI survey report, “Reducing Inefficiency and Increasing the Value of Analytics and Business Intelligence,” only 11 percent of respondents said they were very satisfied with their companies’ investments in data and analytics projects to meet strategic goals for enabling data-driven decision-making or actionable customer intelligence.

The problem is that the self-service culture has created an abundance of rogue data sets and proliferated data across the enterprise where governance officers and IT professionals have no control over who is using the data and how they’re using it. Business users may be using outdated or inaccurate data for their analysis.

And there is no way to reel back data access as these same self-service analytical, visualization and data preparation applications allow enterprises to be nimble and use data for finding meaningful business insights. The trick is finding the balance between open data access and internal data control: Effective governance and data quality improvement only come when the right data intelligence strategy and stewardship is in place.



Every year in the June issue of CRN, The Channel Company publishes its Women of the Channel list citing the professional accomplishments, demonstrated expertise and ongoing dedication to the channel of hundreds of women. The Power 100 is a more focused list of women drawn from this larger list: women leaders whose vision and influence are key drivers of their companies’ success and help move the entire IT channel forward.

Sungard Availability Services (Sungard AS) has the privilege of employing women who are named to this prestigious list year after year, and this year was no different. Six women – including two of whom were named to the Power 100 – were selected for the Women of the Channel 2018 list.

Six members of the Sungard AS team were selected for the Women of the Channel 2018 list. Two were named to the Power 100 list.

“They’re all visionaries whose continued dedication and contributions make possible our mission to improve business resiliency,” said Tim Cecconi, Senior Vice President, Sales and Global Channels. “These executives are some of the best and brightest Sungard AS has to offer, and their demonstrated influence throughout the channel serves as a testament to the exceptional talent and innovation they bring to the industry.”

Being chosen for the Women of the Channel list is an honor no matter who you are. But Sungard AS wanted to know more about why their candidates were selected, and what qualities they think enable them to achieve success. Here is what Melissa McCoy, Michelle LeVan, Karen Falcone, Corre Curtice, Sarah Hamilton and Heidi Biggar have to say about the qualities that make successful women leaders:



The average lifespan of businesses is shrinking, yet some have been around for hundreds of years. How to stay afloat in a rapidly changing world? A newly published standard aims to help.

By 2027, the average company on the Standard & Poor’s 500 Index (S&P 500) – an index of 505 stocks issued by 500 large companies with market capitalizations of at least USD 6.1 billion – will last just 12 years, according to the 2018 Corporate Longevity Forecast). New technologies, economic shocks, disruptive competitors and failure to adequately anticipate and prepare for future challenges are the key reasons cited for their demise.

The freshly published ISO 9004Quality management – Quality of an organization – Guidance to achieve sustained success, divulges the secrets and strategies of some of the longest lasting businesses around the world to help other organizations prepare for such challenges, optimizing their performance at the same time.

Charles Corrie, Secretary of the ISO committee that developed the standard, said it is about helping organizations not only survive, but achieve “sustained success”.



I had an interesting week last week: Along with two other MHA consultants, I spent two and a half days performing a current state assessment of the business continuity situation at a large complex of hospitals on the West Coast.

We conducted 15 to 16 interviews with the key people at a wide range of departments to get a handle on where their BC program stands on everything from program administration to IT Disaster Recovery to fire and life safety.

It was an interesting challenge. In doing an assessment like that, your goal is to arrive quickly at an accurate understanding of the program’s strengths and weaknesses in the different areas. You have to work collaboratively with experts in many departments, gathering material that you will eventually structure into a report which includes, critically, a list of the steps the organization can take to help them improve their BC program and better carry out their core mission. This list is known as the roadmap.



Memorial Day Weekend 2018 was a deluge for many parts of the country.

Flash floods ripped through Ellicott City, Maryland. Subtropical storm Alberto triggered states of emergency in Florida, Mississippi and Alabama. Severe thunderstorms and tornadoes tore through the West and Midwest.

Amid all this, the National Weather Service (NWS) experienced an outage from Sunday evening into Monday, leaving meteorologists unable to access the weather data the NWS provides.

The National Weather Service experienced an outage on Memorial Day Weekend, leaving meteorologists unable to access the weather data the NWS provides.

It turns out the NWS switched to a new system for distributing data in recent years, and AccuWeather and other consumers of that data have expressed concerns about how the system would handle spikes in requests for data during major storms. Those fears weren’t unfounded.

It’s not the first time the NWS had an outage, either. There were several in 2014 due to firewall issues and in one case, too many requests from an Android app. In February 2017, two of the NWS’s core routers lost power. The Network Control Facility tried to switch over to a backup site, but failed. With both the primary and the backup unavailable, forecasts, warnings and other data went dark for nearly three hours.



As if it’s not enough that communities hit by disaster have to go about rebuilding, it’s inevitable that the suffering will attract scammers, sometimes called “storm chasers,” companies that target vulnerable communities rebounding from a disaster and other scam artists.

That’s what the Indiana Department of Homeland Security is warning residents about in the 35 counties that received emergency declarations earlier this year after severe flooding.  
These scammers will go door-to-door offering repairs and often do subpar work or don’t complete the work after receiving payment, which they often request up front.

“It’s sad that there are people out there who would take advantage of people who are distraught and have been through a horrible disaster and may be elderly or disabled,” said Erin Rowe, state director of emergency response and recovery for the Department of Homeland Security (DHS). “They call them storm chasers and there are some individuals and groups who have been identified.”



EAGLEVILLE, Pa. – BC in the Cloud, an integrated platform for business continuity and disaster recovery planning, today announced it will be exhibiting at the Disaster Recovery Journal’s Fall Conference “Reimagining Business Resiliency.”

The conference will be held Sept. 23-26, 2018, at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Ariz. BC in the Cloud will be showcasing its platform in Booth 506/508. Along with speaking in the Solutions Track, Andrew Witts will present Program Totality – Managing the Connectivity and Completeness of an Entire Program.

“We’re excited to have BC in the Cloud as a sponsor of our fall show,” said Bob Arnold, President, DRJ. “They have always been one of the industry thought leaders and we are thankful to have their support and sponsorship for our Fall 2018 conference”.

“BC in the Cloud is looking forward to exhibiting at another successful DRJ Conference.  Our platform can do so many amazing things, it’s great to be able to show it off in person to the DRJ attendees,” said Frank Shultz, President, BC in the Cloud.

The Disaster Recovery Journal’s conferences are the world’s largest conferences dedicated to business resiliency and expects more than 1,000 professionals who are responsible for building business resiliency and managing disaster recovery in their organizations. With more than 65 sessions, 10 deep dive workshops and 70 companies in the expo hall, attendees can participate in interactive sessions, hands-on training with cutting-edge technology, hundreds of live demos and unparalleled networking. In addition, DRJ welcomes over 85 speakers who will share their expertise and learnings in this fast-paced changing environment that is the new normal. DRJ’s Fall Conference offers attendees everything they need to build a resilient organization in four days, under one roof.

To arrange a meeting or personal demo at the conference, contact BC in the Cloud at This email address is being protected from spambots. You need JavaScript enabled to view it. or 267-341-9610.

About BC in the Cloud

BC in the Cloud provides automated tools and services for building and maintaining effective plans that streamline and simplify Continuity, Governance and Risk Management programs. The BC in the Cloud Platform evolves as an organization’s needs grow to increase resiliency, mitigate risk, and adhere to deadlines. No other platform provider offers rapid speed-to-market and robust scalability in an all-in-one solution.


Engagement, Collaboration, and Data

A number of technologies are providing significant advances for IT auditors to embrace the digital age with proactive information that provides an even greater value to businesses.

Organizations everywhere are progressing on their digital journeys at a healthy clip. They’re evaluating and adopting new technologies quickly and compressing the time it takes for a project to go from concept to implementation. In this fast-paced, technology-driven climate, IT auditors and IT audit functions must also evolve and transform, with no time to waste.

IT auditors need to be more agile, dynamic and progressive in the ways they assess potential risks in IT initiatives and the overall IT environment. And they can start by stepping up their engagement and alignment with IT and business stakeholders across the organization.



Wednesday, 06 June 2018 15:23

Transforming IT Audit In The Digital Era

It seems the first question asked for any task is, “Is there an app for that?”

Much of what we do in business continuity is planning and protecting systems and applications. Quite a bit of what we do is manual, but in recent years, vendors have created software which can help business continuity programs in carrying out nearly every phase of their missions. These tools make BC activities more efficient, effective, and accurate, increasing the resilience of the organizations that deploy them.

Tools are available to help BC programs with the following activities, to name a few:



Wednesday, 06 June 2018 15:22

BCM Software: There’s An App for That

Emergency managers and the many different disciplines and organizations they partner with are working every day to make their communities a safer and better place to be; before, during and after a disaster. 

Having cut my teeth here on the West Coast, I have always envied emergency managers who have hurricanes as their worst-case disaster. This is for two reasons. One is that they have a set schedule on the calendar that is identified and known by as the hurricane season, which, by the way, just started on June 1, and was preceded by Tropical Storm Alberto. Evidently Alberto did not get the save-the-date message and arrived a few days early. 

Secondly, you can see hurricanes and tropical storms coming days, even weeks out as they form in the Atlantic or Gulf of Mexico. With our 24-hour news cycle, even the people who are procrastinators will finally run to the hardware store to get plywood and to the grocery store for canned food and water. People have time to heed warnings and evacuate from danger areas.



Wednesday, 06 June 2018 15:20

Earthquake Country Needs a Sense of Urgency

Keep energy flowing. Keep real estate protected. Keep medicines available.

From energy suppliers to global real estate brokers to national pharmacies, companies around the world are becoming increasingly digital. Organizations are adopting cloud, embracing IT transformation and adding modern, agile and efficient methods to harness the power of their business backbone: data. And with that unprecedented growth in information and analytics, data protection has evolved.

As a result, corporations are embracing solutions like Cloud Based Recovery for Actifio environments from Sungard Availability Services (Sungard AS) to back up their data and achieve virtual recovery more efficiently.

During the annual Actifio Data Driven conference (June 5-6), companies can explore new, efficient ways to achieve data protection.

Backed by 40 years of data protection and recovery experience, Sungard AS partnered with Actifio over three years ago to deliver a managed data replication and recovery solution to help customers achieve data protection transformation. With several petabytes 



SATA is a well-known technology in data storage circles, but what about M.2?

It's common to encounter M.2 solid-state drives (SSDs) while browsing a vendor's website or the virtual shelves of an online store. They typically lack enclosures — although many accessory makers offer cases for external use — and look like a cross between a memory stick and a small expansion card, complete with exposed chips some of which may be covered by a big sticker from the manufacturer.

What's the difference between these two storage technologies? 



Wednesday, 06 June 2018 15:18

M.2 vs SATA: Storage Showdown

Digital transformation. We hear this term used in many different contexts in our day to day conversations. Regardless of when or how it is used, one thing is clear, digital transformation could be the key to ensuring an organization’s survival over the next several years. During the recent Enaxis Leadership Forum, attendees were asked what they believed to be the biggest barriers they faced to achieve benefits of digital transformation:

  • Business Reorganization
  • Change Resistance from Leadership
  • Legacy Operating Models
  • Cost and Complexity of Cyber Threat Management
  • Lack of Digital Skills in Current Workforce

As we review these barriers, one thing is evident – these are the same barriers that organizations face for ANY type of transformation – not just digital. In the past, successful and forward-thinking companies have found ways to overcome these types of barriers to achieve their end goal – organizational transformation.



Wednesday, 06 June 2018 15:16


NOAA recently released their 2018 hurricane predictions and the Atlantic and Gulf coasts are expected to have a near- or above-normal season. Secretary of Commerce Wilbur Ross said, “The devastating hurricane season of 2017 demonstrated the necessity for prompt and accurate hurricane forecasts.” The same could be said about communications.

As businesses and organizations craft their hurricane preparedness plans, it is vital to business continuity and employee safety that hurricane communications are relevant and can be sent rapidly as conditions change. The fastest way to ensure every employee receives the right message at the right time is to utilize hurricane notification templates. Modern emergency communications solutions will provide templates that companies can send across all communication channels, including email, text, push notifications and phone calls.



Security and resilience – Business Continuity Management Systems – Guidelines for people Aspects of business Continuity

This document gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident.

This includes:

  • preparation through awareness, analysis of needs, and learning and development;
  • coping with the immediate effects of the incident (respond);
  • managing people during the period of disruption (recover);
  • continuing to support the workforce after returning to business as usual (restore).

The management of people relating to civil emergencies or other societal disruption is out of the scope of this document.



Wednesday, 06 June 2018 15:09

ISO/TS 22330:2018

Top 5 Best Practices for Data Management

In today’s data-driven digital economy, traditional databases struggle to keep up with the increasing amount of streaming data. Adding to this stress are new compliance regulations, such as GDPR, that often complicate core processes across industries, including financial services. This article will discuss how financial service organizations can keep pace with growing data compliance requirements without compromising speed or impacting business activities.

Analyst firm IDC predicts that by 2025 the global ‘datasphere’ will swell to a staggering 163 zettabytes of data generated per year – that’s ten times the data generated in 2016. In today’s data-driven digital economy, traditional databases struggle to keep up with increasing amounts of data that stream in faster than ever. Compounding the challenges created by the dramatic increase in both the speed and scale of data is the broad impact of new data management and compliance regulations that often complicate core processes across every industry, including financial services.

Many financial services organizations comply with existing regulations, such as BASEL III, FFIEC, Sarbanes–Oxley and Markets in Financial Instruments Directive (MiFID II), along with the Fundamental Review of Trading Book (FRTB) requirements that went into effect in January. On deck is the General Data Protection Regulation (GDPR). Effective May 25, 2018 and issued by the European Union (EU), GDPR requires that any organization that handles data from an EU resident must be compliant. This includes providing increased transparency when reporting a security or confidentiality breach to regulators and those whose data is affected, all within specified timeframes.

The ever-increasing list of regulations is forcing financial services organizations to button up data management best practices. To better manage growing data volumes and effectively limit risks associated with compliance regulations, these organizations are breaking down data silos to provide better visibility and integration across the enterprise. However, as financial services organizations modernize their data infrastructures, they are often challenged to balance evolving compliance regulations with additional demands of their data, such as those around customer experience and operational productivity.



You’ve reviewed all the benefits and determined that your organization needs a mass notification system.

Congratulations! You’re one step closer to providing a secure and collaborative communication channel for your teams and community. Now comes the difficult part: determining what type of system is best for your specific needs, nailing down some finalists and making your purchase. This blog will walk you through what you need to consider before making a final decision, as well as how to present your case to gain internal buy-in for your recommendation and budget.

Consider These Features and Services

When you are purchasing a mass notification system, there are certain features and servicesthat you will want to consider. Emergency notification systems (ENS) are complex, and you will find that there can be significant differences between systems. Features to keep in mind include:



Fintech Collaborations on the Rise

Fintech-bank partnerships result in growth opportunities. In this article, Krista Morgan examines the risk-reward relationship in this growing trend.

The strength of our banking system is that we trust it. That trust comes from knowing that banks follow rules designed to protect us. As consumers, we want to know that our money will be safe, our identities will be protected, and things will work the way we expect them to. We want all of that – but we also want a zero-hassle experience with our financial institutions that is incredibly fast and seamless.

Not an easy value proposition to deliver on. Banks need fintech firms to deliver experiences that today’s consumers expect. In fact, 89% of community banks believe bank and fintech collaborations will be common by 2027. At the same time, the banks need these fintech firms to maintain trust which, for better or worse, comes from regulatory compliance.



2018 may only have just begun, but it looks like a big year for information security. With questions being raised about the security of micro-processors, and major cyber security initiatives such as the EU’s General Data Protection Regulation brought into effect this year, a new edition of ISO/IEC 27000 has come at just the right time.

ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS), and terms and definitions commonly used in the ISMS ISO/IEC 27001 family of standards. Designed to be applicable to all types and size of organization from multinational business to small and medium-sized enterprises, the new version, released in February 2018, is equally valuable to government agencies or not-for-profit organizations.

There are more than a dozen standards in the 27000 family. The recently published ISO/IEC 27000 provides an understanding of how the standards fit together: their scopes, roles, functions and relationship to each other.

The ISO/IEC 27001 community will find this standard useful, since it brings together all the essential terminology used by other standards in the ISO/IEC 27000 family.



Starting a career in technology is one way to ensure you’ll have to continually evolve. The technology transforming industries today might be obsolete tomorrow.

But while the technology changes, there are timeless ways to manage your career to ensure you rise to the top and stay at the forefront of what’s new.

We gathered insights and advice from six of our top executives on what they wished they knew when they were starting their careers and common mistakes they see recent graduates make. Their answers are a guide for any technology professional starting their journey.



The EU’s new General Data Protection Regulation (GDPR) sets forth a “lawful basis” for collecting and processing personal information. It will require most organizations to significantly improve data management and security, but most organizations are not ready to comply, especially with the requirement to demonstrate compliance. Fortunately, a company’s existing GRC tools, which are designed as central repositories for documenting and reporting on internal governance activities, can help organizations quickly implement the tracking processes necessary to demonstrate compliance.

Personal information is an increasingly valuable – and risky – business asset. Organizations want to collect as much personal information as possible to support better decision making and an improved customer experience. However, the fear of identity profiling, along with high-profile cyberattacks, has caused increasing concern about how to protect this information. The EU’s General Data Protection Regulation (GDPR), which goes into effect in May of this year, aims to add privacy protections for all individuals currently residing in the EU, whether they are citizens or not. It also impacts most organizations around the world that are collecting or processing data about EU residents, even if the organization does not have a physical presence in the EU.

The regulation sets forth a “lawful basis” for collecting and processing personal information and will require most organizations to significantly improve data management and security. Yet, according to multiple surveys, most organizations are not ready to comply, even though a compliance failure can be expensive, up to 4 percent of annual global turnover or €20 million, whichever is greater, and will likely result in damage to reputation and undesirable notoriety.

One of the trickiest areas of the regulation is that organizations must be able to demonstrate compliance. Think of it this way: a police officer typically needs to catch you speeding before giving you a ticket. But what if instead, you needed to prove that you had not sped during your entire drive? That’s the challenge of GDPR.



Have you ever had to bail out of an airplane?… Me neither, fortunately. But imagine if you did, and your parachute was too moth-eaten and tangled to support you because you hadn’t maintained it properly. Fun, right?

I see the same thing all the time with organizations’ recovery plans. The organization has a plan. They created it at some point in the past, and maybe at one time, it was actually pretty good. But that was a while ago, and they haven’t thought about it or looked at it recently. They’ve been too busy doing other things.

And then all of a sudden, there’s an emergency, and the organization realizes they need to implement their trusty old recovery plan in order to deal with the incident and minimize its impact on the business—but the plan is so moth-eaten it barely works.

Don’t let this happen to you.

In my experience, there are seven main ways in which recovery plans are commonly allowed to become out of date. Here they are; do any of them apply to you?



“Text Messaging Can Expose Your Company to Significant Risks”: In this article, Mike Pagani explains that texting is quick, easy, reliable and efficient — but if it’s used for official business communications, it can create tremendous risk for a company. Organizations of all sizes need to put the right policies in place, and implement automated text archiving and supervision systems as soon as possible—before it’s too late.

Texting is simple, concise and supported by virtually every mobile device, operating system and wireless carrier. This makes it the go-to preference employees need to communicate with their colleagues, customers, or prospects in a time-crunched, always-connected society.

Ungoverned Text Messaging is a Growing Concern

Even though texting is quick, easy, reliable and efficient — if it’s used for official business communications, it can create tremendous risk for a company. When you consider the countless regulatory, legal and general risk and brand management challenges that companies must manage today, you might think email and other “official” communications using social media accounts and corporate websites are the only content types that need to be archived or actively supervised. Although its use by employees for official company business is often prohibited by organizations, the reality is text messaging does get used and therefore should be governed the same way as all other channels. Sending text messages between mobile devices is now one of the key ways that employees connect with each other and customers, and these records need to be maintained for completeness.

Compliance, legal, IT and risk and reputation professionals across a variety of litigious and regulated industries are now realizing that proactively automating the archiving and supervising of text messages is necessary to mitigate the myriad of potential risks arising from their records retention and oversight practices not keeping pace as employee use increases. Text messaging without proper governance is a major gap that can no longer be ignored.



Everyone knows that natural disasters aren’t spread evenly across the United States, rather they occur in the same places year after year.

This fact was given striking visualization in a recent New York Times article called “The Places in the U.S. Where Disaster Strikes Again and Again.”

The article and accompanying maps are well worth checking out, especially for anyone involved in business continuity and disaster recovery.

The article was based on an analysis of data from the Small Business Administration from between 2002 and 2017. It looks at places in the U.S. where businesses applied for loans to rebuild following natural disasters. However, the data provides a reliable window into where disasters cause the most damage overall.

As it turns out, the same tiny portion of the country is responsible for the vast majority of disaster losses year after year.



2017 was a highlight reel of worst-case scenariosWannaCry forced some organizations to play tug o’ war with their own data, while hurricanes halted business operations across the South. It felt like one terrible catastrophe after another, and while many organizations had effective safeguards in place, some did not. For those businesses who were unprepared, the series of disasters was a harsh wake-up call.

So what’s the state of disaster recovery (DR) today? A recent survey of 375 U.S. business leaders shows exactly how organizations are approaching their DR plans post-2017.

These disasters definitely left their mark: 33 percent of respondents said they aren’t confident in their business’s ability to overcome a disaster, and 57 percent said they would reconsider their existing DR plans or consider implementing a new one as a result of 2017’s massive hurricanes.



Do you remember when the first cell phones were commercially available?

One of the highest advertised benefits of mobile devices was the ability for travelers to contact help in the case of a roadside emergency. Today, cell phones have evolved into smartphones, and 95 percent of Americans have some form of mobile device. By utilizing a mobile notification system for alerting your staff who are traveling or are remote employees, you can protect and inform them easily in the event of an emergency.

Weather Alerts

From hurricanes and tornadoes to hail storms and wildfires, inclement weather is always right around the corner. Staying in touch with employees during storms is vital for many reasons. Start with weather alerts and warnings. Your primary duty is to protect staff while on the road, whether they’re traveling abroad or on route to work at a local office.

Using notification technology allows your company to contact all employees who are traveling. Consider a system that has two-way communication. This allows employees to share first-hand information about weather conditions, and to connect with you in case of an emergency.



(TNS) - On the Big Island of Hawaii, the ongoing eruption of Kilauea volcano is giving residents a lesson in what it's like to live on the flanks of an active volcano.

Fissures oozing lava won't be opening up in southcentral Alaska anytime soon. But the region around Alaska's biggest city is hardly a stranger to volcanic eruptions and the mayhem they can cause.

Our closest neighbor volcanoes have an explosive, active history. Mount Iliamna, Augustine Volcano, Mount Redoubt and Mount Spurr — "have done some really bad things," said Chris Waythomas, a research geologist with the Alaska Volcano Observatory in Anchorage.

Over the past 60 years alone, Anchorage and Southcentral Alaska has been repeatedly dusted by ash from erupting volcanoes strung down the western side of Cook Inlet. Ash from exploding volcanoes has shut down airports, fouled car engines and machinery and sent residents stocking up on air filters and face masks, most recently when Redoubt erupted in March of 2009.



(TNS) - Residents, merchants and officials in Ellicott City on Monday began to examine the devastation wrought by the floods that coursed through the historic mill town the night before, for the second time in less than two years.

Old Ellicott City’s Main Street remained blocked off Monday as crews inspected buildings. Police were searching for a Maryland National Guardsman who was reported missing during the flooding Sunday. Cars lay on their sides or upside down in streams and along the road. A crane tow truck was brought in to lift them out. Utility workers began to restore power, fix a broken water line and bypass a broken sewer pipe.

Amid the immediate recovery efforts on Monday, the question was inescapable: Should Ellicott City, founded in 1772, devastated by floods in 2016 and now again in 2018, try to rebuild again?



As the GDPR comes into effect, many marketers are scrambling to align their online marketing strategies to the regulation. Unfortunately, like most regulations, there are many requirements that are confusing or ambiguous; one of those is the treatment when requiring visitors to provide their contact information to receive access to restricted (gated) content, such as white papers and research.

What Does the Regulation Say?

Article 7 of the regulation is very clear when it comes to the collection of personal EU resident information: Consent must be clearly given for processing of personal data, the data subject must be made aware of how the information will be used, and they must have the ability to withdraw consent at any time.



Tuesday, 29 May 2018 14:58

GDPR: The End of Gated Content?

In this article, Wendy Wysong, Peter Coney and Tatsuhiko Kamiyama examine three key governance reforms coming from Japanese legislators and what global companies need to know going forward.

‘Japan Inc’ is now back on the front pages with many Japanese corporations increasingly pursuing significant M&A opportunities internationally given the mature market at home and high levels of cash reserves.

The corporate landscape in Japan has, however, also been changing in other less head-line grabbing ways in recent years. As a consequence of a number of high-profile corporate scandals, Japanese legislators have been busy tweaking their legislative settings to further improve corporate governance in the world’s third biggest economy.

This article focuses on three such reforms:

  • the bolstering of the role of independent outside directors;
  • the introduction of Japan’s first ever plea-bargaining regime; and
  • the release of Japan’s ‘Principles for Listed Companies Dealing with Corporate Malfeasance’.

For the reasons explained below, global companies with operations in Japan should keep in mind this shift towards more regulation in Japan.



Today’s emergency alert systems need to be reliable and accurate.

In the wake of the terrifying January 2018 false alert to Hawaii residents, the public expects its emergency alert systems to operate consistently and properly.

The crux of general public notification systems in the United States is the Integrated Public Alert and Warning System (IPAWS). The system was developed to alert the public across multiple channels — radio, television, wireless devices, and other communication platforms. It is supposed to be deployed when there is an emergency that threatens life and property. It is often used to alert the public to a missing child but can also be used to alert about impending natural disasters or man-made incidents such as a chemical spill.



Some disasters are more likely to strike than others. If your business is based in Minnesota, you probably don’t have to worry about hurricanes. If you’re based in Florida, preparing for blizzards probably isn’t high on your list of priorities.

But no matter where you’re based, you should be prepared for flooding.

In recent years, we’ve seen flooding devastate everywhere from Hawaii to California to Texas to Tennessee to New Jersey, and beyond. Any business near the coast, a river, or in a low-lying area should have a plan in place to minimize any disruptions flooding might cause.

As your business braces for potential impacts, you should obviously rely on your DR plan, but there are several actions that the most resilient businesses take both before and after flooding that are worth calling out specifically.

If you experience flooding in your area, here’s what you should be doing.



Researchers predict we’re in store for another rough hurricane season. If previous years have taught us anything, it’s that these storms can quickly evolve in ways we can’t anticipate. You may not be able to control when or where a storm hits, but you can ensure your business is ready when it happens.

We put together a quick guide to help you prepare your business for hurricane season, particularly if you work along coastal areas. Effective hurricane preparation keeps your people safe, your business running, and limits the danger to and losses for your entire organization.



Friday, 25 May 2018 14:31


I don’t know if business continuity management software is the best thing since sliced bread, but it is pretty terrific stuff, in my opinion.

Of course, for BCM software to live up to its potential, a few important criteria must be met, in terms of the suitability of the software chosen, the attitude of the people administering it, and the characteristics of the organization (I’ll go into all that in more detail in the second part of the post).

But generally speaking, if you are a business continuity professional, I think that using BCM software—for business continuity planning, BIAs, metrics, and compliance—can change your life for the better. More to the point, it can change the BC program at your organization for the better, increasing its resiliency and boosting its ability to recover from a disruption.



Data encryption and data masking technologies are important tools to provide GDPR mandated data protection and data privacy. With careful key management, encryption provides a powerful tool for your arsenal of GDPR best practices. End-to-end encryption provides strong data protection for your on-premise data centers as well as for your cloud-based applications and data. Data masking is also a very important adjunct technology. Together, encryption and data masking give you the broad flexibility to meet a broad mix of GDPR data security needs in support of your European Community customers.

In December 2016, the European Community ratified the EU General Data Protection Regulation (GDPR), which goes into effect this month on May 25, 2018. The GDPR replaces the European Community’s Data Protection Directive 95/46/ec (ECDPD 95/46/ec) on that same date.

The GDPR gives EU citizens much more control over the data that regulated entities can acquire, store, and use. These regulated entities include data processors, which are responsible for processing personal data on behalf of a controller, and controllers. Controllers make decisions about the processing of data and provide specific direction data processors. Both controllers and data processors have direct compliance obligations under the GDPR. The GDPR empowers citizens by requiring that companies simply and clearly obtain explicit permission to process their personal data and that just as easily, EU citizens can withdraw their consent at any time. This data includes just about anything that can be used to identify an individual uniquely.

The GDPR regulation is broad in scale. It is applicable to any entity that offers products and services to the European Union. The GDPR also applies to any service that gathers data about the behavior, online or otherwise, of these individuals within the European Union. In terms of scope, the GDPR applies to just about any business that conducts transactions, from any place on the globe, with a user in the EU.



(TNS) - Officials at Crosby's Arkema chemical plant were warned that the facility was at risk for flooding a year before Hurricane Harvey's deluge resulted in a chemical fire at the plant.

But facility employees, with the exception of a manager who left in early 2017, "appeared to be unaware of this information," an inquiry by the U.S. Chemical Safety And Hazard Investigation Board found.

The board concluded that Arkema, a French multinational company that manufactures chemicals used to create plastic products, was not prepared for flooding of this magnitude. During Harvey, 6 feet of water wiped out the facility's power and backup generators. With the power out and cooling systems failing, volatile organic peroxides exploded multiple times over the course of a week, producing towering pillars of fire and thick plumes of black smoke.

The board -- an independent federal agency that investigates industrial chemical accidents --released a 154-page report Thursday morning detailing their findings.



In just a few days, on May 25, the clock will expire on the two-year transition period for companies to reach compliance with the General Data Protection Regulation (GDPR). This not only impacts organizations operating in the European Union (EU), but also affects companies in the United States and elsewhere that handle the personal data of anyone who resides in the EU. Those who fail to comply with the GDPR rules on contact data will face fines of up to €20 million ($24 million)—or 4 percent of global revenue/turnover.

GDPR has been billed as “data protection on steroids,” and with just a few days to go, 83 percent of all companies subject to the law lack confidence they’ll be able to meet the deadline. Based on my own recent discussions with various European channel partners—companies that partner with a manufacturer or producer to market and sell the manufacturer’s products, services, or technologies— only about half, within the UK, said they had completed their preparations and fully tested their compliance with GDPR



MrCleanThe founder and President of Safety Projects International Inc. has a mission – to help clean up the U.S., Canada, and several other countries. However, rather than doing it himself, Dr. Bill Pomfret aka Dr Clean is getting the workers themselves to do it – which is simple in its logic but offers a huge challenge in its execution.

"The state of cleanliness affects us in every aspect of our everyday lives, whether we're a patient in a hospital, a pupil in school, a customer in a restaurant or an employee in the workplace," Dr. Bill says.

"But most people fail to realize that cleaning is a science." Treatment of the cause, not the symptoms, coupled with a healthy dose of preventive medicine, is his prescription for the endemic problem faced by most countries that he visits. First, that means completely breaking down the tolerance for filth and replacing it with a culture of cleanliness.

And second, people will have to be educated on the best ways to clean up and to stay clean. Dr. Bill is well aware of the big, big job that is cut out for him, and that it involves more than just trying to change people's attitude or mindset. That is but a starting point, even though it is a massive challenge in itself, as evidenced by the limited success of the numerous public cleanliness campaigns undertaken in many countries so far, including South Africa, the Philippines and Malaysia to name a few.

There is no question that 72-year-old Dr. Bill is committed to his cause. He has, after all, got a 40-year-old lucrative business. But to him, raising most country's standards of cleanliness is part and parcel of occupational health and safety, both curative and preventive. Five years ago, he set up the education training Center for Cleaning Science and Technology in the Philippines (CCST), the country's first such facility.

MrClean2Located in San Isidro, Nueva Ecija the center conducts, inter alia training programs for the cleaning service industry, as well as local councils, building owners, and property managers. With the primary objective of raising the status and standards of the Philippines's cleaning industry, After all, like Porta Rico for the U.S.A. the number one export from the Philippines, is its people, mostly exported as live in caregivers. The Open University’s Institute of Professional Development accredits the center’s cleaning proficiency program. Before setting up the facility, Dr Pomfret had personally audited and surveyed the way cleaning operators normally worked. Some of his findings proved to be shocking. For example, a same mop was used to clean the toilet and the kitchen; the same rag to clean the bathroom and to wipe tables in eateries; and a same pail of filthy water used to mop corridor after corridor.

His conclusion was that many contract cleaners, not restricted to the Philippines, but Internationally were simply clueless about cleaning.

Mostly, the exercise seemed to be aimed not at actually cleaning but at creating the impression that cleaning had been done, that is, not to sanitize but to look clean.

"The thing is you have to clean right," Dr Pomfret stresses. "You may not be able to control the public entirely but you can control the cleaners and the quality of cleaning." During his travels, he had also visited Singapore's Institute of Cleaning Sciences, a franchise of the British Institute of Cleaning Sciences. Graduates, and professional cleaners are required to sit a proficiency test, both theory and practical.

In most countries, it is important that building owners, property managers and local councils send their staff for formal, practical training, Dr. Pomfret adds. This is because there are today very wide ranges of cleaning machines designed for all kinds of functions. Then there are the chemicals, which must be handled properly. In addition, cleaning processes can be quite job-specific, be it the cleaning of air ducts, treatment and prevention of graffiti, maintenance of various types of surfaces or basics like chewing gum removal.

For cleaning companies, such training makes economic sense, too. For instance, without this knowledge, they will not be able to realistically device a price structure upon which to negotiate a cleaning contract. As for the prospective clients, most will recognize that it is best to go with a professional outfit to minimize the risk of ending up with a whopping bill on restoration works for a botched-up job.

"Lack of know-how among property managers is the primary cause of poor maintenance of buildings," says Dr Pomfret. "They get incompetent cleaners and these people destroy the properties.

So the management has to cough up money to do yearly restoration and refurbishing." Business owner Bill Thompson agrees. "The notion that a mop and bucket is all you need to clean is archaic.”

In most developed countries, cleaning has become a highly professional field. In fact, the 'First World Facility, Third World Mentality' complaint from visitors regarding the U.A.E. amenities can be attributed to the fact that cleaning as a process has been hugely neglected.

"The industry must become professional in the shortest time possible. As a matter of urgency, a body comprising the Government, local and city councils, training schools, suppliers, contractors and other stakeholders should be set up to draw up minimum standards," Pomfret says, some 20 years ago, I helped develop the 5 Star Health and Safety Management SystemÔ the first part I concentrated on, was housekeeping “Cleanliness and Order” this gives the employer, the biggest bang for the buck.

Arguing that Governments should be more receptive and exposed to the cleaning service industry, Pomfret - whose company has been in the health and safety business for over 50 years - says: "Right now, it's a free-for-all. Unless standards are imposed and cleaning contractors are certified and classified, many countries will continue to be plagued by poor maintenance and dirty surroundings." Dr Pomfret may remind one of a young Don Aslett, the author of numerous books on cleaning techniques and self-styled No. 1 cleaner in America, but all he dreams of is a day when no person would fear to walk into a public toilet in any country he has trained.

Meanwhile, Dr. Clean as he is known has trained staff from many companies in the Philippines and the U.A.E. South Africa and elsewhere. The going has been tough, still is, principally because of the need for him to relentlessly prod and irritate people into action, even just to see the urgency of the matter. On the positive side, he can be likened to a grain of sand in an oyster, which will one day become a pearl – and be appreciated.

DR CLEAN'S DIAGNOSIS INDUSTRY MUST BE RATIONALISED: Nobody can tell for sure about something as basic as the size of the industry. There are so many players but numbers don't guarantee quality. And there are no proper guidelines to qualify cleaning enterprises for bids to undertake a cleaning and building maintenance job.

Without guidelines on such things as a company's manpower, technological and management capacity as well as know-how, anyone with minimal or zero knowledge can bid for contracts. Unlike in the construction industry where contractors are graded, there is no classification of cleaners based on professional competence.

THE CLEANERS, THEY MUST BUCK UP: Cleaning know-how and cleaning product knowledge are not fully pursued by cleaners. Unlike the UK and Singapore, which imposes practical and theory tests on would-be cleaning operatives (questions range from which chemical to use on which type of surface to which color pad to use for which scrubber machine for which function), most western countries cleaning service industry operates on the basis of: “even my grandmother can do that job”.

WHAT STANDARD? There are no established standards for cleanliness.

Lack of education on the part of the authorities (such as local councils), building owners and property managers and employers, as well as the cleaners themselves is a major obstacle against the much-needed professionalisation of the industry. "Our architectural and engineering ability has reached the point where we can build the world's tallest buildings but our cleaning and maintenance ability has lagged far behind." WHAT BENCHMARK? There is no benchmark for players to strive to match and maybe exceed, with a view to promoting the development of the International cleaning service industry to the level where it can compete in the international market and export cleaning services. "The Government should nurture the industry so that it will reach that level."

Dr Bill Pomfret; MSc, FIOSH; RSP. Can be contacted: 26, Drysdale Street, Kanata, Ontario, K2K 3L3. Tel: 613-2549233; Website www.spi5star.com; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it..

Thursday, 24 May 2018 20:14

The Importance of Professional Cleaning

Community bank strengthens enterprise-wide business continuity program and vendor risk management capabilities

Fusion logoWith 53 branches, multiple ATMs, and banking seven days a week at two locations, TBK Bank strives to do the right thing to make customers’ lives better and easier.

Now, the bank has done the right thing for its customers by doing the right thing for its business continuity program, moving in just six months from a legacy planning tool to a data-centric business continuity management program built on the Fusion Framework® System™.  

The power of the solution creates synergies that allow the business continuity program to continue to grow and mature, taking on high priorities that were previously out of scope such as vendor risk management. This has significantly improved TBK Bank’s risk profile, with the end result being a greater ability to deliver great customer service at all times under any circumstances.

TBK Bank’s ongoing success has been accelerated with a regular infusion of Fusion’s creative Fuel offering and by connecting with the Fusion Community where best practices and new ideas are openly shared.

Making Business Continuity Holistic and Actionable

logo 2xTBK Bank recognizes the criticality of being always available for its customers. When the time came to move away from the lightweight legacy product the bank used for its business continuity program, Deb Wagamon, Business Continuity Manager at TBK Bank, examined the options in the marketplace. One of the vendors she contacted was Fusion Risk Management.

Wagamon explained why Fusion piqued her interest: “The first thing that impressed me was the fact that they were extremely interested in what I was doing and what my hindrances were and how they could help us. They didn’t start out like a normal vendor with ‘I can sell you this. This is what we can do for you.’ That told me I had a partner, rather than just a vendor trying to get money out of my company.”

Fusion rose to the top of the potential vendors because of the opportunity Wagamon had to try out the system. “They gave me a month trial period where I could enter my program’s data into the system and test it,” stated Wagamon. “Other vendors were offering much shorter trial periods – only a few days to a week. Plus, not only did Fusion allow me the sandbox to test in, but I was able to bounce questions off of Fusion personnel while I was doing it. Even before I was a customer, it was like I had a whole team helping bring my vision to life using the Fusion Framework System.

Recognizing that Fusion would make TBK Bank’s future business continuity goals possible in ways other vendors could not match, Wagamon committed to the Fusion Framework System.

The system brought together all of TBK Bank’s business continuity plans into one accessible and actionable location. Vulnerabilities and gaps were identified and remediated. Such a transformation would typically take years via a traditional approach, however, the Fusion Framework and its flexible, information-based approach and robust plan management infrastructure enabled the TBK Bank business continuity team to instill best practices in the program without starting from scratch. Wagamon affirmed, “It took me just six months to take my plan from ‘basic’ to ‘robust.’”

Managing Vendor Risk

TBK Bank worked with Fusion not only to leverage the Fusion Framework System for business continuity, but also to improve vendor risk management. Previously, Wagamon had vendor information in multiple places, so it was hard to manage, keep up to date, and pull together in the event of an audit. With over 350 vendors in play, she knew it was only a matter of time before something crucial was missed, with significant ramifications. “Trying to manage all the due diligence, contracts, and everything was becoming a nightmare. I had to get the vendor data into some kind of an automated tool,” explained Wagamon.

TBK Bank leveraged the flexibility and configurability of the Fusion Framework System to create a vendor management solution aligned with its specific needs. “I truly feel confident, because the Fusion Framework System handles everything. Processes are automated to eliminate human error. The system sends me an e-mail whenever I have to update insurance. If I’ve got a contract that’s coming up in 90 days, the business owner gets an e-mail saying, ‘Do you want to renew this or do you want to terminate?’ All I do now is manage.”

Plus, because the information foundation created by the Fusion Framework now contains comprehensive vendor data, the vendor risk management program is fully integrated with the business continuity program. This results in greater engagement of users and stronger end-to-end business continuity plans.

Fueling Further Success

To further the success of its business continuity program, TBK Bank took advantage of Fusion’s unique offering known as Fuel which pairs Wagamon’s group with an industry expert and a team of Fusion product experts. The team keeps TBK Bank’s program focused on the right priorities and provides expertise impossible to get from an internal resource. Wagamon noted, “This has been wonderful for me. I meet with an expert on a monthly basis and talk about my objectives for the next budget year, get help to resolve any issues I might have, and learn how to use the system to its fullest advantage.”

Additionally, Wagamon has benefited greatly from the knowledge sharing opportunities that are regularly available as a member of the Fusion community. Wagamon attends Fusion industry user groups, where she learns from her peers. She affirmed, “There’s always more to Fusion – it doesn’t matter how much you’re learning or how far you’ve come in the last two or three years, there’s just so much depth. The user groups are wonderful for allowing you to connect with the Fusion community, learn from fellow peers, and understand all the areas where Fusion can assist you.

Wagamon has been thrilled to share her experience with others. “I’ve been able to sit down with someone who is as frustrated as I used to be and tell them my story,” she stated. “Normally, I don’t make a stand and speak out in public about vendors, but with Fusion, I do.”

Thursday, 24 May 2018 17:45

Business Continuity You Can Bank On

Many organizations use templates to help them craft their business continuity plans.

In our opinion, this is an excellent way of going about doing it.

The “good” of using templates is significant and will be sketched out below.

If there is an “ugly” part about using templates, it’s what happens when organizations mistake filling out a template with the thought and analysis that comes with actual planning.

That being said, we commonly see more problems when organizations don’t use templates as a guide or standard for their planning efforts.

A surprisingly large number of organizations forgo the convenience and support of templates for a cooking-from-scratch approach. Moreover, they frequently have lots of different cooks.

Such organizations commonly task different individuals from across the company with writing the recovery plans for their respective departments. You can imagine the results: A large collection of mismatched plans varying widely in quality, comprehensiveness, level of detail, organization, and formatting. Some of these plans are liable to be excellent and some barely adequate. Many will have significant gaps, and since there’s no companywide documentation standard, they will probably all be confusing to anyone from outside the department who has to use them in an emergency. Talk about ugly.

In terms of the “bad” aspects of using templates, there really aren’t many. However there are some precautions you should keep in mind which using them, and which we’ll spell out in a moment.



(TNS) - In the aftermath of the Santa Fe High School shooting last week, Central Texas school officials are reviewing safety plans and working to tighten security, including for upcoming graduation ceremonies.

Officials with several area school districts said this week they will continue to conduct drills, including for lockdown, lockout and evacuations. They said they’ll also work with local law enforcement agencies to check school emergency response plans. Some school districts are taking further steps by adding more security measures for graduation ceremonies, exploring ways to limit how people can enter campuses and training staff on responding to an active shooter.

Eight students and two teachers were killed in the Santa Fe shooting. The accused shooter is a student at the school.

“AISD police is prepared to respond in a crisis and regularly works with outside police and safety organizations to ensure we have plans in place,” said Cristina Nguyen, spokeswoman for the Austin school district. “We will continually review our protocols and look for ways enhance the safety in our community.”

Nguyen added that the Frank Erwin Center will require graduation attendees to carry clear bags this year; the policy also applies to Eanes and Pflugerville school districts’ high school graduations at the venue. The Hays school district is requiring passes for individuals to access the floor of the Texas State University’s Strahan Coliseum where graduation will be held. Officials at other school districts such as Bastrop will add more officers and plain-clothes personnel as needed.



On May 11-16 a series of wind, hail and rain storms struck most states east of the Rocky Mountains. Karen Clark & Co. a catastrophe modeling firm, estimates that the storms will cost insurers $2.5 billion.

Most of the damage occurred in the Midwest, Northeast and Mid-Atlantic regions. Karen Clark predicts that insured losses higher than $100 million will be seen in: Colorado, Connecticut, Illinois, Indiana, Iowa, Kansas, Maryland, Michigan, New York, Ohio, Pennsylvania and Virginia.

The weather system (referred to as a ‘ring of fire’) led to over 600,000 power outages in the Mid-Atlantic and Northeast states.  Wind gusts over 58 miles per hour were reported as well as hundreds of hail storms and 28 tornadoes.



The European Union's (EU) General Data Protection Regulation, or GDPR for short, places stringent new rules on how enterprises manage and secure user data. A key consideration for enterprise CISOs and their data security teams, GDPR can also have a major impact on a company's data storage environment and the management thereof. We have long known the GDRP is on the way; it finally goes into effect on Friday, May 25, 2018.

GDPR affects non-European enterprises, too

Don't think that GDPR applies to organizations located outside of the EU? Think again.

First off, being based outside of the EU doesn't immunize the company from the regulation's requirements. If an organization collects data belonging to European users, GDPR applies, regardless of which country its headquarters calls home.




In March, I discussed how important it is for Mail-Gard to exercise our clients’ print-to-mail applications so we’re always ready to step up to the plate in the event of a disaster. “Practice makes perfect,” and our continued testing helps ensure a seamless transition when your business suffers an interruption.

But that’s not the only kind of exercise that’s important to us. We also place a lot of importance on our employees’ physical health and well-being. Since May is National Physical Fitness and Sports Month, it seems appropriate to highlight some of our corporate initiatives that greatly support our team’s mental and physical fitness and contribute to our culture of excellence.



Data breaches can trigger fines, deflate stock prices, irreparably damage reputations, lose customers and attract more cyberattacks.

But they don’t have to.

By responding quickly and decisively at the first sign of a data breach, you can limit its impact, preserve trust in your business and keep customers safe.

The consequences of a botched data breach response

Large companies are more likely to survive, but suffer severe damage. After Equifax announced a data breach that had compromised the personal information of 143 million Americans (recently updated to 148 million), it quickly shed more than $4 billion in market value as its stock sunk 20 percent. It hasn’t recovered.



Reflecting Pressure on Companies to Address Cybersecurity Deficiencies

Yahoo recently agreed to pay the Securities and Exchange Commission $35 million to resolve claims that the company misled investors by failing to disclose a massive cybersecurity breach.  Cybersecurity whistleblowers should feel empowered by this news, which follows other efforts by the SEC to crack down on nondisclosures like these, including through the publication of a new cybersecurity guidance document in February 2018. 

The U.S. Securities and Exchange Commission (SEC) has reached yet another settlement arising from a cybersecurity event. On April 24, 2018, the SEC announced that it had reached a $35 million settlement with Altaba, Inc. – the company formerly known as Yahoo! Inc. – to resolve claims that the company misled investors by failing to disclose the cybersecurity breach that enabled hackers to steal the personal data of hundreds of millions of Yahoo users.

As data storage needs continue to grow and many organizations move toward software-defined infrastructure, more enterprises are using open source software to meet some of their storage needs. Projects like Hadoop, Ceph, Gluster and others have become very common at large enterprises.

Home users and small businesses can also benefit from open source storage software. These applications can make it possible to set up your own NAS or SAN device using industry-standard hardware without paying the high prices vendors charge for dedicated storage appliances. Open source software also offers users the option to set up a cloud storage solution where they have control over security and privacy, and it can also offer affordable options for backup and recovery.

The list below features 64 open source storage projects that are among the best options available for enterprises, SMBs and individual users. Please note that this is not a ranking. Entries are organized into categories and then alphabetized within the categories.



The company’s quarterly results highlight growth across several regions and rising demand for Netwrix Auditor in the financial, government and technology sectors

IRVINE, Calif. — Netwrix Corporation, provider of a visibility platform for data security and risk mitigation in hybrid environments, today announced its results for Q1 2018, which indicate 26% global sales growth and substantial revenue increase across multiple sectors, including financial services, government and technology. Netwrix also reports sustainable growth in the UK, France and the DACH region; new partnerships; charity and research initiatives; and recognition from industry experts.

Market momentum

“The 2018 Verizon DBIR showed that hacking is now the most common cause of data breaches, and use of stolen credentials is the top method used. This demonstrates that many organizations still lack the visibility they need into what users are doing in their IT environments so they can protect their data from insider and outsider threats. With the deadline for GDPR compliance quickly approaching, companies have little time to provide evidence that their security measures are working and their systems and data are under control.  As a result, we expect a surge of interest in products that empower organizations to keep track of user behavior, quickly detect suspicious activities and prioritize their security efforts to protect critical assets,” said Steve Dickson, CEO of Netwrix.

  • Netwrix reported 26% global sales growth compared to Q1 2017, as well as substantial revenue increase in EMEA (122%), the UK (156%), France (29%) and the DACH region (128%).
  • The growing demand for solutions for data security enabled Netwrix to demonstrate growth across several sectors, including financial services (36%), government (46%) and technology (57%).
  • Netwrix launched a new global channel program designed to accelerate growth across all regions and create a proactive partner community network for addressing all industry verticals, routes to market and sizes.


  • Netwrix announced a partnership agreement with Concept Searching to bring even more visibility into IT infrastructures through data discovery and data classification capabilities.


  • In January 2018, Netwrix released the 2018 Netwrix Cloud Security Report, which showed that 39% of organizations blame their own IT teams for security incidents in the cloud.

Industry recognition

  • Netwrix and SysAdmin Magazine announced the winners of the 2018 SysAdmin Blog Awards, which recognize the most tech-savvy blogs for their commitment to sharing valuable knowledge with IT professionals worldwide.


  • In January 2018, Netwrix announced its support for UNICEF USA’s "Hurricane Harvey: Help Children Weather the Storm" initiative, which helps children affected by Hurricane Harvey get back to school in safe learning environments.
  • In March 2018, Netwrix co-founder Michael Fimin supported several non-profit organizations based in the company’s home of Orange County, California, including Surfrider Foundation, Mission Hospital, Laguna Beach High School and San Clemente’s Casa Romantica.


About Netwrix Corporation

Netwrix Corporation is a software company focused exclusively on providing IT operations and security teams with pervasive visibility into user behavior, system configurations and data sensitivity across hybrid IT infrastructures, empowering them to protect data regardless of its location and sleep soundly at night instead of worrying about security blind zones or yet another compliance check. Founded in 2006, Netwrix has earned more than 140 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com.

Seann Moreno, Chief Operating Officer

Helping to grow the efficiency and productivity of IT technology for small to medium size businesses, Data Tech Cafe needed a reliable and affordable way to keep their customers connected in the cloud.

Introduction to the client and their business

Seann Moreno is the Chief Operating Officer at Data Tech Cafe, a company dedicated to managing IT technology solutions for growing businesses in areas like healthcare and wireless services. They also partner with companies by offering support, consulting, and business transformation to help them grow.

In one impressive example, Data Tech Cafe helped a customer expand from forty locations to over five hundred nationwide. Suffice to say, Seann and his team know what they’re doing.

About the Case

Data Tech Cafe not only sells Nerdio Private Cloud to their customers, but they love the product so much that they even use it themselves. Nerdio products helped to ease the stress of customers and keep Data Tech Cafe’s business running even after a disastrous office fire.


Problem 1 - Reliable Data Storage and Migration

Nerdios1Technology rapidly changes and updates extraordinarily fast nowadays. It’s a challenge for companies to keep up. Seann was continually dealing with expensive upgrades of hardware for his customers. Difficulties associated with migrating software data over and the problem of possibly losing a hard drive and the backup disk – just to get customers up and running right away – proved to be pretty laborious.

If only he had affordable cloud software to make it all run smoothly with a team to assist in hardware upgrades. That’s where Nerdio swooped in to save the day!

The Solution

With internet connection speeds expanding to a place where people at home can have a larger bandwidth than ever before, cloud services have become viable for everyone. Seann discovered that using Nerdio Private Cloud gives access to an ‘enterprise experience’ that’s now affordable to the small and medium-sized business.

When it’s time for a Data Tech Cafe customer to upgrade, Nerdio takes care of the entire process with stellar service. Seann doesn’t worry about issues with converting and migrating software data or installing hardware technology. He’s confident that customers will receive the latest and greatest from Nerdio each and every time.

Seann first met with Nerdio at an MSP Conference in Las Vegas. Once he learned about the product and what it could do for his business, Data Tech Cafe immediately jumped on board. They decided to become a partner and implemented Nerdio Private Cloud themselves so they could benefit from having the same experience as their customers.


Problem 2 - An Office Fire

Their kitchen caught fire and the Data Tech Cafe office had to close for several days. How would they get work done as a team if they couldn’t meet in the same place?

The Solution

The virtual desktop from Nerdio is what Seann likes to call an “Enterprise Data Center In a Box” experience.Working through Nerdio Private Cloud and its virtual infrastructure is a way of life for Seann and his employees. Without it, having to call his entire team about closing the office due to fire would have slowed down work progress immensely. Not for Data Tech Cafe.

They informed all employees and explained that they had an office fire so everyone would need to work from home. No problem. Each person was able to open their laptop or home PC, log on to their desktop remotely, and continue working as if nothing had happened.

Nerdio Private Cloud made it possible for Data Tech Cafe to continue moving forward even though their office was shut down for a few days. They could easily support their customers and still give the world-class service experience expected of them.


How It Feels To Partner With Nerdio                               

Seann feels like his company is a part of the Nerdio family. He appreciates that they go above and beyond to give the very best customer service experience and an added feeling of inclusivity. Feeling welcome at all times, Seann knows his concerns are as important as the next guy’s.


Tuesday, 22 May 2018 10:30

Data Tech Cafe Case Study

For companies who provide cloud management and recovery solutions, there’s never been a more critical time to fortify their offerings. And while there’s no single recovery technology capable of spanning today’s vast and varied IT landscape, two things are for certain: business resilience is vital, and one size does not fit all.

Companies can discuss the benefits of the Sungard AS and Zerto cloud DRaaS solution at ZertoCON, May 21 – 23 at the Hynes Convention Center in Boston.

That’s why Sungard Availability Services (Sungard AS) is pleased to announce the availability of an enhanced version of the Cloud Recovery – Virtual Servers service it first launched in November 2017. Leveraging Zerto technology to deliver resiliency for the Sungard AS cloud platform, new enhancements include the ability for customers to bring their own Zerto licenses, increased scalability to support 1000+ virtual machine environments, and improved service level agreement (SLA) support.

With nearly 40 years of award-winning production and recovery IT experience under its belt, Sungard AS is a leader in the Disaster Recovery as a Service (DRaaS) space. This includes being cited as a “Leader” in the most recent Forrester Wave report on Disaster Recovery as a Service providers, as well as the Gartner Magic Quadrant for DRaaS.



City governments today need to be prepared for any sort of attack: terrorists attempting to impact large events such as the bomb incident at the Boston Marathon, potential infiltration of the city water supply — and now ransomware attacks. The recent security breach in Atlanta shows that cities may not be prepared for hackers who have the savvy to take governments hostage. With an affected area of around six million people, this is the largest group of individuals impacted by a government breach to date. Communication to prevent and respond to these incidents can be challenging; not just within the government but also between affected government entities and the public.

Damaging, and Lucrative, Ransomware

Surprisingly enough, the hackers in the Atlanta incident were only asking for a measly $51,000 in Bitcoin — a paltry sum considering that they effectively held the city hostage for nearly a week. While city officials declined to comment on whether or not the ransom was paid, two weeks after the attack they were still struggling to restore services which suggests the ransom was not paid. Instead, the courts continued to be unable to process online or in-person tickets, hearings had to be rescheduled and employees were unable to access their files and computers. While the city’s 911 service was not affected, it easily could have been a target of the hackers. This isn’t the first time that municipalities have been the target of malicious actors: Dallas had an incident in 2017 where hackers activated tornado sirens during the early hours of the morning, and the Colorado Department of Transportation has also been targeted. Attempting to keep communication flowing during an emergency can be challenging, especially if you’re unable to access key government computer systems.



Extended Enterprise Risk Management Programs Need to Be Understood

The benefits related to expanding a company’s capabilities beyond the traditional four walls of an organization are too big to ignore, but many executives see challenges in managing the third-party risk involved. Unfortunately, these challenges can obscure the perceived value in expanding the enterprise and test the resolve of decision makers who want to make it happen.

That’s the thrust of a recent Deloitte poll, which surveyed nearly 2,400 professionals in a bid to better understand third party, or extended enterprise risk management (EERM) programs. Across a range of industries — including banking and securities, technology, investment management, travel, hospitality and services, insurance, and other sectors — a mere 3.9 percent of respondents in the survey defined their EERM efforts as “optimized.”

That means a small fraction of organizations have matured EERM to the point of having an integrated strategy and decision making, continuous improvement and investment, executive champions, and highly customized decision support tools with external data. In constructing our poll, we positioned these as some of the key attributes necessary to mature EERM programs and create value. In developing these attributes, organizations can better streamline with improved confidence the management of third parties. So why do so few companies have these attributes in place to do EERM well?



When a fleet of monster trucks, canoes, jon boats, motor boats, kayaks, and the Cajun Navy make their way into town, you know it’s too late to make a readiness plan in advance of hurricane season. By that point, you’re probably standing in floodwaters up to your waist (or higher), and you’re realizing that your business is about to come to a screeching halt, along with the added concerns for property, plant, and possessions – both personal and professional.

But when an 18-wheeler equipped with modern workstations, Internet connectivity, telephones and printers – not to mention heating and air conditioning, 50 workspace seats, dozens of rack-mounted servers and high-speed satellite communications – rolls into town, you know you’re in good hands.

That’s what happened last week in Houston, the bullseye of 2017’s Hurricane Harvey, as Sungard Availability Services (Sungard AS) brought one of its seven Mobile Recovery Units (MRUs) to its Houston North Datacenter to bring attention to National Hurricane Preparedness Week. With the beginning of the 2018 Atlantic Hurricane season just two weeks away, Sungard AS wanted to make sure that Houston-area business and civic leaders were aware that business resilience is critical to weathering the next catastrophic natural disaster.



There must be something special about the number nine.

When we talk about looking our best, we speak of dressing to the nines. When we’re happy, we talk about being on cloud nine. And when we talk about doing something thoroughly, we speak of going the whole nine yards.

As it happens, nine was also the number I hit on when I sat down to answer the question: What are the characteristics of a top-flight business continuity management program? (I was obliged to do this when writing the ebook we recently published, “10 Keys to a Peak-Performing BCM Program,” which you can download for free here.)

These are the nine qualities that we at MHA Consulting consistently strive to attain in serving our clients.



Within Business Continuity circles there is ongoing debate about the relevance and role of Risk Assessment in developing a BCM program. Having been in the industry for more than 20 years, I understand the issue from both the sides.

Traditional, formalized Risk Assessment aims to identify the threats to which our organization is vulnerable. Once this threat-vulnerability pairing is identified, the next step is to assign a probability of such an occurrence – based on experience or other external source material.  Next, the impact of the threat happening must be assessed.  The combination of Probability and Impact – Low Probability/High Impact vs. High Probability/Low Impact (and other options in between) provides the ability to stratify risks.

Once risks have been assessed, strategies can be developed to mitigate or reduce their potential impact on our operations. This is the risk mitigation approach in a nut-shell.



Friday, 18 May 2018 13:16

Threats, Impacts, BCPs

(TNS) - When the doctors and nurses at Sunrise Hospital in Las Vegas found themselves inundated with victims of October’s mass shooting at a country music festival there, their heroic efforts to save lives and stem the carnage relied heavily on expertise developed by a renowned New Orleans surgeon.

The late Dr. Norman McSwain, who for years headed the trauma center at Charity Hospital in New Orleans, pioneered many of the techniques put to use in the chaotic hours after the shooting, said Dave MacIntyre, a trauma surgeon at Sunrise.

“I’m telling you, you guys had the best here teaching you,” MacIntyre said of McSwain, who died in July 2015. The trauma center at University Medical Center in Mid-City is named after him.



Active shooter incidents are on the rise in US, and your organization is most definitely at risk.

Quoting FBI statistics, the National Fire Protection Association reports that “an average of 6.4 active shooter events occurred annually in the U.S. from 2000 to 2006. From 2007 to 2013, that average more than doubled, to 16.4. From 2014 to 2015, it climbed to 20.”  The FBI reported that from 2000 to 2013 alone 160 “active shooter” incidents in the US resulted in over 1000 people killed and wounded.

Whether yours is a business, school, religious institution, government office, day care center – any organization – you simply have to be prepared for this all-to-common deadly violence. If you don’t have a crisis plan in place, stop reading this immediately. Your first priority is to get a plan in place as soon as possible. On the other hand, if you do have a crisis plan in place, that plan, along with your organization’s response team, needs to be tested and evaluated in a tabletop exercise specifically focused on an active shooter scenario.

To make your active shooter exercise as productive as possible, it actually must be designed to test two separate but related components: 1) the decision-making by your organization’s leadership and, equally important, 2) how well your employees would respond during an active shooter event. Unlike many other kinds of crises your organization might face, your employees have the potential, along with law enforcement, “to affect the outcome of an (active shooter) event based on their responses,“ according to the FBI report.



Thursday, 17 May 2018 16:21

Active Shooter: 4 Tabletop Exercise Tips

When leadership issues a corporate mandate, employees are expected to execute on it. But what happens when a mandate is clear, but workers are not given the resources to do the work?

During the 2018 Enaxis Leadership Forum, surveyed participants reported that 92% of their organizations have established, or planned to establish, a digital strategy as a high-priority of the organization within the next 12 months. This is an overwhelming endorsement of the importance of establishing digital strategies as core strategic targets. Organizations recognize the effects digital transformations are having across industries, and a significant majority have already prepared themselves to act upon it. This was found to be true across a variety of industries, which highlights how pervasive digital transformations are becoming across all businesses.

Despite this significant intended adoption, however, a major fissure is likely to hinder organizations from following through on their vision. The fissure? Lack of funding.



When an emergency occurs, your team must be ready for any eventuality.

That could mean everything from knowing where the closest exits are in case of fire to understanding how to communicate with vendors and customers in case of an extended power outage or cyber-attack. Unfortunately, many organizations are under-equipped to share the information with the right people at the right time — a requirement to ensure seamless operations can continue even under duress.

Damaging Emergencies

In any given year, there are hundreds of workplace homicides, making workplace violence and active shooter situations a reality that must be addressed. With over 40% of small businesses failing to re-open after a weather-related or another major disaster, the evidence is clear that emergencies must be handled in a timely and proactive manner. Whether disasters are caused by human action or by nature, effective communication is cited by human resources professionals as being a critical part of disaster recovery.

Notes David Rusenko, CEO, and founder of Weebly, “It’s hard to figure out where to prioritize when your business is hit by a natural disaster. While you get organized and figure out a plan, it’s critical to communicate as quickly and transparently as possible with your existing customers and new customers who are searching for you online.”

Crisis communication can take many forms, including instant notifications triggered by operations, technology or human resources personnel. This communication lets employees know how to continue operations during an outage or how to signal that they are safe during an active shooter incident, just to list a couple of examples. Without a comprehensive communications platform in place, it can be much harder to ensure that everyone has made it to safety.



Here’s a modest proposal that will save basketball fans and their families a great deal of time and stress over the next month.

As you probably know, the NBA Conference Finals just got underway, with the Celtics and Cavaliers dueling in the Eastern conference finals and the Rockets and Warriors playing to determine the champs of the Western Conference. Then the winning teams will face each other in a best out of seven series to determine the league champion.

But unfortunately, along the way basketball fans will have to experience a lot of anxiety and aggravation while throwing away many hours of their lives which they can never get back.

There’s an easier way.

Why doesn’t the NBA, instead of holding all those games, just collect the four teams’ practice records and award the championship to which ever has spent the most time doing shooting drills?

It would be quick, efficient, and over in 15 minutes.

And clearly there’s a direct correlation between which team conducts the most practice drills and which plays the best, right?

Wrong, obviously.

You see what this would amount to, right? Awarding the title based on a metric that is only of limited, private significance to each team (within the context of its efforts to improve), instead of based on a metric that really does matter, namely which team performs the best through all the matchups of the playoffs and finals.

Unfortunately, this is the approach many business continuity managers take in quantifying and measuring aspects of their program.



The Greek philosopher Heraclitus is known for his statement, “The only constant is change.”  Personally, I embrace change.  After all, if things did not change we would get bored with the mundane.  Along those lines, I recently decided it was time for a change in my career and joined BC in the Cloud this year.   After spending nearly 20 years in the pharmaceutical industry I prepared myself for a tidal wave of change and a steep learning curve.  Now with a few months in the field, I am pleasantly surprised to find I was more prepared than I thought, thanks to the years I spent as a volunteer firefighter.

How could firefighting prepare you for a job in a company that provides a planning platform for business continuity and disaster recovery?  You may be surprised by the similarities.

Firefighting is all about planning and preparing for an emergency.  As a firefighter you never know when the alarm will sound or what that next call might bring.  This is no different than what business continuity practitioners do for the businesses they support.   In business continuity plans are created and those plans are tested through a variety of exercises.  When an incident occurs, the plans become the backbone of how a business responds, hopefully with as little disruption and impact as possible.



Wednesday, 16 May 2018 14:48

Putting Out Fires

Listen to Don Hall, Government Solutions Director at OnSolve, on Federal Tech Talk with John Gilroy


Original Article and Audio Download at Federal News Radio

After a lifetime of service in emergency management, fire and rescue, and law enforcement, Don Hall is now fulfilling a leadership role in emergency notification. Hall currently serves as the Government Solutions Director for OnSolve. In 2017, Hall was appointed to the Integrated Public Alert and Warning System (IPAWS) Subcommittee for the FEMA National Advisory Council. In a recent radio interview with Federal News Radio, this highly experienced communications expert explained the products and technologies currently available at OnSolve for emergency notifications.



Evolving Communication Tools Pose New Challenges for Security

Banks aren’t strangers to reining in their employees’ use of communications tools. However, the methods preferred by customers and client reps continue to change, and if banks don’t keep up with these rapidly changing tools, even those that have made a massive investment into a compliance infrastructure over the years may find themselves struggling with regulatory compliance.

In regulated industries such as financial services, it is common practice to set boundaries for employee use of communications tools. With these restrictions in place, banks protect themselves from allowing sensitive information to be shared egregiously, at the same time working to remain in compliance with bookkeeping regulations. As new communications tools continue to be introduced and used by customers, banks must adapt their client engagement practices while continuing to avoid accruing fines.



On the eve of new EU regulations, and in the wake of recent large-scale data privacy breaches, a new ISO committee is leading the way with guidelines that put the consumer back in control.

The Internet-driven world shook when Facebook was recently exposed for having shared personal information about 87 million users to a private company, the aftershocks of which are still being felt as it becomes clear this is not a one-off event.

“The majority of privacy breaches remain unchallenged, unregulated and unknown,” said international privacy expert Dr Ann Cavoukian in her video address at the ISO workshop “Consumer protection in the digital economy”, which took place in Bali, Indonesia, this week. “Regulatory compliance alone is unsustainable as the sole model for ensuring the future of privacy,” she added. “Prevention is needed.”

As new EU regulations come into force late this month that require companies to protect personal data, restricting the way it is collected and used, ISO is taking the consumer’s voice one step further. A team of privacy experts has been formed to develop the first set of preventative international guidelines for ensuring consumer privacy is embedded into the design of a product or service, offering protection throughout the whole life cycle.

The new ISO project committee, ISO/PC 317, Consumer protection: privacy by design for consumer goods and services, will develop guidelines that will not only enforce compliance with regulations, but generate greater consumer trust at a time when it is needed most.



Every organization, no matter how big or small, needs to have an emergency response plan in place.

Part of this plan calls for a mass notification system that enables your internal and external community to communicate during an emergency situation. Whether you are faced with an active shooter scenario, social chaos, flooding, or tornados, your organization needs a way to share timely information in order to save lives. If your team is still on the fence about whether or not to implement an emergency notification system, take into consideration these benefits of mass notification technology.

Understanding Mass Notification

A key aspect of an emergency response plan is to be able to share accurate and vital information to anyone within your community as fast as possible. The easiest way to do this is with a mass notification service. Yes, you could share your emergency messaging via social media, on the radio, or through televised emergency broadcasting. But how can you be sure you are reaching the widest berth of individuals with this information? More importantly, what happens if the internet or power shuts down? How will you communicate then if your sole methods are Facebook, radios, or TVs? This is where mass notification systems save the day.



Bluelock is pleased to announce that we’ve achieved an industry-leading Net Promoter Score (NPS) of 92 for Disaster Recovery-as-a-Service (DRaaS). The NPS is judged on a scale of -100 to + 100, with a rating of 50 considered excellent.

The NPS is a rolling 12-month score and is Bluelock’s primary measure of client satisfaction, considered a company-level metric of success. “Our clients’ satisfaction is our utmost priority and we’re pleased to see an NPS of 92 reflecting that commitment,” said Bluelock EVP of Product & Service Development Jeff Ton.

Additionally, we have a near 5 out of 5 stars on G2 Crowd, a customer review site. To read more about Bluelock’s unique recovery solutions, visit our Recovery Suite webpage. If you’d like to learn more about DRaaS, visit the Practical Guide to DRaaS, an ungated resource center.

 In 2017, Bluelock scored an average DRaaS NPS of 88, up 24 points from 2016. 2018’s NPS of 92 raises the company’s score to a near perfect rating. Bluelock DRaaS has also achieved a current rating of 4.7 out of 5 on Gartner Peer Insights and a 4.9 out of 5 on G2 Crowd.

This announcement follows Bluelock’s acquisition by InterVision, announced in March. For more information on Bluelock and its offerings, please visit www.bluelock.com.

When CentaurWipe infected hundreds of companies in December 2016, IT departments were left flat-footed. Named for its dual attack of locking down devices while systematically erasing files, CentaurWipe was finally contained after an emergency patch was deployed.

Cyber security threats awareness

Knowing what malware does, what it targets, and how to stop it can help you keep your systems safe.

Sound familiar?

It shouldn’t. It never happened.

But in a recent survey of 510 IT decision-makers, more than 85 percent thought CentaurWipe was a real cyberattack when we asked them to pick the fake among a list of real attacks. More respondents picked WannaCry as the fake cyberattack than CentaurWipe.

What’s going on here? Are there just so many cyberattacks that it’s hard to remember all the names?

Or is there a lack of awareness that could be putting organizations in jeopardy?



Sophisticated Data Breaches Threaten the U.S.

NuData Security, passive biometrics and Mastercard company, announced that they have found that 40% of all account access attempts online are high risk. They also found that account takeovers increased ten times in 2017 as compared to 2016. Robert Capps examines such data breaches.

Across the globe, data breaches continue to increase each year, making it even easier for fraudsters to take over accounts. This is because each time a breach occurs, more personally identifiable information (PII) becomes available for criminals. We are already near ten billion exposed records since 2013 – 9.7 billion – according to the Breach Level Index.

This exposed information is not just outdated information like your teenage years’ email password; we are talking about full names, addresses, social security numbers, and more. Buying this information for a few bucks even the least sophisticated of actors can gain access to personal accounts or steal identities.

Private credentials being stolen and sold on the dark web is not new, what is new is the information currently at stake. Where it was once common for single pieces of information to hit the dark web (a name and a password, for example), criminals are now able to gain access to the complete identities (including names, passwords, physical mailing addresses, and social security numbers). When a fraudster has this much information, it becomes a near cakewalk to take over not just a user’s account, but their whole identity.

Account takeover has also been on the rise, partially as a side effect of the U.S. adoption of the EMV cards. These new cards with chips are turning the card present environment into a more secure place. On the flip side, fraudsters who use to make a profit using the cards’ magnetic stripe are trying to mitigate their losses by moving their activity to the card-not-present space.



AI is one of the hot new topics in computing and with good reason. New techniques in Deep Learning (DL) involving Neural Networks (NN), has the ability to create NN's that achieve better than human accuracy on some problems. Image recognition is an example of how DL models can achieve better than human accuracy in identifying objects in images (object detection and classification).

An example of this is the Imagenet competition. Since 2010 the ImageNet Large Scale Visual Recognition Challenge (ILSVRC) has been used as a gauge of the improvement in image recognition. In 2011, the best error rate was around 25% (the tool could correctly identify 75% of the images outside of the training data set). In 2012, a Deep Neural network (DNN) had an error rate of 16%. In the next few years the error percentage dropped to the single digits. In 2017 29 of the 36 competing teams got less than 5% wrong which is typically better than a human.



Tuesday, 15 May 2018 15:57

Data Storage, AI, and IO Patterns

The word “habit” has a bad reputation, but good habits can be your best friend, whether in your professional life or elsewhere.

What’s more, good habits can be cultivated. If you don’t have them now, maybe you can develop them.

All it takes is a little discipline and determination—and knowing what the best habits are.

To help with that last part, here are my 7 Habits of a Good Business Continuity Manager.

These are the things that high-performing managers do routinely.

If you operate this way already, good for you.

If you don’t operate this way, it’s never too late to start.



The National Association of Broadcasters held their 2018 NAB Show in April. It’s a big show: 103,000 attendees from 161 countries and over 1800 exhibitors.

There were several hot topics at the Show, among them audio-over-IP, HDR, augmented reality, AI/machine learning, and the cloud for all production stages.

Data storage wasn’t among these rarified topics, but there were primary storage, cloud storage, and archival storage exhibitors and sessions. High-performance primary storage vendors included Dell EMC Isilon and Qumulo. On-premises secondary storage came in for its share of attention in the exhibit hall, mostly active archiving tape vendors like Spectra LogicStorage DNA, and the IBM/Sony partnership for 330TB tapes. Monetizing archives was also an active topic. Primary storage and/or archival in the cloud were there too, with vendors like CloudianScality, and Caringo representing object storage.



(TNS) - The 2018 Atlantic hurricane season will be here in a few weeks, and Horry County Emergency Management officials are already recommending to gear up for it.

Hurricane season officially begins June 1 and ends Nov. 30, with the peak between mid-August and late October.

Horry County EMD has been tweeting tips during hurricane preparedness week, which runs from May 6 to May 12.

What should be in your hurricane kit? https://t.co/pdrYt6xc5p #HurricanePrep #HurricaneStrong pic.twitter.com/p7AkIp9AO3

— Horry County EMD (@HorryEMD) May 8, 2018

Officials urge to assemble your hurricane kit now, which should include enough supplies to last at least 72 hours.



Data centres are far from simple storage facilities of bits and bytes. Over the last two decades consumers and businesses have dramatically transformed the way data is stored, processed and used. Gone are the days of data centres being a siloed concern of IT technicians, it is now an issue that concerns all aspects of business right up to board members. But what does the future hold for data centres?

We investigate the current data centre, examining how it works and offering insight into how digital transformation will affect the data centre landscape.



Emergency backup system provides customized sophisticated control functions

By Russelectric

In the aftermath of Hurricane Katrina, which hit New Orleans in 2005, the U.S. Veterans Administration (VA) initiated a major program to upgrade emergency/backup power systems at VA hospitals in hurricane zones. James A. Haley Veterans’ Hospital, located in Tampa, Florida, completed a major power plant renovation as part of the national upgrade. The $47 million renovation to the power plant includes a backup system capable of covering all electrical loads for 120 hours (without refueling) in an event of an outage. Included in the upgrade was a supervisory control and data acquisition (SCADA) system from Russelectric, which provides round the clock customized interactive monitoring, trending, distributed networking, alarm management, and reporting capabilities for the entire power system.

Russ23Haley Hospital awarded the bid for the SCADA system to Russelectric, based in Hingham, Massachusetts, which provided power control switchgear, transfer switches, and SCADA for the emergency backup system. The system provides sophisticated control functions, including emergency/standby power, peak shaving, load curtailment, utility paralleling, cogeneration, and prime power.

VA upgrades emergency system in response to Hurricane Katrina

James A. Haley Veterans’ Hospital, a teaching hospital affiliated with the adjacent University of South Florida College of Medicine, provides a full range of patient services with state-of-the-art technology and research. Haley is the busiest of four national VA polytrauma facilities. It has 415 beds, plus another 118 beds in an onsite long-term care and rehabilitation facility. The system also includes four outpatient clinics serving a four-county area.

As part of the national emergency/backup power system upgrade, Haley Hospital completed a major power plant renovation. One of the key project goals was to ensure continuous air conditioning as well as operation of life-safety and other critical equipment.

The hospital’s former backup power system included nine on-site generators, but could still only cover life-safety loads (45 percent of the total load) in the event of a utility outage. According to Haley’s electrical shop supervisor Bill Hagen, the old system resulted in major headaches, especially its dynamic matrix control. “We had nothing but problems with it,” he recalls. “We never got it to work in parallel. It couldn’t even generate a monthly testing report.”

In contrast, the new backup system covers all electrical loads for 120 hours without refueling. It handles every load for 9 buildings, 15 trailers that make up an on-campus clinic, and a parking garage – with just 7 generators. Each of the new 13,200-VAC Caterpillar diesel generators produces 2,200 kilowatts (kW) of power.

Another improvement is the hospital’s renovated fuel system. The former system had a capacity of 22,000 gallons, and the storage tanks were spread out over several locations. The new tank farm has four 12,000-gallon tanks. With another 6,000-gallon tank under each generator, the system now has a total capacity of 90,000 gallons.

New SCADA system provides customized round the clock monitoring and reporting

Russ22The system includes a state-of-the-art SCADA system, which features software and screen displays customized by Russelectric for the hospital’s site-specific needs. It provides interactive monitoring, real-time and historical trending, distributed networking, alarm management, and comprehensive reports around the clock for every detail of the entire power system, not just for the backup components.

In addition to monitoring power quality, the SCADA system includes continuous monitoring of fuel consumption by each generator and the level of fuel in every tank. With SCADA, an operator can easily monitor and control a facility’s entire power system using full-color “point and click” interactive computer-screen displays at the system console.

For example, the operator can access and change the system’s PLC setpoints, display any of the analog or digital readouts on switchgear front panels, run a system test, or view the alarm history. A dynamic one-line diagram display uses color to indicate the status of the entire power system, including the positions of all power switching devices. Operating parameters are displayed and updated in real time; flashing lights on the switchgear annunciator panel also flash on the SCADA screen. Event logging, alarm locking, and help screens are standard.

“The SCADA is so sensitive that it detects and explains even the slightest anomaly, including those in the utility feeds,” says Byron Taylor, the hospital’s lead power plant operator. “A number of times we’ve called Tampa Electric Company (TECO) because we saw something happening, and they had no idea they even had a problem yet! The stuff the system does is phenomenal. It gives us more data than we ever need for an average day, but it’s tremendous that we have it when we do need it.”

Required system testing no longer results in disruptions

Russ21To meet state and federal regulations, backup generators must be tested every month. Thanks to the new system’s capability for closed-transition transfer, the tests no longer require power interruptions that interfere with hospital loads.

The system allows operators to carry out the tests in two different ways. They can parallel the output of all seven generators to the utility feed, or they can test one generator at a time, up to its full output, using a special 2-megawatt (MW) load bank that has an independent control panel. Testing can be initiated manually or through SCADA.

“It’s so much easier now,” says Hagen. “We’ll never again have to pay a testing firm to come out and test an engine to make sure it meets all the requirements.” Unlike most hospitals, Haley has the luxury of four utility feeds. On a normal day, it draws from two of these (primary) feeds. This means that, except for testing, Haley does not have to start its generators until it loses three or more utility feeds.

With advance notice from the utility that an outage is likely, Haley’s power plant personnel can now parallel the utility feeds with their own generators, then switch to on-site power seamlessly with a closed-transition transfer. If there is an unexpected outage (and during automatic transfer switch testing), there will be a 1 to 10 second “blip”, depending on the load. For life-safety and other critical loads, the blip is only 1-3 seconds. Blips for other loads are adjustable; most are set for 8-10 seconds.

Additional capabilities provide extra layer of confidence

The new power system provides many more capabilities than the previous system.

“We’ve had some storms come through, and it has been really nice because we do not have to worry,” says Taylor. “One time, we saw the storms coming and TECO asked us to drop off the grid. We fired up our generators, and we operated on our own power for 17 hours, while TECO concentrated on restoring power to its residential customers. That sort of thing has happened several other times for shorter perods, and there has never been a problem.” Hagen particularly appreciates the quality of the power from the backup system. “We get more blips from TECO than we do from our system,” he notes. “It is exceptionally smooth.”

Technical support and training helps team understand system capabilities

The Haley team worked hand-in-hand with Russelectric’s local field service engineer Jim Bourgoin for seven months. “During installations, Jim helped the contractors interpret the design whenever they were puzzled,” Hagen says. “Afterwards, he stuck around to help us get things up and running. It took a lot just to understand everything this system can do. I already had a background in this, but it took quite a bit of training to really get up to speed.”

Taylor recalls, “There has not been one time when I have called Jim for an alarm or with questions about the system – whether at midnight or later – that he didn’t answer the phone and help me. The service he provides is exceptional, and it has been that way since day one. To me, that’s worth just as much as the system itself.”

Taylor adds that local Russelectric sales representative Tom Crider was also deeply involved throughout the project, answering questions, facilitating the installation and training Taylor’s staff.

System designed to grow to meet hospital’s future needs

The fact that the system is designed to allow for modifications as the hospital continues to grow is a huge benefit. Concludes Taylor, “With this new power system, we have seen what is possible. It provides us with the information we need to analyze our power usage and consider new possibilities – opportunities we never would have considered before.”

Russ11Ensures seamless delivery of normal and emergency power to all loads

By Russelectric

Rex Hospital, in Raleigh, NC, has upgraded its backup power system, ensuring the seamless delivery of both normal and emergency power to all its existing loads – as well as those anticipated by growth over the next several decades, with the addition of a powerful supervisory control and data acquisition (SCADA) system from Russelectric. Customized to the hospital’s unique load profile and specific needs, the system provides Rex with significant increases in reliability, redundancy, and flexibility.

Hospital seeks reliable system with superior equipment

Russ12Rex Hospital, the flagship of not-for-profit Rex Healthcare, treats tens of thousands of inpatients every year. The staff includes over 2,000 physicians and nurses, who also provide services at affiliated clinics and other facilities throughout the surrounding area.

As its facility continued to expand, Rex looked to upgrade its existing open transition power system design, which included an interruption of service during the transition between utility power and generator power. The system also relied on generators and fuel tanks on flatbed trucks to provide additional capacity during construction or when adequate power could not be delivered to the hospital load.

Facility services director Mike Raynor proposed a fail-safe, closed transition system that would allow for a transfer between utility and generator sources without interruption of power to the hospital (which is a more costly approach to open transition systems where additional power interruptions can happen on retransfers). Says Raynor, “People would have noticed a difference if the power went out or came back on, like when there is an outage at your house. There is just no need for a hospital to go through that in this day and age.”

“It would have taken us back many years,” agrees Raynor’s longtime engineering consultant, Travis Jackson. “We like closed transition, and we already had the capability to do paralleling and load curtailment. We certainly didn’t want to give those up.”

The team understood the advantages of the closed transition design and convinced management that the slightly higher first cost of a closed transition system would deliver cost savings over the life of the system and would be well worth the investment over the long term. They successfully presented their case to the hospital’s executives, medical staff, and regulatory officials.

New system offers greater reliability, more redundancy and increased flexibility

The design implemented meant replacing the utility substation and making it more reliable, as well as relocating the switches and switchgear from cramped quarters in the main hospital building to a newly constructed central energy plant. The entire project and system switchover was completed with only a single, planned 10-second outage.

The new comprehensive power system provides the hospital with more reliability, more redundancy, and more flexibility. The plan takes anticipated growth into account, with enough emergency capacity (8.25 megawatt) to handle a proposed 7-story heart center and future cancer center addition.

Rex uses an N+1 arrangement – which means it can take one generator out of service and still retain adequate capacity. The plan replaced three 1.25 MW generators with two Caterpillar 3MW generators, and kept an existing Caterpillar 2.25 MW generator. There is room to add more switchgear and circuit breakers. An automatic transfer switch and an uninterruptible power system have been added to protect the hospital’s data center.

There are two 40,000 gallon underground fuel tanks, and the system maintains fuel in each generator’s emergency 150-gallon “day tank” at all times. Fuel capacity for the previous system was 60,000 gallons – one-third less than the new system. With all tanks full, the hospital could meet its own peak demand (about 5,200 kW) for almost six days. However, since that peak is reached only for short periods on the warmest summer days, the hospital could probably operate under its own power for more than nine days for much of the year.

The hospital’s new substation consists of four utility-owned, pad mounted 2,500 kilovolt-amp (kVA) paralleled transformers providing a total utility capacity of 10,000 kVA (10 mVA). The hospital assumes ownership at the transformer secondaries, which are connected to the hospital’s outdoor switchgear. When an outage occurs, the switchgear automatically disconnects from the utility by opening four 1,200 amp circuit breakers, and simultaneously sends a signal to start the generators.

Based on its present peak load, the hospital can continue to operate without interruption should there be a loss of one transformer. If two or more utility transformers were lost, the hospital’s generators will start and parallel while the outdoor switchgear disconnects from the utility system. The hospital will then remain on the generator source until the utility source is restored, at which time the generators will parallel with the recovered source. Once the utility voltage has stabilized, it will reconnect to the hospital load without interruption.

The utility’s transformer primaries are served by two 25 kV utility feeders from separate distribution systems. Though both are energized, the hospital can draw from only one at a time. If the active feeder is lost, the utility can manually switch the hospital to the backup 25 kV source at the hospital’s substation.

New SCADA system enables monitoring and control

Russ13Another important feature of Rex Hospital’s comprehensive power system is the SCADA system, designed by Russelectric. Based in Hingham, Massachusetts, Russelectric develops systems that can provide sophisticated control functions, including emergency/standby power, peak shaving, load curtailment, utility paralleling, cogeneration, and prime power.

The SCADA system includes software and screen displays customized for the hospital’s needs. It provides interactive monitoring, real-time and historical trending, distributed networking, alarm management, and comprehensive reports around the clock for every detail of the entire power system, not only the backup components.

With this system, technicians can fully monitor and control the entire power system from the control room at the central agency plant. An operator uses full-color “point and click” computer-screen displays at the system console to access and change the system’s PLC setpoints, display any of the analog or digital readouts on switchgear front panels, run a system test, or view the alarm history. A dynamic one-line diagram display uses color to indicate the status of the system, including the positions of all power switching devices. Operating parameters are displayed and updated in real time; flashing lights on the switchgear annunciator panel also flash on the SCADA screen. The system also includes event logging, alarm locking, and help screens.

The system allows the scheduling of tests and automatically generates regular reports required by the Joint Commission on the Accreditation of Healthcare Organizations. In the event of an internal failure, the SCADA system can rapidly and automatically configure a path to bypass the failure and re-energize the system without starting the generators.

The SCADA system’s full manual backup was another key advantage. If the touchscreen fails, operating personnel can manually open and close breakers, synchronize and parallel the generators onto the bus, and add or shed load. Other manufacturers’ systems do not provide for full manual operation.

The SCADA system includes a simulator that shows trainees what to expect when they lose a feed, open or close a breaker, or add or remove load. The simulator uses the same control logic software as the switchgear’s programmable logic controllers. The crew also uses the simulator during startup and for trouble-shooting, system improvements, preview testing, and tours.

According to Raynor, Russelectric was the only supplier that could meet his team’s specifications. “A project like this requires a high level of support service and time to get a reliable, yet flexible system. None of the other competitors was willing to step up.” Consulting engineer Travis Jackson, PE, agrees, adding that the Russelectric equipment has welded construction and is sturdy, durable, and extremely reliable.

New system enables peak shaving

The new system enables the hospital to do peak shaving, supplying some of the hospital’s power while the utility is supplying the rest, thereby saving on utility demand charges. The system does not contribute power to the grid, but its load curtailment capabilities means it can respond quickly if the utility asks the hospital to reduce demand on the grid by a specified amount. The resulting contractual rebates lower the hospital’s overall energy costs. For example, if the utility experiences an unusually high demand for power for air conditioning during a heat wave, under their contract they may ask the hospital to generate its own power for a specified amount of time. On average this type of request happens only once or twice per year.

Summing it all up

Commenting on the success of the project, facility services director Raynor says, “The hospital needed a new and modern system that built on what we had already. Working closely with Russelectric, we came up with a very sophisticated system, and we’re at a point now where the system is functioning as we expected ― all the hospital’s electrical needs are covered.”

Have you ever switched brands – shampoo, blue jeans, cell phones come to mind – thinking you could get the same (or a similar) product at a better cost, only to find out that the value of the original product was totally worth it in the long run?

That’s a little how it went for Guaranty Fund Management Services (GFMS) and Sungard Availability Services (Sungard AS). Nearly five years ago, GFMS and Sungard AS enjoyed a strong relationship for disaster recovery and data replication services. GFMS manages the property and insurance guaranty associations for the six New England states, Virginia and Washington D.C., while Sungard AS provides managed IT services, information availability consulting services, and disaster recovery services.

Rekindling the teamwork of the prior relationship, GFMS rehired Sungard AS in early
2017 and achieved a successful DR test in just 12 weeks.

But it’s common practice to hold periodic supplier reviews to ensure the best services and pricing available, and in 2013, GFMS conducted an RFP process and eventually chose a new supplier. That cost-driven decision ended a 10-year relationship with Sungard AS, and led GFMS on a multi-year journey with a new supplier involving multiple failed DR tests, unmet SLAs (Service Level Agreements) and an unplanned platform change.



In last week’s blog, we shared our “8 Tips for Building a Good Crisis Management Team.” This week we’re going to take a closer look at Crisis Management Team roles.

Generally speaking, crisis management teams have a specific function and some roles that are universal (for example, each team must have a designated leader and communications, admin/logistics, and business or functional representation). The role of the Crisis Management Team is to manage events and ensure appropriate actions are carried out based on current impacts of the event, as well as potential risks and impacts.

Multiple crisis teams may exist, with each activating and providing guidance depending on the situation. For example, IT may have a crisis team that activates related to actual or potential IT-related outages, with no other area even being aware.



Thursday, 10 May 2018 14:53

CMT 101: Crisis Management Team Roles

Data Privacy Hits A High Price in Assuming New Technology Solutions

In this article, Mike Mason reconciles the challenges of maintaining regulatory requirements of data privacy within cloud computing technology. It is critical to keep cloud applications compliant, while meeting the increased demand for cloud-based technology providers.

Gartner predicts that more than $1 trillion in IT spending will be directly or indirectly affected by the shift to cloud technology. Not only does this make cloud computing one of the most disruptive forces of IT spending, it is also indicative of a strong demand to move to the cloud.

Most organizations are harnessing the power of cloud technology, and while IT spending shifts towards the cloud, so does an influx of sensitive data. This kind of data must be secured, especially in heavily regulated industries like finance and healthcare.

The increased cybersecurity regulation in 2017 makes it difficult for compliance professionals to manage and report with a wide array of legacy software services that are complicated, opaque and not optimized to configure for privacy and compliance.



Clearly, there is keen interest in the object storage vs. block storage debate, for a variety of reasons. Object storage is in the limelight, thanks to the spectacular growth of cloud computing along with the advent of object-based storage solutions from vendors. Block storage, meanwhile, remains an enterprise mainstay that continues to serve well.

Here's what IT pros should know about object and block storage, and how they fit into today's data storage environments.



Thursday, 10 May 2018 14:11

Object Storage vs Block Storage

No one infrastructure solution is perfect for every application workload. But matching each application to the right solution is easier said than done.

Many organizations increasingly use multiple infrastructures to cater to their applications’ unique requirements. By identifying your business needs and mapping them to specific solutions, however, you can determine where each application should land.

By comparing the needs of your applications with the pros and cons of the different infrastructure choices, you’ll be able to pinpoint the right home for each application.

There are three major types of infrastructure to consider for your applications: hyperscale public cloud, hosted private cloud and managed hosting. We’ll walk through the advantages of each and the questions you should ask when choosing the best home for your application.



Ignorance is Not a Defense in Global Expansion

In this article, Jason Gerlis examines the importance and particulars of global expansion. While a business may thrive internationally, jurisdictions in all parts of the world are increasing transparency with modern technological advances. 

Despite the shrill voices of anti-globalization, the world is continuing to interconnect and U.S. businesses are increasingly going abroad to access new markets.

In fact, U.S. firms of all sizes are now expanding internationally. A recent study by foreign exchange company USForex found that 58 percent of small businesses already have international customers and 72 percent plan to grow their international customer base.

Establishing a regional presence in a new market can increase efficiency. Rather than operate as a foreign entity and subject yourself to import restrictions, it often makes sense to set up a subsidiary or make an acquisition in a target market in order to create a local presence and transact as a domestic entity.



(TNS) - Not enough has been done to make sure Broward County’s public safety radio system won’t run into problems if another mass casualty incident occurs, county commissioners were told Tuesday.

Heavy usage led to radio problems during the Fort Lauderdale airport shooting in January 2017 and again as units responded to the shootings at Marjory Stoneman Douglas High School in Parkland in February.

Max Schachter, father of student Alex Schachter, one of 17 killed at Stoneman Douglas, said the county knew back in 2016 that the system needed to be upgraded but didn’t put in place temporary fixes to improve operations — and still didn’t after the massacres at the airport and the high school.



NAS “versus” SAN doesn’t tell the whole story in comparing these two popular storage architectures. NAS and SAN are as complementary as they are competitive and fill different needs and usage cases in the organization. Many larger organizations own both.

However, enterprise IT budgets are not infinite, and organizations need to optimize their storage expenditures to suit their priority requirements. This article will help you do that by defining NAS and SAN, calling out their distinctions, and presenting usage cases for both architectures.



Wednesday, 09 May 2018 15:22

NAS vs. SAN: Differences and Use Cases

By Michael Barry, Head of Media and Public Affairs, Insurance Information Institute

The number of structures destroyed by the eruption of the Kilauea volcano on Hawaii’s Big Island has climbed up to 35 today since the eruption first started on Thursday, May 3, sending sulfur dioxide into the air, and prompting the evacuation of at least 1,700 residents.

The issues impacting Hawaii’s Big Island:



As a Business Continuity Management (BCM) solution provider the first question I ask potential clients is – What are your major BCM program challenges? Responses include:

  • We do not have a seat at the executive table where major decisions are taken
  • The program lacks executive buy-in
  • BCM is at the bottom-of-the-list of priorities for business users (No stakeholder engagement)
  • Difficult to bring all disciplines (IT, Business, Vendor Management, Executives) under one program

From my experience, getting Executive Buy-In is the biggest BCM challenge. The perception that BCM does not ‘add to the bottom line’ is the biggest hurdle to overcome.



Tuesday, 08 May 2018 19:40

The BCM Challenge: Executive Buy-In

(TNS) - The ongoing volcanic eruption does not yet appear to reach the financial threshold for a federal disaster declaration, but Gov. David Ige is exploring whether a disaster can be declared for presenting “an imminent danger to the community,” Ige told the Honolulu Star-Advertiser on Monday night.

Because so many property owners may be compensated through private insurance, there does not yet appear to be the kind of damage to reach as-yet unspecified dollar amounts to get a federal declaration, Ige said.

However, cracks have now appeared in Highway 130, and lava is likely under the major state highway into Leilani Estates.

So, Ige said, “We’re working both ends. One-thirty’s the main artery, and there is an ‘imminent danger’ to the community.”



With climate change now squarely a priority on the public and political agenda, how are International Standards making a difference? Where do we need to go from here? And what do we do to get there?

This latest ISOfocus issue addresses these questions and lays out the range of standards for monitoring climate change, quantifying greenhouse gas (GHG) emissions and promoting good practice in environmental management and design. These are just some of the ways in which ISO International Standards help governments and organizations address climate change.

But this can’t happen without collaboration. As Thomas Idermark, CEO of the Swedish Standards Institute (SIS), writes in his introductory remark: “The climate has no borders, and neither has ISO. This is what makes it so important that the work carried out in different committees to identify best practice does not simply continue but also escalates.”

ISO has produced over 600 environment-related standards, including those that help open world markets for clean energy and energy-efficient technologies and support climate change adaptation and mitigation. They also contribute directly to the United Nations Sustainable Development Goal 13 on climate action.



Block-level storage is a foundational data storage technology. In the enterprise, it helps makes today's large-scale databases and business applications possible.

Here's what you should know about block-level storage and how it has shaped the enterprise data storage technology landscape.

What is block storage?

Closely associated with storage area networks (SANs), block storage refers to saving data in raw storage volumes called blocks. Storage blocks, in turn, can each function as an individual hard drive.



Tuesday, 08 May 2018 19:37

A Guide to Block Storage

Over two dozen homes have been destroyed so far when the Kilauea volcano on the island of Hawaii began erupting last week. Lava flowed into residential neighborhoods on the eastern side, as thisWall Street Journal video shows, and the island  has been shaken by hundreds of earthquakes, the largest one with a magnitude of 6.9 occurred on Friday.

The I.I.I. has a primer on volcanic eruption insurance coverage. Below are some highlights:



Say you're like me. You're as Floridian as they come. You grew up tracking hurricanes, stocking up on non-perishables (Parmalat, Vienna sausages and marshmallows), hoping for school to be canceled. You've helped put up more aluminum shutters than you can count.

Say you grow up and fall in love with a New Jersey transplant. He's seen snowstorms and blizzards, but never a hurricane. And now a Category 5 storm is on the way. Trial by fire -- or hurricane.

He's spooked. You suggest riding out the storm at a friend's impact-proof house, but he's imagining the worst. A hurricane shelter is foolproof and open to everyone, he says. He insists.

That's how we ended up spending two long nights at St. Petersburg High School's shelter during Hurricane Irma.



We saw an extremely active hurricane season in 2017 with 10 hurricanes in the Atlantic.

In fact, it was the first time in more than a decade that the US had two continental hurricanes of epic proportions with Hurricanes Irma and Harvey. This year plan ahead now and review the way(s) you alert residents before, during and after a storm.

Overwhelming Cost of Hurricanes

Irma, Jose, and Maria may have been the most powerful hurricanes of 2017 with an accumulated cyclone energy exceeding 40. Maria was the strongest hurricane of all with wind speeds reaching 175 mph. Yet hurricanes Harvey, Ophelia, and Lee were in the category three and four range with wind speeds ranging from 111 to 156 mph. In total, the hurricane season that spanned from April 19 to November 9 had a price tag of at least $282.16 billion. It was the most expensive hurricane season ever recorded and was more than $100 billion greater than 2005, which was the year of Hurricane Katrina.

Financial loss is only one detriment of the hurricane season. Anywhere from 416 to 1,437 people lost their lives during a hurricane or tropical storm in 2017. Hurricane Harvey alone created unprecedented flooding that killed more than 30 people in Houston. In Puerto Rico, Hurricane Maria created a humanitarian crisis that the island still has yet to recover from. In reality, the death toll is likely even higher.



In a crisis, communication is essential to keep employees, customers, residents and stakeholders aware and up to date on steps being taken towards resolution.

As part of a comprehensive enterprise risk management program, communication is critical, both internally and externally.

For businesses needing comprehensive crisis communication and risk management platforms, two leading companies have come together to create seamless, intuitive tools to help respond to critical events.

OnSolve customers are able to integrate the Connector Series from Fusion Risk Managementwith both MIR3 and Send Word Now mass notification systems. The Connector Series allows companies to synchronize data and track communications within the award-winning Fusion Framework® System, leveraging the capabilities of a comprehensive risk management software with leading mass notification solutions.



Working toward a cross-functional solution to protect against the ransomware threat

The key operational challenge with a ransomware attack at a hospital is that system downtime is basically a guarantee. Whether the ransomware itself cripples one or more applications or IT brings down the network as a response measure, the organization is left dealing with unplanned downtime that is likely to last from several hours to several days or more. At best, IT and Information Security will need several hours to gather basic forensics, determine when malware entered the network, and restore from backups predating the attack. As a result, preparing for a ransomware attack is an increasingly important part of the overall preparedness picture for hospitals and health systems. And, effectively doing so requires that hospitals take a cross-functional approach to preparedness by collaborating between Information Security, IT Disaster Recovery, and Business Continuity. The Emergency Preparedness or HICS program is also a contributor, since ransomware attacks can impact all aspects of a hospitals operations.

Here’s how the responsibilities of each function break down:



[This is the second post in our occasional series “You’re Doing It Wrong.” The first post was on BCM Metrics.]

I realize that the title of this post is probably incorrect. It’s probably not right to say that you are using residual risk incorrectly in your business continuity program.

Most likely you are not using it at all!

That is, if my experience with industries of all types across the country is representative of the general situation of leading American businesses and nonprofits, and I think it is. (I don’t know about you, but I have found that most BCM programs are mired in tactical problems—BIAs, recovery strategies, etc.—and never obtain a bird’s-eye view of their risk situation, such as you get by considering residual risk.)

In my opinion, you definitely should be making residual risk a cornerstone of your program. I truly think that residual risk is the shape of the future for business continuity management.



Should you buy that new storage system with SSD, HDD, or both? The answer depends on understanding the balance of cost, performance, capacity, and reliability between these two storage technologies. And the ultimate goal is most cases is to create a combination of HDD and SDD for your workloads and budget.

SSDs are higher performing, but come at a premium cost. Not every workload needs that level of investment. Capacity comes into play as well, with SSDs capable of higher capacity than HDDs. But once again, higher cost makes buying SSD for capacity a very expensive proposition and a poor one for long-term storage. Finally, the differences in reliability are a little murkier but in general there are no glaring differences between the two types of media.

Performance Differences in SSD and HDD

The performance difference between SSD and HDD is very clear: SSD performance is its primary differentiator because HDD can only accelerate so far.



(TNS) - As Bay District, Fla., Schools officials ramp up secure entrance and campus hardening projects, both the security and facilities departments are faced with a dilemma — where to draw the line between public and private when it comes to school campuses.

"All our schools were built with a neighborhood atmosphere in mind," said Lee Walters, the district's director of facilities. "How do we not totally lose that?"

For Walters and District Safety and Security Chief Mike Jones, the massive $4 million project to outfit every school with a secure entrance and shore up gates, perimeters and cameras is a "balancing act" between making parents feel comfortable enough to come to the school for events, but also having everyone feel safe. At a meeting Wednesday morning the two, along with several others, discussed the district's priorities moving forward, as well as some of the challenges.



By CONNOR COX, Director of Business Development, DH2i (http://dh2i.com)

In 2017, many major organizations—including Delta Airlines and Amazon Web Services (AWS)—experienced massive IT outages. Despite the reality of a growing number of internationally publicized outages like these, an Uptime Institute survey collected by 451 Research had some interesting findings. While the survey found that a quarter of participating companies experienced an unplanned data center outage in the last 12 months, close to one-third of companies (32 percent) still lack the confidence that they are totally prepared in their resiliency strategy should a disaster such as a site-wide outage occur in their IT environments. 

Cox1Much of this failure to prepare for the unthinkable can be attributed to three points of conventional wisdom when it comes to disaster recovery (DR): 

  • Comprehensive, bulletproof DR is expensive

  • Implementation of true high availability (HA)/DR is extremely complex, with database, infrastructure, and app teams involved

  • It’s very difficult to configure a resiliency strategy that adequately protects both new and legacy applications 

Latency is also an issue, and there’s also often a trade-off between cost and availability for most solutions. These assumptions can be true when you are talking about using traditional DR approaches for SQL Server. One of the more predominant approaches is the use of Always On Availability Groups, which provides management at the database level as well as replication for critical databases. Another traditional solution is Failover Cluster Instances, and you can also use virtualization in combination with one of the other strategies or on its own.

There are challenges to each of these common solutions, however, starting with the cost and availability tradeoff. In order to get higher availability for SQL Server, it often means much higher costs. Licensing restrictions can also come into play, since in order to do Availability Groups with more than a single database, you need to use Enterprise Edition of SQL Server, which can cause costs to rapidly rise. There are also complexities surrounding these approaches, including the fact that everything needs to be the same, or “like for like” for any Microsoft clustering approach. This can make things difficult if you have a heterogeneous environment or if you need to do updates or upgrades, which can incur lengthy outages.

But does this have to be so? Is it possible to flip this paradigm to enable easy, cost-effective DR for heavy-duty applications like SQL Server, as well as containerized applications? Fortunately, the answer is yes—by using an all-inclusive software-based approach, DR can become relatively simple for an organization. Let’s examine the how and why behind why I know this to be true.

Simplifying HA/DR

The best modern approach to HA/DR is one that encapsulates instances and allows you to move them between hosts, with almost no downtime. This is achieved using a lightweight Vhost—really just a name and IP address—in order to abstract and encapsulate those instances. This strategy provides a consistent connection string.

Crucial to this concept is built-in HA—which gives automated fault protection at the SQL Server instance level—that can be used from host to host locally, as well as DR from site to site. This can then be very easily extended to disaster recovery, creating in essence an “HA/DR” solution. The solution relies on a means of being able to replicate the data from site A to site B, while the tool manages the failover component of rehosting the instances themselves to the other site. This gives you many choices around data replication, affording the ability to select the most common array replication, as well as vSAN technology or Storage Replica.

Cox2So with HA plus DR built in, a software solution like this is set apart from the traditional DR approaches for SQL Server. First, it can manage any infrastructure, as it is completely agnostic to underlying infrastructure, from bare metal to virtual machines or even a combination. It can also be run in the cloud, so if you have a cloud-based workload that you want to provide DR for, it’s simple to layer this onto that deployment and be able to get DR capabilities from within the same cloud or even to a different cloud. Since it isn’t restricted in needing to be “like for like,” this can be done for Windows Server all the way back to 2008R2, or even on your SQL Server for Linux deployments, Docker containers, or SQL Server from 2005 on up. You can mix versions of SQL server or even the operating system within the same environment.

As far as implications for upgrades and updates, because you can mix and match, updates require the least amount of downtime. And when you think about the cost and complexity tradeoff that we see with the traditional solutions, this software-based tool breaks that because it facilitates high levels of consolidation. Since you can move instances around, users of this solution on average stack anywhere from 5 to 15 SQL Server instances per server with no additional licensing in order to do so. This understandably results in a massive consolidation of the footprint for management and licensing benefits, enabling a licensing savings of 25 to 60 percent on average.

There is also no restriction around the edition of SQL Server that you must use to do this type of clustering. So, you can do HA/DR with many nodes all on Standard Edition of SQL Server, which can create huge savings compared to having to buy premium software editions. If you’ve already purchased these licenses, you can use them later, reclaiming the licenses for future use.

Redefining DB Availability

How does this look in practice? You can, for example, install this tool on two existing servers, add a SQL Server instance under management, and very simply fail that instance over for local HA. You can add a third node that can be in a different subnet and any distance away from the first two nodes, and then move that instance over to the other site—either manually or as the result of an outage.

By leveraging standalone instances for fewer requirements and greater clustering ability, this software-based solution decouples application workloads, file shares, services, and Docker containers from the underlying infrastructure. All of this requires no standardization of the entire database environment on one version or edition of the OS and database, enabling complete instance mobility from any host to any host. In addition to instance-level HA and near-zero planned and unplanned downtime, other benefits include management simplicity, peak utilization and consolidation, and significant cost savings.

It all comes down to redefining database availability. Traditional solutions mean that there is a positive correlation between cost and availability, and that you’ll have to pay up if you want peak availability for your environment. These solutions are also going to be difficult to manage due to their inherent complexity. But you don’t need to just accept these facts as your only option and have your IT team work ridiculous hours to keep your IT environment running smoothly. You do have options, if you consider turning to an all-inclusive approach for the total optimization of your environment.

In short, the right software solution can help unlock huge cost savings and consolidation as well as management simplification in your datacenter. Unlike traditional DR approaches for SQL Server, this one allows you to use any infrastructure in anyw mix and be assured of HA and portability. There’s really no other way that you can unify HA/DR management for SQL Server, Windows, Linux, and Docker to enable a sizeable licensing savings—while also unifying disparate infrastructure across subnets for quick and easy failover.

Cox ConnorConnor Cox is a technical business development executive with extensive experience assisting customers transform their IT capabilities to maximize business value. As an enterprise IT strategist, Connor helps organizations achieve the highest overall IT service availability, improve agility, and minimize TCO. He has worked in the enterprise tech startup field for the past 5 years. Connor earned a Bachelor of Science in Business Administration from Colorado State University and was recently named a 2017 CRN Channel Chief.



More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true.

You may be tempted to reply that 1) there aren’t many of this kind of server anyway, and that 2) comatose servers may not be doing any good, but as such they are not doing any harm either. If so, get ready for a disaster recovery reality check on both counts!

Let’s take the first item. How many unused or comatose servers are there in the world? Between 8 and 10% is the conclusion of several studies.

The Uptime Institute suggests 15 to 30%. One large data centre in the US even had a comatose server count of over half its installed base.



Hot on the heels of the world’s first International Standard for occupational health and safety comes a technical specification to ensure those auditing it are up to scratch.

ISO 45001, Occupational health and safety management systems – Requirements with guidance for use, made standardization history when it was published in March this year. Now, a new complementary technical specification – ISO/IEC TS 17021-10 – has just been published, defining the required skills and knowledge of those bodies auditing organizations that have implemented the health and safety standard.

ISO/IEC TS 17021-10, Conformity assessment – Requirements for bodies providing audit and certification of management systems – Part 10: Competence requirements for auditing and certification of occupational health and safety management systems, is intended to guarantee a harmonized approach to the accreditation of an ISO 45001 certification.

The new technical specification is aimed at auditors, or anyone making certification decisions related to ISO 45001, and will ultimately serve certification, accreditation and regulatory bodies by confirming that auditing and certification decisions related to ISO 45001 have been carried out by those who have the competence to do so.



Hyperconverged storage has become a key factor in enterprise data storage.

The trend toward hyperconverged storage is causing technology leaders to rethink their data storage strategies. It enables enterprises to support agile development cycles, streamline IT management and bring their storage, compute, virtualization and networking initiatives into tighter alignment. Its growing popularity also spells good news for vendors that have hopped on the bandwagon early.

Shifting to a hyperconverged infrastructure from a traditional server and SAN (storage area network) environment can have a profound impact on how an organization delivers and manages its IT services. But first, let's examine what makes a hyperconverged infrastructure (HCI) tick.



If you’re like many small businesses, you may have heard of GDPR but are still unclear about how this could affect your data storage and communication strategies.

This European law around data protection and personal privacy, called the General Data Protection Regulation (“GDPR”) takes full effect on May 25, 2018. While this is strictly a law for those doing business with individuals in Europe at this time, many analysts believe that the rules and regulations will quickly migrate to the United States — where they will affect many more businesses and individuals. Ultimately, these rules around data collection and storage are expected to facilitate data sharing and processing between organizations by creating standards that are more easily understood.  Even if you are not currently doing business in Europe, proactively gearing up to meet these more stringent standards is a solid business decision. Focusing on GDPR requirements forces your business to evaluate the data storage infrastructure you will need to effectively manage communication between various stakeholder groups such as customers, vendors and employees.



As a Business Continuity practitioner with more than 20 years of experience, I have had the opportunity to see, review and create many continuity and disaster recovery plans. I have seen them in various shapes and sizes, from the meager 35 row spreadsheet to 1,000 plus pages in 3-ring binders. Reading these plans, in most cases, the planners’ intent is very evident – check the  “DR Plans done” box.

There are many different types of plans that are called in to play when a disruption occurs, these could be Emergency Health & Safety, Crisis Management Plans, Business Continuity, Disaster Recovery, Pandemic Response, Cyber Security Incident Response, and Continuity of Operations Plans (COOP) etc.

The essence of all these plans is to define “what” action is to be done, “when” it has to be performed and “who” is assigned the responsibility.

The plans are the definitive guide to respond to a disruption and have to be unambiguous and concise, while at the same time providing all the data needed for informed decision making.



Wednesday, 02 May 2018 14:15

DR Plans – The What, When & Who

What kind of problems can it cause if your organization has the wrong people on its crisis management team?

Nothing too serious, most likely.

It could result in delayed or paralyzed decision-making, poor decision-making, and all the consequent impacts to the organization’s recovery and reputation if you ever experience some kind of emergency, but otherwise, you have nothing to worry about.

Well, clearly it is worth worrying about how your crisis management team is organized and who is on it. Because the impact of having the wrong departments represented, or having people on the team who cannot fill the unique demands of what is actually a very unusual and specialized role, can be significant.



Helping educational providers deliver a better service is the aim behind the world’s first international management system standard for the sector just published.

From pre-school to university, to vocational training and coaching, the world of learning is constantly changing and evolving. As the trend to move away from the traditional customer-supplier relationship towards a collaborative partnership grows, so, too, do learners’ expectations. Learning providers now need to adapt to these new ways of working, while at the same time providing a high level of service.

ISO 21001, Educational organizations – Management systems for educational organizations – Requirements with guidance for use, is intended to meet this challenge by defining the requirements of a management system that will help education providers better meet the needs and expectations of their learners and other beneficiaries, and demonstrate greater credibility and impact.

Developed by project committee ISO/PC 288, the new International Standard focuses on the specific interaction between an educational institution, the learner and other customers.



As enterprises increasingly adopt Agile practices across their organizations, they must also carefully consider how such a transformation will impact people and teams. Change practitioners are often asked to lead organizations through this journey. However, conventional change management approaches are imperfect fits for Agile transformation. Traditional change models were developed to guide planned change and transformation in support of Waterfall projects. They are focused on managing change and adoption sequentially over a significant period of time, utilizing a defined roadmap and end state. Figure 1 illustrates the conventional change model – a big bang approach featuring a large drop in user productivity followed by a long, drawn-out period of adoption.

A new paradigm is therefore needed to address the challenges inherent in managing change within an Agile environment. This new paradigm must allow change practitioners to work in a more collaborative and flexible way, with the ability to adjust to shifting priorities, in order to maximize stakeholder engagement and adoption. In other words, change managers must adopt and adapt existing Agile values for their own work. Figure 2 demonstrates how an Agile change model would function – smaller drops in productivity followed by quick adoption of small amounts of change.



The Role of the Risk Assessment

Crisis management is an integral component of effective reputation management. Protiviti’s Jim DeLoach discusses why it’s imperative to build a rapid-response crisis management capability for sudden and unexpected high-impact, high-velocity and high-persistence events.

Years ago, I had a conversation with a high-profile board chair of a top U.S. university. He told me that he and others in his profession (he was a lawyer) had concerns that organizations, both public and private, seemed to “relearn” the same lessons over and over without any marked improvement in their preparedness for the unexpected. We hit it off pretty well in this dialogue because this issue is one to which I have given much thought over the years, particularly since the global financial crisis. We agreed that the risk assessment process should inform the crisis management process.

As no brand is immune to a crisis, it is evident today that crisis management is an integral component of effective reputation management. A rapid and effective response to a sudden and unexpected event can actually enhance reputation, as astute observers know that even the most respected organizations can and will be tested over time. In the corporate world, however, the unprepared pay a high price.



The enemy is (largely) within, when it comes to the security of information and information systems. Knowing how and why insider threats materialise is a big step towards dealing with them.

This is one area where psychology is more useful than technology, even if smart security technology can help detect problems that may initially escape notice otherwise.

Like the profiling exercises of organisations like the FBI, you can be on the lookout for situations like the following:



(TNS) - There’s nothing like a dramatic chorus of sirens sounding around a city to announce looming disasters.

But Guilford County doesn’t have a siren system that could have warned people before a tornado struck east Greensboro on April 15.

And the county’s emergency management director says that’s not a bad thing — texts and emails are much more likely to break through the distractions and alert people that something wicked is headed this way.

“Sirens can be loud if you’re underneath them,” said Don Campbell, Guilford County Emergency Management director. “They’re really not designed to warn you if you’re inside a building.”



When Sungard Availability Services introduced its hosted private cloud solution for Dell EMC environments last month, companies began taking a second look at their cloud installations. From real estate management firms to healthcare providers to educational technology (edtech) vendors, businesses of all types began assessing their need for greater security and resilience.

What do these industries have in common? With cyberattacks and ransomware incidents on the rise, as well as the possibility of natural and manmade disasters, businesses of all types and sizes are turning to hosted private clouds for increased security, availability and capacity – not to mention cost.

Sungard AS Hosted Private Cloud

With cyberattacks and ransomware incidents on the rise, as well as the possibility of natural and manmade disasters, businesses of all types and sizes are turning to hosted private clouds for increased security, availability and capacity – not to mention cost.

For example, one customer – a large, global real estate operating company – was experiencing frequent network outages due to an aging IT infrastructure. Although the company manages both commercial and multifamily properties all around the world, they were limited on storage capacity, had an unstable backup system, and required stronger DR capabilities for audit and compliance testing success. They chose Sungard AS Hosted Private Cloud to help remediate storage capacity limitations, performance issues, and outages related to servers, storage and networks.



Protecting critical data is one of the biggest challenges that government agencies face today.

It can often take a long time to get updated security hardware and software through a long approvals process, meaning your government entity may be utilizing older technology that may be less secure. Cloud-based components do help with keeping data safe from breaches, but only if properly implemented. With all of these difficulties to overcome, creating a secure cyber environment is a key necessity.

Cybercrime in the Government

The 2018 Thales Data Threat Report notes that not only are government entities experiencing more cyber crime than ever before, government agencies are more likely to experience a data breach than non-U.S. government entities. The study shows that federal agencies were more than twice as likely as public sector agencies to be the target of a cyber attack. The large amount of personal and confidential data that is gathered and stored by the U.S. government makes it a prime target for cybercriminals. This situation is made worse by limited budgets, aging hardware and a lack of funding for upgrades. Government IT departments are facing an uphill challenge, with hiring freezes that limit the personnel available for critical security updates and software patches. The large number of contractors currently working in the government is also of concern. Government agencies working with contractors do not have direct control over their security practices and many of these companies have suffered breaches since 2016.



Technology has increased our ability to undertake dozens of tasks per day.

While this means your government agency may get more done via multitasking, it can also hamper the ability to focus on the task at hand. Yet, while technology got us into this mess, it can also help solve these problems via automation.

The Internet of Things

Also known as IoT, this is a form of technology that embraces connectivity. Through the IoT, your agency can connect home security alarm systems with police departments. It can generate emergency notification alerts for severe weather based on metrological data as it is recorded. On a more basic level, the IoT can allow your office workers to monitor their desks or cubicles even if they are a thousand miles away. The IoT is all about connecting technological systems so that you can automate your processes.



Some relationships are casual, like the ones you have with the people who make your lattes, share the elevators you ride in, and sit next to you in the airport waiting rooms. Some are critical, like the ones you have with your spouse, your boss, and your landlord, if you have one.

The critical relationships are those in which the other person’s actions can have a serious impact on the quality of your life and your ability to meet your goals.

Recognizing this, most people manage their critical relationships with a heightened degree of care and consideration, treating the other person with special respect and investing time and effort in keeping things between the two of you on a positive footing.

What I want to impress on you today is that, as a business continuity person, your relationship with your IT department is one of the most critical relationships in your professional life. As such, it is a relationship you should approach with all of the sensitivity and consideration you can muster.



After years of operating on outdated communication practices, the city and county of Ashtabula, Ohio, have updated their 911 technology to bring them “into the future.”

The project consolidates four CAD systems into one; reduces the number of Public Safety Answering Points (PSAPS) from six to two; and provides for connectivity and interoperability that wasn’t there before.

The discussion on bringing the city and county up to date began 10 years ago and really kicked off after a study in 2013 on what was needed to develop the kind of public safety dispatching that would be efficient and up to date. That study, by L.R. Kimball, was used as the “bible” for the project, according to Mike Fitchet, the county’s emergency management director.



We know it. Our customers know it, and now the industry knows it too. The need to integrate cyber and physical security is increasing.

We’re living in a time where even traditional security is software driven. Many of the physical security devices used every day are connected to the internet: cameras, communications equipment, access control, fire systems, intrusion solutions, heating, air and ventilation systems, TV’s and more. Even if it is a physical entity that can be controlled when it’s offline, while the device is online, it can be targeted by hackers. A perfect example of this was the 2013 Target data breach that was executed when hackers exploited an air-conditioning system through the laptop of a third-party HVAC vendor.   

This wasn’t a unique case. A recent story about an unnamed American casino that was breached through the thermostat in a lobby aquarium, only reiterated that point. Cybercriminals exploited a vulnerability in the aquarium’s thermostat to gain access to the casino’s network. Once they were in, they were able to access the high-roller database of gamblers – pulling it back across the network, out of the thermostat and up to the cloud. The hackers, who were based in Finland, transferred roughly 10 GB of data to their overseas network.    



Friday, 27 April 2018 15:50

Keep Those Hackers Out of Your Fish Tank

(TNS) - Parents and former Madison, Ohio, students expressed mixed feelings about the district’s decision Tuesday night.

But the Madison Local School District Board of Education was unanimous in its decision to approve a resolution to allow armed staff in the district.

Madison school board president Dave French said the safety of every child in Madison Twp. has to be the “district’s highest priority.”

While people agreed students must be kept safe, some don’t think arming staff and teachers is the right approach.



Traditionally, business continuity consulting engagements have been one size fits all, with that size being large or comprehensive.

In other words, if you wanted to hire a consultant to help your organization strengthen its business continuity plan, it was viewed as an engagement to write the entire plan, providing you with soup to nuts service–and charging you soup to nuts prices.

It was a little like using paper towels in the days before Select-a-Size. Back then, if you had a small spill and needed a paper towel, your options were using a whole paper towel or nothing.

It was the same with BC consulting: either you hired them to perform many or all tasks or you felt you had to do it on your own.



Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another.

While we have business continuity theories, principles and tools galore, it’s worth revisiting one of the most fundamental concepts from time to time – that of Darwin’s idea of evolution, specifically the survival of the fittest.

It’s a concept that can help BC planners and managers avoid BC issues internally and externally, as well as over the short and the long term.

The first thing to understand is the word “fittest”. Darwin was clear about this. It means “the best adapted to the environment”, which is not necessarily the strongest or the fastest.



(TNS) - The first victim arrived at 10:22 a.m., brought in a pickup truck to the emergency department at Pomona Valley Hospital Medical Center — a young woman, bleeding from being shot in the arm.

Others were on the way from the bloody scene at the Fairplex Exposition Complex about a mile away. Dozens of them.

“Active shooter at the Fairplex!” someone called out to hospital staff, who immediately sprang into action. “There’s going to be 40 or 50 more coming.”

That’s how the first large-scale, mass-shooting training drill to test the hospital’s 1-year-old trauma center began Tuesday, April 24. The exercise unfolded in the mid-morning quiet of a typical weekday, as law enforcement and fire authorities managed the simulated concert shooting at the fairgrounds.



(TNS) - Miami Beach's tourism industry has suffered one blow after another in recent years.

First, Brazil's economy tanked and a strong U.S. dollar prompted would-be international travelers to stay home. Then Zika scared off visitors. By the time Hurricane Irma hit last September, hotels and other tourism-dependent businesses were already reeling.

And it wasn't just the tourism industry that suffered. Miami Beach's tax revenue also took a hit.

Now, the city is considering a novel solution: an insurance policy for resort tax revenue to help make up for unexpected budget shortfalls.



(TNS) - Compared to the nightmare of serious flooding, the cost of a hurricane barrier like New Bedford's looks doable, officials from Long Island said Monday during a visit to the city.

A group of about 20 people from western Long Island got a close-up look at the barrier, including the gates, engine and subterranean tunnel. They are seeking ways to prevent the severe damage of Hurricane Sandy from happening again.

"I'm not worried about resiliency; I'm worried about prevention," said Robert Kennedy, mayor of the Village of Freeport, population 43,000. He said Hurricane Sandy flooded one-third of the village, including its industrial area.



If the future of work is all about employee experience1), what about the workplace? The need to keep on top of the ever-changing trends in how and where people work makes facility management an essential aspect of organizational success… which is why new international guidelines have just been published.

Increasingly complex, the global facility management (FM) market will be worth USD 1 trillion by 2025 – and that’s just that which is outsourced2). Concerned with the management, operation and maintenance of an organization’s facilities, FM is a discipline that needs to balance the rapidly changing needs and demands of the various stakeholders that it serves with effective, safe and sustainable business needs. It affects the health and well-being of all those who come in contact with an organization and covers a wide range of areas including occupancy costs (the second-highest overhead in almost every organization), use of space, maintenance, security, cleanliness, the environment and more.

ISO 41001, Facility management – Management systems – Requirements with guidance for use, has just been published to help FM teams achieve optimum efficiency. Drawing on international best practice, the new management system standard constitutes a benchmark for developing and driving an effective strategic, tactical and operational FM regime. It will also assist organizations seeking to outsource FM, as those providers who are able to demonstrate compliance with the standard will provide them with an assurance regarding their approach and processes.



(TNS) - More than a week after floodwaters ravaged homes, businesses, hillsides and roads, there is still no idea of the cost of the damage — or even a guess of how many structures were destroyed or left uninhabitable.

Assessment teams from Kauai County, the Hawaii Emergency Management Agency and Federal Emergency Management Agency continue to fan out to the hardest-hit areas of Koloa on the south side, Anahola toward the east and Hanalei, Wainiha and Haena on the north shore, said HI-EMA spokeswoman Arlina Agbayani.

Before an application for financial help can be made to FEMA to begin the rebuilding process, Agbayani said, “we still need to gather as much data as we can. … It’s still unknown how many homes were damaged.”



How Businesses Can Minimize Their Risk

It is estimated that well over half of U.S. businesses are out of compliance with the GDPR regulations set to take effect on May 25. Businesses are simply unprepared because they struggle with understanding the regulations and whether or not they are affected. Greg Sparrow touches on issues of GDPR, why businesses fail to meet compliance and what they can do to mitigate their risk.

The General Data Protection Regulation (“GDPR”) is one of the most important topics of conversation for media, along with how it will affect U.S. companies. Since its inception, the GDPR has raised a number of questions as to whether businesses are properly prepared to comply. The GDPR was adopted on April 27, 2016 and allotted a two-year post-adoption grace period for businesses to strategize and implement their compliant approach. With only one month left, it has been reported that an estimated 61 percent of U.S. businesses are not ready for the regulation, and only 67 percent of European-based businesses have begun moving into the implementation phase of their GDPR compliance program.[1] The potential fines have many businesses and professionals concerned about compliance as the May 25, 2018 date of enforcement approaches, yet businesses continue to struggle with fully understanding the regulation and thus fail to launch a comprehensive plan.

Turning our focus to the retail industry, several chains have displayed international influence with the presence of not only brick-and-mortar stores in several nations, but through international marketing efforts. A well-known example includes Whole Foods, an American supermarket chain that previously held over 477 stores in North America and the United Kingdom. After Amazon’s acquisition of the natural foods company in June 2017, the e-commerce giant became America’s fifth-largest grocery retailer. Outside of the benefit of concrete locations near its customers, the marketing data obtained through the acquisition provided Amazon valuable behavioral statistics on grocery-buying habits, patterns and product preferences. It is estimated that over 80 million individuals are Amazon Prime members and, with this new data, Amazon can build accurate predictive analytic models that can suggest to Prime members what they will want, how much they will want and when they will want it.



Wednesday, 25 April 2018 14:18

The GDPR’s Impact On American Retailers

(TNS) - The 1862 flood that went down as the worst washout in modern California history, transforming the Central Valley into a raging sea and stealing countless lives and property, is often described as an improbable 200-year event.

A study published Monday, however, turns those odds in a bad way, saying extreme weather swings from brutal dry spells to intense storms will become increasingly frequent, a phenomenon the authors dub “precipitation whiplash.”

Because of the warming atmosphere, the type of storms that produced the record flooding 156 years ago will probably be three to four times more frequent by the end of this ceyntury. That means San Francisco and Los Angeles are more likely than not to see an 1862-style deluge by 2060, according to the research published in the peer-reviewed journal Nature Climate Change.



You can’t wait until disaster strikes to create an emergency communications strategy, so make it a priority in the new year to determine what will work to keep your community safe.

Whether you’re facing an active shooter situation or a simple weather emergency, detailing your communications plan in advance allows your team to spring into action and notify others — keeping your community safe and allowing them to feel protected during times of crisis. Without a strategy in place, your team may struggle to respond to incidents which can result in additional chaos and confusion. It’s important that your plan is not only detailed, but highly flexible, so you’re able to adjust to changing situation requirements on the fly.

Discuss What Worked and What Didn’t

Taking the time with your communication team to discuss what worked well throughout the year and what didn’t is the first step in updating or creating your strategy. If you were able to successfully reach your community — that’s great! You’re a step ahead, and well on your way to communications success. Would the plan that you created and put into action work well for other types of emergencies? It may help to brainstorm some ideas and how the plan you have could be modified for different events such as widespread power outages in the winter or an active shooter alert.



(TNS) - With cleanup still underway a week after a tornado cut a destructive path across east Greensboro, city officials used one word Sunday to describe moving forward: patience.

“For some it will take weeks, for some months, for others years” to resume their lives, Acting City Manager David Parrish told reporters Sunday.

And then he paused, with city council members, school and safety officials standing behind him.

“Please,” Parrish added, looking directly into a bank of television cameras, “don’t forget about this area.”

In the past week, intersections have been cleared of trees and webs of power lines from where the April 15 tornado touched down near Barber Park and traveled 16 miles northeast through Guilford County.

But there’s still a lot unknown.



Network security is a broad topic – really broad. To read through an entire book of various “security” this and “malware” that might be helpful to some people, but it’s pretty boring to just about everyone else.

Instead, we decided to compile a useful guide consisting of the most important network security terms you should know.



Tuesday, 24 April 2018 16:10

The ABCs of Network Security

Proverbially at least, elephants never forget. Neither does the Internet.

Once information is out there, you must assume it will always be out there, and that deleting it at its source may make no difference.

A recent article on the Equifax hack suggested that apart from violating the principle of keeping other people’s data confidential, the Equifax breach may not have done much real damage after all.

The contention is that the personal data was already available to any one willing to pay for it, from other organisations on the web. Is that true and if so, what can enterprises and individuals do about it?

If the internet is so transparent, the first rule about data must be the same as the one for gambling and stock market investments: never put up more than you can afford to lose.



Tuesday, 24 April 2018 15:39

Why the Internet is an Elephant

Accurate communication is essential to keeping your company running smoothly.

When you send a message to associates, you need to communicate clearly and in a professional manner. Typos, grammatical mistakes, use of the wrong names, incorrect dates and times – these messaging errors can give your business, and personal, brand a bad name.

When the communication includes emergency notices and instructions, it’s even more critical that it be accurate and clear. One wrong word or missing detail could lead to negative outcomes, including loss of life or assets. Below, we put together recommendations for implementing an internal message review process for your broadcast messages that will help keep everyone informed and updated accurately.



(TNS) - Californians should expect more dramatic swings between dry and wet years as the climate warms, according to a new study that found it likely that the state will be hit by devastating, widespread flooding in coming decades.

UC researchers in essence found that California's highly volatile climate will become even more volatile as human-caused climate change tinkers with atmospheric patterns over the eastern Pacific Ocean.

The long-term average of annual precipitation in California won't change much, they predicted.



10 Behaviors That Will Put Your Organization at Risk

If your company isn’t ready to comply with the GDPR, then you may need to sound the alarm. Fines for noncompliance could be 4 percent of your company’s annual global revenue. This is not a joke. If you don’t want to be responsible for putting your company in serious jeopardy, then review these 10 behaviors most likely to put your company at risk for noncompliance.

Everyone is talking about the EU’s General Data Protection Regulation, and it’s no wonder why. With 99 rules to comply with by May 25 — the date it goes into effect — GDPR compliance can be a daunting challenge.

But if you don’t comply, it will cost you. Penalties for violating the GDPR can be harsh: as much as €20 (about US$23 million, as of this writing) or 4 percent of your organization’s annual global revenue, whichever is greater. For some types of infractions, the maximum penalty is less: up to €10 million, or 2 percent of the previous year’s global revenue.

Nobody wants to pay that hefty penalty, right? Judging from reports, though, it seems that quite a few businesses may be in danger of having to.

Large global firms may spend as much as $7.8 billion on GDPR compliance, according to Bloomberg. Nevertheless, more than half of those organizations won’t be ready by May, consultants predict.



Tuesday, 24 April 2018 15:35

How To Pay Millions In GDPR Fines

It’s a simple fact: You’d never want an unauthorized user to have access to your data. When thinking about cybersecurity, ask yourself what you risk losing. It could be something as small as losing your email contacts. It could be losing files on your computer. In a worst-case scenario, it could be losing the entirety of your company data. But where do you begin to find and fix your issues?

The rate of cyber attacks is rising, along with the cost to address them. According to CSO, cybersecurity spending will increase by $1 trillion in the next five years. It’s no longer realistic for businesses to leave their cyber protection up to chance. Working with Continuity Centers to create and enact a plan will guarantee your data and company are safe from threats.



Have you ever been driving on the highway and seen a bus go by with the name of an extremely distant city showing on the destination board? Los Angeles … San Francisco … New York City …

I certainly have, and I’m always impressed by how it sets the bus apart from all the other traffic driving along on the freeway. Everyone else is just bustling along, but when you see a bus saying “New York City” above the windshield, you know that driver knows exactly where he is going. Whatever winds blow across the highway, and no matter what little problems might come up, that bus and driver are focused 100 percent on getting to New York, and when they pass you by and continue on out of sight, you can have a high degree of confidence that they will make it there.

Here’s a question for you? Does your business continuity management program have a destination sign in the front window? Or are you just another motorist bustling along at the whim of the winds?



(TNS) - Compared to this time last year, Santa Cruz Police Department’s calls for service are down by more than a quarter.

During a city Public Safety Committee meeting Monday, Police Chief Andy Mills unveiled early plans on how to further drive down those calls.

“Yesterday, I saw a person reporting that he responded to a call of a person dancing in the rain,” Mills told the committee, comprised of Mayor David Terrazas and Councilwomen Cynthia Chase and Richelle Noroyan. “That is why we’re allowing sergeants to screen out calls officers are responding to.”

The department saw the nearly 27 percent reduction in the first three months of the year, to 17,630 calls, in the wake of a consultant’s report showing city officers’ workload-to-population ratio was much higher than many cities Santa Cruz’s size. Arrests, on the other hand, were up nearly 12 percent in the same period, department statistics show.



The IRS spent Tax Day trying to resolve IT issues rather than processing last-minute returns.

When the news broke that the IRS’s Modernized e-File (MeF) system was down, along with the Direct Pay and Payment Plan pages on the IRS site, three possible scenarios that can take businesses down came to mind: a hack, overloaded systems, or pure coincidence.

How likely is each?

The IRS spent Tax Day trying to resolve IT issues rather than processing last-minute returns

While an attacker could breach the systems and/or perimeter and turn off services that allow connections to the systems accepting the tax returns, no one is claiming responsibility and so far, there’s no evidence that this is a malicious denial of service attack.



Florida’s small P/C insurers have withstood losses from Hurricane Irma and a legal environment that’s dubbed a “judicial hellhole” by the American Tort Reform Association, a recent article in S&P Global Market Intelligence reports.

The financial ratings firm Demotech affirmed the financial strength of over 50 companies in late March, a decision found “encouraging” by the CEO of the state-run Citizens Property Insurance Corp, Barry Gilway.

Gilway said that Demotech’s March actions is evidence of the resilience that smaller carriers showed during a year in which Hurricane Irma caused insured losses of about $8.61 billion, according to the latest Florida Office of Insurance Regulation tally.



By Tim Crosby

PREFACE: This article was written before ‘Meltdown’ and ‘Spectre’ were announced – two new critical “Day Zero” vulnerabilities that affect nearly every organization in the world. Given the sheer number of vulnerabilities identified in the last 12 months, one would think patch management would be a top priority for most organizations, but it is not the case. If the “EternalBlue” (MS17-010) and “Conflicker” (MS08-067) vulnerabilities are any indication, I have little doubt that I will be finding the “Meltdown” and “Spectre” exploits in my audit initiatives for the next 18 months or longer. This article is intended to emphasize the importance of timely software updates.

“It Only Takes One” – One exploitable vulnerability, one easily guessable password, one careless click, one is all it takes. So, is all this focus on cyber security just a big waste of time? The answer is NO. A few simple steps or actions can make an enormous difference for when that “One” action occurs.

The key step everyone knows, but most seem to forget is keeping your software and firmware updated. Outdated software provides hackers the footholds they need to break into your network as well as privilege escalation and opportunities for lateral movement. During a recent engagement, 2% of the targeted users clicked on a link with an embedded payload that provided us shell access into their network. A quick scan identified a system with a Solaris Telnet vulnerability that was easily exploitable and allowed us to establish a more secure position. The vulnerable Solaris system was a video projector to which no one gave a second thought, even though the firmware update had existed for years. Our scan thru this projector showed SMBv1 traffic so we scanned for “EternalBlue”; targeting 2008 servers due to the likelihood that they would have exceptions to the “Auto Logoff” policy and would be a great place to gather clear text credentials for administrators or helpdesk/privileged accounts. Several of these servers were older HP Servers with HP System Management Home Pages, some servers were running Apache Tomcat with default credentials (should ring a bell – the Equifax Argentina hack), a few running JBoss/JMX and even a system vulnerable with MS09-050.

The vulnerabilities make the above scenario possible have published exploits readily available in the form of free opensource software designed for penetration testing. We used Metasploit Framework to exploit a few of the “EternalBlue” vulnerable systems, followed the NotPetya script and downloaded clear text credentials with Mimikatz. Before our scans completed, we were on a Domain Controller with “System” privileges. The total time from “One careless click” to Enterprise Admin: less than 2 hours.

The key to our success?? Not our keen code writing ability, not a new “Day 0” vulnerability, not a network of super computers, not thousands of IOT devices working in unison, it wasn’t even a trove of payloads we purchased with Bitcoin on the Dark Web. The key was systems vulnerable to widely publicized exploits with widely available fixes in the form of updated software and/or patches. In short, outdated software. We used standard laptops running Kali or Parrot Linux operating systems with widely available free and/or opensource software, most of the which come preloaded on those Linux distributions.

The projector running Solaris is not uncommon, many office devices including printers and copiers have full Unix or Linux operating systems with internal hard drives. Most of these devices go unpatched and therefore make great pivoting opportunities. These devices also provide an opportunity to gather data (printed or scanned documents) and forward them to an external FTP site off hours, this is known as a store and forward platform. The patch/update for the system we referenced above has been available since 2014. Many of these devices also come with WiFi and/or Bluetooth enabled interfaces even when connected directly to the network via Ethernet, making them a target to bypass your firewalls and WPA2 Enterprise security. Any device that connects to your network, no matter how small or innocuous, needs to be patched and/or have software updates applied on a regular basis as well as undergo rigorous system hardening procedures including disabling unused interfaces and changing default access settings. This device with outdated software extended our attack long enough to identify other soft targets. Had it been updated/patched, our initial foothold could have vanished the first-time auto logoff occurred.

Before you scoff or get judgmental believing only incompetent or lazy network administrators or managers could allow this to happen, slow down and think. Where do the patch management statistics for your organization come from? What data do you rely on? Most organizations gather and report patching statistics based on data directly from their patch management platform. Fact – systems fall out of patch management systems or are never added for many reasons, such as: a GPO push failed, a switch outage during the process, systems that fall outside of the patch managers responsibility or knowledge (printers, network devices, video projector, VOIP Systems). Fact – Your spam filter may be filtering critical patch fail reports, this happens far more often than you might imagine.

A process outside of the patching system needs to verify every device is in the patch management’s system and that the system is capable of pushing all patches to all devices. This process can be as simple and cost effective as running and reviewing NMAP scripts on or as complex and automated as commercial products such as Tenable’s Security Center or BeyondTrust’s Retina that can be scheduled to run and report immediately following the scheduled patch updates. THIS IS CRITICAL! Unless you know every device connected to your network; wired, wireless or virtual and where it’s patch/version health status, there are going to be wholes in your security. At the end of this process, no matter what it looks like internally, the CISO/CIO/ISO should be able to answer the following:

  • Did the patches actually get applied?

  • Did the patches undo a previous workaround or code fix?

  • Did ALL systems get patched?

  • Are there any NEW critical or high-risk vulnerabilities that need to be addressed?

There are probably going to be devices that need to be manually patched, there is a very strong likelihood that some software applications are locked into vulnerable versions of Java, Flash or even Windows XP/2003/2000. So, there are devices that will be patched less frequently or not at all. Many organizations simply say, “That’s just how it is until manpower or technology changes - we just accept the risk”.

That may be a reasonable response for your organization, it all depends on your risk tolerance. What about Firewall or VLANs with ACL restriction for devices that can’t be patched or upgraded if you have a lower risk appetite?? Why not leverage virtualization to reduce the security surface area of the that business-critical application that needs to run on an old version of Java or only works on 2003 or XP? Published application technologies from Citrix, Microsoft, VMware or Phantosys fence the vulnerabilities into a small isolated window that can’t be accessed by the workstation OS. Properly implemented, the combination of VLANs/DMZs and Application Virtualization reduces the actual probability of exploit to nearly zero and creates an easy way to identify and log any attempts to access or compromise these vulnerable systems. Once again these are mitigating countermeasure when patching isn’t an option.

We will be making many recommendations to our clients including multi-factor authentication for VLAN access, changes to password length and complexity, and additional VLAN. However, topping the list of suggestions will be patch management and regular internal vulnerability scanning, preferably as the verification step for the full patch management cycle. Keeping your systems patched makes sure when someone makes a mistake and lets the bad guy or malware in – they have nowhere to go and a limited time to get there.

As an ethical hacker or penetration tester, one of the most frustrating things I encounter is spending weeks of effort to identify and secure a foothold on a network only to find myself stuck; I can’t escalate privileges, I can’t make the session persistent, I can’t move laterally, ultimately rendering my attempts unsuccessful. Though frustrating for me, this is the optimal outcome for our clients as it means they are being proactive about their security controls.

Frequently, hackers are looking for soft targets and follow the path of least resistance. To protect yourself, patch your systems and isolate those you can’t. By doing so, you will increase the level of difficulty, effort and time required rendering a pretty good chance they will move on to someone else. There is an old joke about two guys running from a bear, the punch line applies here as well – “I don’t need to be faster that the bear, just faster than you…”

Make sure ALL of your systems are patched, upgraded or isolated with mitigating countermeasure; thus, making you faster than the other guy who can’t outrun the bear.

About Tim Crosby:

Crosby TimTimothy Crosby is Senior Security Consultant for Spohn Security Solutions. He has over 30 years of experience in the areas of data and network security. His career began in the early 80s securing data communications as a teletype and cryptographic support technician/engineer for the United States Military, including numerous overseas deployments. Building on the skillsets he developed in these roles, he transitioned into network engineering, administration, and security for a combination of public and private sector organizations throughout the world, many of which required maintaining a security clearance. He holds industry leading certifications in his field, and has been involved with designing the requirements and testing protocols for other industry certifications. When not spending time in the world of cybersecurity, he is most likely found in the great outdoors with his wife, children, and grandchildren.

Did you know that business continuity management professionals are a lot like family doctors?

Let’s rephrase that: BCM professionals SHOULD conduct themselves like family doctors, in many important respects.

The family doctor, of course, is the general practitioner who takes a holistic view of our medical care. They’re mindful of the whole spectrum of our well-being, physical and mental, and often coordinate the efforts of various specialists.

Ideally, business continuity professionals should approach their role as the family doctors of the BC program, overseeing the efforts of the subject matter experts who are the leaders of the various business units.



We hear a lot about “digital transformation” these days. It’s constantly on the minds of every CIO, CISO and CTO. Marketing and sales organizations are keenly aware of the importance of the ‘digital experience’ they offer their customers. CEOs and boards of directors discuss how their companies should respond to the growing demands of a digital economy, and the value that comes from the right technology approach.

But what does digital transformation really mean? Quite simply, the very nature of business has changed as technology has infiltrated our lives. From apps that track customer location, social media activity and spending power, to RFID readers that help manage factory automation – technology has enabled businesses to respond to customers and markets better than ever.

To manage all this technology and the data that comes with it, companies are adopting various types of clouds. IT executives want to adopt cloud technology to gain the inherent benefits of cloud, but at the same time, they need to minimize the risk and resource impacts associated with their cloud deployments.



Just when you were done being afraid of the cloud, it turns out the real threat comes from the folks making your processors. In about one day, your computer’s brain became the biggest computer security threat, likely ever.

Unless you’re in hibernation for the winter, you know all about the Meltdown and Spectre CPU vulnerabilitiesthat affect every processor made in the last 15 years from, well, everyone. Now hold on, don’t roll your eyes. I’m not going to regurgitate the same old news about what’s affected, what mitigations are available, or what you need to patch. That’s boring and I’ve already read enough of those articles to make my own eyes glaze over.

Instead let’s talk about is the overall approach to security in your own environments. Maybe that’s your datacenter, your client machines spread across the world, your Amazon, Azure or Google Cloud services, it doesn’t matter. When a threat affects everyone, from your grandmom in Ohio that only uses Facebook to the largest organizations on the planet, we should all take a step back and evaluate ourselves.



Creating an emergency response plan that truly works when you need it requires research, thought and consideration — and a great deal of flexibility.

It’s practically impossible to consider every type of disaster that could occur or to plot all of the variables. The best you can hope for is to create a plan that takes into account broad strokes for any type of disaster. This foundation allows you to build smaller scenarios for specific events, utilizing them as needed to create an ad hoc preparedness plan that is both expansive and flexible at the same time. There are some key considerations that you’ll need in this adaptable foundation, including emergency communication strategies, training development and drills, plan adaptations for different scenarios and continuous evaluation and review processes.

Emergency Communication Strategy

Maintaining a clear line of communication is critical throughout any emergency, allowing you to stay in touch with both internal and external stakeholders and provide necessary information to your audience. When there are only moments to make a decision that could mean life or death, you want to be sure that you have everything in place before you need it. Having a sophisticated push notification option at your fingertips provides you with the ability to send different messages to various audience segments, ensuring that everyone receives the right message for their needs at a particular time. Creating the messages that you want to send before you need them is only the first step. You also have to assure that everyone on your emergency management team fully understands your platform and is able to use it seamlessly when they need to.



Our world has gone global and mobile at a drastic speed in the last decade.

Giving your employees the right tools and amount of accessibility is vital to the success of your organization. Here are some of the leading technologies and tools that can assist your employees in achieving significant gains in the mobile workforce.

Go Big on Mobile Technology

Let’s talk tech. Providing a mobile phone for voice calls and texting is not enough if you want to stay truly connected with your remote workers. In a review of the TRaD Works Forum by Inc. magazine, ways you can elevate your mobile technology includes providing your workers with virtual toolkits on their mobile devices.

The virtual toolkit consists of a variety of technologies and services readily available to any person who joins your mobile workforce. The toolkit can be easily uploaded to your company phones or mobile devices. Toolkits often include apps for file sharing, project management, emergency notification, virtual meetings, and video chats. Having the toolkits ready in advance speeds implementation when a new employee is onboarded.



The Importance of Digital Vendor Management

As the digital landscape grows and changes, businesses rely on an increasingly sprawling network of third, fourth, and fifth parties to render final, consumer-facing content. Chris Olson, CEO at The Media Trust, explains why a sound digital vendor management strategy is so crucial not only for compliance purposes, but also for brand health.

The digital age breeds constant change – none more powerful than the availability of data and, more specifically, the ease of collecting and using personal data. For industry, this data has the power to both accelerate new opportunities for growth and act as an anchor to drag down momentum. In an era where businesses prize data and guard against its misappropriation, its troubling that this discernment doesn’t carry over to the digital environment, where countless third parties and partners on enterprise websites and mobile apps have access to personal user data, often without a company’s knowledge.

Impending regulations and the changing political landscape require a more cautious approach to the collection, use and sharing of personal data. Threats of not only hefty fines, but also long-term reputational damage induce enterprises to take a closer look at their own websites and mobile apps to understand exactly which partners execute code and which capture personal data. This basic knowledge — standard elements in a vendor risk management program — could very well be the key to mitigating future troubles if adapted for a digital-first economy.



Monday, 16 April 2018 15:05

Data Is Power: Wield It Wisely

(TNS) - A likely change in federal reimbursement policy for local governments' disaster-related costs could impose a new financial burden on county governments.

Currently, school districts and county governments submit their costs associated with hurricanes or other natural disasters separately to the Federal Emergency Management Agency.

The Manatee County School District — which opened 24 campuses as shelters prior to Hurricane Irma in September — submitted to FEMA documentation for more than $1 million just in labor costs. It has yet to be reimbursed and is still calculating other expenses associated with its feeding and housing more than 25,000 evacuees.



There are few things more important than the willingness to work hard when it comes to building a top-flight business continuity program. However, I am sorry to report that hard work is not enough. In fact, sometimes it can lead you into a ditch.

How so?

The answer is when people are so intent on working hard that they forget to make sure what they are doing is actually useful for accomplishing their primary goals.

As John Wooden said, “Never confuse activity with achievement.”

I mention the foregoing because I wanted to talk about BCM metrics today, and metrics is one area where, in my experience, people are especially likely to confuse effort with results.



Friday, 13 April 2018 14:43

You’re Doing It Wrong: BCM Metrics

(TNS) - Officials from the city, state, Kamehameha Schools and National Oceanic and Atmospheric Administration unveiled a dramatic, 10-foot high banner at the steps of Honolulu Hale Wednesday to hammer home the threat that tsunamis can wreak across the islands at any moment.

The banner includes a map of Oahu that pinpoints just six of the more than 100 tsunamis that have hit Oahu since tsunamis have been recorded. Its 10-foot height is just a third of the 30-foot wave that pounded Kaena Point in 1952, Mayor Kirk Caldwell said.

But the tsunami threat to Oahu and all of the neighbor islands never ends, Caldwell said, as tsunami information brochures are going out in 13 non-English languages, including Hawaiian, for the first time.



Friday, 13 April 2018 14:37

Tsunami Threat Never Ends

Few activities and operations are truly set it and forget it.

Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception.

Business continuity in most cases requires periodic adjustment because environments and conditions are constantly changing.

However, here’s a thought that could change that.

The idea comes from the combination of the self-driving vehicle and decentralised financial transactions, plus the Uber (or Lyft or whoever) model of hire-to-drive services.

In theory, the artificial intelligence in the vehicle would allow it to interact with the Uber model to acquire customers, and use a technology like blockchain (decentralised transactions) to receive payment for services rendered and make payments on its lease back to its manufacturer.



Charles Werner remembers back to 1978 when as a new Charlottesville, Va., firefighter he came upon an incident involving a train in the heart of the city.

This train had been leaking carbon disulfide while running on the outskirts of Charlottesville and the conductor thought he’d just guide it into town and park it close to where the fire station was. Unfortunately, as the train arrived in Charlottesville, the leaking carbon disulfide caught fire from sparks from the train’s breaks.

Werner said it took 24 hours to get the leak and fire contained and a good portion of that time was spent getting information on what exactly was leaking and what the hazards were. If that were to happen today, Werner and all other fire service personnel and other first responders could have access to the train’s contents in minutes with the AskRail mobile app.



Study by Cavirin finds organizations are concerned with visibility and the ability to manage risk and security with hybrid cloud accounts and workloads

SANTA CLARA, Calif. – Cavirin Systems, Inc., the only company providing cybersecurity risk posture and compliance for the enterprise hybrid cloud today announced the availability of Cavirin Hybrid Cloud CyberPosture Intelligence. CyberPosture intelligence is the ability to deliver risk, cybersecurity and compliance management by providing visibility and actionable intelligence to the CISO and other stakeholders across hybrid environments.  The Cavirin platform delivers this through real-time visibility, predictive analytics, and intelligent remediation through DevSecOps integrations.

In a new study of 250 hybrid cloud security leaders, “Cyber Security Posture: The Challenges and Strategies of Hybrid Cloud”, the two top concerns identified were verification that public cloud accounts are secure (69 percent) and confirmation that workloads in the cloud are secure as well (69 percent).  This lends credence to the reality that both account and workload security are critical.

However, security is still a key issue and barrier to adopting a hybrid cloud architecture, with specific concerns including increased complexity (55 percent), a lack of visibility into cloud endpoints (32 percent), difficulty instituting security controls (37 percent) and a clear need for more assessment tools (29 percent).



Law firms face a significant challenge during critical events: quickly locating their people to keep them safe. Lawyers, and those supporting their activities, typically do not work solely in one location. At any given time, some of them will be working in offices, spread across floors, buildings, cities, and even countries while others will be working from home or visiting a client location. This fluid movement has traditionally challenged how firm leadership connects people with the timely information needed to improve outcomes during emergencies.

The evolution of the emergency mass notification market has improved how law firms communicate. Some products focus on speed, accelerating message creation and delivery. Other advancements simplify how company administrators locate people and understand their proximity to danger. As you think about how your firm can use technology to communicate with your people, these must-have elements of a modern mass notification system should be utilized to mitigate loss during any critical event.



Lack of understanding and fear of failure in an enterprise setting is a combination that leaves most organizations paralyzed when trying to develop a digital strategy. In a survey conducted at the 2018 Enaxis Leadership Forum, most business leaders viewed digital transformation as a high priority; however, only 54% claimed to be ready to take advantage of it. Leadership knows that digital driven change is inevitable. In today’s evolving environment change comes in tidal waves, resulting in complete overhauls to revenue and operational models alike. The challenge is understanding WHERE to start and HOW to harness disruptive technologies to create a sustainable and successful digital transformation.

Getting Out Of The Starting Blocks

The first step is to avoid the two most common pitfalls when setting out on a digital transformation:



For businesses, having a disaster recovery plan in place is not optional – it's critical. Indeed, the recent spike in natural disasters has many organizations thinking about their business continuity plans.

Events like hurricanes Harvey, Irma and Maria; tornadoes in the Midwest and South, fires and floods in California and storms all across the nation affected thousands of businesses, causing some to go without power and Internet connectivity for days, weeks or even months.

According to the National Oceanic and Atmospheric Administration (NOAA), 2017 was the costliest year ever for the United States when it comes to natural disasters. The country experienced 16 different events that resulted in more than a billion dollars in damage each, with a total price tag of $306.2 billion.



If your business continuity plan is like most of the plans we see, then it is highly likely that it bears more than a passing resemblance to Swiss cheese.

We don’t mean that it would taste very good served with ham on rye.

We mean that it is probably full of holes—of omissions of key provisions and information whose absence would sharply reduce its effectiveness if and when you had to turn to it to help your organization get through a disruption, and which might even make it fail altogether.

In today’s blog, we’re going to bullet out some of the more common business continuity plan holes—and also explain what can be done to plug them.

Are any of the following holes baked into your organization’s BC plan?



Migrating to the cloud can be one of the best IT moves you can make for your enterprise, offering security, customization, agility and cost-savings.

And Amazon Web Services (AWS) is one of the most reliable and tested cloud service providers available.

Whether you’re already running applications in the public cloud or thinking about getting started, it’s important to know what you can do with AWS.

Here’s an A to Z (but by no means complete) overview of AWS features and strategies that you should keep in mind:



From vacuums that buff your floors while you sleep to drones, self-driving cars, and video games, AI is everywhere. Do you trust it?

Cutter Consortium contributors Keng Siau and Weiyu Wang recently examined the role of trust in AI, machine learning, and robotics. To set the stage, the authors define trust as either (1) a set of specific beliefs dealing with benevolence, competence, integrity, and predictability, or (2) the willingness of one party to depend on another in a highly risky situation, or (3) a combination of 1 and 2. However, that definition is best applied to human, interpersonal relationships.

Trust in a human-technology or human-machine relationship is a little different. In addition to the human characteristics (personality and ability) and environmental characteristics (culture, task, and institutional factors) that impact interpersonal trust, trust in AI, machine learning and robotics are affected by technology characteristics, including performance, process, and purpose. Siau and Weiyu explain:



Thursday, 12 April 2018 14:14

Who (or What) Do You Trust?

(TNS) - The emergency alert systems that blare out warnings during natural disasters, terrorist incidents or manmade calamities could be hijacked into sending out false alarms.

A security company, Bastille, said Tuesday that it had found a vulnerability in San Francisco’s emergency alert system that would allow hackers to trigger the city’s sirens or even blare out malicious messages.

The Boston manufacturer, ATI Systems, said it had developed a patch that will be rolled out shortly and noted that such a hack “is not a trivially easy thing that just anyone can do.”

Balint Seeber, director of vulnerability research at Bastille, which has offices in San Francisco and Atlanta, said he began studying vulnerabilities in the system of 130 or so public sirens and outdoor speakers scattered about San Francisco in 2016. Once he determined the radio frequencies employed, he said it would be easy to hijack the unencrypted system, even using only a $30 radio and a laptop.

A hacker could broadcast his or her own voice as a public address audible to the entire city, Seeber said.



Puerto Rico is still suffering the devastating aftereffects from 2017 hurricanes Irma and Maria. Rebuilding the island will cost up to $50 billion according to a recent statement by FEMA head, William “Brock” Long.  Many residents are still without power and the new hurricane season is just around the corner.

The situation in Puerto Rico is a warning to North America of what could happen If we fail to address our outdated and crumbling infrastructure, according to a new report from Zurich North America.

The report, Rebuilding Infrastructure: The Need for Sustainable and Resilient Solutions, points out that during the years leading up to Hurricane Maria, Puerto Rico’s infrastructure had been in increasing need of routine maintenance. The island’s power grid had fallen into a particular state of disrepair as a result of declining revenues and political corruption.



The 4 extreme threats public safety personnel need to know

By Glen Denny, Baron Services, Inc.

78% of disasters recorded in the United States each year are weather-related. Still, when asked what type of incidents they expect to respond to over the next year, Emergency Management Personnel (EMP) and public safety officials underestimate the number of weather-related disasters that will occur. This misconception results in EMP and public safety officials being undertrained to respond to weather-related disasters. In order to more effectively and cost efficiently keep the public safe, EMP and public safety officials need to be more knowledgeable about weather phenomenon and the impact severe weather can have on their communities. In the United States, there are a few weather threats that are nearly universally experienced across the country. These are thunderstorms, tornadoes, lightning, and hailstorms.


The most common severe weather threats seen in the United States and worldwide are thunderstorms. A thunderstorm is a rain shower which features thunder. Since thunder is generated from lightning, all thunderstorms feature lightning, whether frequently visible or not. There are approximately 100,000 thunderstorms each year in the U.S. alone. While this indicates that thunderstorms are quite common, specific atmospheric conditions must be present for a thunderstorm to form. Three basic ingredients are required for the formation of a thunderstorm:

  1. Moisture: This needed to form clouds and rain.
  2. Unstable Air: Air that is relatively warm and can rise rapidly.
  3. Lift: from fronts, sea breezes or mountains

Lightning is produced high in thunder clouds when liquid and ice particles above the freezing level collide and build up large electrical fields. Once these electric fields become large enough, a giant “spark” occurs between them (or between the particles and the ground) like static electricity, reducing the charge separation. The lightning spark can occur between clouds, between the cloud and air, or between the cloud and ground. Thunder is caused by the rapid expansion of the air surrounding the path of a lightning bolt.

It is likely that nearly all Americans have experienced a storm in their lives that featured the above characteristics. However, the majority of thunderstorms, while impressive to watch, are mostly harmless. Only about 10% of thunderstorms reach severe levels. A thunderstorm is classified as severe when it contains one or more of the following:

  • Hail one inch or greater
  • Winds gusting in excess of 50 knots (57.5 mph)
  • A tornado

These criteria are not widely known by laypeople, so, in an effort to better communicate severe weather hazards and risk, the National Weather Service (NWS) Storm Prediction Center released a graphical table which concisely describes the hazards associated with five increasing levels of severe weather risk intended to complement the maps they release every day.




One of the characteristics of a thunderstorm that will make the NWS classify it as severe is the presence of one or more tornadoes. Tornadoes, though, are much more than a characteristic of a severe thunderstorm. They are a severe weather threat all their own – perhaps the most dangerous of the common threats discussed in this article. And they are quite common – The US leads the world with an average of 1,000 tornadoes every year.

Tornadoes are the most violent of all atmospheric storms. A tornado is a swiftly rotating column of air that descends from the bottom of a thunderstorm cloud to the ground. Tornadoes become visible as a condensation funnel is created. The funnel is composed of water droplets and dust and debris swept up from the ground. The most destructive and deadly tornadoes are born of supercells – giant rotating thunderstorms with a defined radar circulation called a mesocyclone. While much research has been conducted around tornadoes, researchers are still not entirely sure what exact combination of circumstances are needed for their creation. The most common theories revolve around the temperatures and downdrafts in and around the mesocyclone. There is also still a great deal of mystery surrounding the exact forces which cause a tornado to dissipate.

While tornadoes can occur any time of year, peak season for the hardest hit regions of the country are:

  • Southern Plains: May into early June
  • Southeastern US: Early spring and fall
  • Gulf coast: Early spring
  • Northern plains/upper Midwest: June or July.

Most tornadoes occur between 4 and 9 p.m., but can happen at any time of day when conditions are favorable.

The NWS uses a watch and warning system to indicate the tornado threat level in an area during a severe thunderstorm. A Tornado Watch is issued by NOAA Storm Prediction Center meteorologists when conditions are favorable for a tornado. A watch can cover parts of a state or several states. The NWS recommends residents in the area of a Tornado Watch review and discuss their emergency plans, and be ready to act quickly if a warning is issued or if a they suspect a tornado is approaching. A Tornado Warning is issued by the local National Weather Service Forecast Office responsible for monitoring weather in a specific region. A Tornado Warning means a tornado has been reported by spotters or identified by radar. This designation signifies that persons and property in the path of the tornado are in serious danger. Residents should take shelter at once. Warnings can apply to parts of counties or multiple counties along the anticipated tornado track and typically last less than an hour.


Another characteristic of severe thunderstorms that is a real threat even considered on its own is lightning. Cloud-to-ground lightning bolts are a common phenomenon – about 100 strike Earth’s surface every single second – and yet their power is extraordinary. Each bolt can contain up to one billion volts of electricity and travels at 90,000 miles/second. A bolt can be over five miles long and can strike up to 10 miles from an area of rainfall.

In the United States, there are about 25 million lightning flashes every year. While lightning fatalities have decreased over the past 30 years, lightning continues to be one of the top weather killers in the United States: lightning causes an average of 50- 60 fatalities each year. Research has shown that dramatic increases in lightning over a short period of time, especially positive strikes, indicates storm intensification.

A few key facts about lightning:

  • Standing under a tree is the second leading cause of lightning fatalities. If you must be outside during a thunderstorm, under a tree is not a safe place to take shelter.
  • Rubber-soled shoes do not provide any meaningful protection from lightning.
  • Victims of lightning do not retain the charge and are not electrified. It is safe to help them.

https://www.nssl.noaa.gov/education/svrwx101/hail/Hail is another aspect of a thunderstorm that when present in certain forms, with cause the NWS to classify the storm as severe. Again, like lightning, hail is also a threat considered on its own, but is even more threatening when present in the typical conditions of a storm. Hail forms when the warm updraft of a thunderstorm pushes water droplets high enough into the clouds to freeze. These frozen droplets are caught by the storm’s cold downdraft and pushed down into warmer air. As the frozen droplets begin to melt, they pick up more water droplets and grow larger. With each pass of this cycle, the frozen water droplets become bigger and heavier. Eventually, the updrafts are no longer strong enough to push the large droplets up and around, so the balls of ice finally fall to the ground as hail. The stronger the updraft, the larger the hailstones become.

According to the National Weather Service, hail is generally no larger than 2-inches in diameter. However, hail has been known to come in many different shapes and proportions and a standard scale was developed to describe it, ranging from nickel-sized (roughly .75” in diameter) to softball-sized (4.5 inches in diameter). Hail as small as 1” in diameter can cause damage, and severe thunderstorms can feature hail 2” and larger.

The Perfect Severe Weather Tool for All Regions

http://www.baronweather.com/industries/public-safety/emergency-management/weather-monitoring-system/baron-threat-net/Throughout this article, we have discussed the various kinds of common severe weather threats in the United States. But how can EMP and public officials know for sure when a weather event has reached severe levels? An example of a tool that public safety officials and EMP can use to help them protect their area with precision is Baron Threat Net. Baron Threat Net is a web-based meteorological tool that provides critical weather intelligence when and where it is needed most. Baron Threat Net delivers the features safety officials need to be decisive and accurate when responding to severe weather. With a tool like Threat Net, EMP can easily track tornadoes, flooding, lightning strikes, dangerous road conditions, hail coverage and probability and more. No matter the location, severe weather can strike in many forms. One thing is certain: mother nature won’t wait. It is up to EMP and public officials to educate themselves on the threats posed to their region, to use the appropriate tools to track those threats, and then to act on those threats appropriately.

Tuesday, 10 April 2018 20:06

Severe Weather:

April is National Volunteer month, and in time with this event State Farm® has conducted an interesting survey which reveals key insights into what motivates people to volunteer.

The study found that that only 23 percent of younger millennials currently volunteer, compared to 46 percent of older millennials (those who are married, have kids, or own a home). State Farm research confirms what others have found, that younger people are looking to align their giving opportunities with their life goals.

Millennials have supplanted Baby Boomers as the largest population group in the United States, and as a result they have the biggest potential to influence volunteerism.  With that in mind the study offers several useful tips for engaging young professionals in volunteer activities:



8 Principles to Guide the Risk Assessment Process

Organizations don’t need to involve the board in every risk by any means, but critical enterprise risks are a special breed. Protiviti’s Jim DeLoach provides the formula for an appropriately designed risk assessment process – the first step to identifying and ultimately mitigating the risks in this category.

Directors and executives need to consider several categories of risk. Of particular interest are the normal, ongoing business management risks, emerging risks and critical enterprise risks. Below, we focus on the last category, which we define as the top five to 10 risks that can threaten the company’s strategy, business model or ongoing viability.

These risks should be a significant focal point of the board’s risk oversight agenda and risk-related discussions in the C-suite, because they present the most significant risks (and opportunities) affecting the achievement of the performance objectives of greatest importance to the enterprise’s leaders. Identifying them provides a starting point for assigning ownership for management; once ownership is assigned, accountability for results can be established and monitored over time.



Do more with less.

Who hasn’t already heard that in business?

And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it.

The more DRP and DRM can help you increase profits or cut costs, without sacrificing disaster recovery effectiveness, the safer your DR budget will be. Here are a few ideas.



Ransomware and malware may have been the leading concerns for healthcare IT professionals in 2017, but 2018 is likely to be the year when data governance becomes an even bigger issue to address.

Between preparing for the GDPR May 2018 release date, and the overwhelming number of data breaches, healthcare IT security professionals will have plenty to keep them up at night.

Big data is once again in the spotlight as healthcare leaders look for ways to streamline processes, reduce costs, and improve the patient experience. Unfortunately, quality problems with personal data and analytics frequently lead healthcare IT teams to focus on improving data quality first, with governance taking a back seat.



Using Content Analytics to Ensure Compliance

Buzzwords like AI and machine learning tend to grab the attention of C-suite leaders, but the most exciting tool in the digital transformation toolbox is RPA, robotic process automation. Anthony Macciola defines RPA, discusses the realities of machine learning and covers strategies for driving content intelligence.

There has been no other new regulation in recent years that has made organizations worldwide in every industry more concerned than the EU’s General Data Protection Regulation (GDPR). Effective May 25, 2018, it expands the rights of individuals to control how their personal information is collected and processed and forces organizations to be more accountable for data protection. Violators risk a minimum fine of at least €20 million or 4 percent of global revenue, so naturally, global organizations are turning to technology to help ensure compliance.

At the root of GDPR is personal data that directly or indirectly identifies a natural person in any format. It mandates that organizations cannot keep data and content forever and advocates better records management and strong information governance. That, however, is where the compliance challenge lies: information is locked inside of documents. Many organizations are turning to robotic process automation (RPA) to help unlock information from documents in any format – whether structured or unstructured, digital or not.



Tuesday, 10 April 2018 16:02

The Impact Of RPA On GDPR

In an emergency situation, having an effective mass notification solution does more than protect individuals and keep them safe.

It also gives residents a sense of confidence. They understand where to go when they need information about local hazards. They know where to turn when they want to find out if an emergency is imminent. These are key to helping provide effective emergency preparedness alerts and information before a disaster. Find out how you can increase the success rate of your mass notification system and build trust with your residents.

Statistics on Emergency Preparedness

According to statistics reported by FEMA in the report “Preparedness in America in 2014,” people are becoming more aware of the importance of disaster preparedness and response plans. The report concluded that:



Tuesday, 10 April 2018 16:01

Why Mass Notifications Matter

Page 1 of 3