DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (444)

One of the most common fears that come up when doing active shooter preparedness trainings is the fear of being confronted and shot by a gunman.

Although it’s a common fear, the good news is that it’s not as serious as many people think. By attending life-saving training and preparedness programs, you can dramatically increase your odds of surviving an active shooter event.

While there is no central registry for fatal gunshot wound information, some experts have estimated that, excluding gunshots to the brain, heart and lungs, “on the whole, the survival rate is 70 to 80%.”



From the Oct. 1, 2017, outdoor shooting in Las Vegas that killed 53 and injured at least 1,000 to the Parkland, Fla., high school shooting on Feb. 15 that killed 17 and injured dozens more, active shooter events are dominating the news.

As a result, organizations are realizing that they need to create or update their active shooter preparedness plans. A critical part of these plans includes lockdown procedures, including knowing how and where to shelter-in-place. By planning and training for lockdowns, organizations can provide clear guidance on what to do to save lives.



When we get sick, are you the type of person who rushes right to the doctor for treatment or would you try your home remedies first?  Whether you chose to increase your vitamin C intake, drink plenty of fluids, rest and take over the counter medications, or receive a prescribed antibiotic, the hope is that you were able to have a speedy recovery.  More importantly, hopefully you were able to contain the cold and not spread it to family and friends.   Regardless of the situation, a decision had to be made to get medical attention or not, while also taking into consideration your family and their health.  The same should be considered when planning for a pandemic type situation at your company.

In 2018, many companies gawk at the idea of still planning for the big “pandemic” outbreak; however, take into consideration that it could take weeks if not months for the Public Health Department along with Center for Disease Control (CDC) to identify a public health emergency. Emerging viruses or new global pathogens are difficult to assess due to several factors: no diagnostic tests exist, treatment/prevention may not be available, poor understanding of transmission and many locations could be affected at the same time causing resources to be scarce.  And, after identification, it could take several months to develop antibiotics to treat the infectious disease. In the meantime, your organization will see a degradation of services provided working with limited staff.

Now that the number of cases related to influenza is decreasing in March, your planning activities and preparation should increase and mature.  As part of your planning, what are you prepared to do if faced with a “pandemic” situation in your workplace?  Here are some factors to consider within your plan:



Managing a business continuity program is a job that puts unique political burdens on its practitioners, as you will be well aware if that’s what you do for a living. Few other departments face the same need to continually justify their existence to senior management as the BC program, and few are as dependent on having good working relationships with other departments.

For these reasons, it is valuable for the BCM professional to step back every now and then and think about how they can work smoothly with the other entities within their organization, both vertically and horizontally.

To help you do this, in today’s post we’ll share a few thoughts on the different hierarchical levels found at most organizations, and sketch out what interaction each typically has with the BCM program. In the end, we’ll give a few tips to help you navigate among the different levels at your organization so that your program has a better chance of obtaining the resources and support it needs to perform its critical if sometimes undervalued mission.



The bigger an organisation gets, the more the plans multiply. There may be plans for dealing with contingencies, crises, disasters, emergencies, pandemics, risks and who knows what else, all in addition to your business continuity plan.

Even for small and medium-sized businesses, it is not always clear as to what should go into which plan, and how many of them you need. Here’s a quick rundown and rule of thumb guide to what you should have and how it all fits together.

The first step is to understand your business risks. Whether you are starting a business or already running one, you need to know what could affect it.

Depending on the risk in question, including its potential impact and probability of occurring, you then have up to four choices. You can eliminate it, transfer it to somebody else, mitigate it or accept it.

Your business continuity plan then starts with the risks you have decided to mitigate or accept. It is also a document that focuses on maintaining or restoring business operations.

While it does not ignore personal safety, items like evacuation procedures are handled in a separate emergency plan. The two plans can, of course, reference each other.



(TNS) — First there were the simulated gunshots and actors screaming.

Then came shouts of pain and desperation.

"Owww! Oh my God!"

"Help! Help!"

"I think I'm dying."

The chaos, simulating the aftermath of a movie-theater shooting, was created for the benefit of about three dozen Ohio State University medical students.

Held in a training area on the OSU Wexner Medical Center campus, the Tuesday event was designed for fourth-year medical students who are finishing up an optional course in emergency preparedness and disaster response. Also participating were students who plan to specialize in emergency medicine.

Each was asked to play a part in the scenario, from the theater-goer trying to help victims to the emergency medical technician to the emergency department physician.



Hard disk drives have been around forever, if you define “forever” as 1953. In 2018 they are still the backbone of data storage, even with fast-growing SSD sales and the tenacity of tape.

Let’s look behind the curtains at modern HDD technology, capacity, performance, and reliability. We’ll revisit the types of hard drives in use in business today and peek into the future of storage and hard disk drives.



Thursday, 15 March 2018 14:11

Hard Disk Drives: An Overview

Not All Emergency Notification Systems Are The Same

Does your company have a modern mass communication system? When I say “modern,” I am referring to one that doesn’t rely solely on email or phone; one that is able to contact employees on multiple devices simultaneously; one that can be activated in a matter of seconds and reach its intended audience within minutes. I’m going to add another feature in the mix because it is so invaluable when it comes to reaction time – interactive maps.Interactive maps use GPS to track and monitor employees and events – not in a creepy, big brother way but in a way that ensures employees are safe and accounted for no matter where they work. GPS can provide more immediate location information to help first responders to act quickly when seconds count. Think of it this way: if you were working in a location where an emergency struck, would you be uncomfortable or thankful that your employer was sending help to your exact location within seconds of the incident?



Millennial women have embraced STEM and are steadily driving up the percentage of women pursuing technology careers. But finding women in technology leadership roles is still rare. Although women have been involved in “computing” since the late 1800s, when a team of women at Harvard were tasked with computational duties that their male counterparts considered too tedious, it was only recently that we entered in the corner office of technology companies. Women like Meg Whitman, Diane Greene, Ginni Rometty and Cheryl Sandberg are inspirational leaders paving the way for my generation and continue to prove we can be successful in any technology position.

What took so long? And what can women in technology do to shape their career paths so we can continue to grow the number of women in the C-suite?

My company, Sungard Availability Services (Sungard AS), has a corporate vision that mirrors many of the things I have learned in my own career. “At Sungard Availability Services, we design, build, and run production and recovery environments that are more resilient and available – giving your business the agility it needs to compete cost-effectively in the marketplace.”

Being resilient, agile, available, and ready to meet the competition all while building relationships along the way will undoubtedly help to advance your career. So, here are five of my own top tips for women building their careers in the technology field, based on my own experiences:



Wednesday, 14 March 2018 14:50

5 Career Tips for Women in Technology

Let’s admit it. We don’t always read everything corporate sends out. We are all bogged down with too many emails, voicemails we rarely hear, and well-meaning company newsletters that hardly get a look. No offense to the people who take the time to put them together, but we all have a lot to manage these days and kind of assume the critical stuff will get to us somehow.

What can a company do to improve employee communications open rates? Here are a few ideas to ensure you get your messages heard.

Only communicate what really needs communicating.

Choose your words wisely, a proverb surely once said. If you want to get your employees’ attention, you have to be selective on what you put out there. If you’re mass emailing every little thing on a frequent basis, chances are, your emails are ending up in the recycle bin.

Instead, decide how frequently you really need to communicate and what exactly you should communicate on a regular basis. New product launch? Sure thing. Accounts won? Likely so. Reminder that St. Patrick’s Day is coming and wear green? Please don’t. Of course, some communications aren’t planned for, such as emergencies or other critical events. You can still establish a protocol for these, however, by assessing your risks per location and devising a communication plan for the most probable scenarios.



(TNS) - The third nor'easter in two weeks has left 108,000 households in the dark in Massachusetts this morning, as a blizzard warning has extended through Boston.

Strong winds reduced visibility to near zero as the storm drove north from New Jersey this morning, prompting the National Weather Service to extend its blizzard warning overnight to include Boston.

“That is a change from yesterday,” said NWS meteorologist Kim Buttrick. “Basically, pretty much the entire eastern coast of Massachusetts is under a blizzard warning.”

That warning will remain in effect until 8 p.m., as will a winter storm warning for the rest of the state. Buttrick said 12 to 18 inches of snow is still expected to blanket Massachusetts east of Worcester east. Plymouth County and upper Cape Cod could get slammed with up to 2 feet of “white mud,” wetter, pastier snow than locations north and west.



A huge amount of innovation is taking place around AI right now. Many, including Cutter Consortium Senior Consultant Curt Hall, think AI has the potential to disrupt lots of industries, including banking/financial services, healthcare, automotive, retail, Internet of Things (IoT), IT security, government, and the military.

We’re in the midst of conducting a study on AI and machine learning. As part of it, we’ve asked end-user organizations how they feel about the potential for AI to disrupt their particular industries and lines of business. While the research is ongoing, a snapshot of the first 64 responses shows that more than ¾ of them think AI might impact their organization’s industry or LOB, and only 8% say it won’t have any impact at all! Curt Hall reacts:

Given that AI remains a technology many organizations are still trying to determine how to practically apply, this finding is impressive. It indicates that the majority of organizations view AI as having some potential to seriously shake up the industries in which they operate.



Wednesday, 14 March 2018 14:47

How Much Disruption will AI Cause?

(TNS) - After six months of chasing down and documenting the death and destruction Hurricane Irma left behind from the eastern Caribbean to the Carolinas, the National Hurricane Center released its report on Monday.

It underscores the wide swath of damage left behind by the massive storm, which brought wind and storm surge to much of Florida last September.

At least 129 deaths are attributed to the storm, either directly or indirectly. Irma's powerful storm surge, seas, winds and flooding were directly responsible for 44 deaths, concluded the team of three hurricane specialists who wrote the report, John Cangialosi, Andrew Latto and Robbie Berg. At least another 85 deaths were indirectly related to the storm.



Did you know that the hidden cost of climate change is now reaching billions of dollars a year?

Between hurricanes, wildfires and yes — tornados — the U.S. has been devastated both physically and financially by natural disasters. According to a new report published by the Universal Ecological Fund in late 2017, extreme weather has caused over $240 billion per year in damage to our world. While hurricanes may get the big billing on the news due to the extended length of the impact and subsequent flooding, tornadoes alone cause billions of dollars of damage each year. In 2017 alone, there were 425 tornadoes between January and March 2017, and 2018 and future years are expected to be even worse. See how these costs can potentially be mitigated by early warning of these natural acts.



It’s commonplace to see articles and discussions about cyber security and the law, but this article is not about that.

It is about cyber security and law firms, those august institutions with their lawyers, barristers, and attorneys.

Legal firms benefit from a sort of professional halo that makes it more difficult to question their probity and their cyber security.

Yet in the light of the Panama Papers data breach of last year, the legal sector may need to do some significant catching up in terms of protecting its own assets and those of its clients.

IT has brought benefits to legal companies, but has also multiplied their risks.

Legal firms often manage not only their own data and financial resources, but those of their clients too. They handle sensitive customer data, details about company operations including mergers and acquisitions, and initiate movements of client funds, including those destined to buy other companies.



Tuesday, 13 March 2018 14:36

Cyber Security and the Legal Sector

Digital transformation refers to the integration of technology into all areas of a business resulting in profound changes in how the business operates and interacts with customers.

A recent McKinsey and Company blog post points out that successful companies do not just focus on a digital strategy but instead devise a strategy for the digital age —  “a complex, many-tiered undertaking that is made more challenging by continuously shortened development cycles.”

The post explores a few of the digital transformation lessons insurance companies learned in 2017 and questions CEOs should be asking in 2018.



(TNS) — Between the Oroville Dam emergency spillway and wildfires, the past year was a learning opportunity for area emergency services officials.

Though emergency response plans have long been in place, 2017 presented lessons in public trust, public notification, emergency center organization and preparedness.

Officials submitted reflections on what their entities have learned about emergency response and how Yuba-Sutter is better prepared for the future.

Smith traveled to Emmitsburg, Maryland Feb. 21 and 22 on behalf of Sutter County to participate in the 25th annual National Dam Safety Program Technical Seminar, at the Federal Emergency Management Agency’s National Emergency Training Center.



On October 1, 2018, a shooter from the 32nd floor of the Mandalay Bay hotel opened fire upon a concert crowd fenced in a 15-acre open air lot. 1,100+ rounds were fired in a span of 10 minutes. 58 people died, excluding the shooter, 851 were injured of which 422 were gunshot wounds. 14 of those shot were off-duty firefighters and police officers enjoying the concert. Police and EMS personnel assigned to work the concert that night also took fire.

How do you react when under live fire? What do you do when there are people to help? How do you manage your emotions afterwards?

I am an All-Hazards Psychological Trauma Responder that was deployed to both the Route 91 Harvest Festival concert massacre and most recently the Marjory Stoneman Douglas High School shooting rampage. I supported the Crisis Intervention teams response for each incident.

Las Vegas Fire-Rescue (LVFR) personnel, both on and off-duty, did a heroic job of saving lives. Heroic is not a word I like to use as it has become diluted by overuse. However, in this case, there is no other word to describe their efforts.  LVFR saved people during the shooting and triaged afterwards. The large number of injured and dead was overwhelming. The ever-present thought expressed was “We have a job to do…”



Technology is not like a fine wine. It doesn’t get better with age. This fact can hit a company pretty hard. When you realize your technology has depreciated significantly enough that it causes damage to your company’s productivity, you’re now in the market for a new system of tools. To avoid dropping $30,000 or more on new hardware, you may want to consider infrastructure-as-a-service (IaaS).

IaaS is simply a way to get you to industry standards in terms of your technology. This is often called certified network infrastructure. All it means is that your equipment and network is current enough to be compatible with the latest technology. (If your files are saved on floppy disks, for example, you’re going to have a tough time with business continuity.)

IaaS is a new way for businesses to bring their technology up-to-date while giving them some exciting tax benefits to help improve profitability by flatlining IT budgets.



Monday, 12 March 2018 14:11

Why Outsource Your Infrastructure?

A prevalence of high-risk industries such as mining, exposure to powerful pesticides in agriculture and the exacerbation of risks due to climate change, these are just some of the factors that contribute to occupational health and safety hazards in Latin America. But a culturally rooted lack of awareness and engagement is perhaps the greatest danger of all. 

With some 130 million workers earning their livelihoods in conditions of informality and one in ten not having access to social protection, it is little wonder that health and safety is not always top of mind for employees in the Latin America region. However, some organizations are taking the lead in challenging the mindset of many of their workers to bring their health and safety performance to the next level. Here, we talk to experts in Latin America about “where to from here” with ISO 45001, the new International Standard on occupational health and safety management systems.

“Occupational health and safety concerns all of us… It is about the lives and well-being of our colleagues,” says Sergio Henao Osorio, Organizational Change Manager at Ingenio Pichichí S.A., one of Colombia’s leading sugar cane manufacturers. “But the key issue in Colombia is that there is not a true health and safety culture in the workplace. That is one of our challenges, but it is also one of the pillars of our mission: to make it a key value for all our staff, and something we honour in all our activities.”

Ingenio Pichichí S.A., which has a staff of 792 plus 995 contractors, boasts an accident rate well below the 7% average in Colombia and is one of the highest-performing organizations in the industry when it comes to safety. “Our aim is to achieve a zero-accident rate,” explains Sergio, “therefore, we are continually working on ways to encourage self-responsibility, the use of protective equipment, providing the best technologies and generally promoting an overall safety culture.”



In the 21st Century, Organizations Make Their Own Luck

This year’s World Economic Forum Global Risks Report found that two of the most prominent risks for U.S. businesses will be inadequate protection against cyberattacks and the potential environmental disasters stemming from climate change. And these are just the predictable risks. What of the “Black Swans?” – large economic, political and business shocks are hard to predict. In the last decade, we have had the credit crunch in 2008, the Deepwater Horizon oil spill in 2010, the Arab Spring and Fukushima in 2011 and Black Monday in 2015. The report also says that we fail to understand and plan for the systemic risks that arise from the increasingly interconnected networks of digital systems and transport, infrastructure and financial networks. The interconnected nature of these networks increases the chances of cascades; shocks trigger other shocks, affecting supply chains, customers, investors and counterparts elsewhere. The impact of one of these shocks today is more widespread and costly than a decade ago. The more interconnected we are, the more vulnerable we are. The irony of networks is that they both attract and disperse risk.

Businesses have become remarkably adept at understanding how to mitigate risks that can be relatively easily isolated and managed with standard risk management approaches. But it does not help that we often design fragility into our systems and processes, particularly through efficiency and cost-cutting initiatives. Indeed, in a world of increasing risk and rapid change, organizations are regularly slipping up as they struggle to navigate new environments.



Once upon a time, there was a business continuity consulting firm that held business impact analysis interviews with their clients WITHOUT first getting them to gather and provide basic information about their business units ahead of time.

As the owner and CEO of that firm (MHA Consulting), let me tell you something:


The interviews went on for hours and hours, since we had to gather every little scrap of information while we were all sitting there in the meeting.

Worse, the quality of the information was not very good. In the excitement (or whatever) of all of us being there together in a conference room, and the lack of opportunity to think things over, people tended to leave out a lot of critical information.

Eventually, we hit on the idea of providing our clients with forms requesting certain information beforehand. We referred to this as the BIA pre-work, and after we started incorporating this into our BIA process, our lives were never the same.

Ok, I’m exaggerating (a little), but it is definitely true that after we started gathering information ahead of time, the following good things happened:



Third party abuse of assignment-of-benefits is having a negative impact on Florida’s homeowners insurers’ 2017 financial results, according to a recent S&P Global article.

An assignment of benefits occurs when a person with an insurance claim allows a third party to be paid directly by the insurance company. Usually this happens after a claim, when the insured assigns their benefits right to a contractor or whoever is making the repair the claim is meant to cover. A loophole in the Florida law invites abuse of the right and the ensuing litigation drives up costs.

S&P Global’s article showed how the loophole has dramatically increased costs at Florida’s Citizens Property Insurance Corp.

Hurricane Irma by itself made 2017 a challenging one for Florida’s Citizens: over $1 billion in net losses and loss adjustment expenses.



The Role of BYOID in Meeting Requirements

With the deadline fast approaching to have solutions in place that comply with GDPR regulations, it’s predicted that 80 percent of companies won’t be ready. Blockchain technology offers a new, innovative and purpose-built way to meet the regulation’s requirements. Here’s what you need to know about blockchain-based identity management, BYOID and how they address the same principles and goals of GDPR.

The blockchain, the technology behind Bitcoin and cryptocurrency in general, has far-reaching applications.  The underlying capabilities of the blockchain – that of a decentralized, immutable ledger – can be applied to multiple industries to protect data and identify information of users and companies and to meet compliance standards.

With the enforcement of the EU’s General Data Protection Regulation (GDPR) beginning on May 25, 2018, all companies processing or handling the personal data of persons residing in the EU, including U.S.-based companies, are searching for data-handling solutions that find innovative ways to comply with the new regulations. The GDPR is designed to give people more power over their own data, giving less to the organizations that collect and use it for monetary gain. Blockchain-based identity management enables the concept of “bring your own identity,” or BYOID, which aims to accomplish much of the same things as GDPR – giving back to users control over their data.



How to help your organization plan for and respond to weather emergencies

By Glen Denny, Baron Services, Inc.

Hospitals, campuses, and emergency management offices should all be actively preparing for winter weather so they can be ready to respond to emergencies. Weather across the country is varied and ever-changing, but each region has specific weather threats that are common to their area. Understanding these common weather patterns and preparing for them in advance is an essential element of an emergency preparedness plan. For each weather event, those responsible for organizational safety should know and understand these four important factors: location, topography, timing, and pacing.

In addition, be sure to understand the important terms the National Weather Service (NWS) uses to describe changing weather conditions. Finally, develop and communicate a plan for preparing for and responding to winter weather emergencies. Following the simple steps in the sample planning tool provided will aid you in building an action plan for specific weather emergency types.

Location determines the type, frequency and severity of winter weather

Denny1The type of winter weather experienced by a region depends in great part on its location, including proximity to the equator, bodies of water, mountains, and forests. These factors can shape the behavior of winter weather in a region, determining its type, frequency, and severity. Knowing how weather affects a region can be the difference in the number of lives saved and lives lost.

Winter weather can have a huge impact on a region’s economy. For example, in the first quarter of 2015, insurance claims for winter storm damage totaled $2.3 billion, according to the Insurance Information Institute, a New York-based industry association. One Boston-area insurance executive called it the worst first quarter of winter weather claim experience he’d ever seen. The statistics, quoted in an article that appeared in the Boston Globe, noted that most claims were concentrated in the Northeast, where winter storms had dumped 9 feet of snow in Greater Boston. According to the article, Mounting insurance claims are remnants of a savage winter, “That volume of claims was above longtime historic averages, and coupled with the recent more severe winters could prompt many insurance companies to eventually pass the costs on to consumers through higher rates.”

Denny2Every region has unique winter weather, and different ways to mitigate the damage. Northern regions will usually have some form of winter precipitation – but they also have the infrastructure to handle it. In these areas, there is more of a risk that mild events can become more dangerous because people are somewhat desensitized to winter weather. Sometimes, they ignore warnings and travel on the roads anyway. Planners should remember to issue continual reminders of just how dangerous winter conditions can be.

Areas of the Southwest are susceptible to mountain snows and extreme cold temperatures. These areas need warming shelters and road crews to deal with snow and ice events when they occur.

Denny3Any winter event in the Southeast can potentially become an extreme event, because organizations in this area do not typically have many resources to deal with it. It takes more time to put road crews in place, close schools, and shut down travel. There is also an increased risk for hypothermia, because people are not as aware of the potential dangers cold temperatures can bring. Severe storms and tornadoes can also happen during the winter season in the Southeast.

Figure 1 is a regional map of the United States. Table 1 outlines the major winter weather issues each region should consider and plan for.

Topography influences winter weather

Denny4Topography includes cities, rivers, and mountains Topographical features influence winter weather, because they help direct air flow causing air to rise, fall, and change temperature. Wide open spaces – like those found in the Central U.S. – will increase wind issues.

Timing has a major effect on winter weather safety

Denny5Knowing when a winter event will strike is one of the safety official’s greatest assets because it enables a degree of advance warning and planning. But even with early notification, dangerous road conditions that strike during rush hour traffic can be a nightmare. Snowstorms that struck Atlanta, GA and Birmingham, AL a few years ago occurred in the middle of the day without adequate warning or preparation and caused travel-related problems.

Pacing of an event is important – the speed with which it occurs can have adverse impacts

Denny6Storms that occur in a few hours can frequently catch people off guard and without appropriate preparation or advanced planning. In some regions, like the Northeast, people are so immune to winter weather that they ignore the slower, milder events. Many people think it is fine to be out on the roads with a little snowfall, but it will accumulate over time. It is not long before they are stranded on snowy or icy roads.

Denny7As part of considering winter event pacing, emergency planners should become familiar with the terms the National Weather Service (NWS) currently uses to describe winter weather phenomenon (snow, sleet, ice, wind chill) that affect public safety, transportation, and/or commerce. Note that for all advisories designated as a “warning,” travel will become difficult or impossible in some situations. For these circumstances, planners should urge people to delay travel plans until conditions improve.

A brief overview of NWS definitions appears on Table 2. For more detailed information, go to https://www.weather.gov/lwx/WarningsDefined.

Planning for winter storms

After hurricanes and tornadoes, severe winter storms are the “third-largest cause of insured catastrophic losses,” according to Dr. Robert Hartwig, immediate past president of the Insurance Information Institute (III), who was quoted in Property Casualty 360° online publication. “Most winters, losses from snow, ice and other freezing hazards total approximately $1.2 billion, but some storms can easily exceed that average.”

Given these figures, organizations should take every opportunity to proactively plan. Prepare your organization for winter weather. Have a defined plan and communicate it to all staff. The plan should include who is responsible for monitoring the weather, what information is shared and how. Identify the impact to the organization and show how you will maintain your facility, support your customers, and protect your staff.

Denny8Once you have a plan, be sure to practice it just as you would for any other crisis plan. Communicate the plan to others in the supply chain and transportation partners. Make sure your generator tank is filled and ready for service.

Denny9Implement your plan and be sure to review and revise it based on how events unfold and feedback from those involved.

Denny10A variety of tools are available to help prepare action plans for weather events. The following three figures are tools Baron developed for building action plans for various winter weather events.

Use these tools to determine the situation’s threat level, then adopt actions suggested for moderate and severe threats – and develop additional actions based on your own situation.

Weather technology assists in planning for winter events

A crucial part of planning for winter weather is the availability of reliable and detailed weather information to understand how the four factors cited affect the particular event. For example, Baron Threat Net provides mapping that includes local bodies of water and rivers along with street level mapping. Threat Net also provides weather pattern trends and expected arrival times along with their expected impact on specific areas. This includes 48-hour models of temperature, wind speed, accumulated snow, and accumulated precipitation. In addition to Threat Net, the Baron API weather solution can be used by organizations that need weather integrated into their own products and services.

To assist with the pacing evaluation, proximity alerts can forecast an approaching wintery mix and snow, and can be used along with NWS advisories. While these advisories are critical, the storm or event has to reach the NWS threshold for a severe weather event. By contrast, technology like proximity alerting is helpful – just because an event does not reach a NWS defined threshold does not mean it is not dangerous! Pinpoint alerting capabilities can alert organizations when dangerous storms are approaching. Current conditions road weather information covers flooded, slippery, icy, and snow covered conditions. The information can be viewed on multiple fixed and mobile devices at one time, including an operation center display, desktop display, mobile phone, and tablet.

An example is a Nor’easter storm that occurred in February 2017 along the east coast. The Baron forecasting model was accurate and consistent in the placement of the heavy precipitation, including the rain/snowfall line leading up to the event and throughout the storm. Models also accurately predicted the heaviest bands of snow, snow accumulation, and wind speed. Based on the radar image showing the rain to snow line slowly moving to the east the road conditions product displayed a brief spatial window where once the snow fell, roads were still wet for a very short time before becoming snow-covered, which is evident in central and southern NJ and southeastern RI.

Final thoughts on planning for winter weather

Denny11Every region within the United States will experience winter weather differently. The key is knowing what you are up against and how you can best respond. Considering the four key factors – location, topography, timing, and pacing – will help your organization plan and respond proactively.

Atkins Unbottling VolnerabilitiesGraphic2By Ed Beadenkopf, PE

As we view with horror the devastation wrought by recent hurricanes in Florida, South Texas, and the Caribbean, questions are rightly being asked about what city planners and government agencies can do to better prepare communities for natural disasters. The ability to plan and design infrastructure that provides protection against natural disasters is obviously a primary concern of states and municipalities. Likewise, federal agencies such as the Federal Emergency Management Agency (FEMA), the U.S. Army Corps of Engineers (USACE), and the U.S. Bureau of Reclamation cite upgrading aging water infrastructure as a critical priority.

Funding poses a challenge

Addressing water infrastructure assets is a major challenge for all levels of government. While cities and municipalities are best suited to plan individual projects in their communities, they do not have the funding and resources to address infrastructure issues on their own. Meanwhile, FEMA, USACE and other federal agencies are tasked with broad, complex missions, of which flood management and resiliency is one component.

Federal funding for resiliency projects is provided in segments, which inadvertently prevents communities from being able to address the projects entirely. Instead, funding must be divided into smaller projects that never address the entire issue. To make matters even more challenging, recent reports indicate that the White House plan for infrastructure investment will require leveraging a major percentage of funding from state and local governments and the private sector. 

Virtually, long-term planning is the solution

So, what’s the answer? How can we piece together an integrated approach between federal and local governments with segmented funding? Put simply, we need effective, long-term planning.

Cities can begin by planning smaller projects that can be integrated into the larger, federal resilience plan. Local governments can address funding as a parallel activity to their master planning. Comprehensive planning tools, such as the Atkins-designed City Simulator, can be used to stress test proposed resilience-focused master plans.

A master plan developed using the City Simulator technology is a smart document that addresses the impact of growth on job creation, water conservation, habitat preservation, transportation improvements, and waterway maintenance. It enables local governments to be the catalyst for high-impact planning on a smaller scale.

By simulating a virtual version of a city growing and being hit by climate change-influenced disasters, City Simulator measures the real impacts and effectiveness of proposed solutions and can help lead the way in selecting the improvement projects with the highest return on investment (ROI). The resulting forecasts of ROIs greatly improve a community’s chance of receiving federal funds.

Setting priorities helps with budgeting

While understanding the effectiveness of resiliency projects is critical, communities must also know how much resiliency they can afford. For cities and localities prone to flooding, a single resiliency asset can cost tens of millions of dollars, the maintenance of which could exhaust an entire capital improvement budget if planners let it. Using effective cost forecasting and schedule optimization tools that look at the long-term condition of existing assets, can help planners prioritize critical projects that require maintenance or replacement, while knowing exactly the impact these projects will have on local budgets and whether additional funding will be necessary.

It is imperative to structure a funding solution that can address these critical projects before they become recovery issues. Determining which communities are affected by the project is key to planning how to distribute equitable responsibility for the necessary funds to initiate the project. Once the beneficiaries of the project are identified, local governments can propose tailored funding options such as Special Purpose Local Option Sales Tax, impact fees, grants, and enterprise funds. The local funding can be used to leverage additional funds through bond financing, or to entice public-private partnership solutions, potentially with federal involvement.

Including flood resiliency in long-term infrastructure planning creates benefits for the community that go beyond flood prevention, while embracing master planning has the potential to impact all aspects of a community’s growth. Local efforts of this kind become part of a larger national resiliency strategy that goes beyond a single community, resulting in better prepared cities and a better prepared nation.

Atkins Beadenkopf EdEd Beadenkopf, PE, is a senior project director in SNC-Lavalin’s Atkins business with more than 40 years of engineering experience in water resources program development and project management. He has served as a subject matter expert for the Federal Emergency Management Agency, supporting dam and levee safety programs.

Have you ever noticed how people, when asked to draw a map of the United States, will draw a shape with sections sticking out on the right-hand corners for Florida and New England, a curve on the left for the West Coast, and a wedge on the bottom for Texas? If they are ambitious, they might even draw some indentations at the top for the Great Lakes. However, there are two parts that almost always get left out: Alaska and Hawaii. Everyone knows they exist, but they frequently get overlooked, even though Alaska is as big as the Eastern Seaboard.

We’ve noticed that the same thing often happens in business continuity management when it comes to the IT side of BCM versus all the other parts of BCM.

IT issues tend to get a lot more notice and press, not to mention attention from management. Sometimes people assume that if you can recover your IT, you can recover the business, forgetting that you need facilities to work in and people to operate them.



A disaster recovery plan is an insurance policy, of sorts. Your business needs a DR plan because a well-implemented disaster recovery plan will make your IT infrastructure whole when disaster strikes.

More than an offsite data center and a collection of tools for data recovery and getting your systems back up and running, disaster recovery—often shortened to DR—also encompasses the policies and procedures that your organization's IT workers should follow to successfully get your business back on track.

As any seasoned IT pro will tell you, disasters can take many forms. And they don't necessarily have to rise to the level of a data center-rattling earthquake or the storm of the century.



Thursday, 08 March 2018 15:27

Disaster Recovery Planning

(TNS) - Houston has learned the hard way time and again that the maps FEMA uses to set flood insurance rates are way out of whack with the reality on the ground.

Now, a scientific study in the journal Environmental Research Letters pinpoints just how much: 41 million Americans live in a 100-year flood zone - three times as many as the Federal Emergency Management Agency estimates. That means a full 28 million are outside the boundaries of the 100-year flood zone on current FEMA maps, but would be in it if FEMA used what the study argues is better data.

"Producing maps the FEMA way essentially misses a lot of flood hazard," Oliver Wing, of the University of Bristol and lead author of the study, told City Lab. "And these maps are what inform risk management decisions in the U.S. at the moment."



Artificial intelligence is finding its way into many applications and systems, so why not disaster recovery? The advantages are multiple.

AI tools and techniques can automate DR procedures to make them faster than manual intervention, while keeping them reliable and intelligent – for example, by making choices according to incidents or circumstances.

They can help estimate times to complete recovery. Advanced systems can learn from past situations (machine learning) and recognise problems likely to arise in the future, which can then be mitigated or avoided before they happen.

However, while AI can help DR performance and results, it is by no means a miracle solution.



(TNS) - California had more than 9,100 wildland fires in 2017, according to Cal Fire data, burning across more than 1.2 million acres.

The largest was in Southern California in December, the most destructive was here in Sonoma County two months earlier.

One thing common to many, if not most, California wildfires is a concerted response, a marshaling of equipment and personnel from local, state and federal firefighting agencies.

California’s mutual-aid system, created in 1950, has been described as the gold standard for wildland firefighting. But the resources haven’t kept pace with the growing threat in a state where almost a third of all homes are in areas bordering on forests, grasslands and other natural vegetation — a zone known as the wildland-urban interface.

The fraying was never clearer than in the first hours of the Wine Country fires.



A military background isn’t necessary to run a successful tabletop exercise or war gaming scenario

The idea of war gaming as a resource to practice strategic planning and increasing your readiness for the worst-case scenarios has been around for hundreds, if not thousands of years. It is a proven method used by organisations, the military, defense force and even seen in computer games as the main foundation to understanding situational awareness. Also known as conflict simulations, or “consims” for short, war gaming’s most popular pastime is now seen in games like chess, as a way for Generals and military leaders to hone their strategic thinking. This was documented as far back as ancient Indian warfare and the Romans.

A general consensus exists that all such games must explore and represent some feature or aspect of human behaviour. For military operations, this is used to understand the bearing of conflict or war. In the 21st century, business war games have become popular for many crisis management professionals and senior executives to find gaps in markets which competitors may fill. Generally however, they are only role-playing games based on market situations, business continuity and simulations for crisis teams. PreparedEx introduces war gaming to clients as valuable tabletop tool in increasing that situational awareness.

In 2018, realistic scenarios, layouts, and technologies all help enhance the training and planning for individuals to get the best experience from the war game. Introducing the concept of war gaming in tabletop exercises may involve hypothetical games that are grounded in historical facts but concern issues or conflicts that have yet to happen. The sweet spot for these games is to promote a moderate level of uncertainty to the team. This helps communicate and train out possible scenarios to that specific organisation or individual to be able to handle with no ramifications. It also enhances situational awareness by providing a bird’s eye view of the event which adds value to the session.



Thursday, 08 March 2018 15:21

How the Military Use Tabletop Exercises

Enterprise backup software is a safety net that keeps businesses running when application errors, cyber-attacks, negligent workers and countless other IT mishaps strike. Technical approaches between vendors vary somewhat, as do each organization's data protection requirements and objectives. But essentially, all enterprise backup solutions keep a duplicate copy of information on a storage device, separate from a primary server, PC or storage system for safekeeping.

Backup software solutions have also grown more sophisticated over time, reflecting the advances that have shaped the modern operating system, application and data center markets.

Accordingly, many of today's backup products do more than just transfer files and application data from one storage device to another. They can include resource-optimizing data management capabilities and other features that once used to belong to distinct classes of data protection tools.



Thursday, 08 March 2018 15:14

Enterprise Backup and Recovery Software

The old Farmer’s Almanac saying 'in like a lion, out like a lamb' was in the fullest of force last year

On March 1, the first EF4 tornado of the year ripped across Missouri and Illinois. Then on March 6 to 7, one of the worst tornado outbreaks in history sent 63 tornadoes tearing across the Central US in just nine and a half hours. Nineteen people were injured from Oklahoma to Ontario and $6.7 billion in damages incurred due to the tornadoes. So what can your organization do for March 2018 to reduce the impact of twisters during tornado season?

Identifying the Threats

Let’s take a look back at the biggest losses from the tornado outbreak that hit Perryville, Oak Grove, and dozens of other Central Plains cities. During the first two tornadoes that whipped through on March 1, there were four fatalities and 38 injuries, many of which occurred in the aftermath of the tornado. As noted, this day was when the first major EF4 tornado touched down for the year; an EF5 is the most damaging, and an EF4 produces winds of up to 200 mph resulting in devastation.

Then by March 6-7, the number of fatalities dropped to zero and the injuries were reduced—even though the tornado count went from two to 63. There are two main reasons why there weren’t more deaths in the second round of tornadoes. First, among the 63 tornadoes on the 6th and 7th, an EF3 was the most severe of the twisters.

Secondly, the awareness from the first round of tornadoes most definitely prompted emergency response teams and individuals to be on high alert for pending threats. What can community leadersr be doing to help minimize safety risks during tornado season?



It’s been 16 years since an American woman won a speed skating medal at the Winter Olympics, but last week, Team USA brought home the Bronze in the Long Track Relay. Bronze is no laughing matter, with the American women beating Canada by a mere .45 seconds. An intensive and sometimes dangerous event, American team member Brittany Bowe summed it up like this: “Our strategy was to get out there, get a jumpstart, and hang on for dear life at the end.”

Long Track Speed Skating is a complicated sport. Strategies and tactics are key, where races are often won by the smartest vs. the fastest skaters. Relay races typically involve four teams of four skaters per race, but instead of passing a baton, the skater on the track must simply “tag” the incoming skater to complete an exchange. Passing requires quick acceleration, agility, good balance, and gritty determination.

That’s a little what selling IT solutions to the corporate market is like. Keeping up with technology shifts, following up on leads, and assembling the right solution for companies looking to shave costs can be exhausting, not to mention complying with a growing number of laws and regulations. Managing those deals used to mean logging into SharePoint repositories or exchanging outdated Excel spreadsheets, but these static, unintegrated documents rely on manual reporting, resulting in version control issues in larger organizations. That’s no way to win a race.'



Wednesday, 07 March 2018 15:22

Bringing Home the Bronze is as Good as Gold

Technology can transform nearly any process to be more efficient and streamlined

However, innovation sometimes comes at a cost. By utilizing technology like cloud-based storage and the Internet of Things, corporations risk threats to cybersecurity. In fact, cyber-attacks are growing just as rapidly as technological innovation. Juniper Research reports that cybercrime costs across the world will exceed $2.1 trillion by 2019. That is four times the cost of data breaches in 2015. By 2020, a single cybersecurity breach will cost more than $150 million. The very technologies that enable cyber threats are also useful for reducing risks and minimizing threats.

Building a Blockchain

If you have been keeping up with the cryptocurrency news, then you have likely heard a bit about blockchain. This is the technology ensuring the validity of Bitcoin, Ripple, and other digital currencies. More specifically, blockchain is an online ledger that accounts for every piece of data in a program. In the case of cryptocurrency, this data is in the form of coins and transactions. However, blockchain has far greater benefits than just tracking Bitcoin.

In fact, blockchain can help corporations fight against cyber-attacks. When blockchain is created, it cannot be changed, altered, or deleted over time. It is set in cyber stone. Blockchain is created through a series of sequential hashing coupled with cryptography, the same method used to develop secret languages among secret service agencies. How does this relate to cyber protection against hackers and malicious entities? Organizations can use blockchain to handle secure information. As explored by Tech Crunch, blockchain allows corporations to prevent tampering and detect any form of cyber vandalism. Several companies have already jumped on the blockchain bandwagon including Microsoft, IBM, JPMorgan Chase, Walmart, and UPS.



Wednesday, 07 March 2018 15:20

How Technology Can Help Combat Cyber Attacks

The Agung volcano in Indonesia has been in the news recently. At time of writing, observers are sending back reports of clouds and glows that suggest that major eruption could be imminent.

Evacuations of hundreds of thousands of people from the area have already been carried out. The authorities have cautiously allowed nearby airports to function, while keeping a close eye on the state of the volcano.

The business continuity impact on Indonesia is clear, with emergency services on the go, and the population and the tourist industry trying to cope with the disruption. Less obvious perhaps is the impact of Agung on the other side of the world.

This may sound a little like the classic chaos theory concept of a butterfly flapping its wings in the Pacific and setting off a storm, thousands of miles away.



(TNS) - Liam's wasn't the only casualty of erosion from this past weekend's stormy weather along the Outer Cape beaches.

Karst Hoogeboom, chief of facilities and maintenance for the Cape Cod National Seashore, estimated at least $500,000 worth of damage from the storm, including to the staircase at Marconi Beach, which cost $150,000 to build last year after storm damage. The Seashore will also have to replace the shingles on six park buildings, repair Moors Road in Provincetown, and repair toilets at Herring Cove Beach.

Erosion undercut the parking lot at Maguire Landing Beach, said Suzanne Grout Thomas, Wellfleet beach administrator.

Town landings in Chatham also suffered storm damage, said Theodore Keon, director of coastal resources in Chatham. The opening of what is known as the Fool's Cut just south of the 1987 Chatham Break appears to have widened and helped drive flooding in the Little Beach neighborhoods. North Beach Island appears thinner and flatter, but the two cottages on the island survived the storm.

More than 100 impact assessments had been conducted in 19 communities by 13 coastal zone management team as of Sunday evening, according to the Massachusetts Emergency Management Agency, with the majority reporting widespread beach and dune erosion, and overwash of sand, gravel, and cobble material on roadways.



10 Issues Social Media Presents

Social media is a compendium of many highly accessible media – corporate blogs, video-sharing sites such as YouTube, social networks like Facebook, microblogging tools such as Twitter, rating/review sites (e.g., Yelp, TripAdvisor), wikis that allow many authors to simultaneously edit and create a source of knowledge and crowdsourcing, among many others. These media leverage the power of the internet, Web 2.0 and mobile technologies to facilitate the creation, exchange, use and modification of user-generated content. The convergence of these technologies has significantly altered the dynamics of customer relationship management, marketing and corporate communications for many businesses.

Business-to-people communications and social media peer groups have emerged as a new model for connecting with markets and customers directly and efficiently. Companies ignore this model at their own risk. These mediums set terms for interaction, requiring organizations to contribute value-added content and transparency in an environment where customers and other parties drive the dialogue and demand a genuine level and quality of communication. Organizations that fail to harness the potential value of social networking run the risk of becoming laggards as they cede to competitors the ability to brand their products and services distinctively in the public eye, as well as obtain continuous improvement insights.

Social media sites enable companies to listen to and learn from satisfied and dissatisfied customers regarding their ideas, experiences and knowledge, and they offer businesses an opportunity to reach out and proactively respond to extreme views and reactions. In addition, social media is providing opportunities to product development teams to share roadmaps and obtain early input from potential buyer groups on new product plans. On a near real-time basis, marketing can test and learn which messages work best, and companies can educate and inform customers by engaging them on many topics around product uses and applications.

While these developments are presenting significant opportunities for companies to connect with their customers and others, they are creating a whole set of new issues. The following are 10 examples of risks:



Napa County Fire Chief Barry Biermann wasn’t scheduled to work until Monday morning, but he decided to head in Sunday, Oct. 8, just in case.

He knew that conditions in Napa’s wine country, known for its Mediterranean climate and valleys of vineyards, were ripe for a fire: There was a high wind advisory, it was an unusually warm day, and there was plenty of dried-out brush and grass that late in the year.

By the time Biermann got into work, many of his fire crews were already tied up at small blazes. So when a call came in just before 10 p.m. reporting a fire in a neighborhood above the Silverado Country Club, Biermann decided to head up to Atlas Peak.



The Value of Big Data

When it comes to regulated industries, few are more highly regulated than banking and financial services. The regulatory landscape is rapidly changing, and as a result, regulatory technology (regtech) has emerged to help banks keep pace with competitors. While the combination of regulation and technology to solve business problems is not new, it is proving more essential than ever as regulatory obligations become more complex. As a result, regtech is already proving its worth by helping banks find more efficient and effective ways to manage their compliance obligations.
In financial services, risk culture is changing from one that reacts to regulatory changes to a proactive one, seeking to create new value for the bank and its customers. There’s no reason why revenue and profit goals must conflict with sound compliance and risk management policies. Technology can play a role in enabling banks to have both.

Artificial intelligence (AI) and other technologies such as analytics are not only helping banks comply with laws and regulations, but also helping to mitigate the potential for fines and penalties. In fact, these types of technological innovations often encourage employees across the organization’s lines of defense to make compliance their holistic responsibility. This ultimately results in better outcomes for the business, the institution and the customer.



When it comes to your organization’s recovery plan, your business recovery checklists might just be the single most important ingredient. They are the engine of your recovery plan.

As we state in MHA’s Complete Guide to Creating and Implementing a Business Recovery Plan, “Recovery checklists guide you step-by-step through the process of getting your business back up and running” after a disruption. Without such checklists, your team would have no direction as to the steps and actions they would need to take to respond to and recover from a disruption and to resume business operations. I urge you to take checklists seriously.

If you’re still reading, I will assume that means you are taking them seriously. Great. Now, let’s roll our sleeves up and get to the heart of today’s post.

Having accepted the importance of recovery checklists, you might be wondering how to develop them for your own organization.



2017 was a test of business resilience. While cyberattacks and natural disasters devastated some businesses, many others kept their operations running without disruption. Advances in artificial intelligence, machine learning and blockchain technology, among others, began helping more businesses eliminate inefficiencies, human error and downtime.

What will 2018 hold?

We tapped our industry experts for their predictions on what IT trends they’re watching this year.

We asked how cyber security will evolve, what emerging technologies will take hold (and which ones are over-hyped), what mistakes companies may be making, and what all this means for the coming year.



(TNS) - An Oklahoma school system is the first in the country to install bulletproof shelters in its classrooms.

Healdton Public Schools in Healdton, Oklahoma, installed seven bulletproof shelters at its elementary schools and two larger ones in its middle school, KOCO reported. Future plans call for adding the shelters to the system's high school.

Each shelter can hold up to 40 students and two teachers. Video monitors inside the shelter display a feed from the classroom, with the door locking from the inside.



When hackers try to penetrate your databases and IT infrastructure (or perpetrate any other cybercrime), they often plan a sequence of steps to get what they want. Individual steps may seem innocent or meaningless.

Linked one to the other, however, they are the stepping stones that take the hackers to their target. Lockheed Corporation coined the term “kill chain” to describe this sequence.

Once you know kill chains exist and see how cybercriminals plan them, you can get ahead of the curve by following kill chains yourself and breaking the links in as many places as possible. Here’s an example.

Social engineering is a common tactic of attackers. Phishing emails are often effective for this. Here are kill chain steps and possible blocking moves (in parentheses like this) for a phishing email attack supposedly bringing information about “New Employee Stock Option Rules.”



A couple of months ago we published an ebook entitled “10 Keys to a Peak-Performing BCM Program,” written by MHA Consulting CEO Michael Herrera.

It’s available for free download here and is full of information and insights that can help you give your business continuity management program a boost.

The ebook has become the most downloaded resource on our site. Though authored by Michael, it amounts to a channeling of the collective brain of those of us who have been at MHA for a long time.

With that in mind, we thought it might be worthwhile to do an occasional series where we present these 10 keys one or two at a time in a stripped-down, blog-appropriate format. This is also a chance for me to share my own personal experience on the subject, with the hope that it helps you understand each topic.

If today’s post tells you everything you want to know about the topic, great. If it motivates you to turn to the ebook for the full story, great. If it moves you to want to reach out to one of us to initiate a more personalized conversation about how MHA might be able to help your organization optimize its BCM program, that would be fine, too.

Without further ado, here is an excerpt from the first chapter of “10 Keys to a Peak-Performing BCM Program,” covering the first key, “Know Yourself” about the importance for BCM program leaders of understanding and capitalizing on their personal strengths and managing their weaknesses.



Implementing DMARC is one thing. Making the commitment to implement DMARC in its most aggressive configuration is another.

Conceptually, Domain-based Message Authentication, Reporting, and Conformance (DMARC) is simple. DMARC provides a mechanism for email receivers to validate the source and integrity of inbound email. DMARC also specifies what receivers should do with messages that are not valid based on criteria pre-configured by senders. DMARC is designed to protect against direct domain spoofing, so it isn’t a complete solution to phishing. That said, DMARC has the potential, when deployed in an aggressive configuration, to take a page out of a hacker’s or spammer’s playbook.

DMARC is the result of a collaborative effort between leading organizations who originally came together in 2011 to provide senders and receivers with a tool to fight against fraudulent email activity. The remainder of this post provides an overview the mechanisms that enable DMARC, explores DMARC’s deployable configurations, and provides an overview of obstacles preventing wider adoption and/or more effective use of DMARC.

DMARC is built upon two existing standards, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF enables an email sender to specify the servers from which email will come and provides instructions for how an email receiver should handle a message that does not originate from a specified server. DKIM, on the other hand, enables senders to include a digital signature on their messages, enabling receivers to verify that the message has not be altered in transit by a third-party.

DMARC brings these two mechanisms together in a powerful manner by allowing senders to specify a policy that tells receivers what to do with email messages that fail to pass SPF and/or DKIM validation. DMARC also enables senders to receive data back from receivers, providing insight into fraudulent email patterns. Before DMARC, there was not an effective feedback channel for failed email, so senders were largely in the dark on email once messages left their servers. There are only three DMARC policies that a sender can specify, and thus, three deployable configurations for DMARC:



Thursday, 01 March 2018 15:07

Using DMARC Effectively

How Much Due Diligence is Enough?

If you want to learn and read about managing third-party risks, you will have no trouble finding articles, white papers, webinars and more available to you on the internet.  And for good reason.

Third parties create significant risks, and these risks are not just limited to bribery; they extend into sanctions, money laundering, privacy and cybersecurity, human trafficking, child labor and reputational damage.  The compliance marketplace offers lots of solutions, including automation, due diligence, risk ranking and a host of alternative solutions.

Before you leap into the due diligence world, however, it is important to understand exactly what you are trying to accomplish and why you need to tailor your solutions to your specific needs.

When assessing the issue, there are three important points to understand about due diligence:



A deadly storm system pummeled the southern and central U.S. this weekend leaving many areas flooded. The weather system extended from the Canadian Maritime provinces to Texas, and brought gale force winds and widespread flooding from the northern Midwest through Appalachia.

Flooding will continue to be a threat this week, the Weather Channel reports, as more than 200 river gauges reported levels above flood stage from the Great Lakes to eastern Texas. Floodwaters on the Ohio River in Louisville and Cincinnati are at their highest level in about 20 years.

Flood damage is excluded under standard homeowners and renters insurance policies. However, flood coverage is available in the form of a separate policy both from the National Flood Insurance Program (NFIP) and from a few private insurers.



Wednesday, 28 February 2018 15:29


Much of business continuity today can be automated. Production lines, supplies reordering, failovers in case of problems, management reports, many of these things now work on a “set it and forget it” basis.

Other items still need manual intervention. A turbine making strange noises, accounts that don’t tally, a delivery truck breakdown, somebody may have to figure out the problem from scratch. Between the two lies a third approach, that of the runbook (also known as “playbook” or “cookbook”), a set of instructions on what to do in case a common or predictable problem occurs.

If you can automate cost-effectively, then automation is probably the way to go. With so much of business being driven by IT, the opportunities for automation are numerous.

On the other hand, if it takes too much effort to automate or if the problem is a corner case with a lower probability of happening, then writing a business continuity runbook may be more appropriate.



Why “Minimal Viable Compliance” Can’t Be the Goal

Major regulatory deadlines often lead firms to settle for minimum viable compliance – taking whatever action is needed to avoid regulatory scrutiny, regardless of the cost. But this approach inevitably leads to an inefficient, patchwork approach to compliance, where new procedures are created for each new regulation. As firms move past the MiFID II implementation date, the sheer size and complexity of this new regulation may finally be giving firms the impetus that’s needed to change their approach.

When major regulatory deadlines loom large, there’s an inevitable tendency for the financial industry to scramble for minimum viable compliance. In layman’s terms, this means doing whatever it takes, regardless of the expense, just to keep the prying eye of the regulator away. Ring any recent bells? The trouble is, while taking this approach may seem like a sensible option now, it’s unlikely to service future requirements and actually goes against the spirit of the regulations. This is why, as the post-January 3rd dust starts to settle, financial institutions need to quickly adjust to ensure compliance with all regulations, not just MiFID II.



(TNS) — The city of Aberdeen, S.D., this month issue its first public safety alert by text message.

The process wasn’t perfect, though there’s no faulting the effort in spite of a few hiccups.

The text message was sent out the morning of Feb. 6 after an explosion and house fire at 507 N. Second St. that ultimately destroyed the uninhabited home. The messaged noted that there was a “gas explosion.”

It still hasn’t been determined whether that was actually the case; fire officials are still investigating. But at least the public knew to steer clear of the area — or at least reasonable residents who didn’t use the alert as an excuse to go see what happened stayed away to let first responders work.



(TNS) - John Gargett, the deputy director of Whatcom County Sheriff’s Office Division of Emergency Management, offers this list for your emergency kit:

Basic assumptions:

There will not be emergency response by Fire Services, Emergency Medical Services or Law Enforcement for an unknown time.

Individuals must be self-resilient until services are restored

Neighborhoods are the basis for community resilience.



ISO 31000:2009 on risk management is intended for people who create and protect value in an organization by managing risks, making decisions, setting and achieving objectives and improving performance. The standard’s revision process discovers the virtues of keeping risk management simple.

The revision of ISO 31000:2009, "Risk management – Principles and guidelines," has moved one step further to Draft International Standard (DIS) stage where the draft is now available for public comment. What does it mean? And what happened in the revision process since the Committee Draft (CD) stage in March 2015?

The revision work follows a distinct objective: to make things easier and clearer. This is achieved by using a simple language to express the fundamentals of risk management in a way that is coherent and understandable to users.



Standardization is a truly international activity, and I've been lucky to have worked with more nationalities than I can remember. But, that said, my first business meeting with a German remains etched in my memory. It was in fact nothing more than a working breakfast, a chance to meet face-to-face after a good number of productive and friendly phone calls. "So, we'll meet at the café at half-nine? Look forward to meeting you then!"

Well, it turns out that for Germans, half-nine, means "half-an-hour-before-nine-o’clock-has-arrived" (08:30), while for an Englishman, such as myself, it means "half-an-hour-has-passed-since-nine-o’clock" (09:30). It was an embarrassing mistake, though without serious consequence; an apology, and the pancakes and coffee on me. But it could have been something much more serious than a fudged Frühstück.

That’s why in 1988, ISO 8601 was published. In a single document, "Data elements and interchange formats – Information interchange – Representation of dates and times," established a fool-proof format for computer users, ensuring that critical events happen on time. Whether scheduling flights and public transport; broadcasting sports events; keeping public records; managing major projects; or establishing a reliable way to swap the inconceivably huge amount of data that keeps modern life on track, ISO 8601 is a game-changer.



While any cyber-attack can occur at any time, there are some that are especially prevalent at specific times of the year.

Knowing their “seasonality” can help your organization stay on the defensive.

The following infographic takes a detailed look at the seasonality of cyber-attacks and how you can prepare your employees for scammer’s timely initiatives.



Financing a large-scale emergency notification system can be a costly venture.

Fortunately, there are a number of government grant programs to help foot the bill. When looking for ways to help cover the costs of OnSolve emergency notification services, consider the following grant opportunities. These financial resources do not have to be paid back, and can be renewed on a yearly basis.

Grants for Emergency Management

Each fiscal year the US government provides financial grant money through the Homeland Security Grant Program. This money is allotted to qualified communities and applicable organizations that offer emergency response, mitigation, protection, and recovery. Through the program there are three specific grants that applicants can apply to via FEMA:



Putting Plans Into Effect

While 2017 was spent frantically preparing for regulations like MiFID II and GDPR, 2018 looks to be a year to stabilize and see if the work will pay off. As these regulations go into effect, the time has come to evaluate how they affect the enterprise ecosystem and if the adjustments made to compliance programs will be enough to satisfy regulators.

The benefits of the changes implemented last year will come primarily through compliance enforcement, which means that a major theme of 2018 will be proving compliance adherence through — or, in some cases, despite — continuously changing technology. With that in mind, these are the top trends to watch to ensure your company is demonstrating its commitment to protecting your customers and their data.

Companies will need to ensure they are using the latest security technologies to protect themselves from new external and internal threats as users move sensitive content to social channels as part of their business process.



When we walk into a doctor’s office, nothing is more important than knowing we’re receiving quality care and effective treatment. Similarly, a hospital’s staff needs to know it has the most reliable IT resources and support to deliver exceptional service—now more than ever. Healthcare is charging forward into new technologies like the Internet of Things (IoT) and machine learning that herald the future of better patient care and interaction. At the same time, IT teams in these organizations face numerous challenges: aging systems, outdated applications, and security risks unprecedented in complexity and volume.

The adoption of new and significantly advanced applications combined with sensitive patient data and old systems can not only limit an organization’s efficiencies, but also pose serious risks. Among those are the three major IT concerns in healthcare today, and you’re likely contending with at least one, if not all of them.



Privacy has taken on new dimensions in our hyperconnected world. New guidance from IEC, ISO and ITU – the world’s three leading international standards bodies – has just been published, providing a code of practice for the protection of personally identifiable information.

Uber is making headlines for its reaction to the theft of personal data of 57 million drivers and users. The July 2017 breach of Equifax, a large US credit bureau, exposed the social security numbers, birthdates and addresses of 143 million people. And last month, Yahoo, just prior to its acquisition by telecommunications conglomerate Verizon, shared new intelligence that a data breach in 2013, thought to have affected only a billion users, had in fact compromised all three billion Yahoo user accounts.

The increasing prevalence of high-profile data breaches has motivated countries worldwide to investigate potential reforms to policy and regulation. One of the best-known examples is the European Union’s General Data Protection Regulation, due to come into force in May 2018, with global implications.



Since 2011, organizations have been able to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy use and consumption, thanks to ISO 50001.

Like all International Standards, ISO 50001 has come under periodic review to ensure that it continues to meet the rapidly changing needs of the energy sector. This work is being carried out by the ISO technical committee responsible for energy management and energy savings (ISO/TC 301), whose secretariat is held by ANSI, ISO’s member for the USA, in a twinning arrangement with the ISO member for China, SAC. Here, we explain the main changes with the help of Deann Desai, Professor at the Georgia Institute of Technology and Convenor of the working group tasked with revising the standard. 

“Perhaps the most important change for the 2018 version is the incorporation of the high-level structure, which provides for improved compatibility with other management system standards.” The high-level structure (HLS) is a simple and effective concept. “Because organizations often implement a number of management system standards, the use of a shared structure, as well as many of the same terms and definitions, helps to keep things simple,” explains Prof. Desai. This is particularly useful for those organizations that choose to operate a single (sometimes called “integrated”) management system that can meet the requirements of two or more management system standards simultaneously.



Software-defined storage (SDS) decouples storage intelligence from the underlying storage devices. The environment orchestrates multiple storage devices into a software storage management layer that operates above the physical storage layer. By moving intelligence up the stack, customers can buy commodity hardware that supports SDS policy-driven workload processing, load balancing, dedupe, replication, snapshots, and backup. Instead of purchasing expensive proprietary NAS or SAN, SDS runs on commodity hardware and standard operating systems.

This is true as far as it goes. However, some SDS vendors – especially the software-only sellers – claim that the hardware doesn’t matter. But when it comes to software-defined storage design, hardware choices are critical.

It’s true that software-defined storage users can use commodity hardware and avoid expensive SAN or NAS with built-in storage intelligence. But software-defined storage users still need to integrate SDS with hardware, and design the physical infrastructure, so it optimizes the software-defined storage layer.



I looked in the mirror and couldn’t believe I had waited so long to get my hair cut. As I packed for a business trip the following day, I sighed and opened Google Maps on my phone. “B-A-R-B-E-R” I typed and clicked search. 23 entries popped up, none of them familiar to me. I clicked through a few, reading the reviews and checking out the websites to see who wasn’t going to charge me an arm and a leg but also wouldn’t make me look like Beaker from the Muppets. Naturally, I had waited until noon on a Saturday, so I had to toss a few options out immediately for various reasons: some closed at 2pm, some weren’t open at all, others were a week out for appointments. “Who makes an appointment to see a barber?” I asked myself.

Post-haircut the following day, I pondered why I was having such a hard time committing to a new barber or even looking for one. I had a 17-year relationship with my previous barber who retired the end of December. I can’t blame him as he’s had his business since the 80’s and saw an opportunity to take some time to enjoy life and not work almost every day of the week. However, I kept coming back to the fact that it was just so easy and painless to get my hair cut when he was open.



How Compliance Can Help

Effective business continuity planning starts with honest assessments of risk areas, plus resolve, resources and funding to address those risks. For the past 10 years, we’ve conducted primary research on business continuity and resilience, focusing specifically on IT systems, given their essential role to the functioning of today’s enterprises.

A decade of research into business continuity and resilience has showed that, surprisingly, there is continued exposure to risk in areas for which solutions have been available for many years. Our recently released 2017 State of Resilience report, reflecting the responses of 5,632 IT professionals globally, revealed four troubling risks that have persisted over time and that threaten the continuity and function of critical enterprise systems:



Monday, 26 February 2018 15:53

4 Risks That Keep Your CIO Up At Night

Driving Down Risk, From the Cubicle to the C-Suite

Effective employee engagement and reporting is key to accountability and effective risk management. So why are we not paying more attention to how today’s workforce prefers to communicate?

We are entering an era in which seemingly every decision made by managers of fraud prevention, audit, security and ethics are reviewed not just by C-Suite leadership and board members, but also after-the-fact by regulators, stockholders and the public. In financial services, managers of risk from across the enterprise, as well as directors and board members, are finding the evolution from an emphasis on meeting compliance obligations to a longer-term focus on organizational values, ethics and culture to be challenging. Ensuring that you have unvarnished observations from every corner and level of the organization is key to ensuring that you can meet the expectations of both internal and external customers and stakeholders.

A core responsibility of senior leadership and the board of directors is ensuring communication channels for employee reporting of workplace concerns are both available and effective.

As a senior executive or board member, you are probably aware of information gaps and are concerned. You don’t want to learn about events in the headlines or when reporters begin calling you for comment. One way to ensure you learn what is really going on in your organization is to listen more effectively. Each and every staff member, contractor or vendor connected to your organization may possess vital clues that too often remain undiscovered until after the fact.



Monday, 26 February 2018 15:52

Often-Overlooked Factors In Risk Management

There’s a crack in California. It stretches for 800 miles, from the Salton Sea in the south, to Cape Mendocino in the north. It runs through vineyards and subway stations, power lines and water mains. Millions live and work alongside the crack, many passing over it (966 roads cross the line) every day. For most, it warrants hardly a thought. Yet in an instant, that crack, the San Andreas fault line, could ruin lives and cripple the national economy.

In one scenario produced by the United States Geological Survey, researchers found that a big quake along the San Andreas could kill 1,800 people, injure 55,000 and wreak $200 million in damage. It could take years, nearly a decade, for California to recover.

On the bright side, during the process of building and maintaining all that infrastructure that crosses the fault, geologists have gotten an up-close and personal look at it over the past several decades, contributing to a growing and extensive body of work. While the future remains uncertain (no one can predict when an earthquake will strike) people living near the fault are better prepared than they have ever been before.



Sunday, 25 February 2018 13:35

Extreme Science: The San Andreas Fault

Business continuity, disaster recovery and emergency management are tough jobs that rarely get the credit they deserve. You’ve dedicated your life to protecting your organization and the people in it, and we get how stressful that can be.

Here’s a roundup of our favorite internet memes for business continuity, disaster recovery and emergency management to brighten your work week.



I recently saw an article that said the most commonly searched questions on Google in 2017 included “What is a solar eclipse?,” “What is bitcoin?,” and “What is a fidget spinner?”

At BCMMETRICSTM we don’t get quite as many inquiries as Google, but we get enough to detect some patterns in terms of what our web visitors are most interested in.

You won’t be surprised to learn that we aren’t asked a lot of questions about fidget spinners. What do people ask us?

Hands-down, the topic our web visitors show interest in above all others is the Business Impact Analysis (BIA). This is the most frequently searched-for topic on our website and the one we are most commonly asked about at business continuity events.



How will your business respond if faced with a natural disaster, a cyberthreat or an active shooter scenario?

Will the organization stay afloat in the midst of such a crisis? Any amount of disruption costs your business money and can destroy customer relations. In fact, 75 percent of companieswithout a continuity plan fail in three years after facing a disaster. Those companies unable to get back up and running in 10 days post emergency do not survive at all.

business continuity plan provides your company with the roadmap to navigate a major business disruption, including a natural disaster or large-scale emergency. However, having a plan in place is only the first step; the plan also needs to be continuously monitored and tested for gaps or obstacles.



Last year, major investments and advancements were made in communication technologies, both within the mobile space and the Internet of Things (IoT).

Additionally, we saw continued advancements in virtual reality and increased video conferencing. Unsurprisingly, social media platforms remain a viable contender in the way we communicate. As you consider how to improve your organization with better emergency notification and communication plans this year, take notice of how top trends can solve your biggest problems.



Wednesday, 21 February 2018 16:07

Emergency Management Trends in 2018

Damage to reputation or brand, cyber crime, political risk and terrorism are some of the risks that private and public organizations of all types and sizes around the world must face with increasing frequency. The latest version of ISO 31000 has just been unveiled to help manage the uncertainty.

Risk enters every decision in life, but clearly some decisions need a structured approach. For example, a senior executive or government official may need to make risk judgements associated with very complex situations. Dealing with risk is part of governance and leadership, and is fundamental to how an organization is managed at all levels.

Yesterday’s risk management practices are no longer adequate to deal with today’s threats and they need to evolve. These considerations were at the heart of the revision of ISO 31000, Risk management – Guidelines, whose latest version has just been published. ISO 31000:2018 delivers a clearer, shorter and more concise guide that will help organizations use risk management principles to improve planning and make better decisions. Following are the main changes since the previous edition:



Thursday, 15 February 2018 15:54

The new ISO 31000 keeps risk management simple

Sure, this isn’t your typical “wanted” ad, but wouldn’t it be great to be in love with your technology for once instead of constantly fighting with it?

A mass notification vendor should be devoted to ensuring that notification-related tasks are quick, easy, and painless. Relationships are a two-way street, so two-way notifications from your vendor are another must. Love is in the air, so why not fall in love with a new emergency notification system this year?

The Traits You Need

When it comes to emergency communication, the worst-case scenario is a missed connection – one party attempting to provide crucial information and not being able to reach the other party. You are responsible for communicating with a group of constituents, and the message simply must get through. A good system provides you with a variety of ways to reach others — without a lot of fuss and drama. Here’s some key attributes you should be looking for:



Business Continuity Management (BCM) is vital in preparing and protecting business operations from disruptions caused by threats stemming from cyber-attack and natural disasters, as well as resource unavailability such as building loss, technology loss, staff absenteeism, and supply chain failure. A robust business continuity programme manages the likelihood and impact stemming from disruptive incidents through proactive response and recovery planning, with the objective of reducing operational downtime.

As a consultant and former BCM practitioner, I am regularly asked by senior executives, “What are the most essential aspects to focus on when launching a successful BCM Programme?” This article discusses 9 key steps to follow for success.



#1: What Is the Difference Between SOC 1, 2 and 3?

The Service Organization Control (SOC) is a standard of compliance that has three types of certification, aptly named SOC 1, SOC 2 and SOC 3.

SOC 1 is primarily meant for banks, investment firms and other such companies that house financial data, and SOC 2 is for non-financial companies that house or process data, which could happen to be financial or otherwise. It’s this latter certification that software and cloud providers often use to verify their technology controls and processes. Auditors for the SOC frameworks check to be sure of security, accessibility and data protection, using The American Institute of CPAs (AICPA) as their background for standards and Trust Principles.

SOC 3 stands apart from the other certifications, because it doesn’t focus on validating controls and operations. It’s intended for more general purpose disclosures and public visibility (as they don’t typically include confidential info), auditing organizations under the SysTrust and WebTrust seal programs. This certification is usually ideal for organizations that simply want to market a product in comparison to marketplace standards.



Some things are hard to predict. And others are unlikely. In business, as in life, both can happen at the same time, catching us off guard. The consequences can cause major disruption, which makes proper planning, through business continuity management, an essential tool for businesses that want to go the distance.

The Millennium brought two nice examples, both of the unpredictable and the improbable. For a start, it was a century leap year. This was entirely predictable (it occurs any time the year is cleanly divisible by 400). But it’s also very unlikely, from a probability perspective: in fact, it’s only happened once before (in 1600, less than 20 years after the Gregorian calendar was introduced).

A much less predictable event in 2000 happened in a second-hand bookstore in the far north of rural England. When the owner of Barter Books discovered an obscure war-time public-information poster, it triggered a global phenomenon. Although it took more than a decade to peak, just five words spawned one of the most copied cultural memes ever: Keep Calm and Carry On.



In last week’s blog, we talked about the importance of identifying the right BIA impact categories for your business impact analysis.

As a reminder, these are the six categories appropriate to your industry and organization that your management chooses to measure to assess the impact to the organization of disruptions to its operations.

Now that you have selected the right impact categories for your industry and company, you’re ready to determine the weighting you will use for each category.

In today’s blog we’ll talk about what this means, why it’s important, and how to go about doing it.



Friday, 09 February 2018 15:26

How to Weight Your BIA Impact Categories

According to the Harvard Business Review, breach of cybersecurity is the biggest internal threat to your company.

Is your business in financial services, manufacturing, or the healthcare industry? In that case, you want to pay particular attention to this article because these are the three industries most likely to be under attack. Here we have detailed a step-by-step process you can implement for your employees to protect against internal cyber threats. Personalize this information to develop the employee awareness program that best serves your industry and needs.



When IFRS 16 comes into effect in January 2019, it will transform the relationship between businesses and their leases, including those for office spaces and other real estate. Here, award-winning financial journalist Melanie Wright explains what the changes mean and why it’s so important for businesses to ensure they’re prepared

Many firms lease a wide range of items to support their businesses, such as office space or vehicles. The latest standard from the International Financial Reporting Standards (IFRS), IFRS 16, is due to come into effect in January 2019, changing how businesses must recognise, measure, present and disclose these leases.



Tuesday, 06 February 2018 16:42

IFRS 16: five things you need to know now

As we move closer to the enforceable compliance date of May 25, 2018 for the General Data Protection Regulation (GDPR), many organizations are asking themselves if they are on track to meet the regulation requirements. Many organizations are still unsure if the regulation even applies to them. Given the severity of potential penalties for non-compliance greater of €20 million or 4% of revenue for non-compliance with core tenets of GDPR, such as violation of data subject rights or transfers of data to unauthorized third countries), this perspective covers who GDPR applies to and the key items you should explore in your organization to ensure you are prepared.



As part of its Resiliency program, one of our clients recently performed their Annual Disaster Recovery test in which they failed over their production data center to a backup data center. The test was scheduled for 96 hours (4 days) to restore their Tier 0 Mission Critical services, and involved 43 Applications, 17 different Infrastructure teams, and 32 Client test teams.

This year our client wanted to Automate the DR Test workflow (task allocation, status monitoring, successor alerts and issue management) and deploy Real-Time Analytic Dashboards to keep their senior managers updated on test progress.  Deploying eBRP’s CommandCentre to manage that automation, 108 Plans were activated and during the Recovery testing, more than 211 Recovery Team members and 6 Incident Commanders logged in to collaborate and facilitate the recovery efficiently.



Tuesday, 30 January 2018 15:27

Disaster Recovery -- Exercised

Two weeks ago, I took a long-awaited trip to Walt Disney World in Orlando, Florida. I’ve been there several times, but I’m amazed at how the Disney experience has changed over the last five years. Today, the world of ‘all-things Disney’ is so much easier using the “MagicBand,” a plastic watch-sized bracelet equipped with an RFID radio that tracks your progress through the parks, monitors your purchases, keeps up with wait times and even opens your hotel door (if you’re staying on-site). I must say, though, it’s a little odd knowing that Disney is watching your every move, tracking how much you spend and where you spend your time.

Our “digital footprint” is much the same; everywhere we go, and everything we do, is tracked. We’re monitored on the internet, through our smart phones, and on cameras placed virtually everywhere. While 68 percent of consumers say they don’t trust brands to handle their personal information appropriately, last year was a record-breaker in terms of data breaches at such places as Equifax, Verizon and Uber. Sadly, we’re never more than a double-click away from disaster.

The good news is, today is the perfect time to take inventory of your digital presence and make sure you’re doing everything possible to protect your personal information. Data Privacy Day(#PrivacyAware) is an international effort held annually on Jan. 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust. Sponsored by the National Cyber Security Alliance (NCSA), 2018 marks the tenth anniversary of this annual effort to bring together businesses and private citizens to share the best strategies for protecting consumers’ private information.



Did you know that one of the biggest cybersecurity threats to your business is your employees?

Before you call an emergency meeting to identify the culprits, note one important fact. These employees most likely have no idea that their online activity can lead to cyber fraud. Here at OnSolve, we have delved into the ways that employees create risks to companies. Along the way, our research has identified the most likely cyber risks for every month and season. Let’s touch base on a few of these key points.

Employee Cybersecurity Concerns

As a human-powered organization, you need to hire people to handle tasks that keep your business up and running. Through professional recruiting and vetting processes, you hope to hire individuals who are trustworthy and committed to cybersecurity. In fact, your organization is most likely already doing exactly that. The most common cyber breaches are a result of human error, not intentional ill intent.



Software selection can be daunting. There are plenty of uncertainties and questions you have when looking to implement Enterprise Risk Management (ERM) software.

Maybe you’re not sure what to be concerned about. Maybe you’re not sure how the process works, or the hidden costs.

Here are eight questions that you shouldn’t hesitate to ask your current or potential ERM vendor:



You can’t check in for your flight on the airline’s app. The website won’t let you buy the plane ticket you wanted. The app can’t tell you whether your flight is on time.

Unfortunately, technology glitches and outages like these are all too common. In 2017 alone, there were six major U.S.-based airline outages caused by IT failures. We all rely on services that make our lives easier, often seamlessly. But all of them depend on IT, and IT can—and often does—fail.

How do you typically book tickets for air travel?

That’s an issue with severe consequences for airlines, especially since 84 percent of American travelers in a recent survey say they use an airline’s website or mobile app during the travel process.



Last week we talked about the importance of finding out management’s risk tolerance and creating a business continuity program which will keep risk for the organization within those limits. Today, I thought I’d get more specific about how you go about doing that by discussing the five most important risk mitigation controls within your business continuity plan.

The way to limit the risk in your program is by implementing measures to limit the adverse effects of potential events: risk mitigation controls.

Here’s an example of how mitigation controls play a role in your everyday life: When you tell an ATM how much cash you want and receive that exact amount—with the withdrawal being accurately noted on your statement—this comes about because of a whole series of mitigation controls that have been put in place by the bank. These controls are meant to accurately manage and track cash disbursements.

In risk management, mitigation controls provide a parallel type of control over risk.



Mahoning County is located on the eastern edge of Ohio at the border with Pennsylvania. It has a total area of 425 square miles, and as of the 2010 census, its population was 238,823. The county seat is Youngstown.


  • Eliminate application slowdowns caused by backups spilling over into the workday
  • Automate remaining county offices that were still paper-based
  • Extend use of data-intensive line-of-business applications such as GIS



Cybercrime will cost the globe’s businesses more than $2 trillion by the year 2019, according to a report from UK-based market analyst firm Juniper Research.

It’s hardly a surprise that so many companies include cyber threats at the top of their list of risks. And yet shockingly few have taken adequate measures to mitigate the potential dangers of data breaches and other cyber-related risks. Until now, that is. The Wall Street Journal recently reported on a trend within the manufacturing industry toward widespread adoption of cyber insurance. Here’s a closer look at the issue, along with why cybersecurity insurance offers critical protection for 21st century businesses.



Anyone following enterprise data storage news couldn’t help but notice that aspects of the backup market are struggling badly. From its glory days of a couple of years back, the purpose-built backup appliance (PBBA), for example, has been trending downwards in terms of revenues per IDC.

"The PBBA market remains in a state of transition, posting a 16.2% decline in the second quarter of 2017," said Liz Conner, an analyst at IDC. "Following a similar trend to the enterprise storage systems market, the traditional backup market is declining as end users and vendors alike explore new technology."

She’s talking about alternatives such as the cloud, replication and snapshots. But can these really replace backup?



Getting caught in an emergency situation without a solid and well-thought-out plan puts stress on your residents and employees.

Every moment matters in a crisis, and you need to help your staff react as professionally and promptly as possible. Avoiding common mistakes through preparation and follow-through will help make your emergency communication strategy more resilient — allowing you to keep people safe during a crisis.

Download the Seven Deadly Sins of Emergency Notification to avoid common mistakes.

Threats to life and property, both manmade and natural, are around every corner these days. From shootings to bomb cyclones and mudslides, it’s especially important that government entities are able to keep a tight handle on communications during a time of crisis. Here are some common pitfalls to avoid:



To kick off the new year, industry experts and hosts of our new podcast, The Watchdog, Brian McIlravey and Tim Chisholm sat down to chat about their forecasts for the shifting risk and security landscape this year and how practitioners can stay ahead of the curve. Read the full guide to the top corporate security threats of 2018 here.

Prefer to listen? No problem! Tune in to the episode on iTunes.

Tim Chisholm: All right. It’s a new year, Brian.

Brian McIlravey: It is, Tim. It’s 2018. How do you think the planet is this month, Tim?

Tim Chisholm: The planet has maybe been in better shape before. But what do you think? Where are you sitting? How are you feeling?

Brian McIlravey: There are all kinds of different charts on the top security risks that pop out for 2018, and they’re all very similar. But in terms of Resolver’s guide to the top risk and security trends of 2018, I went through a bunch of them and found some patterns that were very interesting. What I’m going to do is focus it down to two that I think are very prevalent. One that’s been common going back to probably about 1811 is natural disasters. I mean, there’s some risks that we know are going to be on this list every single year. But there was an article that came out about the planet and natural disasters that I found especially fascinating – 2017 was the most costly U.S. disaster year on record just in terms of the massive, massive amount of billions spent—which you might expect given the significant disasters that happened this year.



What would cause more damage to your business? A hurricane or a cyber attack?

If you said the latter, you’re in good company.

Even after the costliest hurricane season of all time in the U.S., 74 percent of business leaders we surveyed said they consider a data breach, hack or cyber attack a greater business risk than a natural disaster.



When your organization isn’t risk literate, the result can often resemble a horror movie; when it is, you can save the day.

In some ways, being a business continuity management consultant is a lot like watching a horror movie. How?

Well, do you know how in horror movies people are always doing things that you know are liable to get them killed, but that they do anyway—despite your yelling at the screen for them to run the other way—because they are lacking critical information that you’ve been given by the director?

It’s the same for a BC consultant. I repeatedly see organizations doing things that I know are harmful to their long-term best interests, based on things I’m aware of that they are not, despite my yelling at the screen (figuratively speaking, of course) and urging them to turn aside from their intended course of action.



While just about every business is shifting in some shape or form, the regulatory compliance industry is undergoing a revolution. Keeping pace with legislative changes, consumer behaviour, and technological advancements has become very challenging for many Canadian financial institutions.

As new (and old) technology continues to disrupt the industry, we wanted to take a closer look at the biggest trends and growth areas for 2018.



Following the news of Hawaii’s false ballistic missile alert on January 13, 2018, we sat down with crisis & emergency management expert, Kevin Hall, to get his thoughts on what went wrong and why.

To start us off, tell us what happened over the weekend in Hawaii? 

On the morning of Saturday, January 13th, 2018, people in the state of Hawaii received an alert message on their phones that read, “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”

The alert went out at approximately 8:07am and was issued by the Hawaii Emergency Management Agency (HI-EMA). According to the official report from the state, the activations included the Emergency Alert System and the Wireless Emergency Alert System, but from what I can gather, it seems that the alert was only sent through the wireless medium. It is interesting to note that no sirens were activated as part of this alert. 

How did that happen? What processes are involved in sending an emergency notification of that scale?



Evolve 14 Plunger FINALBy DON MENNIG

Before I share the DR problems Evolve IP identified in our 2018 Disaster Recovery Survey I have a couple of writing caveats.

Caveat #1.) I’m not a ‘New Year’s Resolution’ kind of guy

Caveat #2.) I really dislike clichéd content – I don’t need to read “5 Reason’s To Wash My Windows” … I know they are dirty.

Caveat #3.) I often times find myself in the minority J!

So, for those of you that like resolutions and “Top 5” lists I am pleased to present …

“The Top 5 Disaster Recovery Resolutions for 2018!”

Click-bait ads coming to the bottom of a news website near you ;)

Now, unfortunately in all seriousness, our survey uncovered some very distressing disaster recovery statistics that need to be addressed by organizations before it’s too late.

Resolution #1: Complete your DR plan and implement and test your plan.

Yeah, you’ve heard it before, but just like giving up your penchant for deep fried Twinkies some things never seem to get done and this year’s survey again proves the point! Only 31.5% of our nearly 1,000 respondents (IT professionals and C-level executives) noted that they had a complete DR plan! Perhaps even more alarming, of the 68.5% that did not have a complete plan, four in 10 had a plan that they felt was less than three-quarters of the way complete.

As you can likely imagine, rolling out an incomplete plan to the organization might seem odd and it’s likely causing DR plans to remain on the shelf. Only 2/3rds of respondents had formally implemented their plan in the business.

To continue with the Twinkie bashing, we all know that chowing down on the cream-filled, artery-clogging sweetness could potentially be really bad for you down the road. You also know that having an untested DR plan is bad for your businesses health. Our survey revealed that less than half of the firms had actually tested their DR plan in the last year.

Then again what are the chances your organization will actually need a data defibrillator in 2018…?

Resolution #2: Don’t get stuck in denial

Turns out, the chances are pretty high. Based on our survey results you need to change your mindset about DR: it isn’t if a DR incident will occur, but when. Over 1/3rd of participants noted their organization had suffered an incident that required disaster recovery. And while hardware failure was the leading cause of incidents (noted by 50%), deliberate attacks are getting worse and growing faster than any other category.

In 2017, the number of respondents reporting that deliberate attacks had caused DR incidents increased to 17% compared to 13% in 2016 and 6.5% in 2014! You might take all of the precautions in the world against attacks—constantly changing passwords, deploying aggressive security software, implementing secure file sharing and more —but hackers are getting smarter every year and your associates are still human and make mistakes

Resolution #3: Treat DR as though you have compliance requirements.

Even if your business does not have compliance requirements, it would likely benefit from acting as though it does. Of organizations that had suffered from an incident that required DR:

• 43.5% without compliance requirements took more than one business day to recover their IT operations.

• Just 28% of those with compliance requirements took more than one business day to recover their IT operations.

 Resolution #4: Fight for your DR budget.

As you’d probably expect, companies that budget sufficiently for DR are more likely to feel very prepared to fully recover from an incident. In fact, 65.5% of those firms noted they felt “very prepared”. Not so much for the under-funded. Just 1 in 5 of underfunded firms were feeling “very prepared” to handle a DR situation.

What sets off the alarm bells here is that four in 10 IT professionals felt that their organization had underfunded DR. Interestingly, three in 10 C-level executives agreed. Couple those numbers with a 33%+ likelihood of a DR situation arising in the future and you’ve got the potential for a major problem!

So, how do you fight for budget? Share some of these survey results with your executive team along with a document that quantifies just how much an outage will cost your business in terms of lost sales and productivity! We created a simple downtime calculator to help you determine what it will cost you.

Resolution #5: Evolve Your DR Strategy

Far too many organizations continue to use legacy or unsecure approaches to DR introducing un-necessary risk and greater chances of failure. A couple of statistics really jumped out:

• 38% of firms relied on servers and hardware at the same location as the rest of their infrastructure

• 35.5% of firms use tapes for backup 

• 22% relied on public cloud for DR

If you’re relying exclusively, or primarily, on one of the methods above, take the time in 2018 to begin researching other solutions like DRaaS from providers such as Evolve IP or investing in a private, secure, secondary site that is geographically distant from your primary location.

Happy New Year! I wish you, your families and associates success and good health in 2018.

To learn more about Evolve IP’s suite of DR solutions visit www.evolveip.net/draas-suite.

Don Mennig is the senior vice president of marketing for Evolve IP.

Here’s something for your to-do list, if you’re not doing it already: The next time your organization holds cyber exercises, make sure you include third-party experts, bringing them in to observe, share insights, and provide feedback.

Experts such as law enforcement officers, data security consultants, your insurer, and public relations professionals can provide valuable insights that will strengthen your cybersecurity plan and better prepare you for a real-life emergency.

In today’s article, we’ll lay out who might be good to invite to your next cybersecurity party and what each type of expert can contribute. We’ll also sketch out how exactly you go about reaching out to these busy professionals and securing their participation.



The new year started off with a bang, if you consider a “bomb cyclone” or “bombogenesis” a noise-maker. The winter season’s first blizzard, Grayson, was a record-breaker in terms of daily record cold temperatures set all the way from the northeast to the Gulf Coast.

As winter storm warnings continue to pop up across the country, individuals and businesses should brace themselves for the remainder of the winter season – at least seven more weeks. If you haven’t already done so, it might be time to dust off your disaster recovery plans, or at least begin planning for next year.

The biggest risk for companies during winter storms is power outages due to ice, and facility issues due to the cold (water pipes not working). Roads could be treacherous, and air travel is usually impacted. As we learned with Grayson, hurricane force winds are not out of question, either. Human exposure to brutal cold temperatures is also a danger.



Tuesday, 16 January 2018 15:01

Winter Bears Down – Are You Ready?

Plunging temperatures, whiteout conditions, and icy roads can turn into a crisis even in the most prepared cities and states.

As a result, this is the season that puts crisis communication to the test. Consider how well your employees and security teams are prepared for communicating internally in the event of a weather emergency.

Plan Activation Strategies

Activation strategies are a crucial component to ensuring proper recovery during and after inclement weather. This strategy will put into action a crisis response team to handle the situation as quickly as possible. Crisis preparation involves a series of procedures that need to be in place ahead of time. This is essential for maintaining internal communications for your workers.

Internal notification software, such as CodeRED from OnSolve, is designed specifically for communications during an emergency situation. By incorporating this government-approved notification solution into your office, internal communications can be handled no matter the situation. Thanks to automated, advanced warnings along with geo-location communication using a variety of delivery modalities, internal notification systems integrate seamlessly into businesses of all sizes.



Monday, 15 January 2018 16:01

Employee Communication in Inclement Weather

OnSolve’s chief product officer, Daniel Graff-Radford, recently interviewed with SDM Magazine to discuss how mobile and integrators are a driving force behind today’s mass notification systems.

Whether choosing to go mobile or become a hard-wired hybrid, here are three ways mass notification systems are changing rapidly.

1. Mobile Integration Success

Mobile integration allows emergency communication to take place across a larger network. Emails, social media, texting and other forms of mobile communication can be achieved all at once using wireless. As a result, you have the potential to communicate with more people in a shorter span of time.

Yet mobile communication is not always perfect, especially in the case of a large-scale emergency or a cyberattack. The best move?  Pursue IP wireless. This gives the organization much-needed control over the network. An organization can structure and prioritize emergency notifications based on the event type and its location This integration provides mobile accessibility with the security associated with analog.



Crisis management, public relations, and business continuity are tested during a disaster event. Today, we’re analyzing business continuity plans and disaster response to determine a good public relations response vs. a bad one.

For today’s post, I thought we might try something new. Rather than write a formal article, I wanted to share some things with you that have been on my mind lately about business continuity and disaster recovery.

I have been observing other organizations’ disaster response efforts from the outside and trying to work out what’s really going on based on what we see in the media, as well as about what separates a good public relations response to a crisis from a bad one. I’ll touch on these and other topics below.



The past few decades have seen a significant increase in society’s level of awareness and investment in personal and workplace safety. In the opinion of those of us at MHA Consulting, similar attention must be given to business continuity.

In this article, we will sketch out the rise over the past few decades of what might be termed “safety culture,” define an envisioned “continuity culture,” and set forth how such a culture can be brought into being at your organization.

The rise in safety consciousness in today’s society can be seen in everything from the creation of the U.S. Occupational Safety and Health Administration in 1971 to the introduction of polarized electrical plugs to the increasing emphasis on people’s wearing seatbelts and bicycle helmets. In the business world in particular, many companies have over recent decades developed a strong emphasis on safety, with consideration for safety permeating everything their employees do.



Public crises have become increasingly common around the world. Of course, managing such emergencies is not always easy. For this reason, public administrators have established ways of managing public expectations while helping those affected at the same time. Thanks to technology and increased access to the Internet, communicating with the public has never been easier. Read on for more on this topic.

To learn more, checkout the infographic below created by Norwich University’s Online Masters in Public Administration.


Online Masters in Public Administration Program

We’ve all seen the news reports, photos, and tragic stories of towns and businesses impacted by natural disasters. Business professionals who are forced to deal with the aftermath of a natural disaster may experience a range of emotions from relief that it’s over and that they had a disaster recovery plan in place to regret that their disaster recovery plan was inadequate or incomplete, or to despair that they never got around to developing a disaster recovery plan at all.

Disasters and how we respond to them are never one-and-done. In the real world, disaster planning for the nextdisruption begins immediately after going through an actual disaster event. This means that the weeks and months immediately following a disaster are the most crucial for evaluating and improving your disaster recovery plan. Aside from the site recovery itself, which may be considerable, it is essential to address deficiencies in your plan as soon as possible and practical. For critical communications, these could include data transmission, materials being redirected, or updates to design that were never shared with the disaster recovery provider.



Is your business part of the 48% that lack a BC plan and still regards itself as ready for trouble? If so, it might be time to start a BCM program.

A recent study found that 48 percent of small businesses are operating without any type of business continuity plan, yet 95 percent of the businesses indicated they felt they were prepared for any disasters that might strike.

Is your business part of that 48 percent that lacks a BC plan and yet still regards itself as ready for trouble? If so, perhaps you think your insurance will cover you if something goes wrong, or that your evacuation plan will help you out. Or maybe you have an old dust-ridden binder lying around that is labeled “Business Continuity Binder,” but which you haven’t looked at in ages. If either of these things is true of your company, chances are that you are not truly prepared for disaster. From Hurricane Maria and the shooting in Las Vegas to the current fires in California, history shows us that companies that do not proactively consider how to respond to events are among the last to get back to business.

So, why do people and companies neglect to implement business continuity management (BCM) in their organizations even though they know it’s the right thing to do and can ensure the survival of their business? That’s a difficult question to answer, I think because it has very little to do with business continuity management and a lot to do with human nature.

People and companies are inherently motivated to do what’s good for them. The problem is that accurately perceiving “what’s good for them” is not nearly as easy as it sounds—and even if a company can figure this out, they may not believe that it is possible for them to do it.




Thursday, 04 January 2018 15:56

Do the Right Thing: Start a BCM Program

PCI, HIPAA, SOX, GLBA. The alphabet soup of government regulations and compliance standards is enough to give any CIO a migraine. But just when you thought it was safe to come out of the regulatory waters, the General Data Protection Regulation (GDPR) is right around the corner. Haven’t heard of GDPR? You soon will—and you’d better pay attention.

Previous cybersecurity regulations such as Safe Harbor, which was overturned by court orders, and the EU-U.S. Privacy Shield left room for improvement. The EU then created GDPR to add teeth to European regulations for how organizations handle security. Essentially, the EU is augmenting regulations to ensure that all organizations protect the data subjects—the people—from companies conducting abusive personal data processing.



So 2017 is in the rear-view mirror, and here comes 2018, all bright-eyed and bushy-tailed. What should we be ready for this year in terms of risk management trends? Here are three that are likely to have an outsized impact:

  • Cyber security risks will continue and get more dangerous. Maintaining information and network security will grow even more challenging.
  • The cloud will bring risk. The increased dependence on cloud-based services is creating a new kind of risk that many companies have yet to address. 2018 is likely to see a deepening engagement with the vulnerabilities caused by this new reality.
  • New rules will bring unexpected risks. As companies adapt to the new regulatory regimes, the changes they are obliged to make will create unexpected new dangers.

The traditional threats to business operations from nature, people, and technology are still out there and will doubtless rear up and make themselves felt in 2018. These will include bad weather, employee mistakes, and so on. But in terms of new risk management trends, the three developments mentioned above are likely to be especially prominent. We’ll take a closer look at each one below.



Wednesday, 03 January 2018 15:07

3 New Risk Management Trends for 2018

We’re helping you streamline your BIA, cutting it down from 8 to 4 hours or less for each business unit and maximizing your BIA interview.

In last week’s post, I mentioned that we veteran BCM professionals will need to learn some new tricks in order to work effectively with members of the millennial generation. Specifically, I gave the example of the traditional business impact analysis (BIA) meeting as something that probably won’t work very well with colleagues and clients who are used to speedy and informal ways of doing things.

After finishing that post, it occurred to me that I had left readers hanging in terms of how exactly they might go about making their BIA meetings more efficient. In today’s article, I’m going to make that up to you by giving you my 5 Tips for Making the Most of the BIA Interview. These tips aren’t only relevant when working with millennials. These days, pressure for BIA professionals to be more efficient comes from across their organizations.

In days gone by, the BIA process would take anywhere from 6 to 8 hours for each business unit, from the pre-work and interview through the follow-up phase to the final approval of results. In today’s world, the entire BIA process better take from 3.5 to 4 hours or less for each business unit, from pre-work to final approval.

Needless to say, even as you are speeding things up, you’re still expected to cover all the important bases, doing as good or better a job as you did before. Nobody said it was going to be easy! But hopefully the tips below will make it easier for you.

And in the spirit of the subject, I’m going to try to keep things short and sweet.



When a disaster strikes your place of business, you don’t have much time to act. The phrase “time is money” is certainly applicable here – ITIC’s latest survey data finds that 98% of organizations say a single hour of downtime costs over $100,000.

One way or another, your organization must get back up and running. With the rise of cloud-based applications, there’s been an increased level of “workplace recovery from home” scenarios.

After all, why would you want to spend money on a workplace recovery solution if you can connect to your applications from home? While the concept looks good on paper, the reality is that there are several drawbacks.



Tuesday, 02 January 2018 20:58

Why Workplace Recovery Is Critical

As 2017 winds down, I thought it might be worthwhile to knock back a cup of Earl Grey and see what the tea leaves show lies ahead for the world of business continuity in 2018.

Here’s the thumbnail version of my forecast:

  • The overall picture of most BC programs is going to be one of ongoing uncertainty, with lots of small-scale agitations but no dominating trends.
  • Two peripheral trends I see are the continued movement of services to the cloud and the increasing influence of millennials on the world of business continuity.
  • In the world at large, I think we’re going to see the continuing proliferation of the risks associated with climate change and terrorism and also the potential movement of international conflict into cyberspace. These developments could have significant impacts on the practice of business continuity management.

One thing that we know is coming in 2018 is the European Union’s new General Data Protection Regulations (GDPR). The EU’s strict new privacy protection rules go into enforcement on May 28, as I discussed in my blog post from last week, GDPR Compliance: A Heads-Up for Business Continuity Professionals. Take a look if you would like to know more about what GDPR might mean for your organization.

And while I’m making suggestions for further reading, let me call your attention to an interesting survey by Continuity Central. These are the interim results of their survey of business continuity professionals worldwide, asking people what they see happening in their programs in 2018. The results of this survey triggered some of the points I make below.

In the rest of this article, I’ll share some additional thoughts on the topics mentioned above, along with a few others.



At Forrester, we have developed an assessment to help organizations understand their continuous deployment maturity. The assessment should take 10 minutes or less to complete with the outcome identifying where you are in your continuous deployment journey. DevOps teams should focus and build four critical competencies including: process, structure, measurement, and technology. Your honest assessment of these competencies will help identify key areas of improvement and help get everyone in the organization on the same page. Additionally doing such a assessment might just avoid the disconnects between leadership and DevOps teams identified in my last blog –  Executives Overestimate DevOps Maturity.

DevOps is predicated on teams driving inclusive behaviors such as collaboration and leveraging feedback loops, destructing silos of functional excellence, with empowered product teams who are delivering business outcomes. To support this, we identified four competencies that enable continuous deployment:



While consumers and many businesses are already enjoying the fruits of digital transformation, the insurance sector can hardly bear it. In many cases, legacy systems leave those in the industry with outdated infrastructures and processes.  Looking to get out of the woods, insurance institutions know now is the time to tame the technology beast and make a digital transformation to:

  • Keep pace with customer expectations who have already embraced next-generation IT innovations
  • Meet rigorous compliance regulations regarding data security
  • Simplify and enhance employee jobs with the latest digital tools and online collaborative business applications



The internet is like a big city with lots of amazing sights and many useful services—but also many shady areas and lurking predators. And the predators don’t necessarily stick to the bad parts of town: sometimes they come out to pick pockets on the nicest boulevards.

So far, our Corporate Security Awareness series has looked at how business continuity professionals can help their co-workers (and their organizations) stay safe when using non-workplace Wi-Fi networks, personal devices they may use for work, and email.

In today’s post, the fourth and final one of the series, we are going to talk about how BC managers can promote safer internet use and web browsing at their organizations.

Business continuity managers can and should play a role in advocating for safer policies in all of these areas even though direct responsibility for configuring technology, establishing policies, and training users in order to minimize the risks to the above areas lies outside the BC department. By raising the matter of internet security and safety with their partners in IT security and other departments, BC managers can raise awareness and promote the adoption of safer policies. As BC professionals we need to be just as concerned with the prevention of outages and issues as in responding to them.



Twinkling lights, whiffs of peppermint, and holiday tunes aired everywhere you go — these are just a few of the signs that the holidays are upon us.

As an emergency manager, you must also account for less savory signs, such as increased traffic, an influx of travelers, and unexpected wintry weather. One way to provide your community with a calm and festive holiday season, no matter what emergencies come your way, is via the CodeRED Mobile Alert app.



At this very moment, 1,800 thunderstorms are occurring around the world. Within each one, multiple threats are lurking. Some of these threats may remain unnoticed until the moment they strike - damaging homes, destroying property and claiming the lives of those in their path. Severe weather affects everyone. However, with modern weather intelligence technology like advanced storm tracking, it is possible to be more prepared for notable weather events, even ones that seemingly emerge from nowhere.

Advanced storm tracking technology analyzes complicated weather behavior and present it in an easy-to-understand format to users. The aim of this technology is to deliver life-saving weather intelligence to people everywhere during dangerous weather situations. A number of unique attributes make this technology more advanced, and therefore more effective than standard weather forecasting and tracking products.

201702 Threat Net Datasheet1

Baron (a leader in critical weather intelligence) has been a pioneer in severe weather detection and storm tracking for over two decades. Baron original storm tracking technology, developed in the late 1990’s, was a simple drag and drop function based on the storm parameters known by the operator. Automated tracking soon followed along with a new angle for automatically identifying the most severe location in a storm. Rather than tracking the storm’s center, Baron advanced algorithms identify and follow specific threats throughout a storm’s expanse. Not exclusively tracking the storm’s center enables the technology to calculate precise threat arrival times, rank potential tornado probability, and alert people in harm’s way. There are also seven other key attributes that make Baron storm tracking so advanced.

1. Accessibility

Any industry or individual with an immediate need for weather awareness can utilize and benefit from advanced storm tracking technology like that of Baron. No in-depth knowledge of weather forecasting or algorithms is required. Baron algorithms, for example, remove the need to analyze complex information on the user side.
All data for advanced storm tracking comes pre-analyzed and interpreted, so users of the technology can have the situational awareness they need to make tough decisions when lives and assets are on the line. Farmers can protect their crops, pilots can stay up-to-date on potentially hazardous flight conditions, and public safety officials can make sure the communities they serve have more time to act when weather is imminent, all without having to worry about the advanced science and math behind the technology.

2. Time and place specific

Knowing not only how, but also when a community will face devastating weather can make a measurable difference in preventing damage. For example, in Baron technology, each individual storm track contains data that precisely determines which areas will be affected by a threat, including a list of estimated arrival times. The technology allows users to predict, down to a neighborhood level, when a storm will make its biggest impact.

3. Threat-specific tracking

StormCellIDandTrackingWithin a single storm, multiple threats may require immediate attention and necessitate advanced tracking techniques. Advanced storm tracking technologies often concentrate on identifying specific dangers—hail, high winds, flooding and potential tornadoes—and then determine their locations and magnitudes. Baron Storm Tracking, in fact, pinpoints all individual threats at once, and then tracks them up to one hour into the future. Other storm tracking methods may focus on following the middle of the storm. This method doesn’t yield the best results because the center of the storm could be less dangerous, while the more serious threats may make their way into communities without proper warning.

4. Tornadic potential

201502 BTI index 1Potential tornadoes can be identified sooner with some of the advanced storm tracking technology’s severe weather algorithms. For example, the Baron Tornado Index (BTI) fuses together real-time data from radars and atmospheric conditions present in and ahead of a storm to generate the likelihood of tornadic activity. Results are updated in real-time and presented on an easy-to-read scale of 1-10—the higher the value, the greater the probability. Additionally, Baron algorithms monitor and track rotating winds in the atmosphere along with other parameters to mark the location where tornadic development is most likely to occur.

5. Usability

In many cases, weather tracking calls for the evaluation of several data products at once to generate a comprehensive picture of a storm. This kind of procedure demands more attention to multiple things than many people can give while remaining lucid and aware of their situation. To rectify this issue, advanced storm tracking technologies do much of this work and evaluation ahead of time. For example, Baron automatically complete much of the detailed analysis so users can focus on what matters most—staying alert of the greatest dangers and then communicating that information to all relevant parties. Every data point and visual cue in Baron Storm Tracks is self-explanatory, and locations of hail, high wind shear, and more are pre-interpreted. This kind of technology provides more insight into difficult storms faster, giving users the confidence they need to make mission-critical decisions.

6. Continual analysis

Data analysis in advanced storm tracking happens in real-time and information is updated continuously. By sampling lower-elevation radar scans and gathering information before the entire scan is complete, accurate and actionable intelligence can be relayed back to the user faster than with other methods. The technology quickly identifies embedded dangers within a storm that can be hard to diagnose and gives frequent updates on its speed, path, and arrival time. It provides the most up-to-date information sooner, giving those in the path of a storm more time to act. Building on these technologies, Baron continues to refine their storm tracking solutions with newer more timely capabilities just released this year from new Baron intelligent processing that delivers faster detection and more accurate location of the critical part of the storm.

7. Site-specific alerts

weather alert tornadoMuch of the advanced storm tracking technology around today existed almost 10 years before iPhones were introduced. Now that smart phones are ubiquitous, this advanced storm tracking can deliver site-specific, life-saving alerts to warn subscribers in threatened areas. The Baron system, for example, determines speed, wind direction, shear, and more, and then using this collected data, automatically deciphers areas of a storm requiring advanced notifications and alerts everyone in harm’s way. Every geo-specific alert is targeted, so users of the Baron app will only receive a push notification if they are within the specified threat range.

Critical Weather Intelligence for everyone.

For decades, companies like Baron have been redefining storm tracking technology, taking it to new levels of precision. They have made it their mission to ensure the safety and livelihood of everyone with a need for severe weather intelligence, and continue to build upon their technology to ensure everyone has access to the critical weather intelligence they need to help their decision making.

By Gabe Gambill, VP of Product & Technical Operations at Quorum

When it comes to an effective disaster recovery strategy, your team has several options. You can maintain your own DR site in a remote location, handle it on-site or go with a DRaaS solution. Then there’s colocation – where you migrate your DR to a provider’s data center, installing your own servers, network and data storage there. 

While most teams have heard of colocation, some aren’t sure how it differs from other kinds of disaster recovery or if it’s right for them. So let’s talk about the benefits of colocation and the criteria to follow when choosing a colocation facility.

The Benefits of Going Colo


One benefit when compared to DRaaS is that the control stays in your hands. When you outsource disaster recovery completely, it can take some weight off your shoulders – but you also hand over a certain amount of control and visibility. Colocation gives it back to you. True, your data center is owned by someone else, but you control the hardware and software and greater day-to-day visibility.


Going with your provider’s data center can offer more robust power capacity and stronger network performance. If your bandwidth requirements increase, you may be able to take advantage of volume pricing while skipping multiple contracts and SLAs.

Cost Savings

Colocation facilities tend to charge by space, which means your price tag ultimately comes down to the kind of equipment and number of servers you’ll install. However, you won’t be paying the actual costs of owning and maintaining your own data center. Compare your potential price tag for power, cooling, HVAC units and backup generators to the facility charge; chances are you’ll save money.


Not all colo providers offer support, but if they do, having on-site expertise can spare your team from time-consuming server and equipment maintenance. The provider’s team may also have advanced skills to facilitate a smoother disaster recovery, giving you better peace of mind and freeing up your team to focus on other initiatives.

Selecting a Colocation Facility

Not all data centers are created equal. One critical component is location. If and when disaster hits, can you get there in a hurry? What if something happens to your primary site and your recovery depends solely on your colo site? Make sure you choose a facility within reasonable proximity and not two thousand miles away.

You’ll also want to think about security. Verify the facility has all the same security checks you’d install for your own data center:

  • Are the generators accessible? How close together are they?
  • Is the data center protected against fire and flood and other natural disasters? Is it tier 1, enterprise-grade and certified?
  • Does it meet your compliance needs?
  • Is there video monitoring and 24-hour camera surveillance?
  • What kind of access controls are in place? Is there biometric and card key entry, are there cabinet and cage locks?

One final consideration: think of partnering colocation with the cloud. In addition to hosting your data backups in an offsite facility, you can still take advantage of those speedy cloud failovers, spinning up a virtualized clone of your environment whenever you need it. It could be the right form of DR insurance for you, knowing you’re protected locally and in the cloud if something takes down your primary site. Keeping your servers and applications operational is the whole point of DR, after all, and colocation can be the perfect solution.

Tuesday, 19 December 2017 18:52

Should You Go Colo?

The end of the year is almost upon us, which can mean only one thing: cold and often unpredictable winter weather is about to rear its ugly head yet again.

According to a study that originally appeared in the Journal of Climate, a total of 438 blizzards took place in the United States between 1959 and 2000 – breaking down to roughly 10.7 on average per year.

But a blizzard doesn’t just bring with it tremendous amounts of snow. Each event is also incredibly dangerous due to poor visibility, terrible road conditions, chilling temperatures that leave people exposed to frostbite and hypothermia and so much more.

The Federal Emergency Management Agency (FEMA) has long held the belief that being prepared during the storm isn’t enough to keep people safe – it’s also what you do both before and after an event that really counts. Being as prepared as possible really is the key to staying safe and for many communities, emergency notification planning and crisis communication often mean the difference between a mild inconvenience and an absolute tragedy.



Keep Your Employees Safe This Winter

While some view winter weather as a welcomed excused absence from work or school, others must still find their way into the office. What they don’t want to encounter on their way are slick sidewalks, power outages, or the worst – inching your way through icy gridlock only to learn after they’ve battled the weather that the office is, in fact closed. “Sorry,” simply won’t suffice.

Reduce your risk for injuries and dissatisfied employees by doing your part to protect and inform them on bad weather days. You may not be able to stop the snow, rain, and wind, but you can ensure every employee has a safe way to an office that is in working condition.



Tuesday, 19 December 2017 16:29


As we look forward to 2018, it is a time to reflect on the changes that have emerged in the past couple of years.

Take the 2016 study by Securitas Security Services for example. According to this report, there were two newly emerging trends in business continuity that year — active shooter threats and mobile security in cyber communications. Those trends have only escalated in 2017, and are expected to remain consistent in 2018. Along with these two current trends, look at advancements in technology and supply chain processing in regard to business continuity concerns.



That question usually comes from an executive after some other organization has a business crisis that makes global or national headlines. The question causes anxiety in many Business Continuity Planners.

I remember the first time I got that question. A local business had suffered a lightning strike, cutting power and frying much of their electrical and technology gear.  I can still recall the sudden panic when our CFO asked me that question: “What’s our Plan for that?”

We had no such Plan.  Had we, we should also have had Plans for tornados, hail, parking lot sinkholes, contaminated drinking water and trucks crashing through our lobby doors:  things that had happened to local businesses during the previous year.

Monday, 18 December 2017 15:38

What’s Our Plan For That?

Winter Isn’t Always Pretty

We like to think of the winter scenes we may see on a holiday card – peaceful, joyful, beautiful, and full of cheer. While this may be so, it’s more likely to be chaotic with a few Grinches sprinkled in for good measure. And when it comes to work productivity during the winter months, it can be an even less promising scene.

Winter storms have a history of wreaking havoc on the economy. After a 2015 New England winter storm, economists calculated the hit to the economic output was a staggering $1.25 billion. Much of the productivity loss is attributed to workers simply not being able to get to work due to poor road conditions. Of course, they’ll eventually make up the work over time, but the disruption to normal business operations can’t be understated.

Companies can’t fix the weather, but they can put into place a winter weather communications plan to ensure employees from across their company, remote or onsite, know what to do when bad weather hits. Depending on how your organization is structured, you may have a skeleton crew who has one set of instructions to follow during the office shutdown, executives with a different checklist, and local employees with completely different expectations.

If you want to keep your office running as smoothly as possible, no matter the weather, follow these tips. Your employees will thank you and your administrators, managers, and business leaders will appreciate the forethought.



Friday, 15 December 2017 15:29


Brains, Braiiiiiins, Braaaiiiiiiiins – these are three things required by both business continuity plans and zombies alike. In AMC’s The Walking Dead, zombies are plentiful.

Business continuity plans, not so much.

The story of The Walking Dead revolves around Sheriff Deputy Rick Grimes and various other characters as they struggle to survive in a world filled with – you guessed it – zombies. It’s not clear as to what exactly caused the viral outbreak that turned most people into mindless “walkers”.

Then again, it doesn’t really matter.



Social media of all types have joined email, telephony and instant messaging as main stream communication tools that are used daily in many individual’s lives. The Pew Research Center estimates that 68% (216.9 million individuals) of US citizens have a Facebook profile, and 21% (66.9 million individuals) use Twitter. These tools have become a key part of the communication landscape and need to be a consideration in any emergency communication solution. With the release of the social media enhancements to the CodeRED Launcher, these tips are especially important to keep in mind:

#1 – Social media has evolved into a viable communication tool

Throughout the September 11, 2001 terrorist attacks in New York City, the primary source of information for the public was television. A case study on the attacks showed, “more than half of Americans learned about the terrorist attacks from television, and only 1% from the Internet”2

Fast forward to Hurricane Katrina in 2005 – “mainstream media sites dominated with 73 percent (73%)”2 of online traffic directed at major news organizations for information and disaster relief donations.2 More recently, during the emergency response to the 2015 San Bernardino attack, online and social media platforms were successfully utilized by local police and FBI members to create a new manner of public information sharing.  Safety Response Reports after the event identified Twitter as a critical component for media operations and credited the team’s utilization of the platform.3

People’s automatic reaction of turning to social media and the Internet to gather information continues to grow and today’s mass notification systems must provide tools for managing these critical touch points.



You Have Event Pages – Now What?

Whether you have Event Pages, or you’re interested in learning more about them, we want to help you understand how Event Pages work in certain scenarios. Once you see them in action, you can probably come up with many more ways they can benefit your organization.

Keep in mind the Event Pages ensure your employees are literally on the same page. With all of the information about an event in one place, you can ensure consistent, accurate information is received by all. You never have to dig through emails to see if you sent or received a message. Everything you and your employees need to know before, during, and after an event is conveniently accessible via a single click of a link. It doesn’t get any easier than that.

Event Pages can be useful for organizing around any event, but here are four to consider:



Thursday, 14 December 2017 14:58


When airlines undergo mergers and acquisitions (M&A)—and they frequently do—it means merging IT systems, too, if they don’t rebuild IT infrastructure from scratch or run the systems separately. Merging is the choice companies often make, and it can also be the riskiest.

Jumbled IT systems can cause outages and critical system failures, threatening to ground thousands of flights, and could even allow too many pilots to have the holidays off.

“Quick and dirty” fixes that can get you off the ground often turn into long-term solutions—ones that can sideline your operation years from now. One dormant glitch could make your scheduling system decide to play Santa.

Take the time to remap your systems entirely, with all the dependencies, and treat them as one system. Then you can be sure your infrastructure is more reliable, and your disaster recovery plan can recover the full IT environment.

Airline Merger cartoon


Open-plan offices have become the norm for many companies wishing to optimize their space, encourage collaboration between staff and breaking down traditional hierarchies.

However, recent research challenges the idea that open-plan working is a surefire route to productivity. Far from an antidote to the inefficiency of closed-off offices, open-plan working can mean staff are beleaguered with distractions and stifled by lack of personal space.

Gensler’s 2016 Workplace Survey found that 67 per cent of the UK workforce feel drained at the end of each working day due to their office environment. In addition, badly designed offices are suppressing innovation in businesses: although over eight million UK employees work in open-plan environments, many of these do not offer variety or choice, nor are they tailored to specific tasks and practices.

“Enclosed office space is not the enemy,” says Philip Tidd at Gensler. “Moving to a simplistic open-plan may not be the most effective option in today’s hyper-connected workplace.”



A new finish for your old car may look great, but in the end, it may still be a ’71 Pinto.  The cost of the BIA process – writing, distributing, validating, analyzing, reporting, presenting to Management, revising and repeating annually – can be a staggering amount.  Yet a BIA may be no more valuable than that new paint job.

Business Continuity programs rely on BIA’s because ‘standards’ says they must.  BIA data gathering isn’t useless– just time-consuming, and questionably valuable.

  • There’s little proof that BIA’s improve planning, since there’s often little in a BIA to inform individual plan tasks.
  • If it doesn’t improve planning, it won’t improve organizational readiness either.
  • Most enterprise criticalities are already understood within the organization; there’s little point looking for them (again) in a BIA.
  • The man-hours spent on BIA development, completion and analysis is shockingly disproportionate to the value the results provide.



If you lost your home, business or personal property due to Hurricane Irma, you or your family may be struggling to cope with the emotional impact of the disaster. For individuals and families looking to rebuild, the approaching holidays may be especially difficult.

FEMA’s online information, Coping with Disaster provides suggestions that may ease the stress that can follow a traumatic event such as a hurricane, which can be even more challenging around the holiday season. There are special sections on how to recognize signs of disaster-related stress, and on how to help children deal with their emotional needs.

Among the suggestions:

  • Limit your exposure to traumatic news coverage and social media about the disaster until you can handle it.
  • Stay connected with family and friends.
  • Accept the fact that your recovery may take time.

Disasters can leave children feeling frightened, confused, and insecure. Whether a child has personally experienced trauma, has seen the event on television, or has heard it discussed by adults, it is important for parents and teachers to be informed and ready to help if reactions to stress begin to occur.

The staff at the Mayo Clinic say the holiday season causes stress and depression in some people. This may be heightened by the emotional impact of other situations, such as the recent hurricane. They offer some tips on how to cope with stress, depression and the holidays.

According to the National Institute of Mental Health, symptoms of depression may include:

  • Difficulty concentrating, remembering details, and making decisions
  • Fatigue and decreased energy
  • Feelings of guilt, worthlessness, and/or helplessness
  • Feelings of hopelessness and/or pessimism
  • Insomnia, early-morning wakefulness, or excessive sleeping
  • Irritability, restlessness
  • Loss of interest in activities once enjoyed

The Substance Abuse and Mental Health Services Administration provides crisis counseling and support to people experiencing emotional distress related to natural or human-caused disasters. SAMHSA provides toll-free, multilingual and confidential support on its Disaster Distress Helpline. Stress, anxiety, and other depression-like symptoms are common reactions after a disaster. Call 800-985-5990 or text TalkWithUs to 66746 to connect with a trained crisis counselor.

Other resources for helping you and your children cope after the disaster can be found at these websites or by calling the number provided:

  • FEMA: ready.gov/kids.
  • National Center for Child Traumatic Stress: Floods. Phone 310-235-2633 or 919-682-1552.
  • Save the Children: Ten Tips to Help Kids Cope with Disasters, Hurricane Tips for Parents: How to Help Kids.
  • American Academy of Pediatrics: Helping Your Child Cope, Talking to Children about Disasters, How Children of Different Ages Respond to Disasters, How Families can Cope with Relocation Stress After a Disaster.
Wednesday, 06 December 2017 16:01

FEMA: Coping With Holiday Stress After a Disaster

Today there are more households with mobile devices than with desktop computers.

According to the Pew Research Center, 84 percent of US households have a median of two smartphones, while only 80 percent have a median rate of one desktop or laptop computer. In fact, 95 percent of American adults now use some sort of cell phone. For all the personal data that is being shared across mobile lines, there needs to be greater attention given to the threats of mobile security.

Scope of Security Threats to Mobile Users

Mobile use is only expected to increase due to the dependency on this type of technology. Already, mobile devices are used to access the internet for everything. The Pew Research Center states that 62 percent of users accessed information about their health conditions on a mobile device. In addition, 57 percent use mobile devices for online banking, while 18 percent have submitted a job application on their smartphone.



Monday, 04 December 2017 17:16

Trends and Threats in Mobile Security

Passengers on the Titanic didn’t think it could sink.  When it did, there wasn’t room for everyone in the lifeboats.  By slavishly tying your BCM program to industry ‘standards’, you may find yourself adrift during a business disruption.  Standards are only guidelines.  They’re no substitute for the knowledge necessary when disruptions occur.



Monday, 04 December 2017 17:09

BCM Standards: Lifeboat or the Titantic?

Disasters come in many forms. Most of the time for a business, a disaster is the result of a power outage, an act of nature, a cyberattack, or human error. Whatever the cause, without a surefire workplace recovery plan, a business is likely to suffer extreme financial losses.

The following facts are alarming. The good thing is, that if you can acknowledge areas for opportunity in your business, you can greatly minimize the impact of any unfortunate incident.



As of October 2017, the United States has seen 273 mass shootings this year alone.

Due to the recent active shooter events across the US, it is increasingly imperative to create a response plan. In the event of an active shooter scenario, government agencies need to be ready to handle the situation. Discover how emergency notification and response methods can be implemented in emergency response plans for your organization.

Emergency Communication Plans

Did you know the US Department of Homeland Security has established a National Emergency Communication Plan that coordinates communications for response and recovery in the event of a crisis? You can utilize the framework of this plan to devise an emergency communication plan for your own organization. It should include the following goals:



Monday, 04 December 2017 17:03

Active Shooter Response Plan

Is Winter That Dangerous?

Sure, spring, summer and even early fall months generally bring us more severe weather, such as hurricanes, tornadoes, and strong thunderstorms, but the winter months can wreak their own havoc. We pulled the following common winter dangers straight from NOAA:

  • Wind – Some winter storms have extremely strong winds that can create blizzard conditions with blinding, wind-driven snow, drifting, and dangerous wind chills. These intense winds can bring down trees and poles, and can also cause damage to homes and other buildings.
  • Snow – Heavy snow accumulations can immobilize a region and paralyze a city, strand motorists, stop the flow of supplies, and disrupt emergency services. Buildings may collapse, and trees and power lines can be destroyed by heavy snow.
  • Ice – Heavy ice accumulations can bring down objects like trees, utility poles and lines, and communication towers. Power can be disrupted or lost for days while utility companies repair the damage.

Winter weather can disrupt life, including business operations, for days, even weeks. Is your company ready? Do you have the systems in place to keep your employees informed during a winter event? If email is your go-to, how do you plan on using it effectively to reach every employee without power? Can you be certain every employee will get the messages?



Friday, 01 December 2017 16:32


WASHINGTON – While Nov. 30 marks the end of a historic hurricane season, FEMA and its partners continue to work diligently in support of disaster survivors recovering from the devastating season.  Four hurricanes made landfall:  Harvey, Irma, Maria and Nate (the first three were classified as major hurricanes, which affectedroughly 25.8 million people). Also during this season, nearly two dozen large wildfires burned more than 200,000 acres of land in northern California. 

Hurricanes Harvey and Irma marked the first time two Atlantic Category 4 hurricanes made landfall in the Continental United States, in the same season.  Hurricane Harvey set a new record for the most rainfall from a U.S. tropical cyclone, with more than 50 inches of rain in some areas. The storm resulted in catastrophic flooding in Texas and western Louisiana.  Two weeks later, Hurricane Irma became the strongest Atlantic Ocean hurricane on record. Winds peaked at 185 mph, and Hurricane Irma remained a hurricane for 11 days. Irma was the longest-lived Atlantic hurricane since Ivan in 2004.  The public response to Hurricane Irma, as the storm approached, resulted in one of the largest sheltering missions in U.S. history.

Hurricane Maria devastated the U.S. Virgin Islands and Puerto Rico soon after Hurricane Irma struck their shores. Hurricane Maria was the first Category 4 hurricane to make landfall on the main island of Puerto Rico in 85 years, and the resulting response became the longest sustained air mission of food and water in FEMA history. In addition to these hurricanes, prior to the 2017 season FEMA already had 17 Joint Field Offices working 28 presidentially-declared disasters.

Since Harvey made landfall in Texas on Aug. 25, the President has granted 16 Major Disaster declarations and 14 Emergency Declarations, while FEMA has authorized 25 Fire Management Assistance Grant declarations. Over a span of 25 days, FEMA and our partners deployed tens of thousands of personnel across 270,000 square miles in three different FEMA regions. 

So far, more than 4.7 million disaster survivors registered for federal assistance with FEMA – more than all who registered for hurricanes Katrina, Rita, Wilma and Sandy combined.  To respond to the historic demand, FEMA expanded its call center capacity by tenfold, and increased the number of home and property damage inspectors fourfold.

“This historic hurricane season should serve as a gut check and an opportunity for citizens, businesses, state, local, tribal and federal officials to re-evaluate how we prepare for and respond to any disaster,” said FEMA Administrator Brock Long. “Response and recovery is dependent upon the whole community to be successful. While we continue to support the recovery from these storms, we must also take the opportunity to become better prepared for future disasters.”

To date, FEMA has placed more than $2 billion in disaster assistance into the hands of disaster survivors to help them recover from these events.  As of mid-November, National Flood Insurance Program (NFIP) policyholders filed approximately 120,000 claims, resulting in payments totaling more than $6.3 billion.

“State, local, tribal, and territorial governments, along with the residents in the impacted areas, are the true first responders,” said Administrator Long. “FEMA alone cannot deliver assistance to this vast number of survivors. We must hit the re-set button on the culture of preparedness in our country.”

Non-profit organizations provide crucial services to sustain lives in partnership with the rest of the response and recovery infrastructure.  The private sector also plays a significant role in disasters, as businesses work to restore critical services and donate their time and resources – in close coordination with emergency management personnel – to help communities rebound in the wake of disasters. 

Thousands of members of the federal workforce were deployed to Texas, Florida, the U.S. Virgin Islands and Puerto Rico, including 13,892 staff from various offices of the Department of Defense (DoD), including the military services. For the first time, FEMA extended the Department of Homeland Security’s “Surge Capacity Force,” to all federal agencies, deploying over 3,800 non-FEMA federal employees. 

FEMA search and rescue teams saved nearly 9,000 lives, in addition to those saved or assisted by DoD, the Coast Guard, state and local partners, first responders, and neighbors helping neighbors. 

While the 2017 Hurricane Season has ended, recovering from these devastating hurricanes will take years, and FEMA and our federal partners will continue to support affected governments and survivors as they build back stronger.

For information on how you can prepare for the 2018 Hurricane Season, see https://www.ready.gov/hurricanesor download the FEMA App: https://www.fema.gov/mobile-app.

For the latest information about FEMA support to response and recovery efforts, see:

Hurricane Harvey:  https://www.fema.gov/hurricane-harvey   
Hurricane Irma:  https://www.fema.gov/hurricane-irma  
Hurricane Maria:  https://www.fema.gov/hurricane-maria

U.S. Customs & Border Protection & FEMA personnel deliver food and water to isolatedPuerto Rico residents after their bridge was destroyed by Hurricane Maria in themountains around Utuado, Puerto Rico (U.S. Air Force photo by Master Sgt. JoshuaL. DeMotts)
U.S. Customs & Border Protection & FEMA personnel deliver food and water to isolated Puerto Rico residents after their bridge was destroyed by Hurricane Maria in the mountains around Utuado, Puerto Rico (U.S. Air Force photo by Master Sgt. Joshua L. DeMotts)

A large group of Urban Search & Rescue and disaster survivor assistance teams are spread out in front of a U.S. Coast Guard airplane on the tarmac of a Key West airport. There are assorted suitcases and boxes on the ground.
FEMA Urban Search and Rescue and disaster survivor assistance teams arrive via U.S. Coast Guard transport, in Key West, Florida, in response to Hurricane Irma. Yvonne Smith/FEMA

Disaster survivor Terry Roundtree (center) gets a FEMA hug from Hector Marerro (right), Disaster Survivor Assistance (DSA) Crew Lead.
Disaster survivor gets a FEMA hug from a Disaster Survivor Assistance Crew Lead, after receiving disaster registration information at her home in Texas, following Hurricane Harvey. Photo by Christopher Mardorf/FEMA

guardsmen pass cases of water
National Guardsmen from Virginia and the U.S. Virgin Islands work together to restock a point of distribution at Holy Spirit Church, Christiansted, St. Croix, U.S. Virgin Islands. Photo by Jocelyn Augustino/FEMA

2017 HURRICANE SEASONUnprecedented25.8 Millionpeople were affected by hurricanesHarvey, Irma and Maria.FOR THE RECORDas of November 30, 2017First time 2 Atlantic Category 4Hurricanes (Harvey and Irma)made landfall in the continental U.S.in the same year. Hurricane Harvey grew from aregenerated tropical depression to aCategory 4 hurricane in 56 hours.Harvey set a new record for themost rainfall from a U.S. tropicalcyclone, with more than 50” of rainand remained a cyclone for nearly 5days after landfall.Hurricane Irma became the strongestAtlantic Ocean hurricane on recordwith winds peaking over 185mphand remained a hurricane for 11days.Hurricane Maria was the FirstCategory 4 hurricane in 85 yearsto make landfall on the main islandof Puerto Rico.Hurricane Irma was 500 mileswide, more than 130 miles widerthan the entire state of Florida. Over 700 generators installed inPuerto Rico by the USACE.48 states and the District of Columbia assistedwith operations from Texas to U.S. Territories in theCaribbean, through Emergency ManagementAssistance Compacts.

One of the most interesting engagements MHA Consulting had this year was at a Fortune 500 company where 3 of our consultants conducted approximately 100 BIAs.

Over the course of that engagement, I got a lot of calls from my consultants describing how the sessions went, mainly when there were bumps in the road—and with so many BIAs to conduct there were naturally a few bumps.

These included:

  • The session where the leader of the business unit says he already knows their unit was of critical importance to the company and therefore conducting a BIA is a waste of time. In this case, the group left the interview without providing any data.
  • The time a business unit took four sessions to complete the BIA (rather than the usual one) because they brought many people more than the requested number, and every attendee weighed in on virtually every topic.
  • The episode where a business unit supplied us with data on its current processes and confirmed its accuracy, then stated—after we had loaded the information into the BIA tool—that it was all invalid because they had gone through a reorganization; they then asked us how come we hadn’t known about their reorg.

The stories reminded me of a very common misunderstanding about BIAs: People tend to think doing a BIA is all about the questionnaire. The fact is, conducting a BIA is mostly about working effectively with the people providing the information for it.



Thursday, 30 November 2017 16:52

The Human Side of Conducting BIAs

On October 3, 1993, nearly 100 United States Army Rangers dropped into Somalia’s capital of Mogadishu. They were commanded by Captain Mike Steele. Their mission? Capture two prized lieutenants of a Somali warlord.

The actual event is known as the Battle of Mogadishu, or alternatively the Day of the Rangers. It was a part of a larger operation known as “Gothic Serpent”. In 2001, it was made into the blockbuster film Black Hawk Down.

The film recounts the stories of the heroism of Army Rangers as they attempt to reach two downed Black Hawk helicopters. Don’t worry, we don’t spoil the movie for you (but if you haven’t seen it, you really should).

The Black Hawk helicopters are a pivotal part of the movie. These multi-role helicopters are capable of fulfilling many roles, such as providing medevac, VIP transportation, air-to-ground combat, and even aerial firefighting.

They are intended to operate with a crew of four members – two pilots, and two crew chiefs. Each one of these crew members has a specific role that they must fulfill in order to successfully handle the Black Hawk.

Can the helicopter run with less members? Technically yes, but it’s inadvisable because there’s just so much to do. Can it run with more members? Again, the answer is yes. However, having too many operators can quickly turn from efficiency to chaos.



Thursday, 30 November 2017 16:48

The 4 Critical Parts of Network Security

By Kevin Hall

Organizations without an adequate emergency management plan learned a hard lesson in late August and September of 2017. Hurricane season of 2017 showed its might, and while most businesses will never experience a single hurricane in their lifetime, some dealt with four hurricanes in almost as many weeks. Hurricanes Harvey, Irma, Maria and Nate were some of the strongest storms in recent history, causing significant damage and widespread devastation across the United States and Central America.

As Resolver provided counsel and solutions to our customers during these record setting storms, I wanted to share some insight that may help you prepare for future disasters.

  1. The Domino Effect

In the early days of my emergency management career, an experienced and well-respected colleague of mine would say that crises tend to “cluster”. While back-to-back devastations are rare, a single disaster can have a domino effect. During a disaster, emergency response teams are spread thin and when resources are solely focused on the big event, other smaller events will occur and it’s almost always something you didn’t think of during planning. It could be an internal event, like a system outage, or something external, like a government decision, a Facebook post, a crisis at a related company. The key is to prepare for a cluster of crises to occur, because they will.

  1. Executive Management

At almost any conference these days, there are sessions on how to get executive buy in for business continuity and emergency planning. While no one is questioning the importance of executive buy in, it can be even more important to know how to manage executives during a crisis. Why? Well, executives are used to taking the lead and making decisions. But let’s be honest, execs are rarely involved in BC/DR planning. You build the plans. You assign resources. You exercise. And then the event occurs and the company’s reputation, customers, revenue are on the line… and guess who steps in? Executives do what they do best, which is to manage and make decisions, but their involvement often causes confusion and disruption during a crisis response. Be sure your plans clearly define who is making decisions during a crisis. If execs are not participating in emergency planning, they should not be managing the emergency response and it’s your job to define responsibilities and manage executives in these critical times.

  1. Brainstorm

Brainstorming is an important exercise that will help you prepare for worst-case scenarios. Think of all the potential emergencies and how you would respond. In many cases, I find brainstorming to be more effective than planning. There is no way to plan for everything, but brainstorming trains your mind to be creative. A great activity to do with your team is a zombie apocalypse exercise - these can be very engaging and gives your team a break from the norm.

  1. Data, Data, Data

It amazes me that even in today’s world, many organizations cannot access critical data in the event of an emergency. Data is the lifeline of any organization, yet crisis plans are so often void of accurate information. Can you instantly access an up-to-date list of staff at a specific location? What about a list of applications and servers that are in a specific data center? As you brainstorm, think about the data that you will need at your fingertips. I would suggest engaging a business analyst or someone within your organization who is familiar with data mining to help identify your data needs. Most importantly, be sure that data is continuously updated and accessible during a crisis.

  1. Test, test, and test again.

While I’m sure you already know how important it is to test your plans, I cannot stress it enough. While table top exercises are great, remember to test the basics. #1 on that list is ensuring that employee contact information is up-to-date and valid… I can’t tell you how many HR data cleansing projects I’ve seen that were initiated by the continuity or emergency management teams. Test the details and test them regularly.

  1. Communicate

We all know that communication is critical during a crisis, but in this case, I am specifically talking about communication before a crisis. Often, the only time employees or stakeholders ever hear from the crisis or continuity teams is during a disaster. This should not be the case, and you need to develop regular communication with employees as part of your program. They should know what to expect and have a good understanding of the recovery plan well before the event. One of our clients even hired a marketing agency to communicate their crisis program to employees. While not everyone can afford to do this, the concept of communication is simple: Get out of your box and spread the word!

  1. Out of sight, out of mind?

Puerto Rico is a territory of the United States, and while it’s not a U.S. state, residents of Puerto Rico are natural born American citizens just like those in the U.S. – apart from voting rights in Congress or the Electoral College. Despite this, recovery efforts in Puerto Rico were minimal compared to the response to Harvey and Irma. Was Puerto Rico simply too “out of sight, out of mind”? Or perhaps emergency response teams were too tired by the time the third hurricane hit? For businesses with multinational locations, you must include these regions in your BC/DR plans. And don’t forget to test them. Did you know that Puerto Rico SMS text traffic is different than in the U.S. and Canada? The same short codes that work in the U.S. and Canada don’t work within Puerto Rico. There are even variances between mobile network carriers in Puerto Rico. The devil is in the details, so be sure to test your plans in all the regions your business operates.

In the end, Resolver helps organizations around the world protect what matters, and we all know that what matters most is our people. A company’s most valuable asset is its employees, and their safety is always priority #1. That’s why business continuity and emergency planning is so important. Disasters are rare, but recognize that events like this will happen. We live in a crazy time. Record setting storms, terrorism, mass shootings… Don’t play the numbers game. Be a realist and be prepared. It is your responsibility, after all.

Thursday, 30 November 2017 15:52

7 Lessons Learned from Hurricanes Harvey & Irma

Our Advanced Recovery Center (ARC) is the next step in Mail-Gard’s evolution to provide clients with premier disaster recovery services from a dedicated partner—one who consistently demonstrates actual recovery experience and a consistent commitment to continuous improvement and growth. The ARC will allow us to better maximize our assets, increase efficiency of human and equipment resources, and provide even more robust disaster recovery services to our clients.

Recent events confirm that natural disasters are always a wake-up call for businesses, even if they already have a business continuity/disaster recovery (BC/DR) plan in place. We have seen a huge increase in requests for DR information during this year’s hurricane season, and it’s unfortunate that some people need to learn the hard way that DR services are not a luxury, they’re a necessity. Businesses without a DR plan were either taking a huge calculated risk by not having a plan in place, or they got caught without a backup plan and are now trying to remedy that situation.



The widespread existence of Wi-Fi connections that provide wireless connectivity to the Internet at home and in places like coffee shops, airports, and hotels is one of the great conveniences of modern computing life. Unfortunately, it is also one its biggest vulnerabilities. When not properly secured, such connections offer open doorways through which hackers can stroll to steal users’ data and secretly take control of their computer resources.

The good news is, there are steps that can be taken—and which you can train your employees to take—that will greatly increase the security of your data and resources.

Of course in talking about Wi-Fi security, it’s important to understand that we’re really talking about two distinct situations: that of the home Wi-Fi network that the employee owns and controls, and the case of the employee using third-party-provided Wi-Fi connections when out and about at places like coffee shops and airports.



Formalizing your information security program is a critical step to drive information security capability maturation in any organization. The intent of formalizing a program is to get clear on focus and ensure everyone is on the same page about who is doing what.

From our experience, building a great information security program starts with asking the right questions. At Avalution, we build information security programs from the top down, starting with the strategy of the business and focusing on the following five key questions:

  1. Why do we have an information security program?
  2. What are we going to protect?
  3. How are we going to achieve it?
  4. Who is responsible and accountable?
  5. What are the results going to look like?

Let’s take a closer at each.



Wednesday, 29 November 2017 16:05

Formalizing an Information Security Program

The mobile device management (MDM) market is growing at a meteoric rate. In fact,  it is estimated to grow from $1.69 billion to 5.32 billion between 2016 and 2021, according to market research firm Markets and Markets. Which may leave you wondering: What is MDM and why does it matter so much? Here’s a closer look at this game-changing technology solution, along with six benefits it offers today’s forward-thinking, bottom line-minded organizations.

What is MDM?

IT research and advisory company Gartner defines mobile device management as “a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use—enforcing policies and maintaining the desired level of IT control across multiple platforms.”

Which begs the question: Why does MDM matter so much? A recent forecast from the International Data Corporation (IDC) predicts that nearly 75 percent of the US workforce will be mobile-enabled by the year 2020. Because of the increasing consumerization of IT and the resulting proliferation of devices—both professional and personal in the workplace—there is increasing need for comprehensive management solutions designed to harness the power of mobility without compromising security.



Even the most carefully-crafted communication can fail if it does not reach its intended audience, or if audience members are unable to identify the message as important. Reaching individuals via a geographic locator is helpful in the event of a broader crisis but is not as applicable in the event of a localized emergency that only affects one or more organizations. In this instance, it is critically important to ensure that your audience has opted-in to your crisis communication and that your messages are targeted in such a way that they will be immediately identified as important and quickly read.

Why Accurate Data Matters

Let’s pretend that you have an organization with approximately 500 employees, and you live in an area that is frequented by storms or flooding. It would be incredibly important to be able to get a message to each employee to let them know when it’s unsafe to attempt to reach the office, correct? Or on a broader scale, being able to reach residents who live in flood zones would also become a top priority.



Traditional law practice will see significant changes in the new year. To assist firms in knowing what to expect, Bluelock has compiled an informative eBook of predictionsfrom 15 different experts within the legal industry, with insights coming from Bluelock, law firm partners, associates and a variety of companies that service the legal industry.

The eBook covers seven categories: Operations, Cybersecurity, Compliance & Regulations, Business Continuity & Disaster Recovery, Artificial Intelligence, Workforce and Major Technology Disruptions.

Readers will learn the following:



Monday, 20 November 2017 14:50

2018 Predictions for the Legal Industry

A natural disaster can jumpstart your business continuity plans, but it can also do it more harm than good. Is your disaster response hurting you?

Disasters like the one in Puerto Rico sometimes cause people to learn the wrong lessons.

Major natural disasters such as the recent floods in Texas, the fires in northern California, and the hurricane in Puerto Rico grab everybody’s attention.

Sometimes this has a positive impact on organizations’ business continuity plans, as when it prompts companies who have not been investing in BC to get serious about implementing or strengthening their methods for keeping their organizations running in the event of a disaster.

However, sometimes the impact is neutral or even harmful.



When you see a company trending on social media, do you automatically assume that it’s going to be scandalous gossip? Because I do.  But what if I told you companies could become a player in the game and change the way they appear on social media?

Social media has obliterated traditional communication with its inventiveness and convenience.  Today, it is a rarity to see someone walking around without their phone attached at their hip. This need to be in constant communication with our technologies has changed the way people access information.  “How?” you might ask.  In today’s news reporting world, long before reputable news agencies can report an event, the specifics are already circulating social media avenues in real-time thanks to our societies avid Facebookers and Tweeters.  The answers to all your questions are at your fingertips, quite literally!  You can find an answer to almost any question with a few clicks in Safari or Chrome.

Given its ever-expanding user base, social media has become a powerful tool.  It can be used to shape the publics opinion and even produce desired results from the intended audience!  While social media is often known for being a stage to spread negative comments about an organization, with the proper action plan and team involved it can be used to drive positive outcomes as well.



Wednesday, 15 November 2017 16:15

You Say Social Media like it’s a Bad Thing

How IT Incident Management Can and Should Be Supported with a Foundation of Automated Notifications

One of the most significant challenges in terms of IT incident management today has to do with the growing complexity of the environments themselves. As more and more mission-critical systems move into the cloud, the demands placed on IT managers have never been higher. These hardworking professionals are being asked to accomplish more with less on a regular basis, which itself becomes a major problem when disaster (as it often does) strikes.

In some ways, the solution to these issues is clear – IT professionals need a way to quickly, accurately and concisely communicate essential information to people at a moment’s notice. But what, exactly, is the best way to do that?

This problem has led to many unfortunate trends in the industry today. Many companies make the mistake of assuming there is a one-size-fits-all solution to automated notifications of this type. This fails to acknowledge the fact that every organization is different.



Monday, 13 November 2017 17:30

Improve Your IT Incident Management

Our people differentiate us from other products and services. While technology changes and is replaced on a daily basis, our experience and delivery continues to build over time. The team at Continuity Centers will consistently impress you with their knowledge, drive, and focus.

Our instant business recovery (IBR) is made of several parts that complete the whole. Each part works together to deliver a solution that keeps your business up and running through anything.

They include:



Monday, 13 November 2017 17:25

The Features of Instant Business Recovery

Bringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security

Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness.  Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security.  Building cohesion sounds fairly straightforward, but, in reality, it can be complex. From our experience assisting hospitals successfully tackle this charge, here are some practical steps to move toward an integrated approach to preparedness:

Start with Governance

Ideally, create a cross-functional steering committee that ultimately oversees all of these disciplines and has the authority to make risk-based decisions that takes into account analysis from across the preparedness landscape.  Again, this sounds simple, but it can be difficult to successfully achieve.  If it isn’t possible to work from one steering committee, try to align risk criteria across preparedness disciplines so that risks and considerations are assessed on a level playing field, ensuring the most critical issues are addressed first.



Event Pages Make Organizational Communications More Efficient

Whether it’s an emergency or a non-critical event, ongoing communications with employees is often necessary. AlertMedia is known for mass notifications, but we also support efficient communications throughout the life of any event – from planning through resolution.

AlertMedia recently unveiled its newest feature – Event Pages. This new event information hub can be found on your AlertMedia dashboard and can be utilized as a powerful, real-time two-way communication tool for administrators and employees to share pertinent information. Event Pages provides a single place to find everything related to a specific situation, with current and archived updates, documents, videos and photos, and resolutions.



Advance location alerting helps leaders know when to trigger emergency response plans

By Glen Denny, Baron Services, Inc.


Lately, on an increasingly frequent basis, weather events seem to dominate much of our news, with rising numbers of severe occurrences presenting fresh challenges for public safety officials dedicated to protecting lives and property. It doesn’t just appear that way, it’s an actual fact: Almost 80% of disasters faced by public safety and emergency management professionals today are weather-related. It’s not only dramatic, extreme storms that require advanced forecasting for efficient safety planning, it’s also the numerous, more common fog, rain, ice, snow, and wind events that often impact our daily lives.

In any community, these conditions can differ within neighborhoods, even street to street, and change minute to minute. For anyone involved in safety management—whether responsible for schools, hospitals, churches, companies, organizations, sports venues, pools, parks, or other public gathering sites—being able to monitor and stay ahead of rapidly changing weather at specific locations is a difficult, time-consuming job that can have serious life or death repercussions.

Accustomed to regional forecasting, public safety professionals have traditionally made the best decisions they can given the broad-based storm information they’ve received. But today, with severe weather events rising, they face a growing dilemma: What’s the best way to access customized, advance weather intelligence data specific to their area so they can enforce whatever timely and effective safety plans are necessary to protect their community and its assets?

Though emergency management professionals and public safety officials aren’t trained meteorologists, fortunately, thanks to modern weather data technology and improvements in the ease of access, they don’t have to be. A new system of data-driven, location-based alerts offers an innovative tool for safety management officials, delivering customized, active monitoring that triggers advanced emergency preparation plans addressing multiple weather hazards.

Web and mobile on-demand system alerts keep pace with changing weather conditions

Denny2America’s a big country, one that experiences nearly every weather event Mother Nature dishes out. Safety managers know that severe weather means different things to different regions across the U.S. and preventative plans must change accordingly. In Florida, emergency management professionals might seek weather alerts informing them when temperatures will fall below 40 degrees so they can implement plans to open homeless shelters or advise citrus owners to protect crops. In Arizona, public safety officials need to know when excessive temperatures might dictate additional safety measures to keep people cool, especially the elderly and very young.

Each region has a threshold for hot or cold, too much snow, too little or excessive rainfall. And although the big, headline-grabbing weather events like tornados, blizzards, hurricanes, and floods command attention, safety professionals require accurate weather intelligence affecting specific, localized areas where daily conditions have immediate impact on commuters and the public.

One provider of reliable, weather technology data is changing the way safety and emergency management professionals stay ahead of severe weather events. At Baron, a global leader in critical weather intelligence, scientists have teamed with seasoned meteorologists to develop a next generation tool, easily accessible to emergency safety managers and planners, advancing precision weather forecasting. Baron Threat Net’s web portal products offer public safety officials a comprehensive weather monitoring platform targeting street level views.

Threat Net’s high resolution, customizable mapping allows emergency managers to concentrate their attention on operational conditions impacting specific areas of concern, with user-friendly navigation and a pre-set feature allowing up to 20 site maps to be stored for future reference. How much rain has fallen, and how much is expected? Exclusive precipitation, accumulated precipitation and 24-hour accumulation forecasts keep users on top of possible flooding risks. Baron Threat Net’s Severe Threats allows simultaneous views of areas threatened by potentially damaging winds, flooding or hail. A Cloud to Ground Lightning feature shows real-time lightning strikes at street level. Using a combination of actual and forecasted products, the Road Weather/Conditions feature offers actual road condition alerts displaying a variety of concerns such as Patchy Ice, Flooded, Snow and Heavy Snow or just plain slippery road surfaces. Baron Threat Net’s complete tropical weather package tracks hurricanes and tropical storms, monitoring the latest maximum wind speeds, watches, warnings and storm surge conditions, making the information easily accessible.

Denny3To keep safety professionals informed in advance, Threat Net delivers customizable, pinpointed local alerts making officials aware of locations and assets in the path of impending, potentially dangerous, weather. Users select a location, identify the risk and choose a notification method—on screen, by email, or via push notifications to a phone—while the system, which includes patented Baron Safety Alerts and standard National Weather Service watches and warnings, automatically monitors that location. A companion app lets users access real-time weather conditions from any location, a valuable feature for safety departments sometimes short on personnel resources.

Proprietary, customized weather alerts safety management professionals can depend on

Local and regional safety managers are familiar with their area environment and the kinds of weather events making them most vulnerable. Most have been on the job for some time, and may have grown somewhat skeptical about the accuracy of long and short-term weather forecasting. They shouldn’t be. Advances in computing power, speed and forecast algorithms have dramatically improved weather forecasting technology, and today accessing that critical information is easier than ever.

That’s where Baron’s Threat Net products are making the biggest difference for safety management professionals. While traditional weather services are okay, none deliver the kinds of proprietary, customized weather alerts available through Threat Net & Pinpoint Alerting products. The proprietary alerts they provide supply pre-set custom alerting of 80 different weather conditions.

"When I'm in the field I use a lot of tools to help me navigate around severe weather, and the most reliable one is Mobile Threat Net,” says Martin Lisius, a Severe Weather Expert from Arlington, TX.

Denny4Safety personnel can receive customized forewarning of changing conditions invaluable for getting them ahead of weather events, helping them determine timing and scope of emergency response plans. And quite simply, the more advance notice officials get before dangerous weather arrives—the more accurate, granular and detailed that information—the better their response planning will be.

“Baron has a history of working with our partners to understand their needs and has developed customized alerts that pinpoint the exact timing and location of weather events that will impact our customers; many of these alerts go beyond the traditional weather warnings we are accustomed to receiving and focus on specific weather phenomena, such as hail and lightning,” says Bob Dreiswerd, Baron’s Chief Development Officer. “Baron also works with customers to develop alerts specific to their situation that focus on weather related events that directly impact their operations.”

Not your grandmother’s weather forecasts: incisive weather intelligence takes the ‘might’ out of forecasting

Baron’s suite of weather intelligence products offers safety officials user-friendly, data-informed alerts letting them know what’s actually coming, in many cases well before it arrives. The complete data set of customized tools can provide street-level road forecasts 24 hours in advance, deliver a tropical weather package tracking maximum wind speed, watches, warnings and storm surge, and even keep safety personnel informed during unpredictable emergency situations like hazmat spills or terrorism. With trains and trucks transporting hazardous materials through communities daily, Threat Net can help safety management professionals determine wind and rain conditions with potential to spread spills, smoke, gases or other toxic substances when and if spills occur.

Whether you’re a small-town mayor charged with knowing how much additional rainfall to expect in order to keep residents in the path of impending flooding safe, or an Emergency Management Coordinator like Rusty Chase of Isle of Wight County, VA, relying on Mobile Threat Net to make decisive plans based on its alerts, all safety management professionals need access to the best weather intelligence available today. “We saw dangerous weather on Mobile Threat Net and were able to give the schools adequate time to shelter children in the hallways during a tornado,” Chase says. “Had we released the kids to go home prior to my alert we would have had them on the roads and probably had injuries and fatalities.”

Relying on critical weather intelligence and customized alerts like these gives safety officials the confidence they’re using the most effective tool available for making informed planning decisions to secure the safety of their community. A recent example of the utility of Baron’s weather intelligence tools came with the arrival of Hurricane Harvey on the gulf coast. Threat Net’s live monitoring of Hurricane Harvey allowed users to prepare for the storm before it made landfall. While the storm’s impact couldn’t have been avoided, Threat Net’s prediction helped many people better prepare for Harvey’s force. When advanced technology produces weather data products capable of delivering customized advanced warnings today’s safety management professionals can depend on, why wouldn’t they?  

Fraud Frequently Asked Questions

1. What fraud issues should survivors be aware of after Hurricane Irma?
    There are a number of fraud concerns survivors need to be aware of to protect themselves:

  • Beware of individuals charging survivors a fee to apply for disaster assistance, receive a home inspection or install a blue tarp through the Blue Roof Program. THIS IS FRAUD. Federal workers NEVER solicit or accept money from applicants.
  • There are also reports of people registering for assistance using someone else’s information. If you suspect anyone of committing fraud and stealing your identity, report it to local law enforcement. You should also report it to:

a. The Department of Justice's Disaster Fraud Hotline at 866-720-5721 or email This email address is being protected from spambots. You need JavaScript enabled to view it..

b. If you discover that someone is misusing your information file a complaint with the Federal Trade   Commission through the website: IdentityTheft.gov.

c. You can also file a complaint with the OIG:

i. Online at the OIG’s website (www.oig.dhs.gov),
ii. Fax it to 202-254-4297, or
iii. Mail it to the DHS Office of Inspector General: Mail Stop 0305; Department of Homeland Security; 245 Murray Drive SW; Washington DC 20528-0305.

d. Make sure to alert the FEMA helpline to the issue as well by calling 800-621-3362.

  • Beware of robocalls from imposters. However, FEMA does plan to conduct outreach by autodialer, in some cases. If you are contacted, the phone number you should reply to is the FEMA Helpline: 800-621-3362 (FEMA).
  • Watch out for insurance related scams.

a. Notify your insurance company after a disaster.
b. Beware of imposters claiming to be FEMA representatives, asking for money to assist with the filing of federal flood claims.

2. How do I know if a FEMA representative is legitimate?

  • If you’re meeting a FEMA representative in person, ask to see their identification badge. All federal employees carry official, laminated photo IDs. FEMA shirts, hats and jackets do not make them official.
  • When a FEMA inspector comes to your damaged home, he or she will require verification of your identity, but will already have your registration number. Keep your FEMA registration number safe. Do not share it with others.
  • No federal government disaster assistance agency will call you to ask for your financial account information. If you’re unsure whether someone claiming to be a FEMA representative is legitimate, say you are hanging up and call the main FEMA helpline at 800-621-3362 to speak about the incident.

3. Do inspectors charge for an inspection?

  • Federal inspectors do not charge a fee at any time to inspect your property. FEMA and the Small Business Administration will never ask you for money.  Our inspectors never require banking information or payment in any form.
  • They also do not determine eligibility or dollar amounts of assistance.

4. What happens when a building contractor shows up, and says they were sent by FEMA?

  • FEMA does not send building or repair contractors. The job of a FEMA housing inspector is to verify damage. FEMA does not hire or endorse specific contractors to fix homes or recommend repairs.
  • If someone comes to your door and says that your home is unsafe, do not believe them and do not let them in.
  • Have an engineer, architect or building official inspect it. An unethical contractor may actually create damage to get the work.
  • When in doubt, report any suspicious behavior to your local authorities.

5. How do I hire a legitimate building contractor?
    Here are a few tips to consider when hiring a legitimate building contractor:

  • Always use a licensed local contractor backed by reliable references.
  • In Florida, contractors are required to carry general liability insurance and worker’s compensation.
  • Require a written contract with anyone you hire. Be sure to read and understand the contract. Never sign a blank contract and never pay more than half the cost of the job upfront. Be sure to get a written receipt for any payment.
  • If one estimate seems much lower than the others and sounds too good to be true, it probably is. Many unethical contractors provide low-ball bids that seem attractive. But the contractors are often uninsured and may charge substantial cancellation fees.
  • Never pay for work in full in advance. The Better Business Bureau recommends a consumer pay half or less of the contract price before the contractor begins repairs and the remaining balance once the work is complete and the owner is satisfied.

6. What should people who did not apply for disaster assistance do if they suspect that they are a victim of disaster fraud?

  • To report disaster fraud, contact The Department of Justice's Disaster Fraud Hotline at 866-720-5721 or email This email address is being protected from spambots. You need JavaScript enabled to view it..
  • Email FEMA’s Office of the Chief Security Officer (OCSO) Tip line at This email address is being protected from spambots. You need JavaScript enabled to view it..
  • You can also file a complaint with the OIG:

a. Online at the OIG’s website (www.oig.dhs.gov),
b. Fax it to 202-254-4297, or
c. Mail it to the DHS Office of Inspector General: Mail Stop 0305; Department of Homeland Security; 245 Murray Drive SW; Washington DC 20528-0305.

  • Contact the FEMA Helpline at (800) 621-3362 if you had not previously registered for FEMA assistance, and do not wish to register. They will not need to take further action. The original application will be locked to maintain a record of the potentially fraudulent file.

7. If I was a victim of disaster fraud, but I still need to apply for assistance, what should I do?

  • Contact the FEMA Helpline at (800) 621-3362 and tell them you have not previously registered for FEMA assistance and that you wish to register.

8. If I tried to apply, but the system said I have already applied, what should I do?

  • Contact FEMA’s Helpline at 1-800-621-3362.

9.  Will I need to wait until the investigation is complete, before I can register for assistance?

  • No. FEMA does not need to complete the investigation before you can have a new registration taken. However, FEMA will need to verify your identity.

10.  Is there anything else people should know?

       Unfortunately, scam artists may pose as government officials, aid workers, charitable organizations, or insurance company employees.

  • Do not respond to texts, phone calls or requests seeking your personal information. The only time you should provide personal information is during the initial application process for FEMA help or when you initiate contact with FEMA to follow up on an application. FEMA inspectors only require verification of identity. FEMA may call you by autodialer, in some cases. These calls will not request your personal information—you will only be asked to call the FEMA Helpline at 800-621-3362. 
  • Ask for identification and don’t be afraid to hang up on cold callers.
  • If you need to contact government agencies, use official information posted on their websites or in other verified sources.
  • Don’t sign anything you don’t understand or contracts with blank spaces.
Wednesday, 01 November 2017 16:42

FEMA: Fraud Frequently Asked Questions

Workplace safety is and will always be a pressing concern. According to a study conducted by the Occupational Safety and Health Administration, we’re making a significant amount of progress in that regard – from a certain perspective. In the four decades that OSHA has been working with state partners, employers and safety and health professionals around the country, worker deaths have fallen from 38 per day on average in 1970 to just 13 a day in 2015. Equally positive is the fact that worker injuries and illnesses are also way down, from 10.9 incidents per 100 workers in 1972 to just 3.0 incidents per 100 employees in 2015.

But one of the unfortunate facts about the modern era that we’re now living in is that the types of dangers that people are likely to face have evolved in a harrowing and unsettling way. People don’t have to worry about falls, being struck by objects, electrocutions or being caught in or between pieces of equipment anymore. They don’t have to worry about safety hazards that were not properly communicated or guidelines that were not adhered to.

With increasing and disappointing regularity, they’ve got to worry more and more about their own co-workers.



Tuesday, 31 October 2017 19:58

How to Spot a Potentially Violent Coworker

Thinking Outside the Box

One of the best ways to achieve ROI is to find ways to extend the use of an investment. You may have purchased software to do one thing and then found it could be optimized somewhere else. While this scenario may not happen frequently, it’s considered a victory when it does.

Emergency notification systems can easily fall into this category. We find most of our clients purchase our software in order to quickly and easily connect with employees when a critical event occurs. They want to eliminate all of the disparate communication systems in lieu of a single, integrated system that enables them to leverage one or several communication channels at the same time. They want to be able to segment their audience, pre-build their messages using templates, and in a click or two, know their message has not only been delivered, but received loud and clear. They want to be able to measure message open rates and constantly improve their emergency plans.

Well done, companies. You are prepared. But did you know you can use your emergency notification system for a whole lot more than emergencies? You can quickly increase ROI by maximizing your use of the software for any desired communication with a specific audience, internally or externally.



Imagine entering your workplace and being met with a sign instructing you NOT to turn on your desktop computers or dock your laptops until further notice. No network access; no email; no dependent application. Unfortunately, this was the actual scenario that played out for one global law firm, DLA Piper, who fell victim to the Petya cyberattack in late June. For this law firm, the loss of email services is devastating; and their email was unavailable for over one week.

The June 2017 cyberattack, known as Petya, affected major organizations throughout many industries. Global shipping conglomerate, Maersk, has estimated quarterly losses of between $200M-$300M, due to experienced interruptions. Large manufacturing facilities were brought offline for many days while working to re-establish critical systems.

Prior to Petya, in May, WannaCry spread worldwide and infected over 200,000 computers. In both cases, infected computers had their data encrypted and hidden from its owners until a ransom was paid.



In our experience consulting with universities, high schools, or elementary schools on Emergency Management preparedness, we have found a number of issues that come up on a regular basis. It does not matter if the institution is a private or a public school. Don’t wait for an event to happen to find out if your child’s school is ready.

Here are 10 questions you should ask to make sure your child’s school is ready for an emergency:



In the span of the last few decades, email has become a key communication avenue to coordinate case proceedings and counsel to a law firm’s clients and co-workers. Now more than ever, law firms are leaning on technology to deliver essential and innovative representation, but this is only possible so long as firms are connected to the internet.

Additionally, lawyers and partners may not always recognize the direct connection of their IT stance on email availability. When a technology disruption may impact access to email, it is critical to ensure proper budgeting and resources for IT systems and data protection—but this is where firms often fall short.



The connected world that we’re now living in, along with the Internet in general, has undoubtedly made our lives better in countless ways. Unfortunately, they’ve made our lives more dangerous, as well – particularly when you consider the current state of cybersecurity worldwide.

According to one study conducted by Panda Labs, there were 18 million new malware samples captured in the third quarter of 2016 alone. That number breaks down to an average of about 200,000 per day. Likewise, new and devastating techniques like ransomware are on the rise. More than 4,000 ransomware attacks occurred every day in 2016 – an increase of 300% over the previous year, according to the Computer Crime and Intellectual Property Section of the FBI.

Based on these stats, it’s easy to see why cybersecurity is such a rising concern among organizations in nearly every industry. But the most important thing for them to understand is that the hackers aren’t some group of cartoon super villains operating from a secret bunker somewhere. In truth, they don’t need to be. Cyber-attacks are far easier than that to pull off because of two unfortunate little words: Human Error.



The Problem with Emails

Emails. How many do you get each day? How often do you check them? When I say “check,” I mean read. The average time spent reading an email is 11.1 seconds and only five seconds for a text. With instant communications available via texting, instant messaging and social media, email is rapidly losing its charm, particularly amongst millennials.Email still has its place in the work environment for non-urgent messages and regular communications with vendors, customers or other businesses, but is it really the most effective way to notify employees of an urgent situation? Likely not.

There are several problems with emails, such as the sheer number of them we receive each day, (an average of 88, per one study), sending and receiving isn’t always instantaneous, and there is no guarantee the receiver will take the time to open and read it. If there is a network outage, you may never get your message across as it sits in your outbox indefinitely.

When it comes to emergencies, emails simply do not convey a sense of urgency. People assume they can get to an email whenever they get the chance, and only 30 percent of them ever get read. Few emails garner the same level of attention as a text alert or similar form of communication.



Friday, 20 October 2017 14:42


Working on cars can be quite the challenge. If you’ve got a project car that you’re hoping to get up and running, you probably want to control every aspect of what goes into it. From the engine to the tail lights, you’re willing to tackle every project head-on without any external help.

Until you get stuck on a problem that you’re not equipped to handle.

When you hit a brick wall, you can keep trying to fix the issue by yourself – which can be extremely frustrating. Or, you have the option to take your car to a master mechanic that can easily fix the issue for you.

It’s not unlike running your company. When you need IT support, what’s your best option for support? Most businesses have two distinct choices; either hire an in-house IT support employee (the DIY fix), or partner with a managed service provider (the master mechanic).

Though both options have their own pros and cons, one comes out on top for growing organizations that want to stay ahead of the curve.



One of the most important things to understand about working and operating in a healthcare environment is that emergencies are not a question of “if” – they’re a question of “when.” Events that impact patient care, employee safety and overall operations can happen suddenly and without warning. The key to continuing operations involves the ability of doctors, nurses, staff and leadership to respond to these events as quickly and as accurately as possible.

Part of success in this regard comes down to effective crisis communication – something that the Centers for Medicare and Medicaid is already emphasizing. It considers communication to be so pivotal, in fact, that it is one of the four main pillars of the CMS’ new Conditions for Participation for Emergency Planning, which MUST be in place for many types of healthcare organizations by November of 2017.

But just the ability to communicate in an emergency is not enough on its own – you need a system in place that will guarantee that the right message gets to the right people at exactly the right time, no exceptions. When it comes to accomplishing this mission-critical goal, more and more of today’s leading healthcare providers are turning to critical emergency alerting services.



Closeup view of an eighty year old senior woman's hands as she sorts her prescription medicine.

If you read our blog on a regular basis you can probably recite the mantra “Make a kit. Have a plan. Be informed.” in your sleep. You are probably familiar with the important items you should keep in your emergency kit – water, food, a flashlight, and a battery-powered radio. What you may not think about is personalizing your kit for your unique medical needs or the needs of your family. Particularly, including prescription medications and other medical supplies in your emergency kit and plans.

As a pharmacist whose job is focused on emergency preparedness and response, I want to give you 10 pointers about how to prepare your medications for an emergency so you can decrease the risk of a life-threatening situation.infographic illustrating an emergency kit.

  1. Make a list. Keep a list of all your medications and the dosages in your emergency kit. Make sure you have the phone numbers for your doctors and pharmacies.
  2. Have your card. Keep your health insurance or prescription drug card with you at all times so your pharmacy benefits provider or health insurance plan can help you replace any medication that was lost or damaged in a disaster.
  3. Keep a record. Make copies of your current prescriptions and keep them in your emergency kit and/or go bag. You can also scan and email yourself copies, or save them in the cloud. If you can’t reach your regular doctor or your usual pharmacy is not open, this written proof of your prescriptions make it much easier for another doctor to write you a refill.
  4. Start a stockpile. During and after a disaster you may not be able to get your prescriptions refilled. Make sure you have at least 7 – 10 days of your medications and other medical supplies. Refill your prescription as soon as you are able so you can set aside a few extra days’ worth in your emergency kit to get you through a disaster.
  5. Storage matters. Keep your medications in labeled, child-proof containers in a secure place that does not experience extreme temperature changes or humidity. Don’t forget to also include nonprescription medications you might need, including pain relievers, cold or allergy medications, and antacids.
  6. Rotate the date. Don’t let the medications in your emergency supply kit expire. Check the dates at least twice every year.
  7. Prioritize critical medicines. Certain medications are more important to your health and safety than others. Prioritize your medications, and make sure you plan to have the critical medications available during an emergency.
  8. Communicate a plan. Talk to your doctor about what you should do in case you run out of a medication during an emergency. If you have a child who takes a prescription medication, talk to their daycare provider or school about a plan in case of an emergency.
  9. Plan ahead. Make sure you know the shelf life and optimal storage temperature for your prescriptions, because some medications and supplies cannot be safely stored for long periods of time at room temperature. If you take a medication that needs to be refrigerated or requires electronic equipment plan ahead for temporary storage and administration in an emergency situation.
  10. Check before using. Before using the medication in your emergency kit, check to make sure the look or smell hasn’t changed. If you are unsure about its safety, contact a pharmacist or healthcare provider before using.


With the end of September’s National Preparedness Month, incident response professionals may get questions from colleagues about how their organization responds to natural disasters or other major disruptions.

Communications is an especially important element of disaster response. Small businesses may find calling trees sufficient, but larger enterprises and government agencies often depend on advanced communications and information technology.

Organizations have three options for deploying incident response communications infrastructure:



Emergencies Aren’t Biased

Small companies can fall victim to a dangerous mindset of thinking they are too small to take formal precautions against crises. They believe that fancy emergency notification systems are relegated to the companies with thousands of employees scattered around the globe. While the magnitude of the emergency may scale with the size of the company, even the smallest mom and pop company needs a plan and a system to communicate when an unexpected event occurs.

The truth is, emergencies can happen anywhere, anytime, to anyone. All we have to do is look at the crazy hurricane season we will thankfully see coming to an end in the coming weeks. Hurricanes Harvey, Irma, Maria and Nate paid no attention to whether or not the buildings they destroyed were owned by a large or small company. They didn’t care if four employees were displaced or 4,000. It was of no concern as to which streets would be impassable and how long the power would be out.



Blockchain technology related topics are gaining a lot of attention lately, most of the attention is focused on cryptocurrency such as Bitcoin.  Some predict it as the new internet revolution which could lead to new technological innovations in economics and social transformations.

Blockchain is running on a peer-to-peer network, with many distributed nodes and supporting independent computer servers globally.  Part of it is implemented without any centralized authority and has a built-in fraud protection and consensus mechanism, such as the concept of Proof-of-Work, where peer computers in nodes approve every requirement for the generation of a new set of transactions or block to be added to the database a.k.a. “Block Chain”.

It also has a built-in check and balance to ensure a set of colluding computers can’t game the system.  Blockchain also brings in an element of transparency, which reduces fraud as the entire chain is visible and auditable.






Disasters affect children differently than they do adults. Learn more about the unique needs of children during and after disasters. Just with all of the disasters in the United States alone, this issue is especially critical to help young ones cope.  The CDC has several great recommendations for the care of children at time of disaster.

Another organization, the Shenandoah Valley Project Impact, the Central Shenandoah Valley’s regional disaster preparedness and mitigation program developed a great set of children’s books both in English and Spanish to help families and their kids cope. You can download them here.



  • Children’s bodies are different from adults’ bodies.
    • They are more likely to get sick or severely injured.
      • They breathe in more air per pound of body weight than adults do.
      • They have thinner skin, and more of it per pound of body weight (higher surface-to-mass ratio).
      • Fluid loss (e.g. dehydration, blood loss) can have a bigger effect on children because they have less fluid in their bodies.
    • They are more likely to lose too much body heat.
    • They spend more time outside and on the ground. They also put their hands in their mouths more often than adults do.
  • Children need help from adults in an emergency.
    • They don’t fully understand how to keep themselves safe.
      • Older children and adolescents may take their cues from others.
      • Young children may freeze, cry, or scream.
    • They may not be able to explain what hurts or bothers them.
    • They are more likely to get the care they need when they have parents or other caregivers around.
    • Laws require an adult to make medical decisions for a child.
    • There is limited information on the ways some illnesses and medicines affect children. Sometimes adults will have to make decisions with the information they have.
  • Mental stress from a disaster can be harder on children.
    • They feel less of a sense of control.
    • They understand less about the situation.
    • They have fewer experiences bouncing back from hard situations.


This year’s hurricane season is like nothing in recent memory. With the country still reeling from Harvey, Irma, and Maria, everyone held their breath as Hurricane Nate headed toward states along the Gulf Coast this weekend. Those of us at IWCO Direct and Mail-Gard were especially anxious as a number of our colleagues and clients were making their way to New Orleans for the DMA’s &THEN Conference. Thankfully, Nate lost steam before hitting the mainland, but our team at Mail-Gard was prepared to help clients manage the print-to-mail operations of their critical communications at the drop of a hat if necessary. Today we wanted to briefly share how we prepare for a disaster declaration in advance of severe storms and natural disasters.

We start by doing our best to become meteorologists. We have a system in place to closely monitor weather patterns in regions where our clients are located in order to determine which ones may be in the path of a severe storm. We contact those clients well in advance to ensure they have our emergency declaration hotline information readily available. We also make sure our team is fully prepared to spring into action by alerting them to which clients may need to make a disaster declaration, so they can review those specific client requirements in advance. We also analyze our testing schedule to “clear the decks” so that we can devote our full energy to impacted clients.



By Pete Benoit, Enterprise Solutions Architect, iland

For veterans of the IT services industry, DR has always been a popular topic of conversation with potential clients. Those that have been around long enough will certainly remember how many of those conversations progressed.

Typically, it went something like this.

Potential Client: We’ve determined that our current IT infrastructure DR plan puts our business at risk and we are interviewing service providers to assess potential solutions.

IT Services Vendor: What are your infrastructure RPO and RTO targets?

Potential Client: Our CIO wants us to maintain a RPO/RTO of 4 hours or less.

It wasn’t that long ago that everyone in this conversation would have understood that the quote from the service provider was going to be well beyond what the client intended to spend as part of the overall IT budget. This was typical for both small and large environments. Inevitably, the parties would work backwards by decreasing the expected deliverables for the solution until an acceptable price point could be reached. Sometimes the solution met so few of the organization’s requirements, that the conversation would be abandoned with no action.

Was the CIO delusional for requesting such aggressive (for the time) SLAs? Of course not. The importance of the data and the underlying applications and infrastructure was self-evident. The reality was that, not only were the options to meet those goals extremely expensive, there was very little guarantee that it would work as planned when it came down to crunch time.

The reason for the expense was that each production resource had to be duplicated, to a certain extent, at the remote site. This infrastructure would need to be purchased or leased, co-located, upgraded and required experienced technicians to maintain. All of this in hope that it would never have to be used in a live situation.

Fast forward to the present and with the evolution of virtualized workloads, resource pools, metered billing and any to any replication technology, those RPO/RTO targets are now achievable and at a fraction of the cost. The underlying services billing model that makes this a reality consists of a reserved billing storage component for data replication and burstable billing compute resources that can be deployed on demand and be billed per hour of use.

Reserved storage provides a target storage repository sized to handle all replicated workloads plus potential growth dependent on changes in the production environment. Reserved storage is billed on a per GB per month basis. The storage reservation quantity can be increased at any time to mirror changes in the production environment.

Burst compute refers to on-demand CPU and RAM which are necessary to operate the virtual workloads during production failover or testing. Because replication is accomplished without live workloads, the burst compute resources are available on demand and no charges are incurred until the workloads are powered on. CPU is metered on average GHz of CPU used per hour. RAM is metered as average gigabytes (GB) consumed per hour. These burst compute charges are tallied and billed monthly. When testing or failback is complete, the resources are returned and the burst charges are no longer accrued.

While cost is still top of mind for IT Directors and CIOs, the conversations around solutions for IT's data protection and DR needs are drastically different. Reserved storage plus burst compute pricing for DRaaS allows IT organizations to execute a robust disaster recovery plan without having to pay for live compute resources waiting for use. The major obstacles to a credible DR solution, even for small businesses, have been mitigated by technology advances and wide spread adoption of said advances.

Once the question of cost has been addressed, the discussion moves to more important issues. How do end users connect to the DR environment once failover is complete? Does the recovery site adhere to the same security standards as my production environment? How is failback accomplished? These are just a few of many important questions not related to cost.

In conclusion, the reserved plus burst model allows customers to apply the advantages of two pricing models where it makes the most sense thereby protecting critical data without the burden of barely used, monthly infrastructure costs at the service provider location. A comprehensive solution will also provide assisted initial setup, volume discounts for storage, simplified day-to-day operations via a self-service console, straightforward network configuration, the option for customer initiated failover, as well as detailed billing, monitoring and compliance reporting.

Benoit PetePete Benoit is an Enterprise Solutions Architect at iland, currently based out of Dallas with over 20 years of experience in the IT Services industry including time with hardware vendors, VARs and IaaS providers. His career began in the US Air Force as a Communication-Computer Systems Operator before joining the private sector and moving to Texas in 1996. Pete has a wide range of industry experience as a technician, support engineer and solutions engineer and excels at customer service. A proud graduate of the University of Louisiana at Lafayette, Pete is a husband and father of two and enjoys golf and spending time with family and friends.

Case Study

OVERVIEW: Since 1933, the Jericho Fire Department has been charged with protecting its Long Island, New York community residents from the perils of fire and other emergency situations. The Department proudly provides Fire Prevention and Safety Education, Fire Suppression, Emergency Medical Services and Hazardous Materials response. Its staff of 36 dedicated employees and 94 volunteers valiantly serve the residents and businesses of the Jericho Fire District and, since its inception, the department has evolved into an all-risks emergency response agency, currently responding to about 1000 alarms each year. Together as a team they save lives, reduce property loss, and improve emergency services to meet the evolving life safety needs of citizens.

CHALLENGE/OBJECTIVE: As is the case with so many Fire Departments, maintaining control over the myriad keys kept at a firehouse can be challenging. It's critical to be able to have quick, but at the same time, controlled access to some of the keys. John O'Brien, Jericho Fire District Supervisor, chose to demo the MedixSafe Key Care Cabinet to determine if it would meet the Department's key control needs. The Department already had a MedixSafe Narcotics Cabinet/Safe in their ambulances and firehouse, which has been instrumental in securing their emergency response narcotics and making them available only to the advanced life support personnel authorized to administer them in an emergency. "It's been great," O'Brien notes. "There is no key to override it, and it provides an audit trail of who has accessed the safe and when. So when the Key Care Cabinet became available, we were eager to demo it."

KeyBox6SOLUTION: O'Brien reports that "We loved what we saw, because key control was an issue, and knowing who is in the key cabinet and when is so important. The Key Care Cabinet gives us the ability to track that, as well as the capability to restrict access to those not of the rank to have access." The MedixSafe Key Care Cabinet is electronically controlled and allows the user to not only organize their access keys, but to control them, as well. A 'key' feature that differentiates the MedixSafe Key Care Cabinet from low-end key cabinets is that it enables more secure access.

Because a single PIN can be easily compromised, dual, triple or biometric authentication credentials are required before access to the Key Care Cabinet is granted. Users can opt to go with a fingerprint and PIN combination, key card and PIN combination, or a key fob and PIN combination.

It accommodates over 1,000 individual users and provides an audit trail history of up to 50,000 events. The Key Care Cabinet is accessible via a remote Ethernet network and also has a manual key override. This ensures that the cabinet can still be accessed via a single key in the event of an electronic failure.

KeyBox3BENEFITS: The ability to control access to crucial keys is among the most significant benefits the Jericho Fire Department is reaping from the MedixSafe Key Care Cabinet. Certain keys are especially important to store, O'Brien points out, including the Department's radio keys, auxiliary vehicle keys as well as keys to the fuel pumps. "Probably the most important," he says, "Are the keys for the sirens, which always need to be found quickly." There are also outside vendors the Department works with, and some of them need access to keys, as well. "My radio repairman, for instance, needs access," he adds. "We operate the radios, but he repairs them!" O'Brien adds that the software is very easy to operate, and the overall operation is extremely user-friendly. "It's really just some data entry, and our system is wireless, which made it easy to install. All we needed was a power outlet."

"The Key Care Cabinet would benefit firehouses everywhere," he says. "It ensures the security of the most important keys, and gives you the ability to control and track who's accessed those keys. I highly recommend it."

ABOUT MEDIXSAFE: A leader in the access control cabinet market, MedixSafe began designing and manufacturing narcotics control cabinets in 2008. The first narcotics control cabinets were designed for the EMS market to be used in ambulances. Based on customer requests, MedixSafe designed and built different sized cabinets to meet their varying needs. MedixSafe caters to the key control needs of doctors, dentists, veterinarians, university research departments and schools of medicine, hospitals, the U.S. Army, U.S. Navy, pharmacies, and more. For more information, visit http://medixsafe.com/


Hackers prey on complacency like thieves checking cars in a parking lot: They don’t have to break windows if you leave the doors unlocked.

They bet organizations won’t make simple software updates, and they’re often right.

Just look at the WannaCry attacks earlier this year. The ransomware was designed to exploit a known weak spot in Windows—one for which Microsoft had issued a patch months before. Thousands of victims, who didn’t install the updates, were left with a tough choice if they didn’t have backups in place: Either pay a Bitcoin ransom to unlock their data or say goodbye to that information.

Maybe we ignore regular updates because we’re too busy, or we don’t think they’re necessary. Or we see the pop-ups so often, we don’t give them a second look before we dismiss them.

But regular updates are a crucial part of your cyber security—well worth the 15 minutes it takes to install them. Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

Patch Updates FINAL100dpi

Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

F17 01

F17 02PHOENIX, Ariz. – Fall World 2017 was another great success for Disaster Recovery Journal, marking the 57th conference for the business continuity industry’s premier event.

More than 700 attendees joined speakers, board members, and exhibitors from around the globe at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Arizona, Sept. 17-20, 2017. The three-day event featured 62 sessions, a concurrent exhibit hall with almost 100 booths, and numerous networking events.

F17 03“The venue was just very well received again this year,” said DRJ President Bob Arnold, looking over attendee evaluations after the show. “The numerous networking opportunities seemed to be very popular with attendees too. Our topics always get very high marks but the food was at a higher level than we’ve seen. JW Marriott does a good job. It’s a great venue.”

The conference took place just days after two major hurricanes and days ahead of more earthquakes and hurricanes.

“In the wake of Hurricanes Harvey and Irma, the subject was a major topic of discussion among our speakers, vendors, and attendees,” said Arnold. “We plan on covering details as lessons learned come out of these events.”

The senior advanced track was very popular with practitioners as well. This special track allows the industry’s most advanced planners to interact with C-level personnel and other advanced practitioners.

“The senior advanced track is a good balance between IT and the organizational side,” said Arnold.

F17 04DRJ Fall World 2017 gold sponsor Fusion Risk Management hosted the Monday Night Hospitality event, featuring food, drinks, dancing, and giveaways. Silver sponsors included eBRP Solutions, Firestorm, IBM Resiliency Services, Onsolve, Regus, RSA, Strategic BCP, and SunGard Availability Services. Co-sponsors included Agility Recovery, AlertMedia, Avalution Consulting, BC in the Cloud, ContinuityLogic, Fairchild Consulting, Kingsbridge Disaster Recovery, Mail-Gard, Quantivate, Recovery Planner, Rentsys Recovery Services, RES-Q Services, Ripcord Solutions, and Virtual Corporation. Business partners include Business Continuity Institute (BCI), Forrester Research, International Consortium for Organizational Resilience (ICOR), and Public & Private Businesses Inc. (PPBI).

F17 05“I want to thank all of our sponsors and exhibitors for helping us provide so many networking opportunities with attendees and vendors,” said Arnold. “We were really happy with everyone who joined us for another great show in Phoenix.”

F17 08In addition to several individual vendor drawings, attendees raked in 18 of the hottest technology items at the DRJ booth as part of the exhibit hall raffle. Grand attendance prize drawings also went to Chuck Robertson, Donna Turner, and Melanie Lightfoot Wednesday morning before the final general session. All three attendees win a free pass to a future DRJ conference.

Check out the DRJ.com Live page for more photos, tweets, and other details from DRJ Fall World 2017.

F17 10DRJ is now preparing for its next conference, DRJ Spring World 2018, which will be held March 25-28, 2018, in Orlando. Potential speakers have until Sept. 29, 2017, to submit a Call For Papers presentation.

To attend DRJ Spring World 2018, visit https://www.drj.com/springworld/.

Hotels & Travel
Pre/Post Classes
Key Contacts
ROI Toolkit

F17 13

Monday, 25 September 2017 22:35

DRJ Fall World 2017 Another Great Success

Don’t be Caught Unprepared

An emergency is defined as “a serious, unexpected, and often dangerous situation requiring immediate action.” The key word here is “unexpected.” An emergency is an emergency because it is not predictable – but it can be planned for if you understand your most likely threats.

As we are in the heart of hurricane season and have witnessed perhaps two of the worst hurricanes on record, we can all agree Harvey and Irma presented urgent situations. The good news about hurricanes, however, is that they are rarely unexpected. Thanks to modern technology, we have time to plan. We may not know what to expect, we do have certain steps we can take to ensure we come out of it alive, if not well.

The same goes for organizations designing their emergency response strategy. Not every situation can be predicted, but it’s wise to assess your current risks and make plans on how you would respond.




Hurricane Maria hit the Caribbean on Monday causing widespread damage throughout the US Virgin Islands, Dominica and Puerto Rico. Communications prior to the storm appeared clear and concise. Residents were warned to prepare and take shelter however, considering the damage left by Hurricane Irma just two weeks ago, the risk to lives and infrastructure was even higher.

Whilst news reports are showing the destruction from afar, one of the problems being faced by those affected in the Caribbean is a wide-scale loss of communications, meaning rescue operations and external aid missions are hindered, and communities face periods of time where contact with relatives and friends is impossible.

During a crisis, what are the repercussions of limited communications? Some communication outages can be repaired reasonably quickly by fixing damaged phone lines or restoring power to servers, however the long-term effects can be much more severe. If cables are damaged, major repairs can be needed which could take weeks or months to facilitate. The human effects of communications outages can also be damaging to communities by heightening a sense of panic. Whilst it’s important that members of the community can contact their colleagues, friends and family; the relief effort of emergency services must be a priority and without consistent communications, these efforts can be negatively impacted or even made impossible.

In the business continuity and resilience sector, having back-up systems and data sets is one of our key drivers. By having multiple sources of communication, for example, wireless and cable, communities and organizations are more likely to maintain access to at least one source and reduce any backlog of communications, therefore increasing the speed and effectiveness of the response effort.

At present, disaster recovery efforts appear to be heavily focussed on organizations, human welfare and infrastructure. However, the loss of communications is a problem which could be avoided. With the emergence of new technologies and a deeper understanding of these technologies, it should be possible to safeguard communications against the effects of a disaster by prioritising the implementation of multiple communication methods before a disaster becomes a crisis. 

Download the attached files

PDF documents  

The Business Continuity Institute

Climate change is seen to be one of the main challenges for the future, with the consequences of extreme weather events ranked the number one cause of business disruption.

The BCI Long-Term Planning Report, sponsored by Siemens, explores the attitudes and behaviours linked to long-term planning in the Benelux region and beyond, and considers how organizations prepare for future challenges related to climate change as well as how to they perceive their impact.

The results show the outstanding importance of long-term planning, horizon-scanning, and collaboration, as key elements when preparing for, responding to, and recovering from weather related disruptions. Download the full report and discover all the results.

Monday, 25 September 2017 15:28

BCI Continuity Planning for Climate Change

The Business Continuity Institute

2017 marks the 16th anniversary of the 9/11 terror attack. On the 11th September, 2001, two planes flew into the Twin Towers in the centre of New York, a third targeted the Pentagon in Washington DC and a fourth plane crashed in a field in Pennsylvania. The ongoing impact of the attacks is still widely spoken about today, and they brought to light the importance of planning and business continuity.

We focus, as business continuity professionals, on the importance of a variety of factors and one of the keys to embedding business continuity in your organization is staff welfare.

Staff welfare is ensuring that your staff not only feel supported during a disruption, but that they understand their roles and responsibilities during a disaster. If employees and stakeholders aren’t supported and their needs not met, can an organization guarantee that they will respond proactively to a disaster? Following the 9/11 attacks, major organizations affected have incorporated welfare plans into their BC plans.

Morgan Stanley was one of the organization’s affected by the 9/11 attacks and in the years following, talked about how their staff welfare took precedence. Within 20 minutes of the attack, most members of staff had been evacuated and within one hour of the attack, staff were relocated and backup systems were operational.

Robert Scott, COO of Morgan Stanley at the time, credits this success to their plans, exercising programmes, and personnel. By training senior managers and staff to respond to disasters, they were indeed prepared. They put the welfare of their staff above financial security and as a result, were able to resume business as soon as possible.

In an interview with the Harvard Business School, the COO stated "I am most proud that the clear, collective, first priority of senior management was the well-being of the people who work for Morgan Stanley." The resumption of their business is testimony to this approach.

Although each organization works differently and prepares for disruption in different ways, many can learn from this approach. The responsibilities of preparedness lie not only with management, but with every stakeholder associated with an organization and it is vital that business continuity and resilience professionals continue to endorse the importance of planning by demonstrating improvement through lessons learned and vigilance during times of uncertainty. 

Download the attached files

PDF documents  

The Business Continuity Institute


Mexico is waking up to widespread disruption and damage following a 7.1 magnitude earthquake.

The country is prepared for this type of disaster. All across Mexico, regular drills are practiced to ensure people are prepared for natural disasters, however this time it wasn’t a drill. The widespread damage is yet to be fully reported on and it’s likely that we won’t know the extent for days, weeks and even months, however their initial response appears proactive and positive.

In August 2017, the U.S. Department of Defense undertook an exercise designed to prepare the military and residents for a possible 7.0 magnitude earthquake. They followed their plans to the letter; escalating the disaster from local to county authorities. Once these county authorities could no longer manage the exercise scenario, it was escalated to state authorities and as a final escalation, the federal government was involved. According to Army Col. Barry Graham; “… I think it has been a great exercise and everyone has gotten something out of this training. New Mexico is very prepared because of this exercise."

Residents across the US and Mexico are also exercised regularly, undertaking drills which educate them on how to respond to a variety of scenarios. During these exercises, a 30 second warning is given and they are instructed of where to go and what to do depending on the type of disaster being exercised. This time however, there was no warning. The first the residents felt was the tremor. 

As this disaster becomes a reality with uncanny resemblance to their most recent exercise, how are local, state and federal authorities responding? Alfredo del Mazo Maza, the State of Mexico’s governor has invoked their disaster response plan; ordering schools to close and public transport to operate free of charge to allow residents to travel safely. Emergency services and volunteers are also in place working around the clock, searching the rubble for survivors. The extent of the damage and the widespread panic may hinder the recovery process, however even in the first 24 hours following the disruption, it appears that their widespread preparedness and exercising schedule will play a vital role in their recovery as a whole. 

Download the attached files

PDF documents 

The Business Continuity Institute


Having related but different disciplines work together, such as information security and business continuity, is the key for building resilience at an organizational level

Caversham, 19rd September 2017 –The Business Continuity Institute (BCI), in association with Mimecast, have published the BCI Information Security Report 2017. Cyber-attacks, such as the recent WannaCry ransomware attack, cause great disruption and financial loss, meaning organizations need to focus on collaboration as a key driver for building information security which is an important component of organizational resilience. 

The BCI Information Security Report looks to benchmark how organizations handle sensitive data and how resilient they are when it comes to data protection. The survey assessed 369 organizations in 63 countries worldwide on the different solutions and key drivers on which they build information security. 75% of organizations report the use of internet-connected devices at least once daily which demonstrates the pervasiveness of technology and how crucial it is to keep these devices secure. The results also showed that, top management commitment is pivotal in building information security across the organization. Compliance with legislation alongside organizational policies – such as staff training, company regulation etc. – and financial investment in information security, were also key drivers for information security in organizations. 

What stands out the most from the report is the concept of collaboration. Indeed, having collaboration among management disciplines and teams plays an essential role in tackling information security challenges, but it also helps when building organizational resilience. Therefore, business continuity professionals, with their expertise in dealing with disruption, should engage with related disciplines. Collaboration involved organizational change and effort, but the benefits deriving from it should be the motivation behind taking action. 

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

Wednesday, 20 September 2017 16:32

BCI Information Security Report

The Business Continuity Institute


In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis.

Our annual emergency communications survey, sponsored by Everbridge, aims to benchmark the emergency communication arrangements of organizations in different sectors worldwide. Please do support the valuable research work of the BCI by completing the survey which you can find by clicking here. As an added incentive, all respondents will be entered into a prize draw to win a £100 Amazon gift card.

Tuesday, 19 September 2017 19:22

BCI Emergency Communications Survey 2017

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:



Sunday, 17 September 2017 18:32


With the two recent hurricanes that have devastated the Gulf states area, especially Texas and Florida, at MHA we add our thoughts and prayers to those who are displaced and experiencing loss as a result.

When water, wind, and rain become overwhelming, it illustrates exactly how fragile the works of man – including businesses – truly are. Many businesses impacted by natural disasters are small and only carry minimum – or not enough – insurance to cover property damage and business interruption. Due to this and many other factors, small businesses have a challenging time recovering from natural disasters such as hurricanes.

Because of the long-lasting and sometimes terminal effect major natural disasters like hurricanes can have on businesses, this guide is intended to assist small business owners in planning and preparing for the recovery phase of natural disasters, and for use if their business is damaged during an event. By breaking the process down into simple steps, we hope we can relieve some of the stress and uncertainty. It is important that these steps and preparations be in place before the event occurs or is bearing down.



What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:



Wednesday, 13 September 2017 14:59

5 Signs You Need a Mass Notification System

An Effective Business Continuity Program can Enhance Your Emergency Management Capabilities and Drive Higher Levels of Preparedness Across the Organization

Many organizations that we encounter have an obligation to support the community in time of crisis, including hospitals and utilities, for example. These organizations place a heavy emphasis on emergency management, and in recent years, we’ve seen increased implementation of the standardized Incident Command System (ICS) framework, or in the case of hospitals, the Hospital Incident Command System (HICS). There are many benefits to adopting ICS or HICS, but, most importantly, it allows organizations (both government and non-government) to operate and collaborate more effectively during emergencies. Common terms, roles, and responsibilities remove barriers to cooperation, ultimately benefiting the community.

When a community is impacted by a natural or manmade crisis, we are all better off thanks to ICS and HICS. However, many organizations are discovering that these systems may fall short when it comes to an incident that does not directly impact the communities in which they operate. While placing a heavy focus on emergency management is great (and many organizations are already mature in this space), it may not prepare an organization for unplanned resource interruptions, such as IT downtime or an unexpected facility closure. So how can an organization ensure the performance of social or community responsibilities, while protecting its own operations in the event of a more isolated disruption? Enter business continuity.



The Business Continuity Institute


In the news, we see posts about terrorism, unstable financial markets and pandemics, however of late, natural disasters appear to be taking centre stage.

Just two weeks ago, on the 25th August, we saw the disruption caused by Hurricane Harvey in Texas. Yesterday, images of the ongoing devastation of Hurricane Irma across the Caribbean begun to emerge, and today, an earthquake off the Pacific coast of Mexico takes more lives and threatens further disruption.

For individuals, natural disasters can be catastrophic; homes are damaged, at times beyond salvage and as we see during many large-scale disasters, lives are lost.

For businesses, natural disasters are equally catastrophic and damaging. Their staff may suffer physically and mentally and it’s likely that their critical infrastructure will be damaged as well as supply chains becoming disrupted for extended periods of time. 

There are many things these organizations can do to reduce the ongoing damage relating to this type of disruption. Preparation and collaboration are key. Preparing for a natural disaster isn’t a science. There’s no right or wrong way to ensure your business can continue but by ensuring you have considered the importance of your infrastructure, people welfare of all staff, and how your supply chain will be affected, you can aim to continue business within a reasonable period of time. 

When planning, by looking at collaboration opportunities, local businesses can work with others from further afield to obtain urgent supplies. They can work closely with the community to not only continue their business but to begin repairing the affected area. These local businesses can repair homes and buildings, they can provide transport for critical supplies and help to repair critical services when they’re disrupted. 

Whilst continuing business during a disaster may seem like a low priority for communities, the reality is that the quicker businesses can start supplying products and services to the community, the quicker the area can begin to recover as a whole. Whilst planning and collaboration can’t stop a disaster from happening, business continuity professionals use it as a tried and tested method to ensure their communities are restored as quickly as possible.

Download the attached files

PDF documents 

Riverbed SteelCentral and SteelHead identifies and solves application issues and provides quick access and improved uptime for critical applications


SAN FRANCISCO – Riverbed Technology today announced that Rockwell Collins Interior Systems, a leader in aviation cabin design and manufacturing, is using Riverbed® SteelCentral™ and Riverbed®SteelHead™ to ensure quick access to centralized applications and to improve uptime for critical applications. According to the company, SteelHead cut the time to access applications by half while simultaneously reducing bandwidth requirements by 60% and SteelCentral delivers the intelligent analytics needed to identify and resolve application issues quickly, allowing aviation specialists to spend more time developing safer, more comfortable airplanes.

“We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

Tweet This: Riverbed helps @RockwellCollins deliver safe and comfortable aircraft interiors to travelers worldwide: http://rvbd.ly/2vuVmT7

The Interior Systems division of Rockwell Collins, operating in 50 locations worldwide, is a leader in the design and manufacture of aviation interior cabin components such as oxygen systems, comfortable seating, cabin lighting, galley systems (including food and beverage preparation), advanced lavatories, and more.

The division houses all of its major applications in a co-lo data center in the U.S. delivering them across an MPLS network to remote sites. Major applications include Oracle, three ERP systems, and two Siemens PLM Software solutions: Teamcenter and NX design. The division also relies heavily on a number of proprietary .NET applications.

After centralization, access to the data was slow across the board, especially for locations that were furthest away or with limited bandwidth. “Everything took a lot longer to respond. Engineers would click on a drawing and then wait for it to download,” explained Chris Elder, senior manager of enterprise networks and data center operations for Rockwell Collins Interior Systems. “We can’t have engineers sitting around half the day waiting for things to happen on the network.”

Customer Storyhttps://www.riverbed.com/customer-stories/rockwell-collins-interior-systems.html

With productivity taking a hit, the division decided to deploy Riverbed SteelHead WAN optimization appliances throughout most of the organization, immediately boosting application performance while simultaneously reducing WAN bandwidth requirements by 60%. Elder also decided to improve visibility into the network to more quickly identify and resolve issues. He chose Riverbed SteelCentral AppResponse, a network-based application performance management solution that is integrated with the SteelHead appliances. “I’m a big fan of Riverbed,” Elder said. “We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

The division also needed to address nagging application performance issues. “We are primarily a .NET shop,” explained Derek Turner, Senior .NET and SharePoint developer for Rockwell Collins Interior Systems. “We have 12 custom high-availability, internal and external facing .NET applications, and nine times out of 10, when I’m troubleshooting, it’s a .NET issue.”

Turner chose Riverbed SteelCentral AppInternals, which captures and analyzes all user transactions, end to end, from the user device to the back-end while capturing system metrics every second. This complete application visibility allows IT to reconstruct incidents in the detail needed to quickly diagnose problems. Powerful analytics helps pinpoint issues down to code level allowing for faster problem solving. “Now if I get a report that something is timing out, which generally means it’s taking longer than 90 seconds to respond, with the information available to me with this tool, I can isolate the offending component in minutes,” Turner said. “This is the power of SteelCentral AppInternals.”

Gone are the days when Turner faced an unknown amount of time to first recreate a problem, then identify the root cause, and finally fix the code. “I can't explain how good AppInternals really is,” he added. “There’s nothing that I can't see or explain [with it]. Having a tool like this is life changing. Our development response time to deliver a solution to the business unit has been vastly improved.”

Riverbed Delivers Solutions for Cloud and Digital World

Riverbed is delivering solutions to help companies transition from legacy hardware to a new software-defined and cloud-centric approach to networking, and improve end user experience, allowing enterprises’ digital transformation initiatives to reach their full potential. Riverbed’s integrated platform delivers the agility, visibility, and performance businesses need to be successful in a cloud and digital world. By leveraging Riverbed’s platform, organizations can deliver apps, data, and services from any public, private, or hybrid cloud across any network to any end-point.

Riverbed SteelHead™ is the industry’s #1 optimization solution for accelerated delivery and peak performance of applications across the software-defined WAN. Riverbed SteelCentral™ product family is a performance management and control suite that combines user experience, application, and network performance management to provide the visibility needed to diagnose and cure issues before end users notice a problem, call the help desk, or jump to another web site out of frustration.

Connect with Riverbed

About Riverbed

Riverbed enables organizations to modernize their networks and applications with industry-leading SD-WAN, application acceleration, and visibility solutions. Riverbed’s platform allows enterprises to transform application and cloud performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility. At more than $1 billion in annual revenue, Riverbed’s 28,000+ customers include 97% of the Fortune 100 and 98% of the Forbes Global 100. Learn more at www.riverbed.com

Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology, Inc. All other trademarks used herein belong to their respective owners.

NEW YORK – CA Technologies (NASDAQ:CA), today announced it has been named a Leader in the prestigious “The Forrester Wave™: Continuous Delivery and Release Automation, Q3 2017” report by Forrester Research. The report evaluates 15 of the most significant continuous delivery and release automation vendors.

New #ForresterWave names @CAinc @Automic "Leader" in continuous delivery& release automation http://bit.ly/2x7JVAD

Tweet this

Vendors were evaluated on 26 criteria on their ability to support major DevOps processes for continuous delivery and release automation, including: integration with CI tools, package creation and modeling, pipeline modeling and governance, API coverage, vulnerability rectification and out-of-the-box integrations.

“We are delighted to be named a Leader in Forrester’s latest Continuous Delivery and Release Automation Wave report,” said Ayman Sayed, president and chief product officer, CA Technologies. “We believe this achievement testifies to CA Technologies success in empowering enterprises with the speed and agility they need to achieve continuous delivery and adopt digital transformation as an important strategic initiative.”

Per the report, Forrester states, “Automating the movement and deployment of infrastructure, middleware, and applications through testing is a key pain point for I&O teams today. CDRA [Continuous Delivery and Release Automation] tools remove errors from manual deployment and release processes by standardizing and automating the movement of applications between environments; this is a critical step in the delivery pipeline of applications and has a direct impact on customer experience.”1

According to the report, “CA Continuous Delivery Director and CA Automic Release Automation demonstrated good pipeline management across all pipeline stages, movement of complete releases including applications, infrastructure and middleware, remediation of vulnerabilities, defect tracking, and out-of-the-box integrations with a broad range of third party solutions including configuration management, database management tools and testing tools.”2

CA Continuous Delivery Director and CA Automic Release Automation received the highest scores possible in the deployment flexibility, deployment scenario support, advanced model creation and deployment, pipeline health and orchestration, scalable governance, planned enhancements, consulting, training and support, and innovation in delivery models and pricing criteria.

CA Automic Release Automation is the most flexible, yet scalable release automation product on the market. It is also environment agnostic, making CA Technologies uniquely positioned to help transform any enterprise for the digital age.

To learn more, visit:
CA Automic Release Automation: https://automic.com/products/application-release-automation
CA Continuous Delivery Director: https://www.ca.com/us/products/ca-continuous-delivery-director.html

1 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

2 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

Tweet this: New #ForresterWave recognizes @CAinc @Automic as a “Leader” in continuous delivery & release automation: LINK @Automic #DigitalTransformation

Follow Automic Software

Automic Blog
Latest News
Join the Conversation
Join us on LinkedIn

About CA Technologies

CA Technologies (NASDAQ:CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business in every industry. From planning, to development, to management and security, CA is working with companies worldwide to change the way we live, transact, and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at www.ca.com.

Follow CA Technologies


Social Media Page

Press Releases


Legal Notices

Copyright © 2017 CA, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

The Business Continuity Institute

On Friday 25th August 2017, Hurricane Harvey hit Texas, in the USA. The natural disaster has brought record levels of rainfall causing widespread flooding.

The level of disruption in Houston has hit unprecedented levels, affecting health, homelessness and economy. Hospitals have had to be evacuated, homes have become damaged and uninhabitable and businesses have been forced to close. With widespread power cuts, emergency services have been relying on backup systems to continue offering care to those most in need.

Could anything be done better at this stage of the crisis? Looking back to 2005 and Hurricane Katrina, in New Orleans; evacuation led to congestion, lack of resources resulted in poor health and social care, and widespread panic lead to looting and damage to businesses. More than a decade later, New Orleans still hasn’t recovered. Their population is significantly lower than pre-Katrina and their businesses still struggle to trade.

12 years on however, the military are on site to reduce disruption to people and businesses in the affected areas of Texas. Supplies and generators have been shipped in, and engineers are onsite in an effort to restore Houston’s critical infrastructure whilst evacuation efforts are planned and prioritised around those most at risk. On the surface, the response effort appears more coordinated.

Whilst the efforts will continue to focus on the safety of residents, the effects on businesses will not be clear until much later. It does seem that businesses were better prepared with emergency response and business continuity plans already in place. Renovation and restoration organizations prepared for the storm by safeguarding their stocks and have put a lockdown on service inflation in the area. Farmers and traders worked tirelessly to protect their crops and although not a failsafe approach, have managed to bring at least some of their produce to safety. Local businesses have invoked their disaster recovery plans and are preparing to repair damage in disrupted areas as soon as possible, however with supply chains disrupted and entry roads blocked, this is likely to be a lengthy and difficult task.

At this early stage, it would seem that lessons were learned relating to preparedness, however whether the response has been proactive enough to ensure the regeneration and continuity of Houston and affected areas will only be seen over time.

Download the attached files

PDF documents  

Industry experts assert that because the manipulation and communication of information is now a core function of most organizations, comprehensive data management strategies are vital. But despite being mission critical, the data center often remains siloed –  a necessary, but not strategic, business service.

However, in an economic landscape defined by digital disruption, and where businesses are transforming at lightning speed, this is finally set to change. The innovations revolutionizing business – cloud computing, social media, mobile apps, the “big data” explosion and on-demand services – can only be delivered from purpose-built highly efficient data centers.

Getting the data center strategy right means that companies have an intelligent and scalable asset that enables choice and growth. But getting it wrong means their entire business could fail. For data center managers across the world, the pressure is unprecedented.



The Business Continuity Institute

More of us are moving to cities than ever before, especially in the developing world, and this migration to urban centres and the growth of cities results in more complex challenges in urban planning such as traffic management, sanitation and healthcare, thus requiring smarter management. In the latest edition of the Business Continuity Institute's Working Paper Series, Gianluca Riglietti offers an overview of smart cities today, exploring the opportunities as well as the challenges they bring.

In the paper, Gianluca concludes that cyber resilience strategies will have to be implemented in order to mitigate the risks that could disrupt a smart city, and that business continuity is also necessary, alongside other management disciplines such as information security, to ensure ensure they operate smoothly. The analysis has shown that there is ground for collaboration and an overlap in terms of good practice across disciplines.

"This technology-driven approach is not always well received," says Patrick Alcantara, Research & Insight Lead at the Business Continuity Institute. "The reliance on connective technology raises questions related to resilience given its susceptibility to outage, failure or breach. Gianluca Riglietti’s paper addresses these concerns and provides an excellent foundation to explore how smart cities can change our lives. Using business continuity principles as a framework for building cyber resilience, he suggests a way forward for managing these smart cities."

Download your free copy of 'Exploring business continuity implications of smart cities vulnerable to cyber attack' to understand more about smart cities and the complexity of making them more cyber resilient.

thunderstorm 1761849 1920

You’ve finally got the right executive management team in place. Sales are at all all-time high, projections are better, and you’re running on all cylinders. Your CIO has provided an efficient platform to support the business. You are prepared to stifle the competition.

You and your team have thought of everything. However, there may be one consideration that you are missing. How will you deal with the inevitable discontinuity that may confront your business? Terrorism, weather conditions, civil disturbances, and fire are among the considerations that may force you to have alternate plans in place. If you leave the office at the end of business on Monday evening, and the workplace is not available on Tuesday morning, how will you conduct business? How will you interface with your customers, and more importantly, how will you prevent them from directing themselves to your competition? The answer is obvious, and rather simple. You need to have a business continuity plan, and to maintain an alternate site to do business in the event of a disruption. If you’re not doing the following, you are putting your company in real jeopardy.

During more than a dozen years in which I served as senior vice president of operational risk management at AXA Equitable, an insurance giant, we were faced with eight significant crises. Five of these involved loss of use of a principal facility. The major culprit was weather, but I was sure that we had appropriate plans in place to deal with any eventuality. Fortunately, we were able to sustain the business with no interruption in all these instances due to extensive prior planning.

Here are five key considerations to building a strong business continuity plan:

1. Conduct a business impact analysis

What are the core functions of your firm that have little or no tolerance for downtime? Obviously, your customer-facing functions fall within this category, but there are also a host of financial functions which do as well. At the conclusion of this analysis you should determine the number of “seats” to allocate to each critical business area. Remember that support functions such as Procurement, Facilities, and Human Resources can be critical in sustaining business operations, and also in the process of getting you back on your feet.

2. Identify a business continuity plan (BCP) strategy

You’ve identified the critical pieces of your operation. Now it’s time to be able to staff these functions at an alternate location. For example, if you’ve determined that your treasurers department needs to be allocated 24 workstations, you’ve got to build these “seats” at an alternate location, appropriately geographically dispersed from your primary location. The desktop at each seat must be individually imaged with the applications and software to enable that function to perform.

Determine whether you want to host your own BCP plan, or outsource. Outsourcing is generally more expensive. We hosted our own plan. I preferred self-hosting because we were operating in a company owned facility, with our own equipment. We had complete control of the space, and also the quality of the data residing on the desktops. I felt that we controlled our own destiny.

Again, ensure that your BCP site is a proper distance from your primary site. It should also be supported by a generator. On 9/11, a number of Wall Street firms found that their BCP sites, also located in Downtown NYC locations, were not inhabitable due to an area-wide lockdown in the aftermath of the tragedy. Ensure that you have a transportation plan to get employees to the recovery site.

3. Practice, practice, practice ...

The only thing worse than not having a plan, is having one, and not being able to properly execute. In 2004, NYC hosted the Republican National Convention. The two largest hotels in the city were occupied by a large number of convention delegates. Based upon reports that the delegates may be targeted at these locations, and the residual impact due to our proximity, a determination was made to run the business for two weeks from our recovery site. The feared protests never materialized, but in the end, we conducted an exercise which validated our crisis management and BCP programs. On an annual basis, we conducted an all-hands BCP drill. This continued to validate the functionality of our plan, and contributed to the overall “buy-in.”

I’ve often told my employees that we were in the business of sales. Our job was to convince our internal business folks to supporta mandate of preparedness in addition to their core responsibilities. This mindset ultimately became part of our culture.

4. Develop a remote access program

This is a great complement to your recovery site. It enables you to bring more people back to work quickly. Do an inventory of those employees who are assigned laptops. For employees not assigned laptops, remote access software enables employees to mirror a workplace computer via their home desktop. This is also a useful strategy for instances where employees are not able to travel due to weather or other conditions.

5. Communications

I believe that communication is the single most important aspect of crisis management. Effective communication helps to control the intensity of a crisis. Employees can be directed, and kept in the loop with an automated notification system, such as Onsolve or Everbridge. Crisis managers, who previously depended on manual process, can now use a tool, GroupDoLists, which serves as a repository for all BCP and CM documentation. It pushes out tasking to team members during a crisis, and reports their progress in real time. An effective way to keep executive management in the loop on their smartphone or laptop.

A 26-year career in the Secret Service has infused a mindset of preparedness. The keys to success in this discipline are advanced preparations, training, and the smart use of technology. I strongly believe that companies seeking a competitive edge must be prepared to deal with unforeseen events. Every move a business makes is transparent today. Customers watch how your company is handled in a crisis. If your company fumbles a disaster, your customer may decide to shop elsewhere.

Author Info:
Dowling PeterPeter Dowling, 26-year veteran of the Secret Service, 12 years in operations risk management with AXA. Today, Dowling works as a special advisor to the CEO for GroupDoLists, Powered By Centrallo.

The Business Continuity Institute

There is considerable room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters, according to a study conducted across Austria, England and Romania. The study, published in the journal Risk Analysis, provides a detailed look at different public and private incentives for risk reduction and their association with actual risk reduction behaviour.

"Currently neither insurance nor governments successfully encourage risk reduction. Increased and more targeted efforts particularly from local authorities will be important, and have the capacity to change the picture. This will be exceedingly important considering extreme events from climate change," says IIASA researcher Susanne Hanger, who led the study. "This in turn is important for insurance to remain viable and for governments to not overspend on disaster aid."

The study also finds little support for the idea that compensation for flood damage make people less likely to take personal risk reduction measures, such as taking actions to prepare for an eventual flood or installing structures or technologies that can help protect homes from damage. Instead, the study finds that neither private insurance nor public compensation after a disaster is linked to less risk reduction at an individual level.

In Austria for instance, post-disaster relief is available from the government in the form of a catastrophe fund. Yet Austrians had taken more structural measures to protect their homes (45%) than Romanians (23%) or the English (19%), who have less access to public assistance after disasters. For awareness and preparedness measures, Austrians were equally likely to have taken awareness and preparedness measures compared to the English and Romanians.

While the researchers found no link between post-disaster compensation and reduced individual preparation, they did find a connection between public infrastructure measures such as flood dams, which may be linked to a sense of increased safety. In both England and Austria, the researchers found that public risk reduction infrastructure, such as dams and levees, were associated with a lower rate of individual investment in risk reduction measures.

Interestingly, in Romania neither insurer nor government efforts showed any effect on household risk reduction behaviour. Hanger speculates that this may be a result of insufficient public capacity to provide this kind of support. In England, the study shows that national efforts by the UK government to inform the public about disaster risk reduction have reached many households, which is positively associated with preparedness. In Austria, where national level information efforts are limited, households respond almost exclusively to local awareness raising and support.

Across all countries, the researchers find room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters. Instead of increasing efforts to privatize all flood risk insurance, Hanger says, "We need to better coordinate public and private schemes in order to design not only efficient, but also socially just and politically feasible solutions."

In last week’s blog, we discussed why you should invest in a business continuity (BC) program. One point we made was that insurance against loss is typically not enough, so the additional value provided by a business continuity plan and program are needed. It’s important to know the differences between business continuity and insurance, and why insurance should be a part, but not the entirety of your business continuity plan.

The Difference Between Business Continuity and Insurance

Before we consider the differences, it is relevant to understand that business continuity is a form of insurance. The insurance we are comparing BC to is a contract of coverage where a party agrees to indemnify or reimburse another party for a defined loss under specific and defined conditions.



The Business Continuity Institute

The UK's top firms and charities urgently need to do more to protect themselves from online threats, with 1 in 10 FTSE 350 companies operating without a response plan for a cyber incident, and only 6% of businesses completely prepared for new data protection rules, according to the UK Government's FTSE 350 Cyber Governance Health Check.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68%) despite more than half saying cyber threats were a top risk to their business (54%).

There has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53% up from 33%) and more than half of businesses having a clear understanding of the impact of a cyber attack (57% up from 49%).

Separate research which looked at cyber security in charities has found that third sector organizations are just as susceptible to cyber attacks as those in the private sector, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities. Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.

Minister for Digital Matt Hancock said: "We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right. These new reports show we have a long way to go until all our organizations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training. Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre."

Where charities recognised the importance of cyber security, this was often due to holding personal data on donors or service users, or having trustees and staff with private sector experience of the issue. Charities also recognised those responsible for cyber security need new skills and general awareness among staff needs to raise.

Helen Stephenson CBE, Chief Executive at the Charity Commission for England and Wales, said: "Charities have lots of competing priorities but the potential damage of a cyber attack is too serious to ignore. It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation. Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security."

The Horizon Scan Report, published by the Business Continuity Institute, showed that it didn't matter whether an organization was private, public or third sector, by and large they will all share the same risks, and the greatest of those being cyber attacks.

The Business Continuity Institute

The risk of a data breach is increasing in the retail industry as retailers accumulate more and more personal information on their customers as part of their ‘Big Data’ initiatives. As such, the number of retail businesses reporting data breaches to the Information Commissioner's Office has doubled in just one year, jumping from 19 in 2015/16 to 38 in 2016/17, says law firm, RPC.

The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in store mean that even a small multiple retailer will be gathering exactly the kind of data that hackers will be looking for, and the retail industry is beginning to feel the pressure to invest more heavily in cyber security.

The regulatory burden and financial risks involved in a data breach will increase substantially when the General Data Protection Regulation (GDPR) comes into force in May 2018. These rules will make reporting breaches mandatory. As companies are not currently required to report every attack they suffer, the actual number of data breaches in the retail sector is likely to be even higher.

Jeremy Drew, Partner at RPC, comments: “Retailers are a goldmine of personal data but their high profile nature and sometimes ageing complex systems make them a popular target for hackers. There are so many competing pressures on a retailer’s costs at the moment – a rise in the national minimum wage, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

Jeremy Drew added: “As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained. No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”

The Business Continuity Institute

By 2100, two in three people living in Europe may be affected by weather-related disasters, according to a study published in The Lancet Planetary Health which sheds light on the expected burden of climate change on societies across Europe.

The study analyses the effects of the seven most harmful types of weather-related disaster - heatwaves, cold snaps, wildfires, droughts, river and coastal floods, and windstorms - in 28 European Union countries, as well as Switzerland, Norway and Iceland. The projected increases were calculated on the assumption of there being no reduction in greenhouse gas emissions and no improvements to policies helping to reduce the impact of extreme weather events (such as medical technology, air conditioning, and thermal insulation in houses).

"Climate change is one of the biggest global threats to human health of the 21st century, and its peril to society will be increasingly connected to weather-driven hazards," says lead author Dr Giovanni Forzieri of European Commission Joint Research Centre in Italy. "Unless global warming is curbed as a matter of urgency and appropriate measures are taken, about 350 million Europeans could be exposed to harmful climate extremes on an annual basis by the end of the century."

The study estimates that heatwaves would be the most lethal weather-related disaster, and could cause 99% of all future weather-related deaths, increasing from 2,700 deaths a year between 1981-2010 to 151,500 deaths a year in 2071-2100.

It also projects substantial increases in deaths from coastal flooding, which could increase from six deaths a year at the start of the century to 233 a year by the end of the century.

Comparatively, wildfires, river floods, windstorms and droughts showed smaller projected increases overall, but these types of weather-related disaster could affect some countries more than others. Cold snaps could decline as a result of global warming, however the effect of this decline will not be sufficient to compensate for the other increases.

Due to projected increases in heatwaves and droughts, the effect is likely to be greatest in southern Europe where almost all people could be affected by a weather-related disaster each year by 2100, projected to cause around 700 deaths per every million people each year.

Comparatively, in northern Europe, one in three people could be affected by a weather-related disaster each year, resulting in three deaths per every million people each year.

Climate change is likely to be the main driver behind the potential increases, accounting for 90% of the risk while population changes such as growth, migration and urbanisation account for the remaining 10%.

"This study contributes to the ongoing debate about the need to urgently curb climate change and minimise its consequences. The substantial projected rise in risk of weather-related hazards to human beings due to global warming, population growth, and urbanisation highlights the need for stringent climate mitigation policies and adaptation and risk reduction measures to minimise the future effect of weather-related extremes on human lives." adds Dr Forzieri.

Adverse weather, which includes such events as heatwave, featured fifth in the list of concerns that business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report. Climate change is not yet considered an issue however, as only 23% of respondents to a global survey considered it necessary to evaluate climate change for its business continuity implications.

In the third piece of our Business Continuity 101 Series, we delve into why organizations invest in business continuity, dispelling common BC misconceptions, and explaining value-based BC investment.

A common point of confusion for new BCM practitioners is the why and how of implementing a business continuity (BC) program. What are, or should be, the drivers for implementation and on-going, continual improvement? Most organizations consider business continuity as a form of insurance or a cost to be minimized. We agree that BC is related to insurance; it is there to ensure that an organization remains whole during an emergency event. We would say that costs associated with BC should be appropriate. There is no reason to overspend on recovery solutions, but it is risky to underspend as well. BC should be implemented as any other function that is not profit generating.



BATON ROUGE, La. — A public-private partnership continues to help Louisiana communities recover from the August 2016 floods and become better prepared for future disasters.

The partnership includes members of the private sector, local and state governments and various federal agencies. Recovery accomplishments include:

  • The Louisiana Disaster Recovery Alliance created a guide of available resources to help families and communities recover from the August 2016 floods. The alliance is a group of philanthropic organizations and state and federal recovery partners.
  • The state created the Louisiana Supply Chain and Transportation Council to make the state’s transportation systems more resilient. The council consists of officials from state and federal agencies, academic institutions and private sector leaders.
  • The state also launched the Louisiana Housing Heroes initiative. This governor-championed initiative identifies landlords, property owners and managers in disaster-designated parishes who agree to make affordable homes, apartments and other housing units available to displaced flood survivors.  
  • Recovery partners continue to meet with communities to help them implement resiliency and recovery strategies.

The partnership’s various federal agencies work with communities to address recovery challenges. Specialists have coordinated with community leaders and recovery partners to find solutions to housing needs, rebuilding the economy and infrastructure, preserving heritage and maximizing resiliency.

Below are the federal agencies consulting with affected communities and what they’re helping with:

  • Community planning and capacity building, FEMA;
  • Economic recovery, U.S. Department of Commerce;
  • Health and social services issues, U.S. Department of Health and Human Services;
  • Housing, U.S. Department of Housing and Urban Development;
  • Infrastructure systems, U.S. Army Corps of Engineers; and
  • Natural and cultural resources, U.S. Department of Interior.


Security incidents within law firms have been growing as a threat because cybercriminals are recognizing the pivotal role firms play in housing sensitive client information for legal proceedings. Because of this, attackers have begun to target the legal industry with unprecedented force. Even the largest and most prestigious firms with best-of-breed cybersecurity solutions are no longer immune to intrusions.

Clients and auditors have recognized this increased attention on the legal industry, and have begun to pressure their law firms for more evidence of protection and recoverability. For example, a recent survey* of the legal industry found that 42% of respondents stated an increase in client concerns about IT operations and data retention, and 51% agreed that audits and regulations are an increasing pressure. Law firms must now provide proof to these constituents of a robust cybersecurity stance.

For this reason, Bluelock now offers a Cyber Threat Health Review, a professional service engagement for law firms seeking to mitigate risk from ransomware and other cyber threats. This review is a low-commitment, high-impact analysis of current data protection technology and policies designed to minimize data loss and operational downtime. It covers the core components of the firm’s threat protection, detection and recovery response strategies.

With over a decade of experience helping clients maintain and protect critical workloads, Bluelock’s expert team reviews existing security practices with a specific focus on how to respond to threats. Organizations that engage in the service receive face-to-face education and practical guidance to increase resilience and protect customer confidence.

The Cyber Threat Health Review process includes the following steps:

  1. Survey and Interviews: Relevant information is collected via surveys and phone interviews
  2. Onsite Education: Our team provides education to staff and executives for best practices
  3. Detailed Analysis: Our team reviews policies and technology for gaps and opportunities
  4. Onsite Delivery of Action Plan: Details risk profiles and action plan from our analysis

For more information, visit https://www.bluelock.com/cyber-health/.

* “2016 IT Disaster Recovery Planning and Preparedness Survey.” ALM and Bluelock, October 2016.



The Business Continuity Institute

When the United Kingdom exits the European Union, the four freedoms that currently exist will be no more. The free movement of goods, services, capital and people will probably be gone, and more restrictions will be placed on their movements across borders. The free movement of people is the primary reason that many people voted to leave the European Union in the first place.

With mainland Britain, it is relatively easy to be restrictive with what comes in and out of the country as there are no borders with another country so anything or anyone coming in or out is funnelled through a specific location – airport, port or station. In Northern Ireland however, which obviously will exit the EU, the situation is slightly more problematic as the country shares a land border with the Republic of Ireland stretching over 300 miles (or 500 kilometres depending on what side of the border you are on).

There are now many different possibilities for what could happen to this border in a post-Brexit world, and these range from the status quo with people free to cross without any restriction, to a hard border with checkpoints at all the crossings, although building a wall might be a little bit extreme. With the former, this undermines the whole point of Brexit which was to end the free movement of people between the EU and the UK, and so prevent too many people from entering the UK. With the latter, it will undermine the peace process brought about by the Good Friday Agreement that sought to remove border infrastructure and checkpoints that were symbolic of threat of violence that existed during The Troubles.

A middle option that has been suggested is a soft border between the north and the south, but a hard sea border. This would effectively keep Northern Ireland within the EU, but out of the UK, so is not likely to be a preferred option for any Unionists who will see this as a stepping stone toward reunification with the south.

A hard border between the north and the south may not be an issue for big businesses who I'm sure will find an adequate solution regardless of the outcome. The issue will mostly be with the small businesses situated near the border that rely on trade with the other side of the border – a local market in which the border, for now, is an irrelevance. Figures suggested that 80% of trade across the Irish border is carried out between SMEs.

Organizations on both sides of the border need to consider how the different options would affect them and then consider what measures they could put in place to lessen the impact. Organizations need to monitor the negotiations closely to see how the potential for disruption is developing to ensure that they are ready to face any challenges that come their way.

Of course it is also worth noting that this is not just an issue for the Irish border, it will also become an issue at the border between Spain and Gibraltar where people routinely cross on a daily to trade or work on the other side of the border. Arguably it will be more problematic in this situation as tensions are slightly greater between the two countries on either side of the border.

So what steps has your organization taken to prepare itself for Brexit?

Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Wednesday, 16 August 2017 15:39

BCI: Controlling the Irish border after Brexit

The Business Continuity Institute

Such is the high calibre of the Business Continuity Institute’s research output, that its latest publication – the 2017 Cyber Resilience Report – is to be used as part of the teaching programme by Cranfield University, the UK’s only exclusively postgraduate university, and a global leader for education and transformational research in technology and management.

The BCI’s Cyber Resilience Report, a study of the cause and consequence of cyber disruptions affecting organizations across the globe, will be used as part of the teaching programme for the MSc in Cyber Defence and Information Assurance. The report will form the basis of in-class and online discussions as part of the degree’s focus on real-life issues.

Dr Ruth Massie MBCI, Programme Director for the Cyber Masters Programme and long standing Member of the BCI, said: “It’s important that students get the opportunity to understand not just the causes of cyber related interruptions but the size and scale of the consequences. This report gives students the opportunity to understand and discuss these issues in a leadership context.”

“This is an encouraging demonstration of the high regard with which our research is held,” said Deborah Higgins FBCI, Head of Professional Development at the BCI. “We know that people working in the industry value our research, but to have it featured within the teaching programme of such a prestigious university as Cranfield helps reaffirm our status as a thought leader in the field.”

Cranfield’s MSc in Cyber Defence and Information Assurance is designed to develop professionals who can effectively manage and exploit the threats and opportunities of cyberspace at the organizational level. The course specifically focuses on responses to serious present and emerging threats in the information domain, and is aimed at mid-career professionals who need a broad understanding of cyber leadership.

The Business Continuity Institute

The importance of managing internal threats to win at cyber security has been emphasised in a study by Haystax Technology and SANS which found that 40% of respondents to their survey rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced.

Furthermore, Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey revealed that nearly half (49%) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.

"We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it," said Haystax CEO, Bryan Ware. "Existing tools aren't smart enough, or don't have the context needed to identify malicious insiders. What's needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers."

Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders. A third of survey respondents (34%) have these tools and technology, but have not used them operationally and more than a third (38%) of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.

"It is misleading to see that 60% of respondents said they had not experienced an insider attack," said SANS instructor and survey report author, Eric Cole, PhD. "The rest of our data indicates that organizations still are not effective at detecting insider threats, so it's clear that most either didn't notice threats or attacks, or didn't realize those incidents involved malicious insiders, or outsiders using compromised insider credentials."

“I don’t know who you are. I don’t know what you want. If you are looking for ransom, I can tell you I don’t have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.” – Liam Neeson, Taken, 2008


The last few months have seen two serious and destructive “ransomware” attacks that significantly affected the operations of several major organizations worldwide. May’s “Wannacry” and June’s “NotPetya” attack affected millions of staff and caused significant damage – as was their intention.

Ransomware costs for 2017 are estimated in the billions, with a “B”. Not to mention the danger posed by critical systems being down at organizations such as health systems and nuclear power plants.

The attacks are becoming more frequent and more sophisticated with each incident. We will never be able to stop the criminals from striking, so it is imperative that we use all the skills at our disposal to thwart them. What can we do?



The Business Continuity Institute

Organizations are now less confident in their ability to recover from an incident, according to a new study conducted by Databarracks, which suggests that contributing factors include a lack of testing, budgetary constraints and the growing cyber threat landscape.

The Data Health Check report found that almost one in five organizations surveyed (18%) "had concerns" or were "not confident at all" in their disaster recovery plan; an increase from 11% in 2015 and 15% in 2016. Organizations are increasingly making changes to their cyber security policies in response to recent cyber threats (36 per cent this year, up from 33% last year), yet only a quarter (25%) have seen their IT security budgets increased. Small businesses are particularly affected with just 7% seeing IT security budgets increase. 

Financial constraints (34%), technology (24%) and lack of time (22%) are the top restrictions when trying to improve recovery speed. Fewer organizations have tested their disaster recovery plans over the past 12 months – 46% of respondents had not tested in 2017, up from 42% in 2016.

Peter Groucutt, managing director of Databarracks, commented on the results: "It isn't surprising that confidence in disaster recovery (DR) plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren't effective.

"What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve your preparedness and organizational confidence.

Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity, and by extension - disaster recovery, programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.

The Business Continuity Institute

More than one-third of businesses have experienced a ransomware attack in the last year, and more than one in five (22%) of these impacted businesses had to cease operations immediately, according to a study by Malwarebytes.

The Annual State of Ransomware Report found that the impact of ransomware on SMEs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMEs that experienced a ransomware attack, one in five (22%) reported that they had to cease business operations immediately, and 15% lost revenue.

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise. Osterman’s findings demonstrate that SMEs are suffering in the wake of attacks, to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”

Most organizations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of organizations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly one-half of the organizations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.

For many, the source of ransomware is unknown and infections spread quickly. For 27% of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices. For 2% of organizations surveyed, the ransomware infection impacted every device on the network.

SMEs in the US are being hit harder than SMEs in Europe by malicious emails containing ransomware. The most common source of ransomware infections in US-based organizations was related to email use. 37% of attacks on SMEs in the U.S. were reported as coming from a malicious email attachment and 27% were from a malicious link in an email. However, in Europe, only 22% of attacks were reported as coming from a malicious email attachment. An equal number were reported as coming from malicious link in an email.

Most SMEs do not believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cyber criminals’ ransom demands, about one-third lost files as a result.

Current investments in technology might not be enough. Over one-third of SMEs claim to have been running anti-ransomware technologies, while about one-third of businesses surveyed still experienced a ransomware attack.

With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Connectivity in the pockets of first responders and mobile team members

By Glen Denny, Baron Services, Inc.

One of the biggest challenges in weather forecasting has always been alerting people who are away from home of severe weather threats. The radio was for years the primary viable method of doing so, but a radio can only give listeners so much pertinent information, such as county-wide watches and warnings. This kind of information can be helpful to some degree for people who find themselves out and about when weather hits, as it can be used as a basic indicator of danger and the need for mobile listeners to find shelter in a safe place. However, there are numerous shortcomings to radio-delivered weather reporting. Radio’s main shortcoming, which is responsible for all of the missing links in radio-delivered weather, is the medium of the radio itself. Radio is a purely aural medium, for one. Radar, one of the most essential weather data tools, is practically irrelevant to the medium of radio, as radar obviously offers a purely visual delivery of weather data. Radio is also a non-specific medium. Via radio, a set amount and set kind of weather information is broadcast to a wide-ranging listening area. The amount and kind of information cannot be customized or altered in any way to fit the specific interests or needs of listeners located within a specific region of the listening area of the station.

The Mobile Solution to Weather

The solution to the problem of effective on-the-go weather forecasting came with the advent of smart phones and mobile radar apps. Smart phones are now a near ubiquitous technology in the United States (and most of the rest of the world, too), so the majority of people in the present day who find themselves out and on the go during a time when they need weather information can access that information on their smart phone. AccuWeather, the Weather Channel, and other weather data providers all have their own mobile apps which people can download and use to this end.

However, the current mobile weather application landscape is still not 100% effective. Weather apps like those provided by The Weather Channel and AccuWeather offer extensive data and radar, but, like most weather apps, they still mostly deliver non-specific, commodity data. Apps such as these can give the user a 10-day forecast, current radar and projected radar of their surrounding area, and of course, can send the user notifications of National Weather Service (NWS) watches and warnings as they occur. This kind of information is mostly sufficient for general users. However, users in areas of frequent inclement weather, or professional users involved in emergency response or planning for schools, hospitals, businesses, and governments will find this kind of limited weather data lacking for their purposes.

A New Class of Mobile Monitoring

Baron1A new generation of advanced weather apps, such as Baron’s Threat Net mobile app, are the kind of product these kinds of users need to do their jobs well and to keep safe. Apps in this new generation are focused on providing hyper-local, one-to-one critical weather intelligence to advanced users and lay-users alike. Baron’s Threat Net Mobile app, for example, features detailed data and visual monitoring on precipitation and forecasted road conditions and hazards, (a Baron-exclusive product featuring advanced data on severe weather threats such as damaging winds, hail, and flooding), a monitoring system that displays real-time cloud-to-ground lightning strikes at street level, and storm vectors enabling accurate storm tracking up to an hour in advance. These and other similarly advanced weather monitoring products have more value than commodity weather data in that they are in-depth, specific, and customizable. A good example of this is another feature of Baron’s Threat Net Mobile app called Critical Weather Indicators. This Baron exclusive product highlights to users in real-time the most dangerous storm situations near their location, effectively warning users of possible severe weather threats before they happen. The alerts from the NWS, while certainly valuable to many people, don’t work in this way. NWS alerts are aimed at the widest possible audience in order to ensure the safety of as many people as possible during inclement weather. Apps like Baron’s, however, are aimed at each individual’s safety and efficacy in keeping others in their area safe. For example, Baron’s mobile alerts will notify users who are in the actual path of a storm of its imminent arrival, will warn users of nearby lighting strikes, and could point out the possible flooding of a nearby river based on projected rainfall. Because these alerts are based on algorithms and aren’t required to be approved by at the NWS, they arrive well before the storm or other threat has, which is a feature commodity weather apps lack.

If we revisit the mediums of radio and commodity weather apps discussed earlier, we can see how large an advantage these advanced weather apps have on any other method of delivering weather data to people on the go. Imagine a severe storm is approaching a town. A mobile user in this town away from home using a radio to monitor the weather will not have much of an idea where a nearby severe storm is in relation to her exact location, and as a result will be able to do little in terms of creating a specific plan. A commodity mobile app user will be able to see where the storm currently is and where it might be in an hour, but she will have to pick herself out on the map (which likely displays a large area) and project the storm’s long-term path herself, planning accordingly based on this information. A user who has an advanced app, like Baron Threat Net mobile, will be notified of the storm in advance if it is heading towards and projected to hit her exact location. This user can also learn what kind of specific threats this imminent storm may bring to her exact location, such as high winds, hail, heavy rain, or a possible tornado (determined by Baron’s Critical Weather Indicators).

Advanced Apps are Perfect for Public Safety

The above description shows how much more pertinent information can be delivered via an advanced mobile app compared to other methods, which is what makes these advanced apps so appropriate for both professionals and laypeople, and also so appropriate for use by organizations such as schools, hospitals, businesses, and governments. Schools, for instance, could benefit largely from an advanced mobile app like Baron’s in many situations. If weather hits while students are being transported to an event off campus or even simply being brought home in the afternoon, having each bus equipped with an advanced mobile app could aid in coordination with the schools’ center of operations, and could allow school staff on the busses to make the right decisions to ensure the safety of the students being transported. Hospitals could use such apps in a similar way. A hospital operation center could, in times of severe weather, rely on its individual mobile employees, such as individuals driving ambulances or helicopters, to make decisions best for them and their patients while in the field during critical weather situations. For businesses and local governments, the same idea applies. The mobile parts of these organizations, if equipped with advanced weather apps like Baron’s, could be more reliably responsible for their own safety during severe weather, taking some of the burden off of their home bases, and most importantly, keeping themselves out of dangerous situations.

Advanced mobile apps like Baron Threat Net mobile are clearly the most effective medium through which to deliver important weather information in critical situations, because the data delivered via these apps is specific, hyper-local, in depth, and customizable. All of these characteristics added up equate to mobile apps which can be useful to anyone, and can be especially useful to professional users involved in public safety, such as in hospitals, schools, local governments, and businesses.

...but it’s not as easy as you think



Whether for functional need, budgetary alignment, or due to top-down pressure, all companies will move to the public cloud at some level. If an organization has less than, say, 50 terabytes of data to manage, it’s easy to move everything there. For those of you in this boat, you can stop reading this article and proceed directly to the cloud, and collect $200.

For those with hundreds of terabytes, even petabytes, of data this is challenging and unrealistic. The business value of public cloud infrastructure is desirable, but when there are such large volumes of data, it’s hard to get there. “Lift and shift” strategies to mimic on-site infrastructure in the cloud are not often viable when petabytes of data are involved, and many businesses need to keep at least some data on the premises. Luckily the utilization of public and private infrastructure does not have to be an either/or decision.


Figure 1: The business dynamics of public infrastructure are desirable, but with so much data to manage, it’s hard to figure out how to get there.

Fortunately, you can realize many of the business benefits of the public cloud in your own data centers. Elimination of silos, data that’s globally accessible, and pay-as-you-grow pricing models are all possible on-premises, behind your firewall. The “hybrid cloud” approach is not simply having some apps running in your data center and other apps running in Amazon or Google. Workflows do not have to wholly reside within either private or public infrastructure – a single workflow can take advantage of both. True hybrid cloud is when public and private resources can be utilized whenever it’s best for the application or process.

Here are four key steps to accelerate your journey to the cloud.

Step 1: Go Cloud-Native

Storage is the primary inhibitor preventing movement towards the public cloud and cloud architectures in general. Data is siloed – stuck in separate repositories – and locked down by specific access methods required by specific applications. This makes it impossible, or at least extremely expensive, to effectively manage, protect, share, or analyze data.

“Classic” applications use older protocols to access data, while newer cloud-native applications use unique interfaces. Converting everything to cloud-native format will save much time, money, and headache in the long run. This does not have to be a massive project; you can start small and progress over time to phase out last generation’s technology.


Figure 2: Start on your journey to the cloud by leveraging cloud-native storage on-premises.

Once you’re cloud-native, not only is your data ready to take advantage of public cloud resources, but you immediately start seeing benefits in your own environment.

Step 2: Go According to Policy


Figure 3: Use policies to place data where it’s needed, across private and public cloud.

On-premises data on cloud-native storage can be easily replicated to the public cloud in a format all your applications and users can work with. But remember, we’re talking about hundreds of terabytes or more, with each data set having different value and usability.

Data management policies in the form of rules help decide where data should be placed based on the applications and users that need it – parts of your workflow behind your firewall and other parts in the public cloud. For example, you may be working with hundreds of terabytes of video, but would like to take advantage of the massive, on-demand processing resources in Google Cloud Platform for transcoding jobs instead of local hardware. Set a policy in your cloud storage software to replicate that on-prem video to the public cloud, then let Google do all the work, and set a policy that says move the transcoded assets back down when complete for the next step in the flow.


Don’t worry – the cloud data management software “views” the entire infrastructure as a single pool, universally accessible, regardless of the kind of storage or location.

Step 3: Go Cloud to Cloud

Policies help automate and orchestrate services to your applications based on business requirements (e.g. cost, capacity, performance, and security), according to the different capabilities of your on-premise or cloud resources. This also means data is efficiently discoverable and accessible across multiple clouds – the cloud data management platform considers the differences in services provided by the different clouds and moves or copies data to the right one.


When data is organized by storage silo or tracked by databases that only a single application has access to, the data can most often only be utilized that single application or a small number of users. Instead start to use metadata as the organizing principle for your data, which is enabled by cloud-native storage. When metadata sits right alongside the data it’s representing, it can be globally indexed and made available to many applications and groups of users.

As an example, data may be generated in a research lab that you manage, but the analysis can occur in Google Cloud platform. Then, the data is synched to Amazon Web Services when the results are ready to be shared to outside researchers and customers.

Step 4: Go Deep

When data placement policies enable a true hybrid cloud workflow, not constrained by physical infrastructure, you can unlock more capabilities. You can start to use metadata – the data about the data – as what we call the organizing principle. Cloud-native data holds its own metadata right alongside it, not in a separate database only its own specific application can read. Your metadata can now be globally indexed and made available to many applications and groups of users. This allows you to perform large-scale analysis projects (etc., some examples needed).

Whether you like it or not, you will be in the cloud in some capacity. Follow these steps to not only make the transition to public infrastructure hassle-free, but to bring many of the business dynamics of cloud – pricing based on consumption, massive scalability, collaboration, etc. – into your datacenter and increase the value of your data.


Erik Pounds is head of product marketing at SwiftStack (www.swiftstack.com).

Friday, 04 August 2017 20:30

You WILL go to the cloud

Dallas Area Rapid Transit (DART) & STORServer



Organization: Dallas Area Rapid Transit 

Industry: Regional transit agency 

Location: Dallas, Texas, USA 

Size: Serves more than 220,000 passengers per day



  • Upgrade older data backup appliance and software
  • Platform stability and system supportability
  • Turnkey solution that includes installation, implementation, training and maintenance support
  • Seamless integration with existing data backup configuration for its radio and CAD/AVL bus dispatch system 



STORServer EBA852 enterprise backup appliance with Storwize® V3700 20TB Disk Storage IBM TS3100 tape library


Dallas Area Rapid Transit (DART) was ready to refresh its existing data backup appliance and software to take advantage of the newest IBM Spectrum Protect™ features and STORServer’s turnkey solution. 

Since the initial implementation STORServer completed for the regional transit agency in 2010, the features of the IBM Spectrum Protect, formerly IBM® Tivoli® Storage Manager (TSM), software have been greatly enhanced, including the change of the underlying software database to DB2®. The availability of this robust DB2 database, as well as IBM Spectrum Protect’s new deduplication feature designed to reduce backup storage requirements, prompted DART to upgrade its existing data storage configuration. 

It was imperative to select the right partner for its data backup needs, as DART relies heavily on the data collected and reported by its radio and CAD/AVL bus dispatch system. The data tracks important metrics like on-time performance, which is analyzed and used in planning for scheduling, route assignments, vehicle assignments and to make other critical decisions.

“Knowing our main priority was to ensure platform stability and system supportability, STORServer carefully considered our current needs while also recommending scalable solutions that will allow us to easily accommodate potential future needs as our data backup requirements change over time,” said David Bauchert, senior control systems programmer, Dallas Area Rapid Transit.

Because the existing configuration STORServer installed and implemented had worked seamlessly with the agency’s data backup needs for this dispatch system, DART’s IT team trusted STORServer’s recommendations for this upgrade. 


The Solution

STORServer helped DART implement a new backup appliance and transition an existing tape library to serve as the disaster recovery target for its backup data:


  • Primary BackupSTORServer EBA852 – This enterprise backup appliance with SSDs enabled the agency to take advantage of new features, like deduplication, now available in IBM Spectrum Protect. The IBM Spectrum Protect database is now housed on SSDs in the appliance with faster processing power. In this configuration, 20TB of Storwize® V3700 disk storage was included. The primary backup data is kept on disk for quick restore and to take advantage of Spectrum Protect’s deduplication feature, which reduces backup storage requirements. This configuration also includes IBM Spectrum Protect Suite licensing, which offers simplified pricing and licensing with a tiered per-terabyte metric. This licensing enables the agency to have access to a suite of backup software products, including database and mail agents, along with IBM Spectrum Protect™ for Virtual Environments, should the agency need to enable that in the future.
  • Disaster Recovery:  IBM TS3100 Tape Library – This entry-level tape library, which was previously installed by STORServer in 2010, is now used for disaster recovery copy purposes. Reusing this existing library provided flexibility and reduced the costs associated with the appliance server refresh. As part of the agency’s disaster recovery plan, the tapes are taken offsite every day. Incremental backups also take place daily. The appliance server and configuration recommended by STORServer allows DART to plan for future data growth, as additional external storage can be added as needed to the appliance server. With the newest Spectrum Protect and STORServer Console (SSC) versions included as part of this upgrade, DART can now manage and move its data more efficiently. Highly scalable to future-proof the agency’s needs, Spectrum Protect also reduces backup and recovery infrastructure costs. SSC is designed to let administrators configure and manage their Spectrum Protect environment with a single, intuitive user interface. It also helps users save time, reducing daily administration tasks to less than 30 minutes per day. 


The Results 

  • Fifty-nine percent data deduplication savings for a deduplication ratio of 3:1 
  • Even as DART experienced 40 percent data growth since the implementation, the deduplication capabilities enabled them to use 38 percent less storage. 
  • Reduced overall costs for data protection by removing redundant data 
  • Data is now moved more efficiently, allowing for best implementation of data protection business practices. 
  • Automated delivery of daily reports allows for easy review and confirmation that backups have completed successfully. These reports can be individually tailored and distributed to multiple levels within the organization.


“It’s been incredibly advantageous for us, both from a cost and time perspective, to have access to IBM Spectrum Protect’s deduplication capabilities. We’ve experienced substantial savings in storage since then. Previously, we were running at 100 percent of our disk capacity, and now we are only using 26 percent of it,” added Bauchert.



STORServer is a leading provider of data protection solutions and offers the only enterprise data backup appliance that is built to order. Each backup appliance solution is tailored to the customer’s unique environment to simplify management of complex backup, archive and disaster recovery needs. STORServer’s appliances feature enterprise class data backup, archive and disaster recovery software, hardware, services and U.S.-based customer support. STORServer is proud to now offer SoftLayer® containers and DRaaS in SoftLayer virtual machines. Companies of all sizes trust in STORServer’s proven appliances to solve their most complex data protection problems. For more information on STORServer, please visit storserver.com.

storserver.com (800) 550-5121 Copyright 2017 STORServer, Inc.

IBM, IBM Spectrum Protect, DB2, Storwize, IBM Spectrum Protect Suite, IBM Spectrum Protect for Virtual Environments are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. SoftLayer is a registered trademark of SoftLayer, Inc., an IBM Company.

Page 2 of 3