DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (393)

Developing a community’s confidence in an opt-in emergency notification system is essential to success, but not having complete buy-in from the users of the system can slow its development as well.

Ottawa County, Mich., emergency management and first responders faced both of those when they implemented the Smart911 system, developed by Rave, in 2014. But momentum seems to be picking up with public safety and emergency management personnel solidly behind the system and the public headed in that direction too.

Just under 5,000 residents have signed on to the system, but last week more than 200 signed up in a 24-hour period, which was “great progress,” according to the county’s Emergency Management Director Nick Bonstell.



For some businesses, the hybrid storage array offers the best of both worlds. In comparison to the all-flash array – clearly the highest performance option – a hybrid array allows a lower cost, yet also enables some impressive performance. It's the classic "transitional" storage solution as flash becomes ever more dominant in storage infrastructures, yet hard disk drives remain abundant.

Yet for all its advantages, a hybrid storage array isn't the automatic choice. Let's explore the hybrid vs. all-flash array question.



(TNS) - Apps such as Uber, “Pokemon Go” and Snapchat can pinpoint where users are down to the side of a block. But 911 dispatchers have to rely on distant cell towers, sometimes-faulty GPS and the caller — who is likely in distress — to figure out where calls are coming from.

In an effort to thrust 911 call centers into the 21st century, Apple announced Monday that the next major update to iPhone software will allow users in the U.S. to automatically share location data with emergency responders. Software and a data clearinghouse built by New York startup RapidSOS will let 911 centers receive callers’ locations.



(TNS) - Always ready. Always there.

That’s the motto of the National Guard, and for 48 days — and counting — soldiers and airmen from this component of the military have been doing safety and relief work amid volcanic threats and destruction on the east side of Hawaii island.

More than 200 Guardsmen have been assisting Hawaii County Civil Defense with jobs that include monitoring dangerous gas emissions from lava flows, manning security checkpoints, building emergency housing and conducting search-and-rescue missions.

Many of these servicemen and women are volunteers and are from around the state, including some who live on the active volcanoes that make up the Big Island and never imagined they would be responding to a lava eruption disaster in their own community.



According to hurricane research scientists at Colorado State University, the 2018 hurricane season is set to be slightly above average in activity.

Thankfully that’s better than the 2017 season, which cost more than $282 billion and caused up to 4,770 fatalities.  Whether we see two named storms or ten, preparation is your greatest ally against potential devastation.  Start by using these automated message templates for your organization’s mass notification system.

Using Hurricane Notification Message Templates

When using message templates, there are a few basic guidelines to follow. Start by keeping the message length to a minimum. This ensures recipients can get the most information in the least amount of time. In addition, SMS messages cannot exceed 918 characters; longer messages are broken up into multiple messages that may create confusion.

By creating message templates prior to severe weather, you can generate detailed and informative alerts for every step in your emergency plan. Then in the wake of a hurricane, these messages are ready to be sent to the right audiences. Recipients receive only those messages that apply to them, which helps to eliminate confusion during a stressful time.



Cybersecurity Committees on the Rise

We’re seeing a growing trend: organizations across diverse industries are beginning to establish committees dedicated specifically to cybersecurity. Some are assigning audit committees to the task, but there’s good reason in many cases to create a new committee. Whatever governance model is adopted, independent oversight is imperative.

“Cybersecurity risks pose grave threats to investors, our capital markets and our country.”

This is the opening sentence of the SEC’s Interpretive Guidance on Public Company Cybersecurity Disclosures dated February 21, 2018. While the SEC’s focus is primarily on effective disclosure controls and procedures for accurate and timely disclosures of cyber risks and material events, the magnitude of this topic has deep operating and compliance ramifications. The big question in boardrooms is who precisely should be responsible for cybersecurity oversight?

Many companies rationalize that cybersecurity oversight should reside with their audit committee since there are SEC disclosure ramifications. However, does this make sense considering that cyber risks extend well beyond financial reporting and SEC disclosures?  While there is no single correct answer considering the large array of risk environments, industries, organizational sizes and operating models, it is clear that cybersecurity committees are becoming more popular. A search of recent proxy statement filings with the SEC revealed 12 companies disclosing cybersecurity committees, five of which were created in the last year. This article sheds some light on these filings, as well as some considerations for cybersecurity governance.



Tuesday, 19 June 2018 15:51

Governing Cybersecurity

(TNS) — We find ourselves in another hurricane season, and Pender County, N.C., is preparing.

Are you? Are we all?

Pender just paid $18,000 to install a flood gauge on the N.C. 210 bridge over the Black River near Currie.

Last time we read about that section of 210, it was under water. Hurricane Matthew in 2016 swelled the Black River over its banks, less than 20 years after 1999’s Hurricane Floyd sent the Northeast Cape Fear and other rivers flowing into fields, homes and highways across Eastern North Carolina.

We commend Pender County for paying for the gauge even though, as Board of Commissioners Chairman George Brown noted, the state usually pays for those instruments.

The device is the county’s second one and is one of 560 river and coastal gauges that provide real-time water level information to warn residents who live and work nearby, as well as first responders and other emergency officials who need to know when roads are becoming impassible.



(TNS) — In the 13 years since Hurricane Katrina hit South Mississippi, much has changed.

A quick drive down U.S. 90 is a constant reminder of the past — the things that are new and that have been rebuilt and the places that are memories of life before the storm.

One of the things that changed significantly besides the landscape is technology. Facebook was in its infancy in 2005, having been launched the year before the storm, and most social media users were using MySpace. It would also be another two years before Apple released the iPhone and helped to usher in the era of smartphones and tablets.

For many Coast residents, cellphone service was spotty, at best, in the days and weeks after Hurricane Katrina. And internet service for phones was practically nonexistent.

With Colorado State University’s Tropical Meteorology Project predicting a "busy" hurricane season for 2018, which began June 1, how will cellphone service be affected in South Mississippi?



Climate change is a growing threat for national and local governments alike.

Entire communities can be devastated by extreme weather events, including hurricanes, droughts, and wildfires, each of which are exacerbated by climate change. While natural disasters themselves are a main concern for government agencies, the public may still be at risk long after a storm has passed. Debris and toxic materials can linger in the aftermath, posing potential health hazards for communities as they attempt to rebuild.

For government agencies, this means placing more focus on preparedness and response and addressing the safety of residents and staff during the recovery phase. During Hurricane Harvey in 2017, for example, the death toll continued rising even after the storm had passed. To prevent additional injuries, emergency officials must be aware of any hazards that exist in the wake of these disasters and inform the public accordingly.



In 2018, MetricStream Research surveyed 120 respondents from 20 different industries to understand the level of GDPR awareness and preparedness across enterprises. A majority (53%) of the respondents who have implemented governance, risk, and compliance (GRC) solutions reported that they would be GDPR compliant by the May 25 deadline.

Download this report to learn more about the survey findings, including:

• The state of GDPR awareness and engagement
• The state of GDPR readiness
• GDPR compliance challenges, benefits, and spend

Access the complimentary copy of the report today.


Among the concerns about disaster-recovery, the assurance of recovery is the most important one for businesses. Data movers focus only on the test fail over procedure. In order to have resilience recovery, organizations must have disaster recovery simulation on weekly or monthly basis. Moreover, short periods of DR tests, Provides the organization, the confidence and experience necessary to respond to real emergency. Practice makes perfect.

Organizations should be able to identify failure in the recovery plan prior to actual disaster situation. It is a very challenging journey to walk through from the unknown and the risky position, to 100% Recovery assurance! The demand for a thorough, frequent automatic DR test tool become to be urgent as highly important. Organizations would like to get ready to any disaster situation. To be recovery guarantee.

During real disaster, a lot of unexpected problems will popup. you must know at least you are DR READY. Reliable disaster recovery is critical for business survival. Organizations don’t get second chance when disaster strike. During that critical demanding moment, a lot of unexpected problems will popup.

Without periodic testing, time has a way of eroding a disaster-recovery plan’s effectiveness. Most of the organizations don’t know to tell is they really DR READY.

Environmental changes can prevent servers to turn-on properly, network problems like mac address, IP address, DHCP and dissimilar infra. Application unable to run or DB inconsistent: sometimes we have notices customers who changed the number of servers that run a certain application. They didn’t know they haven’t updated the secondary site. DC that can't recover, that can shut down the entire site. Personnel dependency; Sometimes its personnel turnover, missing knowledge, availability - is he onsite or is he away. And in the end, all you get is a yearly test, which is far from being enough.

An intelligent DR test should include:

  • Automation testing that cut resources and save money
  • Determining the feasibility of the recovery process
  • Identifying areas of the plan that need modification or enhancement
  • Demonstrating the ability of the business to recover
  • Identifying deficiencies in existing procedures
  • And increasing the quality and knowledge of the people who execute the disaster-recovery

When disaster occurs, the organization got one chance to recover. DR Readiness is critical for business survival. Only short periods DR test can address that need.

Shay UriUri Shay is the chief executive officer of EnsureDR ltd., a software that simulates a disaster recovery process, automatically and frequently.

Wednesday, 13 June 2018 14:19

Are You Disaster Ready?

By TIFFANY BLOOMER, President, Aventis Systems

There’s screaming in the background. A window breaks. A peak around the cubicle reveals coworkers fleeing in terror while others hide hopelessly under their desks.

No, it’s not the end of the world. … It’s your network. Your systems failed, and critical, sensitive business data is lost permanently. It’s a data apocalypse, and your company is infected.

For any business to survive, it has to have availability. It must be up and running at all times for its customers, as well as its employees. Connections to business information must be reliable and continuous. This means backing up workstations and laptops, but also server and storage data, which is equally important.

With the exception of its employees, a business’s data is its most important asset, and a major loss can be fatal. Some 60% of small businesses that lose their data will shut down completely within just six months, yet the majority of small businesses still don’t backup their data. Why?

The good news is that downtime and lost data, productivity and revenue can be avoided if you are adequately prepared. Here are some top data backup survival tools every small business needs to avoid a data apocalypse:


Data Backup: Easy as Pi

To create a safe zone around your data, back up following this simple rule: Keep your data in three different places, on two different forms of media, with one stored offsite.

A single data center leaves you much more vulnerable than if your data is backed up in multiple places. IT best practices dictate redundancy — which includes the physical space. When the grid goes down and the zombies advance, it won’t help to have all your backup data stored in your office building.

To be safe, keep your original data plus multiple backups current at all times and store one offsite — as far away as possible! For added protection, store it in a weather-proof and fireproof safe at another geographic location.


Survival Tool #1: Backup Hardware

The first thing you need in your survival kit is the right storage device for your business environment and budget. There are four main types of backup hardware:

  • NAS — Network Attached Storage (NAS) is most often used for shared file systems joined by an ethernet network connection. It also works well for advanced applications such as file shares. Any server with attached storage can be used as NAS, allowing multiple servers or workstations to access data from a single network. The most scalable storage solution for SMBs, NAS storage equipment comes in a variety of configurable drive options and interfaces, is very versatile and includes a management interface.
  • SAN — Storage Attached Network (SAN) is a dedicated storage network for those requiring high-end storage capabilities. It provides block-level access to data at high speeds. Making large amounts of data more manageable, block-level storage allows you to control each block, or group, of data as an individual hard drive. SAN solutions are ideal for enterprise organizations because of their ability to transfer large data blocks between servers and storage.
  • DAS — Direct Attached Storage (DAS) is used to expand existing server storage with additional disks. It’s compatible with any server and is favored for its cost-saving benefits. It allows you to extend the size of your current box without an additional operating system. When used with a file server, DAS still allows user and application sharing.
  • Tape — Tape backup might be more “old school,” but it’s making a comeback in some SMB environments — primarily because it is offline. With tape, data is periodically copied from a primary storage device to tape cartridges, so you can recover it in case of a failure or hard disk crash. You can do manual backups or program them to be automatic. Tape is the least expensive way to store your data offsite because it’s light and compact, allowing you to take it with you or ship it to a holding space.
Survival Tool #2: Backup Software

If you have the right backup hardware in place, you need backup software you can trust to recover your data without compromising security.

Veeam Availability Suite is an excellent backup option for virtual machines (VMs) and physical servers. Software is managed through the same space as virtual backups. When disaster strikes, Veeam has your back with:

  • Guaranteed Availability — Get access to fast recovery time and recovery point objectives for all VM systems in less than 15 minutes for all applications and data.
  • Absolute Privacy — With licensing, your backup data is always secure with unique end-to-end encryption.
  • Long-Term Retention — Data is retained for as long as you need it with advanced native-tape support and direct-storage integrations with industry-leading storage providers like EMC, Hewlett Packard Enterprise and NetApp.
  • Built-In Disaster Recovery — With the high-level license, disaster recovery testing is built-in, and Veeam guarantees recovery point objectives of less than 15 minutes for all applications and data, as well as simplified proof of compliance with automated reporting.
Survival Tool #3: Cloud Services

When zombies, floods, hurricanes or other catastrophes wipe out the office, you’ll be glad you backed up your data offsite. Backing up everything in the cloud ensures it is always safe — no matter what happens.

What is cloud disaster recovery?

Simply put, cloud disaster recovery is a way to store and maintain copies of electronic data in a cloud storage environment to keep it safe. This way, if your system goes down, you can easily recover your company’s mission-critical data.

Why trust the cloud?

Some major benefits to managed services in the cloud include:

Business Continuity

While you’re recovering from an on-premise failure, cloud storage options will allow you to access mission-critical data and applications. As a result, your business can continue to function.

Lower Upfront Costs

Upfront costs are low, and ongoing costs are predictable, so you can more accurately budget your IT dollars.

More Time to Prep

By outsourcing data protection duties, your IT team can focus on more strategic issues.

Be Prepared

A system failure or loss of data can have catastrophic consequences on your business. To ensure you’re not left in the dark, learn more about the other tools you need and the steps you should take with this free e-book.

Choose backup hardware, software, a managed service provider and cloud storage to make sure your data is protected — no matter what or where disaster strikes. Also, don’t forget to test the local and remote backups to ensure the data you’re storing is usable.

You may not be able to predict the next tornado or save the world from walkers, but you can make sure your data survives!

About the Author

Tiffany Bloomer is president of Aventis Systems. Aventis Systems provides IT services and equipment to small and medium businesses around the world.

EAGLEVILLE, Pa. – BC in the Cloud, an integrated platform for business continuity and disaster recovery planning, today announced it will be exhibiting at the Disaster Recovery Journal’s Fall Conference “Reimagining Business Resiliency.”

The conference will be held Sept. 23-26, 2018, at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Ariz. BC in the Cloud will be showcasing its platform in Booth 506/508. Along with speaking in the Solutions Track, Andrew Witts will present Program Totality – Managing the Connectivity and Completeness of an Entire Program.

“We’re excited to have BC in the Cloud as a sponsor of our fall show,” said Bob Arnold, President, DRJ. “They have always been one of the industry thought leaders and we are thankful to have their support and sponsorship for our Fall 2018 conference”.

“BC in the Cloud is looking forward to exhibiting at another successful DRJ Conference.  Our platform can do so many amazing things, it’s great to be able to show it off in person to the DRJ attendees,” said Frank Shultz, President, BC in the Cloud.

The Disaster Recovery Journal’s conferences are the world’s largest conferences dedicated to business resiliency and expects more than 1,000 professionals who are responsible for building business resiliency and managing disaster recovery in their organizations. With more than 65 sessions, 10 deep dive workshops and 70 companies in the expo hall, attendees can participate in interactive sessions, hands-on training with cutting-edge technology, hundreds of live demos and unparalleled networking. In addition, DRJ welcomes over 85 speakers who will share their expertise and learnings in this fast-paced changing environment that is the new normal. DRJ’s Fall Conference offers attendees everything they need to build a resilient organization in four days, under one roof.

To arrange a meeting or personal demo at the conference, contact BC in the Cloud at This email address is being protected from spambots. You need JavaScript enabled to view it. or 267-341-9610.

About BC in the Cloud

BC in the Cloud provides automated tools and services for building and maintaining effective plans that streamline and simplify Continuity, Governance and Risk Management programs. The BC in the Cloud Platform evolves as an organization’s needs grow to increase resiliency, mitigate risk, and adhere to deadlines. No other platform provider offers rapid speed-to-market and robust scalability in an all-in-one solution.


Security and resilience – Business Continuity Management Systems – Guidelines for people Aspects of business Continuity

This document gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident.

This includes:

  • preparation through awareness, analysis of needs, and learning and development;
  • coping with the immediate effects of the incident (respond);
  • managing people during the period of disruption (recover);
  • continuing to support the workforce after returning to business as usual (restore).

The management of people relating to civil emergencies or other societal disruption is out of the scope of this document.



Wednesday, 06 June 2018 15:09

ISO/TS 22330:2018

MrCleanThe founder and President of Safety Projects International Inc. has a mission – to help clean up the U.S., Canada, and several other countries. However, rather than doing it himself, Dr. Bill Pomfret aka Dr Clean is getting the workers themselves to do it – which is simple in its logic but offers a huge challenge in its execution.

"The state of cleanliness affects us in every aspect of our everyday lives, whether we're a patient in a hospital, a pupil in school, a customer in a restaurant or an employee in the workplace," Dr. Bill says.

"But most people fail to realize that cleaning is a science." Treatment of the cause, not the symptoms, coupled with a healthy dose of preventive medicine, is his prescription for the endemic problem faced by most countries that he visits. First, that means completely breaking down the tolerance for filth and replacing it with a culture of cleanliness.

And second, people will have to be educated on the best ways to clean up and to stay clean. Dr. Bill is well aware of the big, big job that is cut out for him, and that it involves more than just trying to change people's attitude or mindset. That is but a starting point, even though it is a massive challenge in itself, as evidenced by the limited success of the numerous public cleanliness campaigns undertaken in many countries so far, including South Africa, the Philippines and Malaysia to name a few.

There is no question that 72-year-old Dr. Bill is committed to his cause. He has, after all, got a 40-year-old lucrative business. But to him, raising most country's standards of cleanliness is part and parcel of occupational health and safety, both curative and preventive. Five years ago, he set up the education training Center for Cleaning Science and Technology in the Philippines (CCST), the country's first such facility.

MrClean2Located in San Isidro, Nueva Ecija the center conducts, inter alia training programs for the cleaning service industry, as well as local councils, building owners, and property managers. With the primary objective of raising the status and standards of the Philippines's cleaning industry, After all, like Porta Rico for the U.S.A. the number one export from the Philippines, is its people, mostly exported as live in caregivers. The Open University’s Institute of Professional Development accredits the center’s cleaning proficiency program. Before setting up the facility, Dr Pomfret had personally audited and surveyed the way cleaning operators normally worked. Some of his findings proved to be shocking. For example, a same mop was used to clean the toilet and the kitchen; the same rag to clean the bathroom and to wipe tables in eateries; and a same pail of filthy water used to mop corridor after corridor.

His conclusion was that many contract cleaners, not restricted to the Philippines, but Internationally were simply clueless about cleaning.

Mostly, the exercise seemed to be aimed not at actually cleaning but at creating the impression that cleaning had been done, that is, not to sanitize but to look clean.

"The thing is you have to clean right," Dr Pomfret stresses. "You may not be able to control the public entirely but you can control the cleaners and the quality of cleaning." During his travels, he had also visited Singapore's Institute of Cleaning Sciences, a franchise of the British Institute of Cleaning Sciences. Graduates, and professional cleaners are required to sit a proficiency test, both theory and practical.

In most countries, it is important that building owners, property managers and local councils send their staff for formal, practical training, Dr. Pomfret adds. This is because there are today very wide ranges of cleaning machines designed for all kinds of functions. Then there are the chemicals, which must be handled properly. In addition, cleaning processes can be quite job-specific, be it the cleaning of air ducts, treatment and prevention of graffiti, maintenance of various types of surfaces or basics like chewing gum removal.

For cleaning companies, such training makes economic sense, too. For instance, without this knowledge, they will not be able to realistically device a price structure upon which to negotiate a cleaning contract. As for the prospective clients, most will recognize that it is best to go with a professional outfit to minimize the risk of ending up with a whopping bill on restoration works for a botched-up job.

"Lack of know-how among property managers is the primary cause of poor maintenance of buildings," says Dr Pomfret. "They get incompetent cleaners and these people destroy the properties.

So the management has to cough up money to do yearly restoration and refurbishing." Business owner Bill Thompson agrees. "The notion that a mop and bucket is all you need to clean is archaic.”

In most developed countries, cleaning has become a highly professional field. In fact, the 'First World Facility, Third World Mentality' complaint from visitors regarding the U.A.E. amenities can be attributed to the fact that cleaning as a process has been hugely neglected.

"The industry must become professional in the shortest time possible. As a matter of urgency, a body comprising the Government, local and city councils, training schools, suppliers, contractors and other stakeholders should be set up to draw up minimum standards," Pomfret says, some 20 years ago, I helped develop the 5 Star Health and Safety Management SystemÔ the first part I concentrated on, was housekeeping “Cleanliness and Order” this gives the employer, the biggest bang for the buck.

Arguing that Governments should be more receptive and exposed to the cleaning service industry, Pomfret - whose company has been in the health and safety business for over 50 years - says: "Right now, it's a free-for-all. Unless standards are imposed and cleaning contractors are certified and classified, many countries will continue to be plagued by poor maintenance and dirty surroundings." Dr Pomfret may remind one of a young Don Aslett, the author of numerous books on cleaning techniques and self-styled No. 1 cleaner in America, but all he dreams of is a day when no person would fear to walk into a public toilet in any country he has trained.

Meanwhile, Dr. Clean as he is known has trained staff from many companies in the Philippines and the U.A.E. South Africa and elsewhere. The going has been tough, still is, principally because of the need for him to relentlessly prod and irritate people into action, even just to see the urgency of the matter. On the positive side, he can be likened to a grain of sand in an oyster, which will one day become a pearl – and be appreciated.

DR CLEAN'S DIAGNOSIS INDUSTRY MUST BE RATIONALISED: Nobody can tell for sure about something as basic as the size of the industry. There are so many players but numbers don't guarantee quality. And there are no proper guidelines to qualify cleaning enterprises for bids to undertake a cleaning and building maintenance job.

Without guidelines on such things as a company's manpower, technological and management capacity as well as know-how, anyone with minimal or zero knowledge can bid for contracts. Unlike in the construction industry where contractors are graded, there is no classification of cleaners based on professional competence.

THE CLEANERS, THEY MUST BUCK UP: Cleaning know-how and cleaning product knowledge are not fully pursued by cleaners. Unlike the UK and Singapore, which imposes practical and theory tests on would-be cleaning operatives (questions range from which chemical to use on which type of surface to which color pad to use for which scrubber machine for which function), most western countries cleaning service industry operates on the basis of: “even my grandmother can do that job”.

WHAT STANDARD? There are no established standards for cleanliness.

Lack of education on the part of the authorities (such as local councils), building owners and property managers and employers, as well as the cleaners themselves is a major obstacle against the much-needed professionalisation of the industry. "Our architectural and engineering ability has reached the point where we can build the world's tallest buildings but our cleaning and maintenance ability has lagged far behind." WHAT BENCHMARK? There is no benchmark for players to strive to match and maybe exceed, with a view to promoting the development of the International cleaning service industry to the level where it can compete in the international market and export cleaning services. "The Government should nurture the industry so that it will reach that level."

Dr Bill Pomfret; MSc, FIOSH; RSP. Can be contacted: 26, Drysdale Street, Kanata, Ontario, K2K 3L3. Tel: 613-2549233; Website www.spi5star.com; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it..

Thursday, 24 May 2018 20:14

The Importance of Professional Cleaning

Community bank strengthens enterprise-wide business continuity program and vendor risk management capabilities

Fusion logoWith 53 branches, multiple ATMs, and banking seven days a week at two locations, TBK Bank strives to do the right thing to make customers’ lives better and easier.

Now, the bank has done the right thing for its customers by doing the right thing for its business continuity program, moving in just six months from a legacy planning tool to a data-centric business continuity management program built on the Fusion Framework® System™.  

The power of the solution creates synergies that allow the business continuity program to continue to grow and mature, taking on high priorities that were previously out of scope such as vendor risk management. This has significantly improved TBK Bank’s risk profile, with the end result being a greater ability to deliver great customer service at all times under any circumstances.

TBK Bank’s ongoing success has been accelerated with a regular infusion of Fusion’s creative Fuel offering and by connecting with the Fusion Community where best practices and new ideas are openly shared.

Making Business Continuity Holistic and Actionable

logo 2xTBK Bank recognizes the criticality of being always available for its customers. When the time came to move away from the lightweight legacy product the bank used for its business continuity program, Deb Wagamon, Business Continuity Manager at TBK Bank, examined the options in the marketplace. One of the vendors she contacted was Fusion Risk Management.

Wagamon explained why Fusion piqued her interest: “The first thing that impressed me was the fact that they were extremely interested in what I was doing and what my hindrances were and how they could help us. They didn’t start out like a normal vendor with ‘I can sell you this. This is what we can do for you.’ That told me I had a partner, rather than just a vendor trying to get money out of my company.”

Fusion rose to the top of the potential vendors because of the opportunity Wagamon had to try out the system. “They gave me a month trial period where I could enter my program’s data into the system and test it,” stated Wagamon. “Other vendors were offering much shorter trial periods – only a few days to a week. Plus, not only did Fusion allow me the sandbox to test in, but I was able to bounce questions off of Fusion personnel while I was doing it. Even before I was a customer, it was like I had a whole team helping bring my vision to life using the Fusion Framework System.

Recognizing that Fusion would make TBK Bank’s future business continuity goals possible in ways other vendors could not match, Wagamon committed to the Fusion Framework System.

The system brought together all of TBK Bank’s business continuity plans into one accessible and actionable location. Vulnerabilities and gaps were identified and remediated. Such a transformation would typically take years via a traditional approach, however, the Fusion Framework and its flexible, information-based approach and robust plan management infrastructure enabled the TBK Bank business continuity team to instill best practices in the program without starting from scratch. Wagamon affirmed, “It took me just six months to take my plan from ‘basic’ to ‘robust.’”

Managing Vendor Risk

TBK Bank worked with Fusion not only to leverage the Fusion Framework System for business continuity, but also to improve vendor risk management. Previously, Wagamon had vendor information in multiple places, so it was hard to manage, keep up to date, and pull together in the event of an audit. With over 350 vendors in play, she knew it was only a matter of time before something crucial was missed, with significant ramifications. “Trying to manage all the due diligence, contracts, and everything was becoming a nightmare. I had to get the vendor data into some kind of an automated tool,” explained Wagamon.

TBK Bank leveraged the flexibility and configurability of the Fusion Framework System to create a vendor management solution aligned with its specific needs. “I truly feel confident, because the Fusion Framework System handles everything. Processes are automated to eliminate human error. The system sends me an e-mail whenever I have to update insurance. If I’ve got a contract that’s coming up in 90 days, the business owner gets an e-mail saying, ‘Do you want to renew this or do you want to terminate?’ All I do now is manage.”

Plus, because the information foundation created by the Fusion Framework now contains comprehensive vendor data, the vendor risk management program is fully integrated with the business continuity program. This results in greater engagement of users and stronger end-to-end business continuity plans.

Fueling Further Success

To further the success of its business continuity program, TBK Bank took advantage of Fusion’s unique offering known as Fuel which pairs Wagamon’s group with an industry expert and a team of Fusion product experts. The team keeps TBK Bank’s program focused on the right priorities and provides expertise impossible to get from an internal resource. Wagamon noted, “This has been wonderful for me. I meet with an expert on a monthly basis and talk about my objectives for the next budget year, get help to resolve any issues I might have, and learn how to use the system to its fullest advantage.”

Additionally, Wagamon has benefited greatly from the knowledge sharing opportunities that are regularly available as a member of the Fusion community. Wagamon attends Fusion industry user groups, where she learns from her peers. She affirmed, “There’s always more to Fusion – it doesn’t matter how much you’re learning or how far you’ve come in the last two or three years, there’s just so much depth. The user groups are wonderful for allowing you to connect with the Fusion community, learn from fellow peers, and understand all the areas where Fusion can assist you.

Wagamon has been thrilled to share her experience with others. “I’ve been able to sit down with someone who is as frustrated as I used to be and tell them my story,” she stated. “Normally, I don’t make a stand and speak out in public about vendors, but with Fusion, I do.”

Thursday, 24 May 2018 17:45

Business Continuity You Can Bank On

Many organizations use templates to help them craft their business continuity plans.

In our opinion, this is an excellent way of going about doing it.

The “good” of using templates is significant and will be sketched out below.

If there is an “ugly” part about using templates, it’s what happens when organizations mistake filling out a template with the thought and analysis that comes with actual planning.

That being said, we commonly see more problems when organizations don’t use templates as a guide or standard for their planning efforts.

A surprisingly large number of organizations forgo the convenience and support of templates for a cooking-from-scratch approach. Moreover, they frequently have lots of different cooks.

Such organizations commonly task different individuals from across the company with writing the recovery plans for their respective departments. You can imagine the results: A large collection of mismatched plans varying widely in quality, comprehensiveness, level of detail, organization, and formatting. Some of these plans are liable to be excellent and some barely adequate. Many will have significant gaps, and since there’s no companywide documentation standard, they will probably all be confusing to anyone from outside the department who has to use them in an emergency. Talk about ugly.

In terms of the “bad” aspects of using templates, there really aren’t many. However there are some precautions you should keep in mind which using them, and which we’ll spell out in a moment.



Bluelock is pleased to announce that we’ve achieved an industry-leading Net Promoter Score (NPS) of 92 for Disaster Recovery-as-a-Service (DRaaS). The NPS is judged on a scale of -100 to + 100, with a rating of 50 considered excellent.

The NPS is a rolling 12-month score and is Bluelock’s primary measure of client satisfaction, considered a company-level metric of success. “Our clients’ satisfaction is our utmost priority and we’re pleased to see an NPS of 92 reflecting that commitment,” said Bluelock EVP of Product & Service Development Jeff Ton.

Additionally, we have a near 5 out of 5 stars on G2 Crowd, a customer review site. To read more about Bluelock’s unique recovery solutions, visit our Recovery Suite webpage. If you’d like to learn more about DRaaS, visit the Practical Guide to DRaaS, an ungated resource center.

 In 2017, Bluelock scored an average DRaaS NPS of 88, up 24 points from 2016. 2018’s NPS of 92 raises the company’s score to a near perfect rating. Bluelock DRaaS has also achieved a current rating of 4.7 out of 5 on Gartner Peer Insights and a 4.9 out of 5 on G2 Crowd.

This announcement follows Bluelock’s acquisition by InterVision, announced in March. For more information on Bluelock and its offerings, please visit www.bluelock.com.

Data centres are far from simple storage facilities of bits and bytes. Over the last two decades consumers and businesses have dramatically transformed the way data is stored, processed and used. Gone are the days of data centres being a siloed concern of IT technicians, it is now an issue that concerns all aspects of business right up to board members. But what does the future hold for data centres?

We investigate the current data centre, examining how it works and offering insight into how digital transformation will affect the data centre landscape.



Emergency backup system provides customized sophisticated control functions

By Russelectric

In the aftermath of Hurricane Katrina, which hit New Orleans in 2005, the U.S. Veterans Administration (VA) initiated a major program to upgrade emergency/backup power systems at VA hospitals in hurricane zones. James A. Haley Veterans’ Hospital, located in Tampa, Florida, completed a major power plant renovation as part of the national upgrade. The $47 million renovation to the power plant includes a backup system capable of covering all electrical loads for 120 hours (without refueling) in an event of an outage. Included in the upgrade was a supervisory control and data acquisition (SCADA) system from Russelectric, which provides round the clock customized interactive monitoring, trending, distributed networking, alarm management, and reporting capabilities for the entire power system.

Russ23Haley Hospital awarded the bid for the SCADA system to Russelectric, based in Hingham, Massachusetts, which provided power control switchgear, transfer switches, and SCADA for the emergency backup system. The system provides sophisticated control functions, including emergency/standby power, peak shaving, load curtailment, utility paralleling, cogeneration, and prime power.

VA upgrades emergency system in response to Hurricane Katrina

James A. Haley Veterans’ Hospital, a teaching hospital affiliated with the adjacent University of South Florida College of Medicine, provides a full range of patient services with state-of-the-art technology and research. Haley is the busiest of four national VA polytrauma facilities. It has 415 beds, plus another 118 beds in an onsite long-term care and rehabilitation facility. The system also includes four outpatient clinics serving a four-county area.

As part of the national emergency/backup power system upgrade, Haley Hospital completed a major power plant renovation. One of the key project goals was to ensure continuous air conditioning as well as operation of life-safety and other critical equipment.

The hospital’s former backup power system included nine on-site generators, but could still only cover life-safety loads (45 percent of the total load) in the event of a utility outage. According to Haley’s electrical shop supervisor Bill Hagen, the old system resulted in major headaches, especially its dynamic matrix control. “We had nothing but problems with it,” he recalls. “We never got it to work in parallel. It couldn’t even generate a monthly testing report.”

In contrast, the new backup system covers all electrical loads for 120 hours without refueling. It handles every load for 9 buildings, 15 trailers that make up an on-campus clinic, and a parking garage – with just 7 generators. Each of the new 13,200-VAC Caterpillar diesel generators produces 2,200 kilowatts (kW) of power.

Another improvement is the hospital’s renovated fuel system. The former system had a capacity of 22,000 gallons, and the storage tanks were spread out over several locations. The new tank farm has four 12,000-gallon tanks. With another 6,000-gallon tank under each generator, the system now has a total capacity of 90,000 gallons.

New SCADA system provides customized round the clock monitoring and reporting

Russ22The system includes a state-of-the-art SCADA system, which features software and screen displays customized by Russelectric for the hospital’s site-specific needs. It provides interactive monitoring, real-time and historical trending, distributed networking, alarm management, and comprehensive reports around the clock for every detail of the entire power system, not just for the backup components.

In addition to monitoring power quality, the SCADA system includes continuous monitoring of fuel consumption by each generator and the level of fuel in every tank. With SCADA, an operator can easily monitor and control a facility’s entire power system using full-color “point and click” interactive computer-screen displays at the system console.

For example, the operator can access and change the system’s PLC setpoints, display any of the analog or digital readouts on switchgear front panels, run a system test, or view the alarm history. A dynamic one-line diagram display uses color to indicate the status of the entire power system, including the positions of all power switching devices. Operating parameters are displayed and updated in real time; flashing lights on the switchgear annunciator panel also flash on the SCADA screen. Event logging, alarm locking, and help screens are standard.

“The SCADA is so sensitive that it detects and explains even the slightest anomaly, including those in the utility feeds,” says Byron Taylor, the hospital’s lead power plant operator. “A number of times we’ve called Tampa Electric Company (TECO) because we saw something happening, and they had no idea they even had a problem yet! The stuff the system does is phenomenal. It gives us more data than we ever need for an average day, but it’s tremendous that we have it when we do need it.”

Required system testing no longer results in disruptions

Russ21To meet state and federal regulations, backup generators must be tested every month. Thanks to the new system’s capability for closed-transition transfer, the tests no longer require power interruptions that interfere with hospital loads.

The system allows operators to carry out the tests in two different ways. They can parallel the output of all seven generators to the utility feed, or they can test one generator at a time, up to its full output, using a special 2-megawatt (MW) load bank that has an independent control panel. Testing can be initiated manually or through SCADA.

“It’s so much easier now,” says Hagen. “We’ll never again have to pay a testing firm to come out and test an engine to make sure it meets all the requirements.” Unlike most hospitals, Haley has the luxury of four utility feeds. On a normal day, it draws from two of these (primary) feeds. This means that, except for testing, Haley does not have to start its generators until it loses three or more utility feeds.

With advance notice from the utility that an outage is likely, Haley’s power plant personnel can now parallel the utility feeds with their own generators, then switch to on-site power seamlessly with a closed-transition transfer. If there is an unexpected outage (and during automatic transfer switch testing), there will be a 1 to 10 second “blip”, depending on the load. For life-safety and other critical loads, the blip is only 1-3 seconds. Blips for other loads are adjustable; most are set for 8-10 seconds.

Additional capabilities provide extra layer of confidence

The new power system provides many more capabilities than the previous system.

“We’ve had some storms come through, and it has been really nice because we do not have to worry,” says Taylor. “One time, we saw the storms coming and TECO asked us to drop off the grid. We fired up our generators, and we operated on our own power for 17 hours, while TECO concentrated on restoring power to its residential customers. That sort of thing has happened several other times for shorter perods, and there has never been a problem.” Hagen particularly appreciates the quality of the power from the backup system. “We get more blips from TECO than we do from our system,” he notes. “It is exceptionally smooth.”

Technical support and training helps team understand system capabilities

The Haley team worked hand-in-hand with Russelectric’s local field service engineer Jim Bourgoin for seven months. “During installations, Jim helped the contractors interpret the design whenever they were puzzled,” Hagen says. “Afterwards, he stuck around to help us get things up and running. It took a lot just to understand everything this system can do. I already had a background in this, but it took quite a bit of training to really get up to speed.”

Taylor recalls, “There has not been one time when I have called Jim for an alarm or with questions about the system – whether at midnight or later – that he didn’t answer the phone and help me. The service he provides is exceptional, and it has been that way since day one. To me, that’s worth just as much as the system itself.”

Taylor adds that local Russelectric sales representative Tom Crider was also deeply involved throughout the project, answering questions, facilitating the installation and training Taylor’s staff.

System designed to grow to meet hospital’s future needs

The fact that the system is designed to allow for modifications as the hospital continues to grow is a huge benefit. Concludes Taylor, “With this new power system, we have seen what is possible. It provides us with the information we need to analyze our power usage and consider new possibilities – opportunities we never would have considered before.”

Russ11Ensures seamless delivery of normal and emergency power to all loads

By Russelectric

Rex Hospital, in Raleigh, NC, has upgraded its backup power system, ensuring the seamless delivery of both normal and emergency power to all its existing loads – as well as those anticipated by growth over the next several decades, with the addition of a powerful supervisory control and data acquisition (SCADA) system from Russelectric. Customized to the hospital’s unique load profile and specific needs, the system provides Rex with significant increases in reliability, redundancy, and flexibility.

Hospital seeks reliable system with superior equipment

Russ12Rex Hospital, the flagship of not-for-profit Rex Healthcare, treats tens of thousands of inpatients every year. The staff includes over 2,000 physicians and nurses, who also provide services at affiliated clinics and other facilities throughout the surrounding area.

As its facility continued to expand, Rex looked to upgrade its existing open transition power system design, which included an interruption of service during the transition between utility power and generator power. The system also relied on generators and fuel tanks on flatbed trucks to provide additional capacity during construction or when adequate power could not be delivered to the hospital load.

Facility services director Mike Raynor proposed a fail-safe, closed transition system that would allow for a transfer between utility and generator sources without interruption of power to the hospital (which is a more costly approach to open transition systems where additional power interruptions can happen on retransfers). Says Raynor, “People would have noticed a difference if the power went out or came back on, like when there is an outage at your house. There is just no need for a hospital to go through that in this day and age.”

“It would have taken us back many years,” agrees Raynor’s longtime engineering consultant, Travis Jackson. “We like closed transition, and we already had the capability to do paralleling and load curtailment. We certainly didn’t want to give those up.”

The team understood the advantages of the closed transition design and convinced management that the slightly higher first cost of a closed transition system would deliver cost savings over the life of the system and would be well worth the investment over the long term. They successfully presented their case to the hospital’s executives, medical staff, and regulatory officials.

New system offers greater reliability, more redundancy and increased flexibility

The design implemented meant replacing the utility substation and making it more reliable, as well as relocating the switches and switchgear from cramped quarters in the main hospital building to a newly constructed central energy plant. The entire project and system switchover was completed with only a single, planned 10-second outage.

The new comprehensive power system provides the hospital with more reliability, more redundancy, and more flexibility. The plan takes anticipated growth into account, with enough emergency capacity (8.25 megawatt) to handle a proposed 7-story heart center and future cancer center addition.

Rex uses an N+1 arrangement – which means it can take one generator out of service and still retain adequate capacity. The plan replaced three 1.25 MW generators with two Caterpillar 3MW generators, and kept an existing Caterpillar 2.25 MW generator. There is room to add more switchgear and circuit breakers. An automatic transfer switch and an uninterruptible power system have been added to protect the hospital’s data center.

There are two 40,000 gallon underground fuel tanks, and the system maintains fuel in each generator’s emergency 150-gallon “day tank” at all times. Fuel capacity for the previous system was 60,000 gallons – one-third less than the new system. With all tanks full, the hospital could meet its own peak demand (about 5,200 kW) for almost six days. However, since that peak is reached only for short periods on the warmest summer days, the hospital could probably operate under its own power for more than nine days for much of the year.

The hospital’s new substation consists of four utility-owned, pad mounted 2,500 kilovolt-amp (kVA) paralleled transformers providing a total utility capacity of 10,000 kVA (10 mVA). The hospital assumes ownership at the transformer secondaries, which are connected to the hospital’s outdoor switchgear. When an outage occurs, the switchgear automatically disconnects from the utility by opening four 1,200 amp circuit breakers, and simultaneously sends a signal to start the generators.

Based on its present peak load, the hospital can continue to operate without interruption should there be a loss of one transformer. If two or more utility transformers were lost, the hospital’s generators will start and parallel while the outdoor switchgear disconnects from the utility system. The hospital will then remain on the generator source until the utility source is restored, at which time the generators will parallel with the recovered source. Once the utility voltage has stabilized, it will reconnect to the hospital load without interruption.

The utility’s transformer primaries are served by two 25 kV utility feeders from separate distribution systems. Though both are energized, the hospital can draw from only one at a time. If the active feeder is lost, the utility can manually switch the hospital to the backup 25 kV source at the hospital’s substation.

New SCADA system enables monitoring and control

Russ13Another important feature of Rex Hospital’s comprehensive power system is the SCADA system, designed by Russelectric. Based in Hingham, Massachusetts, Russelectric develops systems that can provide sophisticated control functions, including emergency/standby power, peak shaving, load curtailment, utility paralleling, cogeneration, and prime power.

The SCADA system includes software and screen displays customized for the hospital’s needs. It provides interactive monitoring, real-time and historical trending, distributed networking, alarm management, and comprehensive reports around the clock for every detail of the entire power system, not only the backup components.

With this system, technicians can fully monitor and control the entire power system from the control room at the central agency plant. An operator uses full-color “point and click” computer-screen displays at the system console to access and change the system’s PLC setpoints, display any of the analog or digital readouts on switchgear front panels, run a system test, or view the alarm history. A dynamic one-line diagram display uses color to indicate the status of the system, including the positions of all power switching devices. Operating parameters are displayed and updated in real time; flashing lights on the switchgear annunciator panel also flash on the SCADA screen. The system also includes event logging, alarm locking, and help screens.

The system allows the scheduling of tests and automatically generates regular reports required by the Joint Commission on the Accreditation of Healthcare Organizations. In the event of an internal failure, the SCADA system can rapidly and automatically configure a path to bypass the failure and re-energize the system without starting the generators.

The SCADA system’s full manual backup was another key advantage. If the touchscreen fails, operating personnel can manually open and close breakers, synchronize and parallel the generators onto the bus, and add or shed load. Other manufacturers’ systems do not provide for full manual operation.

The SCADA system includes a simulator that shows trainees what to expect when they lose a feed, open or close a breaker, or add or remove load. The simulator uses the same control logic software as the switchgear’s programmable logic controllers. The crew also uses the simulator during startup and for trouble-shooting, system improvements, preview testing, and tours.

According to Raynor, Russelectric was the only supplier that could meet his team’s specifications. “A project like this requires a high level of support service and time to get a reliable, yet flexible system. None of the other competitors was willing to step up.” Consulting engineer Travis Jackson, PE, agrees, adding that the Russelectric equipment has welded construction and is sturdy, durable, and extremely reliable.

New system enables peak shaving

The new system enables the hospital to do peak shaving, supplying some of the hospital’s power while the utility is supplying the rest, thereby saving on utility demand charges. The system does not contribute power to the grid, but its load curtailment capabilities means it can respond quickly if the utility asks the hospital to reduce demand on the grid by a specified amount. The resulting contractual rebates lower the hospital’s overall energy costs. For example, if the utility experiences an unusually high demand for power for air conditioning during a heat wave, under their contract they may ask the hospital to generate its own power for a specified amount of time. On average this type of request happens only once or twice per year.

Summing it all up

Commenting on the success of the project, facility services director Raynor says, “The hospital needed a new and modern system that built on what we had already. Working closely with Russelectric, we came up with a very sophisticated system, and we’re at a point now where the system is functioning as we expected ― all the hospital’s electrical needs are covered.”

By CONNOR COX, Director of Business Development, DH2i (http://dh2i.com)

In 2017, many major organizations—including Delta Airlines and Amazon Web Services (AWS)—experienced massive IT outages. Despite the reality of a growing number of internationally publicized outages like these, an Uptime Institute survey collected by 451 Research had some interesting findings. While the survey found that a quarter of participating companies experienced an unplanned data center outage in the last 12 months, close to one-third of companies (32 percent) still lack the confidence that they are totally prepared in their resiliency strategy should a disaster such as a site-wide outage occur in their IT environments. 

Cox1Much of this failure to prepare for the unthinkable can be attributed to three points of conventional wisdom when it comes to disaster recovery (DR)

  • Comprehensive, bulletproof DR is expensive

  • Implementation of true high availability (HA)/DR is extremely complex, with database, infrastructure, and app teams involved

  • It’s very difficult to configure a resiliency strategy that adequately protects both new and legacy applications 

Latency is also an issue, and there’s also often a trade-off between cost and availability for most solutions. These assumptions can be true when you are talking about using traditional DR approaches for SQL Server. One of the more predominant approaches is the use of Always On Availability Groups, which provides management at the database level as well as replication for critical databases. Another traditional solution is Failover Cluster Instances, and you can also use virtualization in combination with one of the other strategies or on its own.

There are challenges to each of these common solutions, however, starting with the cost and availability tradeoff. In order to get higher availability for SQL Server, it often means much higher costs. Licensing restrictions can also come into play, since in order to do Availability Groups with more than a single database, you need to use Enterprise Edition of SQL Server, which can cause costs to rapidly rise. There are also complexities surrounding these approaches, including the fact that everything needs to be the same, or “like for like” for any Microsoft clustering approach. This can make things difficult if you have a heterogeneous environment or if you need to do updates or upgrades, which can incur lengthy outages.

But does this have to be so? Is it possible to flip this paradigm to enable easy, cost-effective DR for heavy-duty applications like SQL Server, as well as containerized applications? Fortunately, the answer is yes—by using an all-inclusive software-based approach, DR can become relatively simple for an organization. Let’s examine the how and why behind why I know this to be true.

Simplifying HA/DR

The best modern approach to HA/DR is one that encapsulates instances and allows you to move them between hosts, with almost no downtime. This is achieved using a lightweight Vhost—really just a name and IP address—in order to abstract and encapsulate those instances. This strategy provides a consistent connection string.

Crucial to this concept is built-in HA—which gives automated fault protection at the SQL Server instance level—that can be used from host to host locally, as well as DR from site to site. This can then be very easily extended to disaster recovery, creating in essence an “HA/DR” solution. The solution relies on a means of being able to replicate the data from site A to site B, while the tool manages the failover component of rehosting the instances themselves to the other site. This gives you many choices around data replication, affording the ability to select the most common array replication, as well as vSAN technology or Storage Replica.

Cox2So with HA plus DR built in, a software solution like this is set apart from the traditional DR approaches for SQL Server. First, it can manage any infrastructure, as it is completely agnostic to underlying infrastructure, from bare metal to virtual machines or even a combination. It can also be run in the cloud, so if you have a cloud-based workload that you want to provide DR for, it’s simple to layer this onto that deployment and be able to get DR capabilities from within the same cloud or even to a different cloud. Since it isn’t restricted in needing to be “like for like,” this can be done for Windows Server all the way back to 2008R2, or even on your SQL Server for Linux deployments, Docker containers, or SQL Server from 2005 on up. You can mix versions of SQL server or even the operating system within the same environment.

As far as implications for upgrades and updates, because you can mix and match, updates require the least amount of downtime. And when you think about the cost and complexity tradeoff that we see with the traditional solutions, this software-based tool breaks that because it facilitates high levels of consolidation. Since you can move instances around, users of this solution on average stack anywhere from 5 to 15 SQL Server instances per server with no additional licensing in order to do so. This understandably results in a massive consolidation of the footprint for management and licensing benefits, enabling a licensing savings of 25 to 60 percent on average.

There is also no restriction around the edition of SQL Server that you must use to do this type of clustering. So, you can do HA/DR with many nodes all on Standard Edition of SQL Server, which can create huge savings compared to having to buy premium software editions. If you’ve already purchased these licenses, you can use them later, reclaiming the licenses for future use.

Redefining DB Availability

How does this look in practice? You can, for example, install this tool on two existing servers, add a SQL Server instance under management, and very simply fail that instance over for local HA. You can add a third node that can be in a different subnet and any distance away from the first two nodes, and then move that instance over to the other site—either manually or as the result of an outage.

By leveraging standalone instances for fewer requirements and greater clustering ability, this software-based solution decouples application workloads, file shares, services, and Docker containers from the underlying infrastructure. All of this requires no standardization of the entire database environment on one version or edition of the OS and database, enabling complete instance mobility from any host to any host. In addition to instance-level HA and near-zero planned and unplanned downtime, other benefits include management simplicity, peak utilization and consolidation, and significant cost savings.

It all comes down to redefining database availability. Traditional solutions mean that there is a positive correlation between cost and availability, and that you’ll have to pay up if you want peak availability for your environment. These solutions are also going to be difficult to manage due to their inherent complexity. But you don’t need to just accept these facts as your only option and have your IT team work ridiculous hours to keep your IT environment running smoothly. You do have options, if you consider turning to an all-inclusive approach for the total optimization of your environment.

In short, the right software solution can help unlock huge cost savings and consolidation as well as management simplification in your datacenter. Unlike traditional DR approaches for SQL Server, this one allows you to use any infrastructure in anyw mix and be assured of HA and portability. There’s really no other way that you can unify HA/DR management for SQL Server, Windows, Linux, and Docker to enable a sizeable licensing savings—while also unifying disparate infrastructure across subnets for quick and easy failover.

Cox ConnorConnor Cox is a technical business development executive with extensive experience assisting customers transform their IT capabilities to maximize business value. As an enterprise IT strategist, Connor helps organizations achieve the highest overall IT service availability, improve agility, and minimize TCO. He has worked in the enterprise tech startup field for the past 5 years. Connor earned a Bachelor of Science in Business Administration from Colorado State University and was recently named a 2017 CRN Channel Chief.



As a Business Continuity practitioner with more than 20 years of experience, I have had the opportunity to see, review and create many continuity and disaster recovery plans. I have seen them in various shapes and sizes, from the meager 35 row spreadsheet to 1,000 plus pages in 3-ring binders. Reading these plans, in most cases, the planners’ intent is very evident – check the  “DR Plans done” box.

There are many different types of plans that are called in to play when a disruption occurs, these could be Emergency Health & Safety, Crisis Management Plans, Business Continuity, Disaster Recovery, Pandemic Response, Cyber Security Incident Response, and Continuity of Operations Plans (COOP) etc.

The essence of all these plans is to define “what” action is to be done, “when” it has to be performed and “who” is assigned the responsibility.

The plans are the definitive guide to respond to a disruption and have to be unambiguous and concise, while at the same time providing all the data needed for informed decision making.



Wednesday, 02 May 2018 14:15

DR Plans – The What, When & Who

By Tim Crosby

PREFACE: This article was written before ‘Meltdown’ and ‘Spectre’ were announced – two new critical “Day Zero” vulnerabilities that affect nearly every organization in the world. Given the sheer number of vulnerabilities identified in the last 12 months, one would think patch management would be a top priority for most organizations, but it is not the case. If the “EternalBlue” (MS17-010) and “Conflicker” (MS08-067) vulnerabilities are any indication, I have little doubt that I will be finding the “Meltdown” and “Spectre” exploits in my audit initiatives for the next 18 months or longer. This article is intended to emphasize the importance of timely software updates.

“It Only Takes One” – One exploitable vulnerability, one easily guessable password, one careless click, one is all it takes. So, is all this focus on cyber security just a big waste of time? The answer is NO. A few simple steps or actions can make an enormous difference for when that “One” action occurs.

The key step everyone knows, but most seem to forget is keeping your software and firmware updated. Outdated software provides hackers the footholds they need to break into your network as well as privilege escalation and opportunities for lateral movement. During a recent engagement, 2% of the targeted users clicked on a link with an embedded payload that provided us shell access into their network. A quick scan identified a system with a Solaris Telnet vulnerability that was easily exploitable and allowed us to establish a more secure position. The vulnerable Solaris system was a video projector to which no one gave a second thought, even though the firmware update had existed for years. Our scan thru this projector showed SMBv1 traffic so we scanned for “EternalBlue”; targeting 2008 servers due to the likelihood that they would have exceptions to the “Auto Logoff” policy and would be a great place to gather clear text credentials for administrators or helpdesk/privileged accounts. Several of these servers were older HP Servers with HP System Management Home Pages, some servers were running Apache Tomcat with default credentials (should ring a bell – the Equifax Argentina hack), a few running JBoss/JMX and even a system vulnerable with MS09-050.

The vulnerabilities make the above scenario possible have published exploits readily available in the form of free opensource software designed for penetration testing. We used Metasploit Framework to exploit a few of the “EternalBlue” vulnerable systems, followed the NotPetya script and downloaded clear text credentials with Mimikatz. Before our scans completed, we were on a Domain Controller with “System” privileges. The total time from “One careless click” to Enterprise Admin: less than 2 hours.

The key to our success?? Not our keen code writing ability, not a new “Day 0” vulnerability, not a network of super computers, not thousands of IOT devices working in unison, it wasn’t even a trove of payloads we purchased with Bitcoin on the Dark Web. The key was systems vulnerable to widely publicized exploits with widely available fixes in the form of updated software and/or patches. In short, outdated software. We used standard laptops running Kali or Parrot Linux operating systems with widely available free and/or opensource software, most of the which come preloaded on those Linux distributions.

The projector running Solaris is not uncommon, many office devices including printers and copiers have full Unix or Linux operating systems with internal hard drives. Most of these devices go unpatched and therefore make great pivoting opportunities. These devices also provide an opportunity to gather data (printed or scanned documents) and forward them to an external FTP site off hours, this is known as a store and forward platform. The patch/update for the system we referenced above has been available since 2014. Many of these devices also come with WiFi and/or Bluetooth enabled interfaces even when connected directly to the network via Ethernet, making them a target to bypass your firewalls and WPA2 Enterprise security. Any device that connects to your network, no matter how small or innocuous, needs to be patched and/or have software updates applied on a regular basis as well as undergo rigorous system hardening procedures including disabling unused interfaces and changing default access settings. This device with outdated software extended our attack long enough to identify other soft targets. Had it been updated/patched, our initial foothold could have vanished the first-time auto logoff occurred.

Before you scoff or get judgmental believing only incompetent or lazy network administrators or managers could allow this to happen, slow down and think. Where do the patch management statistics for your organization come from? What data do you rely on? Most organizations gather and report patching statistics based on data directly from their patch management platform. Fact – systems fall out of patch management systems or are never added for many reasons, such as: a GPO push failed, a switch outage during the process, systems that fall outside of the patch managers responsibility or knowledge (printers, network devices, video projector, VOIP Systems). Fact – Your spam filter may be filtering critical patch fail reports, this happens far more often than you might imagine.

A process outside of the patching system needs to verify every device is in the patch management’s system and that the system is capable of pushing all patches to all devices. This process can be as simple and cost effective as running and reviewing NMAP scripts on or as complex and automated as commercial products such as Tenable’s Security Center or BeyondTrust’s Retina that can be scheduled to run and report immediately following the scheduled patch updates. THIS IS CRITICAL! Unless you know every device connected to your network; wired, wireless or virtual and where it’s patch/version health status, there are going to be wholes in your security. At the end of this process, no matter what it looks like internally, the CISO/CIO/ISO should be able to answer the following:

  • Did the patches actually get applied?

  • Did the patches undo a previous workaround or code fix?

  • Did ALL systems get patched?

  • Are there any NEW critical or high-risk vulnerabilities that need to be addressed?

There are probably going to be devices that need to be manually patched, there is a very strong likelihood that some software applications are locked into vulnerable versions of Java, Flash or even Windows XP/2003/2000. So, there are devices that will be patched less frequently or not at all. Many organizations simply say, “That’s just how it is until manpower or technology changes - we just accept the risk”.

That may be a reasonable response for your organization, it all depends on your risk tolerance. What about Firewall or VLANs with ACL restriction for devices that can’t be patched or upgraded if you have a lower risk appetite?? Why not leverage virtualization to reduce the security surface area of the that business-critical application that needs to run on an old version of Java or only works on 2003 or XP? Published application technologies from Citrix, Microsoft, VMware or Phantosys fence the vulnerabilities into a small isolated window that can’t be accessed by the workstation OS. Properly implemented, the combination of VLANs/DMZs and Application Virtualization reduces the actual probability of exploit to nearly zero and creates an easy way to identify and log any attempts to access or compromise these vulnerable systems. Once again these are mitigating countermeasure when patching isn’t an option.

We will be making many recommendations to our clients including multi-factor authentication for VLAN access, changes to password length and complexity, and additional VLAN. However, topping the list of suggestions will be patch management and regular internal vulnerability scanning, preferably as the verification step for the full patch management cycle. Keeping your systems patched makes sure when someone makes a mistake and lets the bad guy or malware in – they have nowhere to go and a limited time to get there.

As an ethical hacker or penetration tester, one of the most frustrating things I encounter is spending weeks of effort to identify and secure a foothold on a network only to find myself stuck; I can’t escalate privileges, I can’t make the session persistent, I can’t move laterally, ultimately rendering my attempts unsuccessful. Though frustrating for me, this is the optimal outcome for our clients as it means they are being proactive about their security controls.

Frequently, hackers are looking for soft targets and follow the path of least resistance. To protect yourself, patch your systems and isolate those you can’t. By doing so, you will increase the level of difficulty, effort and time required rendering a pretty good chance they will move on to someone else. There is an old joke about two guys running from a bear, the punch line applies here as well – “I don’t need to be faster that the bear, just faster than you…”

Make sure ALL of your systems are patched, upgraded or isolated with mitigating countermeasure; thus, making you faster than the other guy who can’t outrun the bear.

About Tim Crosby:

Crosby TimTimothy Crosby is Senior Security Consultant for Spohn Security Solutions. He has over 30 years of experience in the areas of data and network security. His career began in the early 80s securing data communications as a teletype and cryptographic support technician/engineer for the United States Military, including numerous overseas deployments. Building on the skillsets he developed in these roles, he transitioned into network engineering, administration, and security for a combination of public and private sector organizations throughout the world, many of which required maintaining a security clearance. He holds industry leading certifications in his field, and has been involved with designing the requirements and testing protocols for other industry certifications. When not spending time in the world of cybersecurity, he is most likely found in the great outdoors with his wife, children, and grandchildren.

Just when you were done being afraid of the cloud, it turns out the real threat comes from the folks making your processors. In about one day, your computer’s brain became the biggest computer security threat, likely ever.

Unless you’re in hibernation for the winter, you know all about the Meltdown and Spectre CPU vulnerabilitiesthat affect every processor made in the last 15 years from, well, everyone. Now hold on, don’t roll your eyes. I’m not going to regurgitate the same old news about what’s affected, what mitigations are available, or what you need to patch. That’s boring and I’ve already read enough of those articles to make my own eyes glaze over.

Instead let’s talk about is the overall approach to security in your own environments. Maybe that’s your datacenter, your client machines spread across the world, your Amazon, Azure or Google Cloud services, it doesn’t matter. When a threat affects everyone, from your grandmom in Ohio that only uses Facebook to the largest organizations on the planet, we should all take a step back and evaluate ourselves.



The 4 extreme threats public safety personnel need to know

By Glen Denny, Baron Services, Inc.

78% of disasters recorded in the United States each year are weather-related. Still, when asked what type of incidents they expect to respond to over the next year, Emergency Management Personnel (EMP) and public safety officials underestimate the number of weather-related disasters that will occur. This misconception results in EMP and public safety officials being undertrained to respond to weather-related disasters. In order to more effectively and cost efficiently keep the public safe, EMP and public safety officials need to be more knowledgeable about weather phenomenon and the impact severe weather can have on their communities. In the United States, there are a few weather threats that are nearly universally experienced across the country. These are thunderstorms, tornadoes, lightning, and hailstorms.


The most common severe weather threats seen in the United States and worldwide are thunderstorms. A thunderstorm is a rain shower which features thunder. Since thunder is generated from lightning, all thunderstorms feature lightning, whether frequently visible or not. There are approximately 100,000 thunderstorms each year in the U.S. alone. While this indicates that thunderstorms are quite common, specific atmospheric conditions must be present for a thunderstorm to form. Three basic ingredients are required for the formation of a thunderstorm:

  1. Moisture: This needed to form clouds and rain.
  2. Unstable Air: Air that is relatively warm and can rise rapidly.
  3. Lift: from fronts, sea breezes or mountains

Lightning is produced high in thunder clouds when liquid and ice particles above the freezing level collide and build up large electrical fields. Once these electric fields become large enough, a giant “spark” occurs between them (or between the particles and the ground) like static electricity, reducing the charge separation. The lightning spark can occur between clouds, between the cloud and air, or between the cloud and ground. Thunder is caused by the rapid expansion of the air surrounding the path of a lightning bolt.

It is likely that nearly all Americans have experienced a storm in their lives that featured the above characteristics. However, the majority of thunderstorms, while impressive to watch, are mostly harmless. Only about 10% of thunderstorms reach severe levels. A thunderstorm is classified as severe when it contains one or more of the following:

  • Hail one inch or greater
  • Winds gusting in excess of 50 knots (57.5 mph)
  • A tornado

These criteria are not widely known by laypeople, so, in an effort to better communicate severe weather hazards and risk, the National Weather Service (NWS) Storm Prediction Center released a graphical table which concisely describes the hazards associated with five increasing levels of severe weather risk intended to complement the maps they release every day.




One of the characteristics of a thunderstorm that will make the NWS classify it as severe is the presence of one or more tornadoes. Tornadoes, though, are much more than a characteristic of a severe thunderstorm. They are a severe weather threat all their own – perhaps the most dangerous of the common threats discussed in this article. And they are quite common – The US leads the world with an average of 1,000 tornadoes every year.

Tornadoes are the most violent of all atmospheric storms. A tornado is a swiftly rotating column of air that descends from the bottom of a thunderstorm cloud to the ground. Tornadoes become visible as a condensation funnel is created. The funnel is composed of water droplets and dust and debris swept up from the ground. The most destructive and deadly tornadoes are born of supercells – giant rotating thunderstorms with a defined radar circulation called a mesocyclone. While much research has been conducted around tornadoes, researchers are still not entirely sure what exact combination of circumstances are needed for their creation. The most common theories revolve around the temperatures and downdrafts in and around the mesocyclone. There is also still a great deal of mystery surrounding the exact forces which cause a tornado to dissipate.

While tornadoes can occur any time of year, peak season for the hardest hit regions of the country are:

  • Southern Plains: May into early June
  • Southeastern US: Early spring and fall
  • Gulf coast: Early spring
  • Northern plains/upper Midwest: June or July.

Most tornadoes occur between 4 and 9 p.m., but can happen at any time of day when conditions are favorable.

The NWS uses a watch and warning system to indicate the tornado threat level in an area during a severe thunderstorm. A Tornado Watch is issued by NOAA Storm Prediction Center meteorologists when conditions are favorable for a tornado. A watch can cover parts of a state or several states. The NWS recommends residents in the area of a Tornado Watch review and discuss their emergency plans, and be ready to act quickly if a warning is issued or if a they suspect a tornado is approaching. A Tornado Warning is issued by the local National Weather Service Forecast Office responsible for monitoring weather in a specific region. A Tornado Warning means a tornado has been reported by spotters or identified by radar. This designation signifies that persons and property in the path of the tornado are in serious danger. Residents should take shelter at once. Warnings can apply to parts of counties or multiple counties along the anticipated tornado track and typically last less than an hour.


Another characteristic of severe thunderstorms that is a real threat even considered on its own is lightning. Cloud-to-ground lightning bolts are a common phenomenon – about 100 strike Earth’s surface every single second – and yet their power is extraordinary. Each bolt can contain up to one billion volts of electricity and travels at 90,000 miles/second. A bolt can be over five miles long and can strike up to 10 miles from an area of rainfall.

In the United States, there are about 25 million lightning flashes every year. While lightning fatalities have decreased over the past 30 years, lightning continues to be one of the top weather killers in the United States: lightning causes an average of 50- 60 fatalities each year. Research has shown that dramatic increases in lightning over a short period of time, especially positive strikes, indicates storm intensification.

A few key facts about lightning:

  • Standing under a tree is the second leading cause of lightning fatalities. If you must be outside during a thunderstorm, under a tree is not a safe place to take shelter.
  • Rubber-soled shoes do not provide any meaningful protection from lightning.
  • Victims of lightning do not retain the charge and are not electrified. It is safe to help them.

https://www.nssl.noaa.gov/education/svrwx101/hail/Hail is another aspect of a thunderstorm that when present in certain forms, with cause the NWS to classify the storm as severe. Again, like lightning, hail is also a threat considered on its own, but is even more threatening when present in the typical conditions of a storm. Hail forms when the warm updraft of a thunderstorm pushes water droplets high enough into the clouds to freeze. These frozen droplets are caught by the storm’s cold downdraft and pushed down into warmer air. As the frozen droplets begin to melt, they pick up more water droplets and grow larger. With each pass of this cycle, the frozen water droplets become bigger and heavier. Eventually, the updrafts are no longer strong enough to push the large droplets up and around, so the balls of ice finally fall to the ground as hail. The stronger the updraft, the larger the hailstones become.

According to the National Weather Service, hail is generally no larger than 2-inches in diameter. However, hail has been known to come in many different shapes and proportions and a standard scale was developed to describe it, ranging from nickel-sized (roughly .75” in diameter) to softball-sized (4.5 inches in diameter). Hail as small as 1” in diameter can cause damage, and severe thunderstorms can feature hail 2” and larger.

The Perfect Severe Weather Tool for All Regions

http://www.baronweather.com/industries/public-safety/emergency-management/weather-monitoring-system/baron-threat-net/Throughout this article, we have discussed the various kinds of common severe weather threats in the United States. But how can EMP and public officials know for sure when a weather event has reached severe levels? An example of a tool that public safety officials and EMP can use to help them protect their area with precision is Baron Threat Net. Baron Threat Net is a web-based meteorological tool that provides critical weather intelligence when and where it is needed most. Baron Threat Net delivers the features safety officials need to be decisive and accurate when responding to severe weather. With a tool like Threat Net, EMP can easily track tornadoes, flooding, lightning strikes, dangerous road conditions, hail coverage and probability and more. No matter the location, severe weather can strike in many forms. One thing is certain: mother nature won’t wait. It is up to EMP and public officials to educate themselves on the threats posed to their region, to use the appropriate tools to track those threats, and then to act on those threats appropriately.

Tuesday, 10 April 2018 20:06

Severe Weather:

In the folk tale “Ali Baba and the Forty Thieves,” all the hero had to do to access the cave full of treasure was say the magical phrase, “Open, Sesame.”

This will most likely not work for you when you go before your management to present your business continuity management program.

Unfortunately, I don’t know any magical phrases I can pass on to you which you can say to get your management to support and fund your initiatives.

However, I do have five tips I can share which, if you follow them in explaining your program with your bosses, will most likely increase the chances that you’ll have a good BCM presentation and obtain a favorable outcome.



In some ways, the relationship between business continuity professionals and their colleagues from the information technology/disaster recovery team can be compared to that of a man who is drifting in a hot air balloon and asking for directions.

Imagine the balloonist seeing someone a hundred feet below on the ground and calling down to them, “Would you mind telling me where am I?” If the person answers, “You’re a hundred feet up in a hot air balloon,” there is a good chance he or she is an IT/DR person.

Or at least this is how the story goes when told from a BC person’s point of view.

The information is correct but also not very helpful, in that it doesn’t help the balloonist understand where they are in the larger context or assist them in getting to where they need to go.



Wednesday, 04 April 2018 14:45

Learning to Talk to Your IT/DR Colleagues

Kawasaki Motors is a well-recognized brand for motorcycles, ATVs, Jet SkiⓇ watercrafts, a market leader by consumers who appreciate speed. So what does this U.S. company do when it needs to quickly reach all of its 450 employees across six states?

We spoke with Tom Porter, former director of Human Resources & Administration for Kawasaki Motors Corp., U.S.A. to get a customer view of why an integrated mass communication system was so important for this fast-moving company.



Patching has never been more important. The WannaCry ransomware attack that infected more than 300,000 systems, the NotPetya attack that hobbled approximately 16,500 more, and of course the Equifax breach that compromised the information of 145.5 million Americans all happened because patches weren’t added quickly enough.

But what if patches weren’t available at all? That’s the potential dilemma for users of open source software, especially if the open source product is old or never gained popularity, or the community lacks enthusiasm or focus.

How long can you go without the functions the open source software supports? If mission-critical functions are run on open source software, how much revenue could downtime cost you if a problem arises?

There is no guaranteed support cycle for vulnerability remediation in open source, and while those vulnerabilities go uncorrected, the critical nature of the risk increases.

So the question is, can your organization stomach the potential risk of open source? Here are some factors to consider.



IMG 4272

IMG 4307ORLANDO, Fla. – Disaster Recovery Journal saw an unprecedented spike in attendance at DRJ Spring 2018 here last week.

More than 750 attendees joined another 200 speakers, board members, and exhibitors from around the globe at Walt Disney World’s Coronado Springs Resort, March 25-28, 2018.

IMG 4303“We had a 10 percent increase in paid attendance from last year,” said DRJ President Bob Arnold. “That’s the biggest jump in 13 years! We’re really looking forward to what the future brings.”

DRJ’s 58th conference featured 62 sessions, a concurrent exhibit hall with almost 100 booths, product demonstrations, and numerous networking events.

IMG 4661Gold sponsor Onsolve hosted the Monday Night Hospitality event, featuring food, drinks, dancing, and giveaways. Silver sponsors included eBRP Solutions, Firestorm, Fusion Risk Management, IBM Resiliency Services, Regus, RSA, and Strategic BCP. Co-sponsors included Avalution Consulting, BC in the Cloud, ContinuityLogic, Everbridge, Kingsbridge Disaster Recovery, Quantivate, Recovery Planner, Rentsys Recovery Services, Resolver, RES-Q Services, Ripcord Solutions, and Rockdove Solutions. Business partners include Business Continuity Institute (BCI), Forrester Research, International Consortium for Organizational Resilience (ICOR), and Public & Private Businesses Inc. (PPBI).

“I want to thank all of our sponsors and exhibitors for helping us provide so many networking opportunities with attendees and vendors,” said Arnold. “We were really happy with everyone who joined us for another great show in Orlando.”

IMG 0261In addition to individual vendor drawings, attendees raked in dozens of technology items at the DRJ booth as part of the popular exhibit hall raffle. Grand attendance prize drawings also went to Joanne Race, Jesse Van Nevel, and Janet Bledsoe Wednesday morning before the final general session. All three attendees win a free pass to a future DRJ conference.

Check out the DRJ.com Live page for more photos, tweets, and other details from DRJ Spring 2018.

Preparations are already underway for the next conference, DRJ Fall 2018, which will be held Sept. 23-25, 2018, in Phoenix. Potential speakers have until April 9, 2018, to submit a Call For Papers presentation.

To attend DRJ Fall 2018, visit http://www.drj.com/fall2018/.

Hotels & Travel
Key Contacts
ROI Toolkit


Wednesday, 04 April 2018 20:43

Big Spike in Attendance for DRJ Spring 2018

The attacks have taken on a numbing familiarity in recent years: five shot to death at an airport in South Florida. Twenty-six slain at a church in Texas. Five killed by a gunman rampaging through Northern California. There is a common thread in these are more recent mass shootings…red flags every where!

These violent outbursts last year, and others like them, had key things in common. Chief among them: Long before the violence, the people identified as attackers had elicited concerns from those who had encountered them, red flags that littered their paths to wreaking havoc on unsuspecting strangers.

This is a common thread in most of the mass attacks carried out in public spaces last year, the majority of which were preceded by behavior that worried other people, according to a report released Thursday by the U.S. Secret Service National Threat Assessment Center.



Given the ever-increasing prevalence and impact of cybersecurity incidents, companies must now recognize that protecting their business assets against exposure and downtime also means guarding their bottom line. But how do you know if you’re prepared? How do you stay ahead of the curve?

Bluelock has compiled a quick guide with nine steps to assess your organization’s IT stance. We explain what successful risk mitigation looks like and offer expert recommendations for preparedness. In the guide, you’ll learn how to fully understand what risks your business faces; how to secure what’s most important while stretching a budget and internal resources; and how and when to solicit advice from experts for continual improvement.

The security of your IT systems depends upon readiness and taking a unique approach for full mitigation. Bluelock’s guide, “9 Steps to Mitigate Risk from Cyber Threats,” is designed to help you and your organization’s leadership improve your current IT stance for the future.



Expert IT professionals at your service

If you’re a small or mid-sized business, it’s unrealistic to expect your IT department to have expert knowledge in all facets of technology. By using a managed IT services solution like wekos from Continuity Centers, you gain the knowledge of a team of dedicated IT professionals, each with more than 16 years of experience in the industry.

With a partner like Continuity Centers, you have the relationship of a small business service provider with the knowledge and experience of a Fortune 500.

Leveraging the expertise of an MSP creates the opportunity for you to dedicate your time and energy to the work you enjoy, knowing your technology is running seamlessly in the background. While you brainstorm new ideas to take your business to the next level, wekosis perfecting the technology to make it happen.



People often ask which aspect of business continuity management is most important. Is it crisis management? The recovery of critical business processes? Data recovery?

Some people don’t even bother to ask the question. They just assume they know, and typically they are convinced that IT systems and data recovery are the essence of business continuity, with everything else being negligible.

Actually the question, “Which aspect of BCM is most important?” is a tough one to answer.

It’s not tough because it is difficult to identify the potential damage to the organization of being unprepared in the different areas. Rather, it is difficult in the same way as the question “Which wing of the airplane is more important, the left one or the right one?” is difficult. Or the question, “Which legs of your tripod can you remove and still have your camera standing up steady?”



Many organizations have vulnerability management tools in place like scanners, threat feeds, and patch managers, but don’t have the right people and supportive processes to complete the puzzle.

That’s why we welcomed one of our industry partners, Chad Truhn from BRTRC to chat with us about what it takes to build a successful vulnerability management program. Chad talked about the common challenges he sees among organizations, both big and small, and shared some tips about where you should start if you’re seeing the same challenges. Paired with the industry insight of Sales Executive, Nevra Ledwon, we had a great (non-salesy) discussion.

In case you missed it, here’s what you should know:



Mobile is far more than just smartphones and tablets. Barcode scanners, video cameras, and even Wi-Fi are considered mobile devices.

In the realm of mobile technology, billions of endpoints provide connectivity in our everyday environments. The connection of these endpoints is where the Internet of Things comes into the picture. With the IoT, these mobile devices are capable of inter-connectivity, as well as for data gathering and event recording. Developing an emergency notification system that takes into account mobile and the IoT is a natural transition in this ultra-modern way of communicating. But where does your organization get started?

Beyond Mobile Phones

To reach the widest audience with emergency notifications, mobile phones offer several advantages. You can make calls, send texts and set alerts on almost all the mobile phone models currently on the market. Yet, with the IoT, your organization can go a step further. GPS tracking on smartphones allows you to pinpoint the location of individuals in emergency situations. Those who are within a radius of an emergency zone can receive information specific to their location.



Fifty-one years ago, in mid-March 1967, Paul McCartney and John Lennon began writing a song they intended as a featured vocal for Beatles drummer Ringo Starr. “With a Little Help from My Friends” became one of Starr’s most beloved hits, and since then he has closed every concert performed by his All-Starr Band with this song. “With a Little Help from My Friends” has been re-recorded by more than 50 artists (including a Grammy Hall of Fame-winning version by Joe Cocker, used in a VW ad in 2017) and ranks as #311 on Rolling Stone’s list of the 500 Greatest Songs of All Time.

Why is “With a Little Help from My Friends” still popular today? There’s no real explanation, other than the fact that it’s simple, easy to sing, and reflects something we all can relate to: friends can be relied upon when we need them. And we all need them.

Today, Sungard AS took a page out of Sir Ringo’s playbook and recognized seven of its partners with the annual Sungard AS Partner Performance Awards. Each year, Sungard AS recognizes partners globally that have excelled at both execution and customer service, while helping customers solve IT transformation problems so they can accelerate business.



The Network Effect is the idea that a product or service increases in value as more people utilize it.  This is a key concept underlying the rise of the Network Economy.  In the Network Economy the number of connections to a product or service drives its usability and value.  Airbnb is a flagship member of the Network Economy and a prime example of growth via the Network Effect.  The usefulness of the service has risen with the rise in users seeking accommodations and homeowners providing listings.  In 2008 Airbnb guests numbered about 20 thousand.  In 2017 the total number of guests were 100 million.  This service clearly becomes more valuable as more travelers use it and more homeowners list their homes as available.  Airbnb now offers more than three times the number of listings Marriott or Hilton offer.  These numbers come from a company called Vizlly, (http://www.vizlly.com/blog-airbnb-infographic/) which offers services to hotels trying to fight back against Airbnb.  In 2008, it would have been hard to imagine that such a company would even exist.  Uber and Lyft are other examples of exponential growth via the Network Effect.  If you own a taxi company, you are probably engaged in a desperate search on a daily basis for the transportation version of Vizlly.

The good news for those of us in Business Continuity is that we don’t need to worry about countering the Network Economy or the Network Effect; we need to imagine ways to leverage them.  So, what service or product can we offer that can leverage the Network Effect?  How can we bring a value to our organizations that will grow organically and improve in value as more people become involved?  Our product is often viewed as not having a value.  Our activities are seen as a drag on current staff.  We ask them for valuable time in completing Business Impact Analyses (BIAs), building and updating recovery plans, and participating in exercises.  The most conscientious among our coworkers understand the need and benefit of doing these things, but they would likely rank their enthusiasm for participating in them equal to paying their insurance premiums.  The need is understood, but there is a perceived value only if something goes wrong.



Tornadoes, hail, lightning, thunderstorms, fluctuating temperatures, the risk for flooding—spring, oh what a season it is!

Mark Twain had it right when he said, “In the spring I have counted one hundred and thirty-six kinds of weather inside of four and twenty hours.” All of this extreme weather comes with a hefty price tag. In 2017, the spring season cost the US an estimated $19.2 billion according to the US National Centers for Environmental Information. Your organization cannot prevent severe spring weather, but you can find ways to prepare for the storms and save lives.

Best Practices for Preparation

As an emergency official, it is your mission to provide applicable services and resources for your community in the case of severe storms this spring. Start by implementing the best mass notification system available to your organization.

Understand how to utilize this system and set up training programs for all applicable parties. Create an emergency notification plan and run plan testing routinely. By the time a tornado touches down, your community should be well acquainted with how to receive important emergency information.



Migrating and managing your data storage in the cloud can offer significant value to the business. Start by making good strategic decisions about moving data to the cloud, and which cloud storage management toolsets to invest in.

Your cloud storage vendor will provide some security, availability, and reporting. But the more important your data is, the more you want to invest in specialized tools that will help you to manage and optimize it.

Cloud Storage Migration and Management Overview

First, know if you are moving data into an application computing environment or moving backup/archival data for long-term storage in the cloud.  Many companies start off with storing long-term backup data in the cloud, others with Office 365. Still others work with application providers who extend the application environment to the vendor-owned cloud, like Oracle or SAP. In all cases you need to understand storage costs and information security such as encryption. You will also need to decide how to migrate the data to the cloud.



Tuesday, 27 March 2018 05:11

Managing Cloud Storage Migration

Leveraging Compliance to Build Regulator and Customer Trust

Bitcoin and other cryptocurrencies continue to gain ground as investors buy in, looking for high returns, and as acceptance of it as payment takes hold. However, with such growth come risks and challenges that fall firmly under the compliance umbrella and must be addressed in a proactive, rather than reactive, manner.

Cryptocurrency Challenges

One of the greatest challenges faced by the cryptocurrency industry is its volatility and the fact that the cryptocurrency markets are, unlike mainstream currency markets, a social construct. Just as significantly, all cryptocurrency business is conducted via the internet, placing certain obstacles in the path of documentation. The online nature of cryptocurrency leads many, especially regulators, to remain dubious of its legitimacy and suspicious that it is used primarily for nefarious purposes, such as money-laundering and drug trafficking, to name a few.

This leaves companies that have delved into cryptocurrency with an onerous task: building trust among regulators and customers alike, with the ultimate goal of fostering cryptocurrency’s survival. From a regulatory standpoint, building trust involves not only setting policies and procedures pertaining to the vetting of customers and the handling of cryptocurrency transactions and trades, but also leveraging technology to document and communicate them to the appropriate parties. Earning regulators’ trust also means keeping meticulous records rendered legally defensible by technology. Such records should detail which procedures for vetting customers were followed; when, by whom and in what jurisdiction the vetting took place; and what information was shared with customers at every step of their journey.

On the customer side, records must document the terms of all transactions and the messages conveyed to customers throughout their journey. Records of what customers were told regarding how a company handles its cryptocurrency transactions and any measures it takes to ensure the legitimacy of activities connected with transactions should be maintained as well.



The bull market for bitcoin is catching a lot of attention. Most notably among hackers.

This is why the cost of a ransomware attack was expected to grow 1500 percent between 2015 and 2017 to a predicted $5 billion. Some expect costs to rise to $11.5 billion in 2019.

Others saw a drop in ransomware toward the end of 2017, as cryptojacking continued to grow in popularity; hackers are stealing CPU bandwidth through compromised websites or malware.

One locks down your systems, the other slows them down. Both feed hackers’ appetite for cryptocurrency. Here’s how to stop them.



I live in Arizona which is of course the Grand Canyon State. And if you’ve ever stood on the South Rim of the Grand Canyon and looked across at the North Rim, you will definitely know the meaning of the expression, “So close but yet so far.”

This situation is actually similar to one that people often encounter in business continuity.

If you have read my ebook 10 Keys to a Peak-Performing Business Continuity Program, you will know that I believe every organization should adopt a BC standard and strive to bring their program into compliance with it. (For a quick refresher on business continuity standards, see our blog Standard Time: The Best Time to Choose a Business Continuity Standard Is Right Now.)

But often when I give this advice, I feel as if I have done the equivalent of transporting my reader to the South Rim then dropping them off and saying, “Now all you have to do is get to the North Rim. It’s right there, so I’m sure you’ll have no problem reaching it. Anybody can do it, it’s a piece of cake.”

Of course, it isn’t really a piece of cake getting from the South Rim to the North Rim, unless you’re a bird.

And it isn’t a piece of cake going from having adopted a BC standard to actually understanding how your organization stacks up against the standard and pinpointing what you need to do to boost your compliance with it.

On the one hand, you have a bundle of written guidelines and requirements, and on the other, you have your organization’s real-life situation, in all its complexity and hidden details, in terms of the different departments and their different needs and levels of readiness in terms of business continuity.



Instant Business Recovery

You may be familiar with the term, “disaster recovery as a service,” or DRaaS. Continuity Centers has developed its own DRaaS solution, designed to let our customers get back to work as quickly and efficiently as possible. We call this state-of-the-art solution Instant Business Recovery (IBR).

In the past, having a disaster recovery plan in place was a great idea. Today, it’s essential. Countless perils, physical and cyber, constantly threaten the operation of your business. Instant Business Recovery through Continuity Centers gives you the freedom and peace of mind to focus on your business while we ensure your technology supports your needs.



Three months into the year, 2018 has already been rife with disasters— both manmade and natural.

From active shooter situations at schools to rapid flooding and odd weather patterns, emergency management personnel throughout the country are running drills, prepping communication strategies and actively managing difficult situations. Any time there is a lull in the first quarter of the year, it makes sense to do a quick touch-base with your teams to wrap up any loose ends from 2017 and ensure that you’re completely ready for whatever else 2018 has to offer.

Staff Check-In

Having your incident management team at full strength is critical to protecting your community. Everyone should fully understand your systems and be prepared to run drills — either physical or digital. Is your staff ready? Here’s some questions to consider when you’re preparing for potential risks to your community:



Over the twenty years or so that I have been professionally engaged in the field of business continuity, I have noticed that most organizations fall into one of two categories when it comes to how they go about scheduling their BIAs.

One group schedules their BIAs following the same principles that most people use in making appointments to get their teeth cleaned: They schedule them months in advance, going by a rational timetable, which has been endorsed for sound reasons by well-informed people, and which is not in conflict with any other important obligations they might have.

This is, as you might know from experience, an efficient, low-drama method of making plans to efficiently take care of a chore which is not necessarily enjoyable, but which is clearly important to the long-term health of your organization.



Natural disasters such as tornados, hail and even flooding can strike at a moment’s notice, seldom leaving significant time to plan your response.

Does your business continuity plan account for tornados? Including a tornado response plan can better prepare your organization during peak tornado season. Staying safe during a stormrequires planning, equipping, training and ultimately execution of the defined strategy to protect lives and property from unnecessary loss. Use these proactive communication prep steps to reduce the overall risk to your organization in the event of an emergency.

Best Laid Plans

You’ve drilled your staff on what to do when a tornado is on the horizon. You’ve created plans, emailed them to your community and implemented security procedures that kick in immediately in the event of a tornado alert. However, it’s a proven fact that tornadoes are one of the most dangerous natural weather phenomena simply because they can come up so quickly that you may have virtually no warning before needing to trigger your business continuity plans. Is your staff so well-educated and trained that they can execute even in the event of a surprise emergency? If not, having a proactive communication strategy in place may be your best bet to weathering the storm with the lowest possible human, technology and direct costs.



One of the most common fears that come up when doing active shooter preparedness trainings is the fear of being confronted and shot by a gunman.

Although it’s a common fear, the good news is that it’s not as serious as many people think. By attending life-saving training and preparedness programs, you can dramatically increase your odds of surviving an active shooter event.

While there is no central registry for fatal gunshot wound information, some experts have estimated that, excluding gunshots to the brain, heart and lungs, “on the whole, the survival rate is 70 to 80%.”



From the Oct. 1, 2017, outdoor shooting in Las Vegas that killed 53 and injured at least 1,000 to the Parkland, Fla., high school shooting on Feb. 15 that killed 17 and injured dozens more, active shooter events are dominating the news.

As a result, organizations are realizing that they need to create or update their active shooter preparedness plans. A critical part of these plans includes lockdown procedures, including knowing how and where to shelter-in-place. By planning and training for lockdowns, organizations can provide clear guidance on what to do to save lives.



When we get sick, are you the type of person who rushes right to the doctor for treatment or would you try your home remedies first?  Whether you chose to increase your vitamin C intake, drink plenty of fluids, rest and take over the counter medications, or receive a prescribed antibiotic, the hope is that you were able to have a speedy recovery.  More importantly, hopefully you were able to contain the cold and not spread it to family and friends.   Regardless of the situation, a decision had to be made to get medical attention or not, while also taking into consideration your family and their health.  The same should be considered when planning for a pandemic type situation at your company.

In 2018, many companies gawk at the idea of still planning for the big “pandemic” outbreak; however, take into consideration that it could take weeks if not months for the Public Health Department along with Center for Disease Control (CDC) to identify a public health emergency. Emerging viruses or new global pathogens are difficult to assess due to several factors: no diagnostic tests exist, treatment/prevention may not be available, poor understanding of transmission and many locations could be affected at the same time causing resources to be scarce.  And, after identification, it could take several months to develop antibiotics to treat the infectious disease. In the meantime, your organization will see a degradation of services provided working with limited staff.

Now that the number of cases related to influenza is decreasing in March, your planning activities and preparation should increase and mature.  As part of your planning, what are you prepared to do if faced with a “pandemic” situation in your workplace?  Here are some factors to consider within your plan:



Did you know that the hidden cost of climate change is now reaching billions of dollars a year?

Between hurricanes, wildfires and yes — tornados — the U.S. has been devastated both physically and financially by natural disasters. According to a new report published by the Universal Ecological Fund in late 2017, extreme weather has caused over $240 billion per year in damage to our world. While hurricanes may get the big billing on the news due to the extended length of the impact and subsequent flooding, tornadoes alone cause billions of dollars of damage each year. In 2017 alone, there were 425 tornadoes between January and March 2017, and 2018 and future years are expected to be even worse. See how these costs can potentially be mitigated by early warning of these natural acts.



Technology is not like a fine wine. It doesn’t get better with age. This fact can hit a company pretty hard. When you realize your technology has depreciated significantly enough that it causes damage to your company’s productivity, you’re now in the market for a new system of tools. To avoid dropping $30,000 or more on new hardware, you may want to consider infrastructure-as-a-service (IaaS).

IaaS is simply a way to get you to industry standards in terms of your technology. This is often called certified network infrastructure. All it means is that your equipment and network is current enough to be compatible with the latest technology. (If your files are saved on floppy disks, for example, you’re going to have a tough time with business continuity.)

IaaS is a new way for businesses to bring their technology up-to-date while giving them some exciting tax benefits to help improve profitability by flatlining IT budgets.



Monday, 12 March 2018 14:11

Why Outsource Your Infrastructure?

Once upon a time, there was a business continuity consulting firm that held business impact analysis interviews with their clients WITHOUT first getting them to gather and provide basic information about their business units ahead of time.

As the owner and CEO of that firm (MHA Consulting), let me tell you something:


The interviews went on for hours and hours, since we had to gather every little scrap of information while we were all sitting there in the meeting.

Worse, the quality of the information was not very good. In the excitement (or whatever) of all of us being there together in a conference room, and the lack of opportunity to think things over, people tended to leave out a lot of critical information.

Eventually, we hit on the idea of providing our clients with forms requesting certain information beforehand. We referred to this as the BIA pre-work, and after we started incorporating this into our BIA process, our lives were never the same.

Ok, I’m exaggerating (a little), but it is definitely true that after we started gathering information ahead of time, the following good things happened:



How to help your organization plan for and respond to weather emergencies

By Glen Denny, Baron Services, Inc.

Hospitals, campuses, and emergency management offices should all be actively preparing for winter weather so they can be ready to respond to emergencies. Weather across the country is varied and ever-changing, but each region has specific weather threats that are common to their area. Understanding these common weather patterns and preparing for them in advance is an essential element of an emergency preparedness plan. For each weather event, those responsible for organizational safety should know and understand these four important factors: location, topography, timing, and pacing.

In addition, be sure to understand the important terms the National Weather Service (NWS) uses to describe changing weather conditions. Finally, develop and communicate a plan for preparing for and responding to winter weather emergencies. Following the simple steps in the sample planning tool provided will aid you in building an action plan for specific weather emergency types.

Location determines the type, frequency and severity of winter weather

Denny1The type of winter weather experienced by a region depends in great part on its location, including proximity to the equator, bodies of water, mountains, and forests. These factors can shape the behavior of winter weather in a region, determining its type, frequency, and severity. Knowing how weather affects a region can be the difference in the number of lives saved and lives lost.

Winter weather can have a huge impact on a region’s economy. For example, in the first quarter of 2015, insurance claims for winter storm damage totaled $2.3 billion, according to the Insurance Information Institute, a New York-based industry association. One Boston-area insurance executive called it the worst first quarter of winter weather claim experience he’d ever seen. The statistics, quoted in an article that appeared in the Boston Globe, noted that most claims were concentrated in the Northeast, where winter storms had dumped 9 feet of snow in Greater Boston. According to the article, Mounting insurance claims are remnants of a savage winter, “That volume of claims was above longtime historic averages, and coupled with the recent more severe winters could prompt many insurance companies to eventually pass the costs on to consumers through higher rates.”

Denny2Every region has unique winter weather, and different ways to mitigate the damage. Northern regions will usually have some form of winter precipitation – but they also have the infrastructure to handle it. In these areas, there is more of a risk that mild events can become more dangerous because people are somewhat desensitized to winter weather. Sometimes, they ignore warnings and travel on the roads anyway. Planners should remember to issue continual reminders of just how dangerous winter conditions can be.

Areas of the Southwest are susceptible to mountain snows and extreme cold temperatures. These areas need warming shelters and road crews to deal with snow and ice events when they occur.

Denny3Any winter event in the Southeast can potentially become an extreme event, because organizations in this area do not typically have many resources to deal with it. It takes more time to put road crews in place, close schools, and shut down travel. There is also an increased risk for hypothermia, because people are not as aware of the potential dangers cold temperatures can bring. Severe storms and tornadoes can also happen during the winter season in the Southeast.

Figure 1 is a regional map of the United States. Table 1 outlines the major winter weather issues each region should consider and plan for.

Topography influences winter weather

Denny4Topography includes cities, rivers, and mountains Topographical features influence winter weather, because they help direct air flow causing air to rise, fall, and change temperature. Wide open spaces – like those found in the Central U.S. – will increase wind issues.

Timing has a major effect on winter weather safety

Denny5Knowing when a winter event will strike is one of the safety official’s greatest assets because it enables a degree of advance warning and planning. But even with early notification, dangerous road conditions that strike during rush hour traffic can be a nightmare. Snowstorms that struck Atlanta, GA and Birmingham, AL a few years ago occurred in the middle of the day without adequate warning or preparation and caused travel-related problems.

Pacing of an event is important – the speed with which it occurs can have adverse impacts

Denny6Storms that occur in a few hours can frequently catch people off guard and without appropriate preparation or advanced planning. In some regions, like the Northeast, people are so immune to winter weather that they ignore the slower, milder events. Many people think it is fine to be out on the roads with a little snowfall, but it will accumulate over time. It is not long before they are stranded on snowy or icy roads.

Denny7As part of considering winter event pacing, emergency planners should become familiar with the terms the National Weather Service (NWS) currently uses to describe winter weather phenomenon (snow, sleet, ice, wind chill) that affect public safety, transportation, and/or commerce. Note that for all advisories designated as a “warning,” travel will become difficult or impossible in some situations. For these circumstances, planners should urge people to delay travel plans until conditions improve.

A brief overview of NWS definitions appears on Table 2. For more detailed information, go to https://www.weather.gov/lwx/WarningsDefined.

Planning for winter storms

After hurricanes and tornadoes, severe winter storms are the “third-largest cause of insured catastrophic losses,” according to Dr. Robert Hartwig, immediate past president of the Insurance Information Institute (III), who was quoted in Property Casualty 360° online publication. “Most winters, losses from snow, ice and other freezing hazards total approximately $1.2 billion, but some storms can easily exceed that average.”

Given these figures, organizations should take every opportunity to proactively plan. Prepare your organization for winter weather. Have a defined plan and communicate it to all staff. The plan should include who is responsible for monitoring the weather, what information is shared and how. Identify the impact to the organization and show how you will maintain your facility, support your customers, and protect your staff.

Denny8Once you have a plan, be sure to practice it just as you would for any other crisis plan. Communicate the plan to others in the supply chain and transportation partners. Make sure your generator tank is filled and ready for service.

Denny9Implement your plan and be sure to review and revise it based on how events unfold and feedback from those involved.

Denny10A variety of tools are available to help prepare action plans for weather events. The following three figures are tools Baron developed for building action plans for various winter weather events.

Use these tools to determine the situation’s threat level, then adopt actions suggested for moderate and severe threats – and develop additional actions based on your own situation.

Weather technology assists in planning for winter events

A crucial part of planning for winter weather is the availability of reliable and detailed weather information to understand how the four factors cited affect the particular event. For example, Baron Threat Net provides mapping that includes local bodies of water and rivers along with street level mapping. Threat Net also provides weather pattern trends and expected arrival times along with their expected impact on specific areas. This includes 48-hour models of temperature, wind speed, accumulated snow, and accumulated precipitation. In addition to Threat Net, the Baron API weather solution can be used by organizations that need weather integrated into their own products and services.

To assist with the pacing evaluation, proximity alerts can forecast an approaching wintery mix and snow, and can be used along with NWS advisories. While these advisories are critical, the storm or event has to reach the NWS threshold for a severe weather event. By contrast, technology like proximity alerting is helpful – just because an event does not reach a NWS defined threshold does not mean it is not dangerous! Pinpoint alerting capabilities can alert organizations when dangerous storms are approaching. Current conditions road weather information covers flooded, slippery, icy, and snow covered conditions. The information can be viewed on multiple fixed and mobile devices at one time, including an operation center display, desktop display, mobile phone, and tablet.

An example is a Nor’easter storm that occurred in February 2017 along the east coast. The Baron forecasting model was accurate and consistent in the placement of the heavy precipitation, including the rain/snowfall line leading up to the event and throughout the storm. Models also accurately predicted the heaviest bands of snow, snow accumulation, and wind speed. Based on the radar image showing the rain to snow line slowly moving to the east the road conditions product displayed a brief spatial window where once the snow fell, roads were still wet for a very short time before becoming snow-covered, which is evident in central and southern NJ and southeastern RI.

Final thoughts on planning for winter weather

Denny11Every region within the United States will experience winter weather differently. The key is knowing what you are up against and how you can best respond. Considering the four key factors – location, topography, timing, and pacing – will help your organization plan and respond proactively.

Atkins Unbottling VolnerabilitiesGraphic2By Ed Beadenkopf, PE

As we view with horror the devastation wrought by recent hurricanes in Florida, South Texas, and the Caribbean, questions are rightly being asked about what city planners and government agencies can do to better prepare communities for natural disasters. The ability to plan and design infrastructure that provides protection against natural disasters is obviously a primary concern of states and municipalities. Likewise, federal agencies such as the Federal Emergency Management Agency (FEMA), the U.S. Army Corps of Engineers (USACE), and the U.S. Bureau of Reclamation cite upgrading aging water infrastructure as a critical priority.

Funding poses a challenge

Addressing water infrastructure assets is a major challenge for all levels of government. While cities and municipalities are best suited to plan individual projects in their communities, they do not have the funding and resources to address infrastructure issues on their own. Meanwhile, FEMA, USACE and other federal agencies are tasked with broad, complex missions, of which flood management and resiliency is one component.

Federal funding for resiliency projects is provided in segments, which inadvertently prevents communities from being able to address the projects entirely. Instead, funding must be divided into smaller projects that never address the entire issue. To make matters even more challenging, recent reports indicate that the White House plan for infrastructure investment will require leveraging a major percentage of funding from state and local governments and the private sector. 

Virtually, long-term planning is the solution

So, what’s the answer? How can we piece together an integrated approach between federal and local governments with segmented funding? Put simply, we need effective, long-term planning.

Cities can begin by planning smaller projects that can be integrated into the larger, federal resilience plan. Local governments can address funding as a parallel activity to their master planning. Comprehensive planning tools, such as the Atkins-designed City Simulator, can be used to stress test proposed resilience-focused master plans.

A master plan developed using the City Simulator technology is a smart document that addresses the impact of growth on job creation, water conservation, habitat preservation, transportation improvements, and waterway maintenance. It enables local governments to be the catalyst for high-impact planning on a smaller scale.

By simulating a virtual version of a city growing and being hit by climate change-influenced disasters, City Simulator measures the real impacts and effectiveness of proposed solutions and can help lead the way in selecting the improvement projects with the highest return on investment (ROI). The resulting forecasts of ROIs greatly improve a community’s chance of receiving federal funds.

Setting priorities helps with budgeting

While understanding the effectiveness of resiliency projects is critical, communities must also know how much resiliency they can afford. For cities and localities prone to flooding, a single resiliency asset can cost tens of millions of dollars, the maintenance of which could exhaust an entire capital improvement budget if planners let it. Using effective cost forecasting and schedule optimization tools that look at the long-term condition of existing assets, can help planners prioritize critical projects that require maintenance or replacement, while knowing exactly the impact these projects will have on local budgets and whether additional funding will be necessary.

It is imperative to structure a funding solution that can address these critical projects before they become recovery issues. Determining which communities are affected by the project is key to planning how to distribute equitable responsibility for the necessary funds to initiate the project. Once the beneficiaries of the project are identified, local governments can propose tailored funding options such as Special Purpose Local Option Sales Tax, impact fees, grants, and enterprise funds. The local funding can be used to leverage additional funds through bond financing, or to entice public-private partnership solutions, potentially with federal involvement.

Including flood resiliency in long-term infrastructure planning creates benefits for the community that go beyond flood prevention, while embracing master planning has the potential to impact all aspects of a community’s growth. Local efforts of this kind become part of a larger national resiliency strategy that goes beyond a single community, resulting in better prepared cities and a better prepared nation.

Atkins Beadenkopf EdEd Beadenkopf, PE, is a senior project director in SNC-Lavalin’s Atkins business with more than 40 years of engineering experience in water resources program development and project management. He has served as a subject matter expert for the Federal Emergency Management Agency, supporting dam and levee safety programs.

The old Farmer’s Almanac saying 'in like a lion, out like a lamb' was in the fullest of force last year

On March 1, the first EF4 tornado of the year ripped across Missouri and Illinois. Then on March 6 to 7, one of the worst tornado outbreaks in history sent 63 tornadoes tearing across the Central US in just nine and a half hours. Nineteen people were injured from Oklahoma to Ontario and $6.7 billion in damages incurred due to the tornadoes. So what can your organization do for March 2018 to reduce the impact of twisters during tornado season?

Identifying the Threats

Let’s take a look back at the biggest losses from the tornado outbreak that hit Perryville, Oak Grove, and dozens of other Central Plains cities. During the first two tornadoes that whipped through on March 1, there were four fatalities and 38 injuries, many of which occurred in the aftermath of the tornado. As noted, this day was when the first major EF4 tornado touched down for the year; an EF5 is the most damaging, and an EF4 produces winds of up to 200 mph resulting in devastation.

Then by March 6-7, the number of fatalities dropped to zero and the injuries were reduced—even though the tornado count went from two to 63. There are two main reasons why there weren’t more deaths in the second round of tornadoes. First, among the 63 tornadoes on the 6th and 7th, an EF3 was the most severe of the twisters.

Secondly, the awareness from the first round of tornadoes most definitely prompted emergency response teams and individuals to be on high alert for pending threats. What can community leadersr be doing to help minimize safety risks during tornado season?



It’s been 16 years since an American woman won a speed skating medal at the Winter Olympics, but last week, Team USA brought home the Bronze in the Long Track Relay. Bronze is no laughing matter, with the American women beating Canada by a mere .45 seconds. An intensive and sometimes dangerous event, American team member Brittany Bowe summed it up like this: “Our strategy was to get out there, get a jumpstart, and hang on for dear life at the end.”

Long Track Speed Skating is a complicated sport. Strategies and tactics are key, where races are often won by the smartest vs. the fastest skaters. Relay races typically involve four teams of four skaters per race, but instead of passing a baton, the skater on the track must simply “tag” the incoming skater to complete an exchange. Passing requires quick acceleration, agility, good balance, and gritty determination.

That’s a little what selling IT solutions to the corporate market is like. Keeping up with technology shifts, following up on leads, and assembling the right solution for companies looking to shave costs can be exhausting, not to mention complying with a growing number of laws and regulations. Managing those deals used to mean logging into SharePoint repositories or exchanging outdated Excel spreadsheets, but these static, unintegrated documents rely on manual reporting, resulting in version control issues in larger organizations. That’s no way to win a race.'



Wednesday, 07 March 2018 15:22

Bringing Home the Bronze is as Good as Gold

Technology can transform nearly any process to be more efficient and streamlined

However, innovation sometimes comes at a cost. By utilizing technology like cloud-based storage and the Internet of Things, corporations risk threats to cybersecurity. In fact, cyber-attacks are growing just as rapidly as technological innovation. Juniper Research reports that cybercrime costs across the world will exceed $2.1 trillion by 2019. That is four times the cost of data breaches in 2015. By 2020, a single cybersecurity breach will cost more than $150 million. The very technologies that enable cyber threats are also useful for reducing risks and minimizing threats.

Building a Blockchain

If you have been keeping up with the cryptocurrency news, then you have likely heard a bit about blockchain. This is the technology ensuring the validity of Bitcoin, Ripple, and other digital currencies. More specifically, blockchain is an online ledger that accounts for every piece of data in a program. In the case of cryptocurrency, this data is in the form of coins and transactions. However, blockchain has far greater benefits than just tracking Bitcoin.

In fact, blockchain can help corporations fight against cyber-attacks. When blockchain is created, it cannot be changed, altered, or deleted over time. It is set in cyber stone. Blockchain is created through a series of sequential hashing coupled with cryptography, the same method used to develop secret languages among secret service agencies. How does this relate to cyber protection against hackers and malicious entities? Organizations can use blockchain to handle secure information. As explored by Tech Crunch, blockchain allows corporations to prevent tampering and detect any form of cyber vandalism. Several companies have already jumped on the blockchain bandwagon including Microsoft, IBM, JPMorgan Chase, Walmart, and UPS.



Wednesday, 07 March 2018 15:20

How Technology Can Help Combat Cyber Attacks

10 Issues Social Media Presents

Social media is a compendium of many highly accessible media – corporate blogs, video-sharing sites such as YouTube, social networks like Facebook, microblogging tools such as Twitter, rating/review sites (e.g., Yelp, TripAdvisor), wikis that allow many authors to simultaneously edit and create a source of knowledge and crowdsourcing, among many others. These media leverage the power of the internet, Web 2.0 and mobile technologies to facilitate the creation, exchange, use and modification of user-generated content. The convergence of these technologies has significantly altered the dynamics of customer relationship management, marketing and corporate communications for many businesses.

Business-to-people communications and social media peer groups have emerged as a new model for connecting with markets and customers directly and efficiently. Companies ignore this model at their own risk. These mediums set terms for interaction, requiring organizations to contribute value-added content and transparency in an environment where customers and other parties drive the dialogue and demand a genuine level and quality of communication. Organizations that fail to harness the potential value of social networking run the risk of becoming laggards as they cede to competitors the ability to brand their products and services distinctively in the public eye, as well as obtain continuous improvement insights.

Social media sites enable companies to listen to and learn from satisfied and dissatisfied customers regarding their ideas, experiences and knowledge, and they offer businesses an opportunity to reach out and proactively respond to extreme views and reactions. In addition, social media is providing opportunities to product development teams to share roadmaps and obtain early input from potential buyer groups on new product plans. On a near real-time basis, marketing can test and learn which messages work best, and companies can educate and inform customers by engaging them on many topics around product uses and applications.

While these developments are presenting significant opportunities for companies to connect with their customers and others, they are creating a whole set of new issues. The following are 10 examples of risks:



When it comes to your organization’s recovery plan, your business recovery checklists might just be the single most important ingredient. They are the engine of your recovery plan.

As we state in MHA’s Complete Guide to Creating and Implementing a Business Recovery Plan, “Recovery checklists guide you step-by-step through the process of getting your business back up and running” after a disruption. Without such checklists, your team would have no direction as to the steps and actions they would need to take to respond to and recover from a disruption and to resume business operations. I urge you to take checklists seriously.

If you’re still reading, I will assume that means you are taking them seriously. Great. Now, let’s roll our sleeves up and get to the heart of today’s post.

Having accepted the importance of recovery checklists, you might be wondering how to develop them for your own organization.



2017 was a test of business resilience. While cyberattacks and natural disasters devastated some businesses, many others kept their operations running without disruption. Advances in artificial intelligence, machine learning and blockchain technology, among others, began helping more businesses eliminate inefficiencies, human error and downtime.

What will 2018 hold?

We tapped our industry experts for their predictions on what IT trends they’re watching this year.

We asked how cyber security will evolve, what emerging technologies will take hold (and which ones are over-hyped), what mistakes companies may be making, and what all this means for the coming year.



A couple of months ago we published an ebook entitled “10 Keys to a Peak-Performing BCM Program,” written by MHA Consulting CEO Michael Herrera.

It’s available for free download here and is full of information and insights that can help you give your business continuity management program a boost.

The ebook has become the most downloaded resource on our site. Though authored by Michael, it amounts to a channeling of the collective brain of those of us who have been at MHA for a long time.

With that in mind, we thought it might be worthwhile to do an occasional series where we present these 10 keys one or two at a time in a stripped-down, blog-appropriate format. This is also a chance for me to share my own personal experience on the subject, with the hope that it helps you understand each topic.

If today’s post tells you everything you want to know about the topic, great. If it motivates you to turn to the ebook for the full story, great. If it moves you to want to reach out to one of us to initiate a more personalized conversation about how MHA might be able to help your organization optimize its BCM program, that would be fine, too.

Without further ado, here is an excerpt from the first chapter of “10 Keys to a Peak-Performing BCM Program,” covering the first key, “Know Yourself” about the importance for BCM program leaders of understanding and capitalizing on their personal strengths and managing their weaknesses.



Implementing DMARC is one thing. Making the commitment to implement DMARC in its most aggressive configuration is another.

Conceptually, Domain-based Message Authentication, Reporting, and Conformance (DMARC) is simple. DMARC provides a mechanism for email receivers to validate the source and integrity of inbound email. DMARC also specifies what receivers should do with messages that are not valid based on criteria pre-configured by senders. DMARC is designed to protect against direct domain spoofing, so it isn’t a complete solution to phishing. That said, DMARC has the potential, when deployed in an aggressive configuration, to take a page out of a hacker’s or spammer’s playbook.

DMARC is the result of a collaborative effort between leading organizations who originally came together in 2011 to provide senders and receivers with a tool to fight against fraudulent email activity. The remainder of this post provides an overview the mechanisms that enable DMARC, explores DMARC’s deployable configurations, and provides an overview of obstacles preventing wider adoption and/or more effective use of DMARC.

DMARC is built upon two existing standards, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF enables an email sender to specify the servers from which email will come and provides instructions for how an email receiver should handle a message that does not originate from a specified server. DKIM, on the other hand, enables senders to include a digital signature on their messages, enabling receivers to verify that the message has not be altered in transit by a third-party.

DMARC brings these two mechanisms together in a powerful manner by allowing senders to specify a policy that tells receivers what to do with email messages that fail to pass SPF and/or DKIM validation. DMARC also enables senders to receive data back from receivers, providing insight into fraudulent email patterns. Before DMARC, there was not an effective feedback channel for failed email, so senders were largely in the dark on email once messages left their servers. There are only three DMARC policies that a sender can specify, and thus, three deployable configurations for DMARC:



Thursday, 01 March 2018 15:07

Using DMARC Effectively

While any cyber-attack can occur at any time, there are some that are especially prevalent at specific times of the year.

Knowing their “seasonality” can help your organization stay on the defensive.

The following infographic takes a detailed look at the seasonality of cyber-attacks and how you can prepare your employees for scammer’s timely initiatives.



There’s a crack in California. It stretches for 800 miles, from the Salton Sea in the south, to Cape Mendocino in the north. It runs through vineyards and subway stations, power lines and water mains. Millions live and work alongside the crack, many passing over it (966 roads cross the line) every day. For most, it warrants hardly a thought. Yet in an instant, that crack, the San Andreas fault line, could ruin lives and cripple the national economy.

In one scenario produced by the United States Geological Survey, researchers found that a big quake along the San Andreas could kill 1,800 people, injure 55,000 and wreak $200 million in damage. It could take years, nearly a decade, for California to recover.

On the bright side, during the process of building and maintaining all that infrastructure that crosses the fault, geologists have gotten an up-close and personal look at it over the past several decades, contributing to a growing and extensive body of work. While the future remains uncertain (no one can predict when an earthquake will strike) people living near the fault are better prepared than they have ever been before.



Sunday, 25 February 2018 13:35

Extreme Science: The San Andreas Fault

Business continuity, disaster recovery and emergency management are tough jobs that rarely get the credit they deserve. You’ve dedicated your life to protecting your organization and the people in it, and we get how stressful that can be.

Here’s a roundup of our favorite internet memes for business continuity, disaster recovery and emergency management to brighten your work week.



How will your business respond if faced with a natural disaster, a cyberthreat or an active shooter scenario?

Will the organization stay afloat in the midst of such a crisis? Any amount of disruption costs your business money and can destroy customer relations. In fact, 75 percent of companieswithout a continuity plan fail in three years after facing a disaster. Those companies unable to get back up and running in 10 days post emergency do not survive at all.

business continuity plan provides your company with the roadmap to navigate a major business disruption, including a natural disaster or large-scale emergency. However, having a plan in place is only the first step; the plan also needs to be continuously monitored and tested for gaps or obstacles.



Last year, major investments and advancements were made in communication technologies, both within the mobile space and the Internet of Things (IoT).

Additionally, we saw continued advancements in virtual reality and increased video conferencing. Unsurprisingly, social media platforms remain a viable contender in the way we communicate. As you consider how to improve your organization with better emergency notification and communication plans this year, take notice of how top trends can solve your biggest problems.



Wednesday, 21 February 2018 16:07

Emergency Management Trends in 2018

Damage to reputation or brand, cyber crime, political risk and terrorism are some of the risks that private and public organizations of all types and sizes around the world must face with increasing frequency. The latest version of ISO 31000 has just been unveiled to help manage the uncertainty.

Risk enters every decision in life, but clearly some decisions need a structured approach. For example, a senior executive or government official may need to make risk judgements associated with very complex situations. Dealing with risk is part of governance and leadership, and is fundamental to how an organization is managed at all levels.

Yesterday’s risk management practices are no longer adequate to deal with today’s threats and they need to evolve. These considerations were at the heart of the revision of ISO 31000, Risk management – Guidelines, whose latest version has just been published. ISO 31000:2018 delivers a clearer, shorter and more concise guide that will help organizations use risk management principles to improve planning and make better decisions. Following are the main changes since the previous edition:



Thursday, 15 February 2018 15:54

The new ISO 31000 keeps risk management simple

Some things are hard to predict. And others are unlikely. In business, as in life, both can happen at the same time, catching us off guard. The consequences can cause major disruption, which makes proper planning, through business continuity management, an essential tool for businesses that want to go the distance.

The Millennium brought two nice examples, both of the unpredictable and the improbable. For a start, it was a century leap year. This was entirely predictable (it occurs any time the year is cleanly divisible by 400). But it’s also very unlikely, from a probability perspective: in fact, it’s only happened once before (in 1600, less than 20 years after the Gregorian calendar was introduced).

A much less predictable event in 2000 happened in a second-hand bookstore in the far north of rural England. When the owner of Barter Books discovered an obscure war-time public-information poster, it triggered a global phenomenon. Although it took more than a decade to peak, just five words spawned one of the most copied cultural memes ever: Keep Calm and Carry On.



According to the Harvard Business Review, breach of cybersecurity is the biggest internal threat to your company.

Is your business in financial services, manufacturing, or the healthcare industry? In that case, you want to pay particular attention to this article because these are the three industries most likely to be under attack. Here we have detailed a step-by-step process you can implement for your employees to protect against internal cyber threats. Personalize this information to develop the employee awareness program that best serves your industry and needs.



When IFRS 16 comes into effect in January 2019, it will transform the relationship between businesses and their leases, including those for office spaces and other real estate. Here, award-winning financial journalist Melanie Wright explains what the changes mean and why it’s so important for businesses to ensure they’re prepared

Many firms lease a wide range of items to support their businesses, such as office space or vehicles. The latest standard from the International Financial Reporting Standards (IFRS), IFRS 16, is due to come into effect in January 2019, changing how businesses must recognise, measure, present and disclose these leases.



Tuesday, 06 February 2018 16:42

IFRS 16: five things you need to know now

As we move closer to the enforceable compliance date of May 25, 2018 for the General Data Protection Regulation (GDPR), many organizations are asking themselves if they are on track to meet the regulation requirements. Many organizations are still unsure if the regulation even applies to them. Given the severity of potential penalties for non-compliance greater of €20 million or 4% of revenue for non-compliance with core tenets of GDPR, such as violation of data subject rights or transfers of data to unauthorized third countries), this perspective covers who GDPR applies to and the key items you should explore in your organization to ensure you are prepared.



As part of its Resiliency program, one of our clients recently performed their Annual Disaster Recovery test in which they failed over their production data center to a backup data center. The test was scheduled for 96 hours (4 days) to restore their Tier 0 Mission Critical services, and involved 43 Applications, 17 different Infrastructure teams, and 32 Client test teams.

This year our client wanted to Automate the DR Test workflow (task allocation, status monitoring, successor alerts and issue management) and deploy Real-Time Analytic Dashboards to keep their senior managers updated on test progress.  Deploying eBRP’s CommandCentre to manage that automation, 108 Plans were activated and during the Recovery testing, more than 211 Recovery Team members and 6 Incident Commanders logged in to collaborate and facilitate the recovery efficiently.



Tuesday, 30 January 2018 15:27

Disaster Recovery -- Exercised

Two weeks ago, I took a long-awaited trip to Walt Disney World in Orlando, Florida. I’ve been there several times, but I’m amazed at how the Disney experience has changed over the last five years. Today, the world of ‘all-things Disney’ is so much easier using the “MagicBand,” a plastic watch-sized bracelet equipped with an RFID radio that tracks your progress through the parks, monitors your purchases, keeps up with wait times and even opens your hotel door (if you’re staying on-site). I must say, though, it’s a little odd knowing that Disney is watching your every move, tracking how much you spend and where you spend your time.

Our “digital footprint” is much the same; everywhere we go, and everything we do, is tracked. We’re monitored on the internet, through our smart phones, and on cameras placed virtually everywhere. While 68 percent of consumers say they don’t trust brands to handle their personal information appropriately, last year was a record-breaker in terms of data breaches at such places as Equifax, Verizon and Uber. Sadly, we’re never more than a double-click away from disaster.

The good news is, today is the perfect time to take inventory of your digital presence and make sure you’re doing everything possible to protect your personal information. Data Privacy Day(#PrivacyAware) is an international effort held annually on Jan. 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust. Sponsored by the National Cyber Security Alliance (NCSA), 2018 marks the tenth anniversary of this annual effort to bring together businesses and private citizens to share the best strategies for protecting consumers’ private information.



Did you know that one of the biggest cybersecurity threats to your business is your employees?

Before you call an emergency meeting to identify the culprits, note one important fact. These employees most likely have no idea that their online activity can lead to cyber fraud. Here at OnSolve, we have delved into the ways that employees create risks to companies. Along the way, our research has identified the most likely cyber risks for every month and season. Let’s touch base on a few of these key points.

Employee Cybersecurity Concerns

As a human-powered organization, you need to hire people to handle tasks that keep your business up and running. Through professional recruiting and vetting processes, you hope to hire individuals who are trustworthy and committed to cybersecurity. In fact, your organization is most likely already doing exactly that. The most common cyber breaches are a result of human error, not intentional ill intent.



Software selection can be daunting. There are plenty of uncertainties and questions you have when looking to implement Enterprise Risk Management (ERM) software.

Maybe you’re not sure what to be concerned about. Maybe you’re not sure how the process works, or the hidden costs.

Here are eight questions that you shouldn’t hesitate to ask your current or potential ERM vendor:



You can’t check in for your flight on the airline’s app. The website won’t let you buy the plane ticket you wanted. The app can’t tell you whether your flight is on time.

Unfortunately, technology glitches and outages like these are all too common. In 2017 alone, there were six major U.S.-based airline outages caused by IT failures. We all rely on services that make our lives easier, often seamlessly. But all of them depend on IT, and IT can—and often does—fail.

How do you typically book tickets for air travel?

That’s an issue with severe consequences for airlines, especially since 84 percent of American travelers in a recent survey say they use an airline’s website or mobile app during the travel process.



Last week we talked about the importance of finding out management’s risk tolerance and creating a business continuity program which will keep risk for the organization within those limits. Today, I thought I’d get more specific about how you go about doing that by discussing the five most important risk mitigation controls within your business continuity plan.

The way to limit the risk in your program is by implementing measures to limit the adverse effects of potential events: risk mitigation controls.

Here’s an example of how mitigation controls play a role in your everyday life: When you tell an ATM how much cash you want and receive that exact amount—with the withdrawal being accurately noted on your statement—this comes about because of a whole series of mitigation controls that have been put in place by the bank. These controls are meant to accurately manage and track cash disbursements.

In risk management, mitigation controls provide a parallel type of control over risk.



Mahoning County is located on the eastern edge of Ohio at the border with Pennsylvania. It has a total area of 425 square miles, and as of the 2010 census, its population was 238,823. The county seat is Youngstown.


  • Eliminate application slowdowns caused by backups spilling over into the workday
  • Automate remaining county offices that were still paper-based
  • Extend use of data-intensive line-of-business applications such as GIS



Cybercrime will cost the globe’s businesses more than $2 trillion by the year 2019, according to a report from UK-based market analyst firm Juniper Research.

It’s hardly a surprise that so many companies include cyber threats at the top of their list of risks. And yet shockingly few have taken adequate measures to mitigate the potential dangers of data breaches and other cyber-related risks. Until now, that is. The Wall Street Journal recently reported on a trend within the manufacturing industry toward widespread adoption of cyber insurance. Here’s a closer look at the issue, along with why cybersecurity insurance offers critical protection for 21st century businesses.



Anyone following enterprise data storage news couldn’t help but notice that aspects of the backup market are struggling badly. From its glory days of a couple of years back, the purpose-built backup appliance (PBBA), for example, has been trending downwards in terms of revenues per IDC.

"The PBBA market remains in a state of transition, posting a 16.2% decline in the second quarter of 2017," said Liz Conner, an analyst at IDC. "Following a similar trend to the enterprise storage systems market, the traditional backup market is declining as end users and vendors alike explore new technology."

She’s talking about alternatives such as the cloud, replication and snapshots. But can these really replace backup?



Getting caught in an emergency situation without a solid and well-thought-out plan puts stress on your residents and employees.

Every moment matters in a crisis, and you need to help your staff react as professionally and promptly as possible. Avoiding common mistakes through preparation and follow-through will help make your emergency communication strategy more resilient — allowing you to keep people safe during a crisis.

Download the Seven Deadly Sins of Emergency Notification to avoid common mistakes.

Threats to life and property, both manmade and natural, are around every corner these days. From shootings to bomb cyclones and mudslides, it’s especially important that government entities are able to keep a tight handle on communications during a time of crisis. Here are some common pitfalls to avoid:



To kick off the new year, industry experts and hosts of our new podcast, The Watchdog, Brian McIlravey and Tim Chisholm sat down to chat about their forecasts for the shifting risk and security landscape this year and how practitioners can stay ahead of the curve. Read the full guide to the top corporate security threats of 2018 here.

Prefer to listen? No problem! Tune in to the episode on iTunes.

Tim Chisholm: All right. It’s a new year, Brian.

Brian McIlravey: It is, Tim. It’s 2018. How do you think the planet is this month, Tim?

Tim Chisholm: The planet has maybe been in better shape before. But what do you think? Where are you sitting? How are you feeling?

Brian McIlravey: There are all kinds of different charts on the top security risks that pop out for 2018, and they’re all very similar. But in terms of Resolver’s guide to the top risk and security trends of 2018, I went through a bunch of them and found some patterns that were very interesting. What I’m going to do is focus it down to two that I think are very prevalent. One that’s been common going back to probably about 1811 is natural disasters. I mean, there’s some risks that we know are going to be on this list every single year. But there was an article that came out about the planet and natural disasters that I found especially fascinating – 2017 was the most costly U.S. disaster year on record just in terms of the massive, massive amount of billions spent—which you might expect given the significant disasters that happened this year.



What would cause more damage to your business? A hurricane or a cyber attack?

If you said the latter, you’re in good company.

Even after the costliest hurricane season of all time in the U.S., 74 percent of business leaders we surveyed said they consider a data breach, hack or cyber attack a greater business risk than a natural disaster.



When your organization isn’t risk literate, the result can often resemble a horror movie; when it is, you can save the day.

In some ways, being a business continuity management consultant is a lot like watching a horror movie. How?

Well, do you know how in horror movies people are always doing things that you know are liable to get them killed, but that they do anyway—despite your yelling at the screen for them to run the other way—because they are lacking critical information that you’ve been given by the director?

It’s the same for a BC consultant. I repeatedly see organizations doing things that I know are harmful to their long-term best interests, based on things I’m aware of that they are not, despite my yelling at the screen (figuratively speaking, of course) and urging them to turn aside from their intended course of action.



While just about every business is shifting in some shape or form, the regulatory compliance industry is undergoing a revolution. Keeping pace with legislative changes, consumer behaviour, and technological advancements has become very challenging for many Canadian financial institutions.

As new (and old) technology continues to disrupt the industry, we wanted to take a closer look at the biggest trends and growth areas for 2018.



Following the news of Hawaii’s false ballistic missile alert on January 13, 2018, we sat down with crisis & emergency management expert, Kevin Hall, to get his thoughts on what went wrong and why.

To start us off, tell us what happened over the weekend in Hawaii? 

On the morning of Saturday, January 13th, 2018, people in the state of Hawaii received an alert message on their phones that read, “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”

The alert went out at approximately 8:07am and was issued by the Hawaii Emergency Management Agency (HI-EMA). According to the official report from the state, the activations included the Emergency Alert System and the Wireless Emergency Alert System, but from what I can gather, it seems that the alert was only sent through the wireless medium. It is interesting to note that no sirens were activated as part of this alert. 

How did that happen? What processes are involved in sending an emergency notification of that scale?



Evolve 14 Plunger FINALBy DON MENNIG

Before I share the DR problems Evolve IP identified in our 2018 Disaster Recovery Survey I have a couple of writing caveats.

Caveat #1.) I’m not a ‘New Year’s Resolution’ kind of guy

Caveat #2.) I really dislike clichéd content – I don’t need to read “5 Reason’s To Wash My Windows” … I know they are dirty.

Caveat #3.) I often times find myself in the minority J!

So, for those of you that like resolutions and “Top 5” lists I am pleased to present …

“The Top 5 Disaster Recovery Resolutions for 2018!”

Click-bait ads coming to the bottom of a news website near you ;)

Now, unfortunately in all seriousness, our survey uncovered some very distressing disaster recovery statistics that need to be addressed by organizations before it’s too late.

Resolution #1: Complete your DR plan and implement and test your plan.

Yeah, you’ve heard it before, but just like giving up your penchant for deep fried Twinkies some things never seem to get done and this year’s survey again proves the point! Only 31.5% of our nearly 1,000 respondents (IT professionals and C-level executives) noted that they had a complete DR plan! Perhaps even more alarming, of the 68.5% that did not have a complete plan, four in 10 had a plan that they felt was less than three-quarters of the way complete.

As you can likely imagine, rolling out an incomplete plan to the organization might seem odd and it’s likely causing DR plans to remain on the shelf. Only 2/3rds of respondents had formally implemented their plan in the business.

To continue with the Twinkie bashing, we all know that chowing down on the cream-filled, artery-clogging sweetness could potentially be really bad for you down the road. You also know that having an untested DR plan is bad for your businesses health. Our survey revealed that less than half of the firms had actually tested their DR plan in the last year.

Then again what are the chances your organization will actually need a data defibrillator in 2018…?

Resolution #2: Don’t get stuck in denial

Turns out, the chances are pretty high. Based on our survey results you need to change your mindset about DR: it isn’t if a DR incident will occur, but when. Over 1/3rd of participants noted their organization had suffered an incident that required disaster recovery. And while hardware failure was the leading cause of incidents (noted by 50%), deliberate attacks are getting worse and growing faster than any other category.

In 2017, the number of respondents reporting that deliberate attacks had caused DR incidents increased to 17% compared to 13% in 2016 and 6.5% in 2014! You might take all of the precautions in the world against attacks—constantly changing passwords, deploying aggressive security software, implementing secure file sharing and more —but hackers are getting smarter every year and your associates are still human and make mistakes

Resolution #3: Treat DR as though you have compliance requirements.

Even if your business does not have compliance requirements, it would likely benefit from acting as though it does. Of organizations that had suffered from an incident that required DR:

• 43.5% without compliance requirements took more than one business day to recover their IT operations.

• Just 28% of those with compliance requirements took more than one business day to recover their IT operations.

 Resolution #4: Fight for your DR budget.

As you’d probably expect, companies that budget sufficiently for DR are more likely to feel very prepared to fully recover from an incident. In fact, 65.5% of those firms noted they felt “very prepared”. Not so much for the under-funded. Just 1 in 5 of underfunded firms were feeling “very prepared” to handle a DR situation.

What sets off the alarm bells here is that four in 10 IT professionals felt that their organization had underfunded DR. Interestingly, three in 10 C-level executives agreed. Couple those numbers with a 33%+ likelihood of a DR situation arising in the future and you’ve got the potential for a major problem!

So, how do you fight for budget? Share some of these survey results with your executive team along with a document that quantifies just how much an outage will cost your business in terms of lost sales and productivity! We created a simple downtime calculator to help you determine what it will cost you.

Resolution #5: Evolve Your DR Strategy

Far too many organizations continue to use legacy or unsecure approaches to DR introducing un-necessary risk and greater chances of failure. A couple of statistics really jumped out:

• 38% of firms relied on servers and hardware at the same location as the rest of their infrastructure

• 35.5% of firms use tapes for backup 

• 22% relied on public cloud for DR

If you’re relying exclusively, or primarily, on one of the methods above, take the time in 2018 to begin researching other solutions like DRaaS from providers such as Evolve IP or investing in a private, secure, secondary site that is geographically distant from your primary location.

Happy New Year! I wish you, your families and associates success and good health in 2018.

To learn more about Evolve IP’s suite of DR solutions visit www.evolveip.net/draas-suite.

Don Mennig is the senior vice president of marketing for Evolve IP.

Here’s something for your to-do list, if you’re not doing it already: The next time your organization holds cyber exercises, make sure you include third-party experts, bringing them in to observe, share insights, and provide feedback.

Experts such as law enforcement officers, data security consultants, your insurer, and public relations professionals can provide valuable insights that will strengthen your cybersecurity plan and better prepare you for a real-life emergency.

In today’s article, we’ll lay out who might be good to invite to your next cybersecurity party and what each type of expert can contribute. We’ll also sketch out how exactly you go about reaching out to these busy professionals and securing their participation.



The new year started off with a bang, if you consider a “bomb cyclone” or “bombogenesis” a noise-maker. The winter season’s first blizzard, Grayson, was a record-breaker in terms of daily record cold temperatures set all the way from the northeast to the Gulf Coast.

As winter storm warnings continue to pop up across the country, individuals and businesses should brace themselves for the remainder of the winter season – at least seven more weeks. If you haven’t already done so, it might be time to dust off your disaster recovery plans, or at least begin planning for next year.

The biggest risk for companies during winter storms is power outages due to ice, and facility issues due to the cold (water pipes not working). Roads could be treacherous, and air travel is usually impacted. As we learned with Grayson, hurricane force winds are not out of question, either. Human exposure to brutal cold temperatures is also a danger.



Tuesday, 16 January 2018 15:01

Winter Bears Down – Are You Ready?

Plunging temperatures, whiteout conditions, and icy roads can turn into a crisis even in the most prepared cities and states.

As a result, this is the season that puts crisis communication to the test. Consider how well your employees and security teams are prepared for communicating internally in the event of a weather emergency.

Plan Activation Strategies

Activation strategies are a crucial component to ensuring proper recovery during and after inclement weather. This strategy will put into action a crisis response team to handle the situation as quickly as possible. Crisis preparation involves a series of procedures that need to be in place ahead of time. This is essential for maintaining internal communications for your workers.

Internal notification software, such as CodeRED from OnSolve, is designed specifically for communications during an emergency situation. By incorporating this government-approved notification solution into your office, internal communications can be handled no matter the situation. Thanks to automated, advanced warnings along with geo-location communication using a variety of delivery modalities, internal notification systems integrate seamlessly into businesses of all sizes.



Monday, 15 January 2018 16:01

Employee Communication in Inclement Weather

OnSolve’s chief product officer, Daniel Graff-Radford, recently interviewed with SDM Magazine to discuss how mobile and integrators are a driving force behind today’s mass notification systems.

Whether choosing to go mobile or become a hard-wired hybrid, here are three ways mass notification systems are changing rapidly.

1. Mobile Integration Success

Mobile integration allows emergency communication to take place across a larger network. Emails, social media, texting and other forms of mobile communication can be achieved all at once using wireless. As a result, you have the potential to communicate with more people in a shorter span of time.

Yet mobile communication is not always perfect, especially in the case of a large-scale emergency or a cyberattack. The best move?  Pursue IP wireless. This gives the organization much-needed control over the network. An organization can structure and prioritize emergency notifications based on the event type and its location This integration provides mobile accessibility with the security associated with analog.



Crisis management, public relations, and business continuity are tested during a disaster event. Today, we’re analyzing business continuity plans and disaster response to determine a good public relations response vs. a bad one.

For today’s post, I thought we might try something new. Rather than write a formal article, I wanted to share some things with you that have been on my mind lately about business continuity and disaster recovery.

I have been observing other organizations’ disaster response efforts from the outside and trying to work out what’s really going on based on what we see in the media, as well as about what separates a good public relations response to a crisis from a bad one. I’ll touch on these and other topics below.



The past few decades have seen a significant increase in society’s level of awareness and investment in personal and workplace safety. In the opinion of those of us at MHA Consulting, similar attention must be given to business continuity.

In this article, we will sketch out the rise over the past few decades of what might be termed “safety culture,” define an envisioned “continuity culture,” and set forth how such a culture can be brought into being at your organization.

The rise in safety consciousness in today’s society can be seen in everything from the creation of the U.S. Occupational Safety and Health Administration in 1971 to the introduction of polarized electrical plugs to the increasing emphasis on people’s wearing seatbelts and bicycle helmets. In the business world in particular, many companies have over recent decades developed a strong emphasis on safety, with consideration for safety permeating everything their employees do.



Public crises have become increasingly common around the world. Of course, managing such emergencies is not always easy. For this reason, public administrators have established ways of managing public expectations while helping those affected at the same time. Thanks to technology and increased access to the Internet, communicating with the public has never been easier. Read on for more on this topic.

To learn more, checkout the infographic below created by Norwich University’s Online Masters in Public Administration.


Online Masters in Public Administration Program

We’ve all seen the news reports, photos, and tragic stories of towns and businesses impacted by natural disasters. Business professionals who are forced to deal with the aftermath of a natural disaster may experience a range of emotions from relief that it’s over and that they had a disaster recovery plan in place to regret that their disaster recovery plan was inadequate or incomplete, or to despair that they never got around to developing a disaster recovery plan at all.

Disasters and how we respond to them are never one-and-done. In the real world, disaster planning for the nextdisruption begins immediately after going through an actual disaster event. This means that the weeks and months immediately following a disaster are the most crucial for evaluating and improving your disaster recovery plan. Aside from the site recovery itself, which may be considerable, it is essential to address deficiencies in your plan as soon as possible and practical. For critical communications, these could include data transmission, materials being redirected, or updates to design that were never shared with the disaster recovery provider.



Is your business part of the 48% that lack a BC plan and still regards itself as ready for trouble? If so, it might be time to start a BCM program.

A recent study found that 48 percent of small businesses are operating without any type of business continuity plan, yet 95 percent of the businesses indicated they felt they were prepared for any disasters that might strike.

Is your business part of that 48 percent that lacks a BC plan and yet still regards itself as ready for trouble? If so, perhaps you think your insurance will cover you if something goes wrong, or that your evacuation plan will help you out. Or maybe you have an old dust-ridden binder lying around that is labeled “Business Continuity Binder,” but which you haven’t looked at in ages. If either of these things is true of your company, chances are that you are not truly prepared for disaster. From Hurricane Maria and the shooting in Las Vegas to the current fires in California, history shows us that companies that do not proactively consider how to respond to events are among the last to get back to business.

So, why do people and companies neglect to implement business continuity management (BCM) in their organizations even though they know it’s the right thing to do and can ensure the survival of their business? That’s a difficult question to answer, I think because it has very little to do with business continuity management and a lot to do with human nature.

People and companies are inherently motivated to do what’s good for them. The problem is that accurately perceiving “what’s good for them” is not nearly as easy as it sounds—and even if a company can figure this out, they may not believe that it is possible for them to do it.




Thursday, 04 January 2018 15:56

Do the Right Thing: Start a BCM Program

PCI, HIPAA, SOX, GLBA. The alphabet soup of government regulations and compliance standards is enough to give any CIO a migraine. But just when you thought it was safe to come out of the regulatory waters, the General Data Protection Regulation (GDPR) is right around the corner. Haven’t heard of GDPR? You soon will—and you’d better pay attention.

Previous cybersecurity regulations such as Safe Harbor, which was overturned by court orders, and the EU-U.S. Privacy Shield left room for improvement. The EU then created GDPR to add teeth to European regulations for how organizations handle security. Essentially, the EU is augmenting regulations to ensure that all organizations protect the data subjects—the people—from companies conducting abusive personal data processing.



So 2017 is in the rear-view mirror, and here comes 2018, all bright-eyed and bushy-tailed. What should we be ready for this year in terms of risk management trends? Here are three that are likely to have an outsized impact:

  • Cyber security risks will continue and get more dangerous. Maintaining information and network security will grow even more challenging.
  • The cloud will bring risk. The increased dependence on cloud-based services is creating a new kind of risk that many companies have yet to address. 2018 is likely to see a deepening engagement with the vulnerabilities caused by this new reality.
  • New rules will bring unexpected risks. As companies adapt to the new regulatory regimes, the changes they are obliged to make will create unexpected new dangers.

The traditional threats to business operations from nature, people, and technology are still out there and will doubtless rear up and make themselves felt in 2018. These will include bad weather, employee mistakes, and so on. But in terms of new risk management trends, the three developments mentioned above are likely to be especially prominent. We’ll take a closer look at each one below.



Wednesday, 03 January 2018 15:07

3 New Risk Management Trends for 2018

We’re helping you streamline your BIA, cutting it down from 8 to 4 hours or less for each business unit and maximizing your BIA interview.

In last week’s post, I mentioned that we veteran BCM professionals will need to learn some new tricks in order to work effectively with members of the millennial generation. Specifically, I gave the example of the traditional business impact analysis (BIA) meeting as something that probably won’t work very well with colleagues and clients who are used to speedy and informal ways of doing things.

After finishing that post, it occurred to me that I had left readers hanging in terms of how exactly they might go about making their BIA meetings more efficient. In today’s article, I’m going to make that up to you by giving you my 5 Tips for Making the Most of the BIA Interview. These tips aren’t only relevant when working with millennials. These days, pressure for BIA professionals to be more efficient comes from across their organizations.

In days gone by, the BIA process would take anywhere from 6 to 8 hours for each business unit, from the pre-work and interview through the follow-up phase to the final approval of results. In today’s world, the entire BIA process better take from 3.5 to 4 hours or less for each business unit, from pre-work to final approval.

Needless to say, even as you are speeding things up, you’re still expected to cover all the important bases, doing as good or better a job as you did before. Nobody said it was going to be easy! But hopefully the tips below will make it easier for you.

And in the spirit of the subject, I’m going to try to keep things short and sweet.



When a disaster strikes your place of business, you don’t have much time to act. The phrase “time is money” is certainly applicable here – ITIC’s latest survey data finds that 98% of organizations say a single hour of downtime costs over $100,000.

One way or another, your organization must get back up and running. With the rise of cloud-based applications, there’s been an increased level of “workplace recovery from home” scenarios.

After all, why would you want to spend money on a workplace recovery solution if you can connect to your applications from home? While the concept looks good on paper, the reality is that there are several drawbacks.



Tuesday, 02 January 2018 20:58

Why Workplace Recovery Is Critical

As 2017 winds down, I thought it might be worthwhile to knock back a cup of Earl Grey and see what the tea leaves show lies ahead for the world of business continuity in 2018.

Here’s the thumbnail version of my forecast:

  • The overall picture of most BC programs is going to be one of ongoing uncertainty, with lots of small-scale agitations but no dominating trends.
  • Two peripheral trends I see are the continued movement of services to the cloud and the increasing influence of millennials on the world of business continuity.
  • In the world at large, I think we’re going to see the continuing proliferation of the risks associated with climate change and terrorism and also the potential movement of international conflict into cyberspace. These developments could have significant impacts on the practice of business continuity management.

One thing that we know is coming in 2018 is the European Union’s new General Data Protection Regulations (GDPR). The EU’s strict new privacy protection rules go into enforcement on May 28, as I discussed in my blog post from last week, GDPR Compliance: A Heads-Up for Business Continuity Professionals. Take a look if you would like to know more about what GDPR might mean for your organization.

And while I’m making suggestions for further reading, let me call your attention to an interesting survey by Continuity Central. These are the interim results of their survey of business continuity professionals worldwide, asking people what they see happening in their programs in 2018. The results of this survey triggered some of the points I make below.

In the rest of this article, I’ll share some additional thoughts on the topics mentioned above, along with a few others.



At Forrester, we have developed an assessment to help organizations understand their continuous deployment maturity. The assessment should take 10 minutes or less to complete with the outcome identifying where you are in your continuous deployment journey. DevOps teams should focus and build four critical competencies including: process, structure, measurement, and technology. Your honest assessment of these competencies will help identify key areas of improvement and help get everyone in the organization on the same page. Additionally doing such a assessment might just avoid the disconnects between leadership and DevOps teams identified in my last blog –  Executives Overestimate DevOps Maturity.

DevOps is predicated on teams driving inclusive behaviors such as collaboration and leveraging feedback loops, destructing silos of functional excellence, with empowered product teams who are delivering business outcomes. To support this, we identified four competencies that enable continuous deployment:



While consumers and many businesses are already enjoying the fruits of digital transformation, the insurance sector can hardly bear it. In many cases, legacy systems leave those in the industry with outdated infrastructures and processes.  Looking to get out of the woods, insurance institutions know now is the time to tame the technology beast and make a digital transformation to:

  • Keep pace with customer expectations who have already embraced next-generation IT innovations
  • Meet rigorous compliance regulations regarding data security
  • Simplify and enhance employee jobs with the latest digital tools and online collaborative business applications



The internet is like a big city with lots of amazing sights and many useful services—but also many shady areas and lurking predators. And the predators don’t necessarily stick to the bad parts of town: sometimes they come out to pick pockets on the nicest boulevards.

So far, our Corporate Security Awareness series has looked at how business continuity professionals can help their co-workers (and their organizations) stay safe when using non-workplace Wi-Fi networks, personal devices they may use for work, and email.

In today’s post, the fourth and final one of the series, we are going to talk about how BC managers can promote safer internet use and web browsing at their organizations.

Business continuity managers can and should play a role in advocating for safer policies in all of these areas even though direct responsibility for configuring technology, establishing policies, and training users in order to minimize the risks to the above areas lies outside the BC department. By raising the matter of internet security and safety with their partners in IT security and other departments, BC managers can raise awareness and promote the adoption of safer policies. As BC professionals we need to be just as concerned with the prevention of outages and issues as in responding to them.



Twinkling lights, whiffs of peppermint, and holiday tunes aired everywhere you go — these are just a few of the signs that the holidays are upon us.

As an emergency manager, you must also account for less savory signs, such as increased traffic, an influx of travelers, and unexpected wintry weather. One way to provide your community with a calm and festive holiday season, no matter what emergencies come your way, is via the CodeRED Mobile Alert app.



At this very moment, 1,800 thunderstorms are occurring around the world. Within each one, multiple threats are lurking. Some of these threats may remain unnoticed until the moment they strike - damaging homes, destroying property and claiming the lives of those in their path. Severe weather affects everyone. However, with modern weather intelligence technology like advanced storm tracking, it is possible to be more prepared for notable weather events, even ones that seemingly emerge from nowhere.

Advanced storm tracking technology analyzes complicated weather behavior and present it in an easy-to-understand format to users. The aim of this technology is to deliver life-saving weather intelligence to people everywhere during dangerous weather situations. A number of unique attributes make this technology more advanced, and therefore more effective than standard weather forecasting and tracking products.

201702 Threat Net Datasheet1

Baron (a leader in critical weather intelligence) has been a pioneer in severe weather detection and storm tracking for over two decades. Baron original storm tracking technology, developed in the late 1990’s, was a simple drag and drop function based on the storm parameters known by the operator. Automated tracking soon followed along with a new angle for automatically identifying the most severe location in a storm. Rather than tracking the storm’s center, Baron advanced algorithms identify and follow specific threats throughout a storm’s expanse. Not exclusively tracking the storm’s center enables the technology to calculate precise threat arrival times, rank potential tornado probability, and alert people in harm’s way. There are also seven other key attributes that make Baron storm tracking so advanced.

1. Accessibility

Any industry or individual with an immediate need for weather awareness can utilize and benefit from advanced storm tracking technology like that of Baron. No in-depth knowledge of weather forecasting or algorithms is required. Baron algorithms, for example, remove the need to analyze complex information on the user side.
All data for advanced storm tracking comes pre-analyzed and interpreted, so users of the technology can have the situational awareness they need to make tough decisions when lives and assets are on the line. Farmers can protect their crops, pilots can stay up-to-date on potentially hazardous flight conditions, and public safety officials can make sure the communities they serve have more time to act when weather is imminent, all without having to worry about the advanced science and math behind the technology.

2. Time and place specific

Knowing not only how, but also when a community will face devastating weather can make a measurable difference in preventing damage. For example, in Baron technology, each individual storm track contains data that precisely determines which areas will be affected by a threat, including a list of estimated arrival times. The technology allows users to predict, down to a neighborhood level, when a storm will make its biggest impact.

3. Threat-specific tracking

StormCellIDandTrackingWithin a single storm, multiple threats may require immediate attention and necessitate advanced tracking techniques. Advanced storm tracking technologies often concentrate on identifying specific dangers—hail, high winds, flooding and potential tornadoes—and then determine their locations and magnitudes. Baron Storm Tracking, in fact, pinpoints all individual threats at once, and then tracks them up to one hour into the future. Other storm tracking methods may focus on following the middle of the storm. This method doesn’t yield the best results because the center of the storm could be less dangerous, while the more serious threats may make their way into communities without proper warning.

4. Tornadic potential

201502 BTI index 1Potential tornadoes can be identified sooner with some of the advanced storm tracking technology’s severe weather algorithms. For example, the Baron Tornado Index (BTI) fuses together real-time data from radars and atmospheric conditions present in and ahead of a storm to generate the likelihood of tornadic activity. Results are updated in real-time and presented on an easy-to-read scale of 1-10—the higher the value, the greater the probability. Additionally, Baron algorithms monitor and track rotating winds in the atmosphere along with other parameters to mark the location where tornadic development is most likely to occur.

5. Usability

In many cases, weather tracking calls for the evaluation of several data products at once to generate a comprehensive picture of a storm. This kind of procedure demands more attention to multiple things than many people can give while remaining lucid and aware of their situation. To rectify this issue, advanced storm tracking technologies do much of this work and evaluation ahead of time. For example, Baron automatically complete much of the detailed analysis so users can focus on what matters most—staying alert of the greatest dangers and then communicating that information to all relevant parties. Every data point and visual cue in Baron Storm Tracks is self-explanatory, and locations of hail, high wind shear, and more are pre-interpreted. This kind of technology provides more insight into difficult storms faster, giving users the confidence they need to make mission-critical decisions.

6. Continual analysis

Data analysis in advanced storm tracking happens in real-time and information is updated continuously. By sampling lower-elevation radar scans and gathering information before the entire scan is complete, accurate and actionable intelligence can be relayed back to the user faster than with other methods. The technology quickly identifies embedded dangers within a storm that can be hard to diagnose and gives frequent updates on its speed, path, and arrival time. It provides the most up-to-date information sooner, giving those in the path of a storm more time to act. Building on these technologies, Baron continues to refine their storm tracking solutions with newer more timely capabilities just released this year from new Baron intelligent processing that delivers faster detection and more accurate location of the critical part of the storm.

7. Site-specific alerts

weather alert tornadoMuch of the advanced storm tracking technology around today existed almost 10 years before iPhones were introduced. Now that smart phones are ubiquitous, this advanced storm tracking can deliver site-specific, life-saving alerts to warn subscribers in threatened areas. The Baron system, for example, determines speed, wind direction, shear, and more, and then using this collected data, automatically deciphers areas of a storm requiring advanced notifications and alerts everyone in harm’s way. Every geo-specific alert is targeted, so users of the Baron app will only receive a push notification if they are within the specified threat range.

Critical Weather Intelligence for everyone.

For decades, companies like Baron have been redefining storm tracking technology, taking it to new levels of precision. They have made it their mission to ensure the safety and livelihood of everyone with a need for severe weather intelligence, and continue to build upon their technology to ensure everyone has access to the critical weather intelligence they need to help their decision making.

By Gabe Gambill, VP of Product & Technical Operations at Quorum

When it comes to an effective disaster recovery strategy, your team has several options. You can maintain your own DR site in a remote location, handle it on-site or go with a DRaaS solution. Then there’s colocation – where you migrate your DR to a provider’s data center, installing your own servers, network and data storage there. 

While most teams have heard of colocation, some aren’t sure how it differs from other kinds of disaster recovery or if it’s right for them. So let’s talk about the benefits of colocation and the criteria to follow when choosing a colocation facility.

The Benefits of Going Colo


One benefit when compared to DRaaS is that the control stays in your hands. When you outsource disaster recovery completely, it can take some weight off your shoulders – but you also hand over a certain amount of control and visibility. Colocation gives it back to you. True, your data center is owned by someone else, but you control the hardware and software and greater day-to-day visibility.


Going with your provider’s data center can offer more robust power capacity and stronger network performance. If your bandwidth requirements increase, you may be able to take advantage of volume pricing while skipping multiple contracts and SLAs.

Cost Savings

Colocation facilities tend to charge by space, which means your price tag ultimately comes down to the kind of equipment and number of servers you’ll install. However, you won’t be paying the actual costs of owning and maintaining your own data center. Compare your potential price tag for power, cooling, HVAC units and backup generators to the facility charge; chances are you’ll save money.


Not all colo providers offer support, but if they do, having on-site expertise can spare your team from time-consuming server and equipment maintenance. The provider’s team may also have advanced skills to facilitate a smoother disaster recovery, giving you better peace of mind and freeing up your team to focus on other initiatives.

Selecting a Colocation Facility

Not all data centers are created equal. One critical component is location. If and when disaster hits, can you get there in a hurry? What if something happens to your primary site and your recovery depends solely on your colo site? Make sure you choose a facility within reasonable proximity and not two thousand miles away.

You’ll also want to think about security. Verify the facility has all the same security checks you’d install for your own data center:

  • Are the generators accessible? How close together are they?
  • Is the data center protected against fire and flood and other natural disasters? Is it tier 1, enterprise-grade and certified?
  • Does it meet your compliance needs?
  • Is there video monitoring and 24-hour camera surveillance?
  • What kind of access controls are in place? Is there biometric and card key entry, are there cabinet and cage locks?

One final consideration: think of partnering colocation with the cloud. In addition to hosting your data backups in an offsite facility, you can still take advantage of those speedy cloud failovers, spinning up a virtualized clone of your environment whenever you need it. It could be the right form of DR insurance for you, knowing you’re protected locally and in the cloud if something takes down your primary site. Keeping your servers and applications operational is the whole point of DR, after all, and colocation can be the perfect solution.

Tuesday, 19 December 2017 18:52

Should You Go Colo?

The end of the year is almost upon us, which can mean only one thing: cold and often unpredictable winter weather is about to rear its ugly head yet again.

According to a study that originally appeared in the Journal of Climate, a total of 438 blizzards took place in the United States between 1959 and 2000 – breaking down to roughly 10.7 on average per year.

But a blizzard doesn’t just bring with it tremendous amounts of snow. Each event is also incredibly dangerous due to poor visibility, terrible road conditions, chilling temperatures that leave people exposed to frostbite and hypothermia and so much more.

The Federal Emergency Management Agency (FEMA) has long held the belief that being prepared during the storm isn’t enough to keep people safe – it’s also what you do both before and after an event that really counts. Being as prepared as possible really is the key to staying safe and for many communities, emergency notification planning and crisis communication often mean the difference between a mild inconvenience and an absolute tragedy.



Keep Your Employees Safe This Winter

While some view winter weather as a welcomed excused absence from work or school, others must still find their way into the office. What they don’t want to encounter on their way are slick sidewalks, power outages, or the worst – inching your way through icy gridlock only to learn after they’ve battled the weather that the office is, in fact closed. “Sorry,” simply won’t suffice.

Reduce your risk for injuries and dissatisfied employees by doing your part to protect and inform them on bad weather days. You may not be able to stop the snow, rain, and wind, but you can ensure every employee has a safe way to an office that is in working condition.



Tuesday, 19 December 2017 16:29


As we look forward to 2018, it is a time to reflect on the changes that have emerged in the past couple of years.

Take the 2016 study by Securitas Security Services for example. According to this report, there were two newly emerging trends in business continuity that year — active shooter threats and mobile security in cyber communications. Those trends have only escalated in 2017, and are expected to remain consistent in 2018. Along with these two current trends, look at advancements in technology and supply chain processing in regard to business continuity concerns.



That question usually comes from an executive after some other organization has a business crisis that makes global or national headlines. The question causes anxiety in many Business Continuity Planners.

I remember the first time I got that question. A local business had suffered a lightning strike, cutting power and frying much of their electrical and technology gear.  I can still recall the sudden panic when our CFO asked me that question: “What’s our Plan for that?”

We had no such Plan.  Had we, we should also have had Plans for tornados, hail, parking lot sinkholes, contaminated drinking water and trucks crashing through our lobby doors:  things that had happened to local businesses during the previous year.

Monday, 18 December 2017 15:38

What’s Our Plan For That?

Winter Isn’t Always Pretty

We like to think of the winter scenes we may see on a holiday card – peaceful, joyful, beautiful, and full of cheer. While this may be so, it’s more likely to be chaotic with a few Grinches sprinkled in for good measure. And when it comes to work productivity during the winter months, it can be an even less promising scene.

Winter storms have a history of wreaking havoc on the economy. After a 2015 New England winter storm, economists calculated the hit to the economic output was a staggering $1.25 billion. Much of the productivity loss is attributed to workers simply not being able to get to work due to poor road conditions. Of course, they’ll eventually make up the work over time, but the disruption to normal business operations can’t be understated.

Companies can’t fix the weather, but they can put into place a winter weather communications plan to ensure employees from across their company, remote or onsite, know what to do when bad weather hits. Depending on how your organization is structured, you may have a skeleton crew who has one set of instructions to follow during the office shutdown, executives with a different checklist, and local employees with completely different expectations.

If you want to keep your office running as smoothly as possible, no matter the weather, follow these tips. Your employees will thank you and your administrators, managers, and business leaders will appreciate the forethought.



Friday, 15 December 2017 15:29


Brains, Braiiiiiins, Braaaiiiiiiiins – these are three things required by both business continuity plans and zombies alike. In AMC’s The Walking Dead, zombies are plentiful.

Business continuity plans, not so much.

The story of The Walking Dead revolves around Sheriff Deputy Rick Grimes and various other characters as they struggle to survive in a world filled with – you guessed it – zombies. It’s not clear as to what exactly caused the viral outbreak that turned most people into mindless “walkers”.

Then again, it doesn’t really matter.



Social media of all types have joined email, telephony and instant messaging as main stream communication tools that are used daily in many individual’s lives. The Pew Research Center estimates that 68% (216.9 million individuals) of US citizens have a Facebook profile, and 21% (66.9 million individuals) use Twitter. These tools have become a key part of the communication landscape and need to be a consideration in any emergency communication solution. With the release of the social media enhancements to the CodeRED Launcher, these tips are especially important to keep in mind:

#1 – Social media has evolved into a viable communication tool

Throughout the September 11, 2001 terrorist attacks in New York City, the primary source of information for the public was television. A case study on the attacks showed, “more than half of Americans learned about the terrorist attacks from television, and only 1% from the Internet”2

Fast forward to Hurricane Katrina in 2005 – “mainstream media sites dominated with 73 percent (73%)”2 of online traffic directed at major news organizations for information and disaster relief donations.2 More recently, during the emergency response to the 2015 San Bernardino attack, online and social media platforms were successfully utilized by local police and FBI members to create a new manner of public information sharing.  Safety Response Reports after the event identified Twitter as a critical component for media operations and credited the team’s utilization of the platform.3

People’s automatic reaction of turning to social media and the Internet to gather information continues to grow and today’s mass notification systems must provide tools for managing these critical touch points.



You Have Event Pages – Now What?

Whether you have Event Pages, or you’re interested in learning more about them, we want to help you understand how Event Pages work in certain scenarios. Once you see them in action, you can probably come up with many more ways they can benefit your organization.

Keep in mind the Event Pages ensure your employees are literally on the same page. With all of the information about an event in one place, you can ensure consistent, accurate information is received by all. You never have to dig through emails to see if you sent or received a message. Everything you and your employees need to know before, during, and after an event is conveniently accessible via a single click of a link. It doesn’t get any easier than that.

Event Pages can be useful for organizing around any event, but here are four to consider:



Thursday, 14 December 2017 14:58


When airlines undergo mergers and acquisitions (M&A)—and they frequently do—it means merging IT systems, too, if they don’t rebuild IT infrastructure from scratch or run the systems separately. Merging is the choice companies often make, and it can also be the riskiest.

Jumbled IT systems can cause outages and critical system failures, threatening to ground thousands of flights, and could even allow too many pilots to have the holidays off.

“Quick and dirty” fixes that can get you off the ground often turn into long-term solutions—ones that can sideline your operation years from now. One dormant glitch could make your scheduling system decide to play Santa.

Take the time to remap your systems entirely, with all the dependencies, and treat them as one system. Then you can be sure your infrastructure is more reliable, and your disaster recovery plan can recover the full IT environment.

Airline Merger cartoon


Open-plan offices have become the norm for many companies wishing to optimize their space, encourage collaboration between staff and breaking down traditional hierarchies.

However, recent research challenges the idea that open-plan working is a surefire route to productivity. Far from an antidote to the inefficiency of closed-off offices, open-plan working can mean staff are beleaguered with distractions and stifled by lack of personal space.

Gensler’s 2016 Workplace Survey found that 67 per cent of the UK workforce feel drained at the end of each working day due to their office environment. In addition, badly designed offices are suppressing innovation in businesses: although over eight million UK employees work in open-plan environments, many of these do not offer variety or choice, nor are they tailored to specific tasks and practices.

“Enclosed office space is not the enemy,” says Philip Tidd at Gensler. “Moving to a simplistic open-plan may not be the most effective option in today’s hyper-connected workplace.”



A new finish for your old car may look great, but in the end, it may still be a ’71 Pinto.  The cost of the BIA process – writing, distributing, validating, analyzing, reporting, presenting to Management, revising and repeating annually – can be a staggering amount.  Yet a BIA may be no more valuable than that new paint job.

Business Continuity programs rely on BIA’s because ‘standards’ says they must.  BIA data gathering isn’t useless– just time-consuming, and questionably valuable.

  • There’s little proof that BIA’s improve planning, since there’s often little in a BIA to inform individual plan tasks.
  • If it doesn’t improve planning, it won’t improve organizational readiness either.
  • Most enterprise criticalities are already understood within the organization; there’s little point looking for them (again) in a BIA.
  • The man-hours spent on BIA development, completion and analysis is shockingly disproportionate to the value the results provide.



Today there are more households with mobile devices than with desktop computers.

According to the Pew Research Center, 84 percent of US households have a median of two smartphones, while only 80 percent have a median rate of one desktop or laptop computer. In fact, 95 percent of American adults now use some sort of cell phone. For all the personal data that is being shared across mobile lines, there needs to be greater attention given to the threats of mobile security.

Scope of Security Threats to Mobile Users

Mobile use is only expected to increase due to the dependency on this type of technology. Already, mobile devices are used to access the internet for everything. The Pew Research Center states that 62 percent of users accessed information about their health conditions on a mobile device. In addition, 57 percent use mobile devices for online banking, while 18 percent have submitted a job application on their smartphone.



Monday, 04 December 2017 17:16

Trends and Threats in Mobile Security

Passengers on the Titanic didn’t think it could sink.  When it did, there wasn’t room for everyone in the lifeboats.  By slavishly tying your BCM program to industry ‘standards’, you may find yourself adrift during a business disruption.  Standards are only guidelines.  They’re no substitute for the knowledge necessary when disruptions occur.



Monday, 04 December 2017 17:09

BCM Standards: Lifeboat or the Titantic?

Disasters come in many forms. Most of the time for a business, a disaster is the result of a power outage, an act of nature, a cyberattack, or human error. Whatever the cause, without a surefire workplace recovery plan, a business is likely to suffer extreme financial losses.

The following facts are alarming. The good thing is, that if you can acknowledge areas for opportunity in your business, you can greatly minimize the impact of any unfortunate incident.



As of October 2017, the United States has seen 273 mass shootings this year alone.

Due to the recent active shooter events across the US, it is increasingly imperative to create a response plan. In the event of an active shooter scenario, government agencies need to be ready to handle the situation. Discover how emergency notification and response methods can be implemented in emergency response plans for your organization.

Emergency Communication Plans

Did you know the US Department of Homeland Security has established a National Emergency Communication Plan that coordinates communications for response and recovery in the event of a crisis? You can utilize the framework of this plan to devise an emergency communication plan for your own organization. It should include the following goals:



Monday, 04 December 2017 17:03

Active Shooter Response Plan

Is Winter That Dangerous?

Sure, spring, summer and even early fall months generally bring us more severe weather, such as hurricanes, tornadoes, and strong thunderstorms, but the winter months can wreak their own havoc. We pulled the following common winter dangers straight from NOAA:

  • Wind – Some winter storms have extremely strong winds that can create blizzard conditions with blinding, wind-driven snow, drifting, and dangerous wind chills. These intense winds can bring down trees and poles, and can also cause damage to homes and other buildings.
  • Snow – Heavy snow accumulations can immobilize a region and paralyze a city, strand motorists, stop the flow of supplies, and disrupt emergency services. Buildings may collapse, and trees and power lines can be destroyed by heavy snow.
  • Ice – Heavy ice accumulations can bring down objects like trees, utility poles and lines, and communication towers. Power can be disrupted or lost for days while utility companies repair the damage.

Winter weather can disrupt life, including business operations, for days, even weeks. Is your company ready? Do you have the systems in place to keep your employees informed during a winter event? If email is your go-to, how do you plan on using it effectively to reach every employee without power? Can you be certain every employee will get the messages?



Friday, 01 December 2017 16:32


WASHINGTON – While Nov. 30 marks the end of a historic hurricane season, FEMA and its partners continue to work diligently in support of disaster survivors recovering from the devastating season.  Four hurricanes made landfall:  Harvey, Irma, Maria and Nate (the first three were classified as major hurricanes, which affectedroughly 25.8 million people). Also during this season, nearly two dozen large wildfires burned more than 200,000 acres of land in northern California. 

Hurricanes Harvey and Irma marked the first time two Atlantic Category 4 hurricanes made landfall in the Continental United States, in the same season.  Hurricane Harvey set a new record for the most rainfall from a U.S. tropical cyclone, with more than 50 inches of rain in some areas. The storm resulted in catastrophic flooding in Texas and western Louisiana.  Two weeks later, Hurricane Irma became the strongest Atlantic Ocean hurricane on record. Winds peaked at 185 mph, and Hurricane Irma remained a hurricane for 11 days. Irma was the longest-lived Atlantic hurricane since Ivan in 2004.  The public response to Hurricane Irma, as the storm approached, resulted in one of the largest sheltering missions in U.S. history.

Hurricane Maria devastated the U.S. Virgin Islands and Puerto Rico soon after Hurricane Irma struck their shores. Hurricane Maria was the first Category 4 hurricane to make landfall on the main island of Puerto Rico in 85 years, and the resulting response became the longest sustained air mission of food and water in FEMA history. In addition to these hurricanes, prior to the 2017 season FEMA already had 17 Joint Field Offices working 28 presidentially-declared disasters.

Since Harvey made landfall in Texas on Aug. 25, the President has granted 16 Major Disaster declarations and 14 Emergency Declarations, while FEMA has authorized 25 Fire Management Assistance Grant declarations. Over a span of 25 days, FEMA and our partners deployed tens of thousands of personnel across 270,000 square miles in three different FEMA regions. 

So far, more than 4.7 million disaster survivors registered for federal assistance with FEMA – more than all who registered for hurricanes Katrina, Rita, Wilma and Sandy combined.  To respond to the historic demand, FEMA expanded its call center capacity by tenfold, and increased the number of home and property damage inspectors fourfold.

“This historic hurricane season should serve as a gut check and an opportunity for citizens, businesses, state, local, tribal and federal officials to re-evaluate how we prepare for and respond to any disaster,” said FEMA Administrator Brock Long. “Response and recovery is dependent upon the whole community to be successful. While we continue to support the recovery from these storms, we must also take the opportunity to become better prepared for future disasters.”

To date, FEMA has placed more than $2 billion in disaster assistance into the hands of disaster survivors to help them recover from these events.  As of mid-November, National Flood Insurance Program (NFIP) policyholders filed approximately 120,000 claims, resulting in payments totaling more than $6.3 billion.

“State, local, tribal, and territorial governments, along with the residents in the impacted areas, are the true first responders,” said Administrator Long. “FEMA alone cannot deliver assistance to this vast number of survivors. We must hit the re-set button on the culture of preparedness in our country.”

Non-profit organizations provide crucial services to sustain lives in partnership with the rest of the response and recovery infrastructure.  The private sector also plays a significant role in disasters, as businesses work to restore critical services and donate their time and resources – in close coordination with emergency management personnel – to help communities rebound in the wake of disasters. 

Thousands of members of the federal workforce were deployed to Texas, Florida, the U.S. Virgin Islands and Puerto Rico, including 13,892 staff from various offices of the Department of Defense (DoD), including the military services. For the first time, FEMA extended the Department of Homeland Security’s “Surge Capacity Force,” to all federal agencies, deploying over 3,800 non-FEMA federal employees. 

FEMA search and rescue teams saved nearly 9,000 lives, in addition to those saved or assisted by DoD, the Coast Guard, state and local partners, first responders, and neighbors helping neighbors. 

While the 2017 Hurricane Season has ended, recovering from these devastating hurricanes will take years, and FEMA and our federal partners will continue to support affected governments and survivors as they build back stronger.

For information on how you can prepare for the 2018 Hurricane Season, see https://www.ready.gov/hurricanesor download the FEMA App: https://www.fema.gov/mobile-app.

For the latest information about FEMA support to response and recovery efforts, see:

Hurricane Harvey:  https://www.fema.gov/hurricane-harvey   
Hurricane Irma:  https://www.fema.gov/hurricane-irma  
Hurricane Maria:  https://www.fema.gov/hurricane-maria

U.S. Customs & Border Protection & FEMA personnel deliver food and water to isolatedPuerto Rico residents after their bridge was destroyed by Hurricane Maria in themountains around Utuado, Puerto Rico (U.S. Air Force photo by Master Sgt. JoshuaL. DeMotts)
U.S. Customs & Border Protection & FEMA personnel deliver food and water to isolated Puerto Rico residents after their bridge was destroyed by Hurricane Maria in the mountains around Utuado, Puerto Rico (U.S. Air Force photo by Master Sgt. Joshua L. DeMotts)

A large group of Urban Search & Rescue and disaster survivor assistance teams are spread out in front of a U.S. Coast Guard airplane on the tarmac of a Key West airport. There are assorted suitcases and boxes on the ground.
FEMA Urban Search and Rescue and disaster survivor assistance teams arrive via U.S. Coast Guard transport, in Key West, Florida, in response to Hurricane Irma. Yvonne Smith/FEMA

Disaster survivor Terry Roundtree (center) gets a FEMA hug from Hector Marerro (right), Disaster Survivor Assistance (DSA) Crew Lead.
Disaster survivor gets a FEMA hug from a Disaster Survivor Assistance Crew Lead, after receiving disaster registration information at her home in Texas, following Hurricane Harvey. Photo by Christopher Mardorf/FEMA

guardsmen pass cases of water
National Guardsmen from Virginia and the U.S. Virgin Islands work together to restock a point of distribution at Holy Spirit Church, Christiansted, St. Croix, U.S. Virgin Islands. Photo by Jocelyn Augustino/FEMA

2017 HURRICANE SEASONUnprecedented25.8 Millionpeople were affected by hurricanesHarvey, Irma and Maria.FOR THE RECORDas of November 30, 2017First time 2 Atlantic Category 4Hurricanes (Harvey and Irma)made landfall in the continental U.S.in the same year. Hurricane Harvey grew from aregenerated tropical depression to aCategory 4 hurricane in 56 hours.Harvey set a new record for themost rainfall from a U.S. tropicalcyclone, with more than 50” of rainand remained a cyclone for nearly 5days after landfall.Hurricane Irma became the strongestAtlantic Ocean hurricane on recordwith winds peaking over 185mphand remained a hurricane for 11days.Hurricane Maria was the FirstCategory 4 hurricane in 85 yearsto make landfall on the main islandof Puerto Rico.Hurricane Irma was 500 mileswide, more than 130 miles widerthan the entire state of Florida. Over 700 generators installed inPuerto Rico by the USACE.48 states and the District of Columbia assistedwith operations from Texas to U.S. Territories in theCaribbean, through Emergency ManagementAssistance Compacts.

One of the most interesting engagements MHA Consulting had this year was at a Fortune 500 company where 3 of our consultants conducted approximately 100 BIAs.

Over the course of that engagement, I got a lot of calls from my consultants describing how the sessions went, mainly when there were bumps in the road—and with so many BIAs to conduct there were naturally a few bumps.

These included:

  • The session where the leader of the business unit says he already knows their unit was of critical importance to the company and therefore conducting a BIA is a waste of time. In this case, the group left the interview without providing any data.
  • The time a business unit took four sessions to complete the BIA (rather than the usual one) because they brought many people more than the requested number, and every attendee weighed in on virtually every topic.
  • The episode where a business unit supplied us with data on its current processes and confirmed its accuracy, then stated—after we had loaded the information into the BIA tool—that it was all invalid because they had gone through a reorganization; they then asked us how come we hadn’t known about their reorg.

The stories reminded me of a very common misunderstanding about BIAs: People tend to think doing a BIA is all about the questionnaire. The fact is, conducting a BIA is mostly about working effectively with the people providing the information for it.



Thursday, 30 November 2017 16:52

The Human Side of Conducting BIAs

On October 3, 1993, nearly 100 United States Army Rangers dropped into Somalia’s capital of Mogadishu. They were commanded by Captain Mike Steele. Their mission? Capture two prized lieutenants of a Somali warlord.

The actual event is known as the Battle of Mogadishu, or alternatively the Day of the Rangers. It was a part of a larger operation known as “Gothic Serpent”. In 2001, it was made into the blockbuster film Black Hawk Down.

The film recounts the stories of the heroism of Army Rangers as they attempt to reach two downed Black Hawk helicopters. Don’t worry, we don’t spoil the movie for you (but if you haven’t seen it, you really should).

The Black Hawk helicopters are a pivotal part of the movie. These multi-role helicopters are capable of fulfilling many roles, such as providing medevac, VIP transportation, air-to-ground combat, and even aerial firefighting.

They are intended to operate with a crew of four members – two pilots, and two crew chiefs. Each one of these crew members has a specific role that they must fulfill in order to successfully handle the Black Hawk.

Can the helicopter run with less members? Technically yes, but it’s inadvisable because there’s just so much to do. Can it run with more members? Again, the answer is yes. However, having too many operators can quickly turn from efficiency to chaos.



Thursday, 30 November 2017 16:48

The 4 Critical Parts of Network Security

By Kevin Hall

Organizations without an adequate emergency management plan learned a hard lesson in late August and September of 2017. Hurricane season of 2017 showed its might, and while most businesses will never experience a single hurricane in their lifetime, some dealt with four hurricanes in almost as many weeks. Hurricanes Harvey, Irma, Maria and Nate were some of the strongest storms in recent history, causing significant damage and widespread devastation across the United States and Central America.

As Resolver provided counsel and solutions to our customers during these record setting storms, I wanted to share some insight that may help you prepare for future disasters.

  1. The Domino Effect

In the early days of my emergency management career, an experienced and well-respected colleague of mine would say that crises tend to “cluster”. While back-to-back devastations are rare, a single disaster can have a domino effect. During a disaster, emergency response teams are spread thin and when resources are solely focused on the big event, other smaller events will occur and it’s almost always something you didn’t think of during planning. It could be an internal event, like a system outage, or something external, like a government decision, a Facebook post, a crisis at a related company. The key is to prepare for a cluster of crises to occur, because they will.

  1. Executive Management

At almost any conference these days, there are sessions on how to get executive buy in for business continuity and emergency planning. While no one is questioning the importance of executive buy in, it can be even more important to know how to manage executives during a crisis. Why? Well, executives are used to taking the lead and making decisions. But let’s be honest, execs are rarely involved in BC/DR planning. You build the plans. You assign resources. You exercise. And then the event occurs and the company’s reputation, customers, revenue are on the line… and guess who steps in? Executives do what they do best, which is to manage and make decisions, but their involvement often causes confusion and disruption during a crisis response. Be sure your plans clearly define who is making decisions during a crisis. If execs are not participating in emergency planning, they should not be managing the emergency response and it’s your job to define responsibilities and manage executives in these critical times.

  1. Brainstorm

Brainstorming is an important exercise that will help you prepare for worst-case scenarios. Think of all the potential emergencies and how you would respond. In many cases, I find brainstorming to be more effective than planning. There is no way to plan for everything, but brainstorming trains your mind to be creative. A great activity to do with your team is a zombie apocalypse exercise - these can be very engaging and gives your team a break from the norm.

  1. Data, Data, Data

It amazes me that even in today’s world, many organizations cannot access critical data in the event of an emergency. Data is the lifeline of any organization, yet crisis plans are so often void of accurate information. Can you instantly access an up-to-date list of staff at a specific location? What about a list of applications and servers that are in a specific data center? As you brainstorm, think about the data that you will need at your fingertips. I would suggest engaging a business analyst or someone within your organization who is familiar with data mining to help identify your data needs. Most importantly, be sure that data is continuously updated and accessible during a crisis.

  1. Test, test, and test again.

While I’m sure you already know how important it is to test your plans, I cannot stress it enough. While table top exercises are great, remember to test the basics. #1 on that list is ensuring that employee contact information is up-to-date and valid… I can’t tell you how many HR data cleansing projects I’ve seen that were initiated by the continuity or emergency management teams. Test the details and test them regularly.

  1. Communicate

We all know that communication is critical during a crisis, but in this case, I am specifically talking about communication before a crisis. Often, the only time employees or stakeholders ever hear from the crisis or continuity teams is during a disaster. This should not be the case, and you need to develop regular communication with employees as part of your program. They should know what to expect and have a good understanding of the recovery plan well before the event. One of our clients even hired a marketing agency to communicate their crisis program to employees. While not everyone can afford to do this, the concept of communication is simple: Get out of your box and spread the word!

  1. Out of sight, out of mind?

Puerto Rico is a territory of the United States, and while it’s not a U.S. state, residents of Puerto Rico are natural born American citizens just like those in the U.S. – apart from voting rights in Congress or the Electoral College. Despite this, recovery efforts in Puerto Rico were minimal compared to the response to Harvey and Irma. Was Puerto Rico simply too “out of sight, out of mind”? Or perhaps emergency response teams were too tired by the time the third hurricane hit? For businesses with multinational locations, you must include these regions in your BC/DR plans. And don’t forget to test them. Did you know that Puerto Rico SMS text traffic is different than in the U.S. and Canada? The same short codes that work in the U.S. and Canada don’t work within Puerto Rico. There are even variances between mobile network carriers in Puerto Rico. The devil is in the details, so be sure to test your plans in all the regions your business operates.

In the end, Resolver helps organizations around the world protect what matters, and we all know that what matters most is our people. A company’s most valuable asset is its employees, and their safety is always priority #1. That’s why business continuity and emergency planning is so important. Disasters are rare, but recognize that events like this will happen. We live in a crazy time. Record setting storms, terrorism, mass shootings… Don’t play the numbers game. Be a realist and be prepared. It is your responsibility, after all.

Thursday, 30 November 2017 15:52

7 Lessons Learned from Hurricanes Harvey & Irma

Our Advanced Recovery Center (ARC) is the next step in Mail-Gard’s evolution to provide clients with premier disaster recovery services from a dedicated partner—one who consistently demonstrates actual recovery experience and a consistent commitment to continuous improvement and growth. The ARC will allow us to better maximize our assets, increase efficiency of human and equipment resources, and provide even more robust disaster recovery services to our clients.

Recent events confirm that natural disasters are always a wake-up call for businesses, even if they already have a business continuity/disaster recovery (BC/DR) plan in place. We have seen a huge increase in requests for DR information during this year’s hurricane season, and it’s unfortunate that some people need to learn the hard way that DR services are not a luxury, they’re a necessity. Businesses without a DR plan were either taking a huge calculated risk by not having a plan in place, or they got caught without a backup plan and are now trying to remedy that situation.



The widespread existence of Wi-Fi connections that provide wireless connectivity to the Internet at home and in places like coffee shops, airports, and hotels is one of the great conveniences of modern computing life. Unfortunately, it is also one its biggest vulnerabilities. When not properly secured, such connections offer open doorways through which hackers can stroll to steal users’ data and secretly take control of their computer resources.

The good news is, there are steps that can be taken—and which you can train your employees to take—that will greatly increase the security of your data and resources.

Of course in talking about Wi-Fi security, it’s important to understand that we’re really talking about two distinct situations: that of the home Wi-Fi network that the employee owns and controls, and the case of the employee using third-party-provided Wi-Fi connections when out and about at places like coffee shops and airports.



Formalizing your information security program is a critical step to drive information security capability maturation in any organization. The intent of formalizing a program is to get clear on focus and ensure everyone is on the same page about who is doing what.

From our experience, building a great information security program starts with asking the right questions. At Avalution, we build information security programs from the top down, starting with the strategy of the business and focusing on the following five key questions:

  1. Why do we have an information security program?
  2. What are we going to protect?
  3. How are we going to achieve it?
  4. Who is responsible and accountable?
  5. What are the results going to look like?

Let’s take a closer at each.



Wednesday, 29 November 2017 16:05

Formalizing an Information Security Program

The mobile device management (MDM) market is growing at a meteoric rate. In fact,  it is estimated to grow from $1.69 billion to 5.32 billion between 2016 and 2021, according to market research firm Markets and Markets. Which may leave you wondering: What is MDM and why does it matter so much? Here’s a closer look at this game-changing technology solution, along with six benefits it offers today’s forward-thinking, bottom line-minded organizations.

What is MDM?

IT research and advisory company Gartner defines mobile device management as “a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use—enforcing policies and maintaining the desired level of IT control across multiple platforms.”

Which begs the question: Why does MDM matter so much? A recent forecast from the International Data Corporation (IDC) predicts that nearly 75 percent of the US workforce will be mobile-enabled by the year 2020. Because of the increasing consumerization of IT and the resulting proliferation of devices—both professional and personal in the workplace—there is increasing need for comprehensive management solutions designed to harness the power of mobility without compromising security.



Even the most carefully-crafted communication can fail if it does not reach its intended audience, or if audience members are unable to identify the message as important. Reaching individuals via a geographic locator is helpful in the event of a broader crisis but is not as applicable in the event of a localized emergency that only affects one or more organizations. In this instance, it is critically important to ensure that your audience has opted-in to your crisis communication and that your messages are targeted in such a way that they will be immediately identified as important and quickly read.

Why Accurate Data Matters

Let’s pretend that you have an organization with approximately 500 employees, and you live in an area that is frequented by storms or flooding. It would be incredibly important to be able to get a message to each employee to let them know when it’s unsafe to attempt to reach the office, correct? Or on a broader scale, being able to reach residents who live in flood zones would also become a top priority.



Traditional law practice will see significant changes in the new year. To assist firms in knowing what to expect, Bluelock has compiled an informative eBook of predictionsfrom 15 different experts within the legal industry, with insights coming from Bluelock, law firm partners, associates and a variety of companies that service the legal industry.

The eBook covers seven categories: Operations, Cybersecurity, Compliance & Regulations, Business Continuity & Disaster Recovery, Artificial Intelligence, Workforce and Major Technology Disruptions.

Readers will learn the following:



Monday, 20 November 2017 14:50

2018 Predictions for the Legal Industry

A natural disaster can jumpstart your business continuity plans, but it can also do it more harm than good. Is your disaster response hurting you?

Disasters like the one in Puerto Rico sometimes cause people to learn the wrong lessons.

Major natural disasters such as the recent floods in Texas, the fires in northern California, and the hurricane in Puerto Rico grab everybody’s attention.

Sometimes this has a positive impact on organizations’ business continuity plans, as when it prompts companies who have not been investing in BC to get serious about implementing or strengthening their methods for keeping their organizations running in the event of a disaster.

However, sometimes the impact is neutral or even harmful.



When you see a company trending on social media, do you automatically assume that it’s going to be scandalous gossip? Because I do.  But what if I told you companies could become a player in the game and change the way they appear on social media?

Social media has obliterated traditional communication with its inventiveness and convenience.  Today, it is a rarity to see someone walking around without their phone attached at their hip. This need to be in constant communication with our technologies has changed the way people access information.  “How?” you might ask.  In today’s news reporting world, long before reputable news agencies can report an event, the specifics are already circulating social media avenues in real-time thanks to our societies avid Facebookers and Tweeters.  The answers to all your questions are at your fingertips, quite literally!  You can find an answer to almost any question with a few clicks in Safari or Chrome.

Given its ever-expanding user base, social media has become a powerful tool.  It can be used to shape the publics opinion and even produce desired results from the intended audience!  While social media is often known for being a stage to spread negative comments about an organization, with the proper action plan and team involved it can be used to drive positive outcomes as well.



Wednesday, 15 November 2017 16:15

You Say Social Media like it’s a Bad Thing

How IT Incident Management Can and Should Be Supported with a Foundation of Automated Notifications

One of the most significant challenges in terms of IT incident management today has to do with the growing complexity of the environments themselves. As more and more mission-critical systems move into the cloud, the demands placed on IT managers have never been higher. These hardworking professionals are being asked to accomplish more with less on a regular basis, which itself becomes a major problem when disaster (as it often does) strikes.

In some ways, the solution to these issues is clear – IT professionals need a way to quickly, accurately and concisely communicate essential information to people at a moment’s notice. But what, exactly, is the best way to do that?

This problem has led to many unfortunate trends in the industry today. Many companies make the mistake of assuming there is a one-size-fits-all solution to automated notifications of this type. This fails to acknowledge the fact that every organization is different.



Monday, 13 November 2017 17:30

Improve Your IT Incident Management

Our people differentiate us from other products and services. While technology changes and is replaced on a daily basis, our experience and delivery continues to build over time. The team at Continuity Centers will consistently impress you with their knowledge, drive, and focus.

Our instant business recovery (IBR) is made of several parts that complete the whole. Each part works together to deliver a solution that keeps your business up and running through anything.

They include:



Monday, 13 November 2017 17:25

The Features of Instant Business Recovery

Bringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security

Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness.  Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security.  Building cohesion sounds fairly straightforward, but, in reality, it can be complex. From our experience assisting hospitals successfully tackle this charge, here are some practical steps to move toward an integrated approach to preparedness:

Start with Governance

Ideally, create a cross-functional steering committee that ultimately oversees all of these disciplines and has the authority to make risk-based decisions that takes into account analysis from across the preparedness landscape.  Again, this sounds simple, but it can be difficult to successfully achieve.  If it isn’t possible to work from one steering committee, try to align risk criteria across preparedness disciplines so that risks and considerations are assessed on a level playing field, ensuring the most critical issues are addressed first.



Event Pages Make Organizational Communications More Efficient

Whether it’s an emergency or a non-critical event, ongoing communications with employees is often necessary. AlertMedia is known for mass notifications, but we also support efficient communications throughout the life of any event – from planning through resolution.

AlertMedia recently unveiled its newest feature – Event Pages. This new event information hub can be found on your AlertMedia dashboard and can be utilized as a powerful, real-time two-way communication tool for administrators and employees to share pertinent information. Event Pages provides a single place to find everything related to a specific situation, with current and archived updates, documents, videos and photos, and resolutions.



Advance location alerting helps leaders know when to trigger emergency response plans

By Glen Denny, Baron Services, Inc.


Lately, on an increasingly frequent basis, weather events seem to dominate much of our news, with rising numbers of severe occurrences presenting fresh challenges for public safety officials dedicated to protecting lives and property. It doesn’t just appear that way, it’s an actual fact: Almost 80% of disasters faced by public safety and emergency management professionals today are weather-related. It’s not only dramatic, extreme storms that require advanced forecasting for efficient safety planning, it’s also the numerous, more common fog, rain, ice, snow, and wind events that often impact our daily lives.

In any community, these conditions can differ within neighborhoods, even street to street, and change minute to minute. For anyone involved in safety management—whether responsible for schools, hospitals, churches, companies, organizations, sports venues, pools, parks, or other public gathering sites—being able to monitor and stay ahead of rapidly changing weather at specific locations is a difficult, time-consuming job that can have serious life or death repercussions.

Accustomed to regional forecasting, public safety professionals have traditionally made the best decisions they can given the broad-based storm information they’ve received. But today, with severe weather events rising, they face a growing dilemma: What’s the best way to access customized, advance weather intelligence data specific to their area so they can enforce whatever timely and effective safety plans are necessary to protect their community and its assets?

Though emergency management professionals and public safety officials aren’t trained meteorologists, fortunately, thanks to modern weather data technology and improvements in the ease of access, they don’t have to be. A new system of data-driven, location-based alerts offers an innovative tool for safety management officials, delivering customized, active monitoring that triggers advanced emergency preparation plans addressing multiple weather hazards.

Web and mobile on-demand system alerts keep pace with changing weather conditions

Denny2America’s a big country, one that experiences nearly every weather event Mother Nature dishes out. Safety managers know that severe weather means different things to different regions across the U.S. and preventative plans must change accordingly. In Florida, emergency management professionals might seek weather alerts informing them when temperatures will fall below 40 degrees so they can implement plans to open homeless shelters or advise citrus owners to protect crops. In Arizona, public safety officials need to know when excessive temperatures might dictate additional safety measures to keep people cool, especially the elderly and very young.

Each region has a threshold for hot or cold, too much snow, too little or excessive rainfall. And although the big, headline-grabbing weather events like tornados, blizzards, hurricanes, and floods command attention, safety professionals require accurate weather intelligence affecting specific, localized areas where daily conditions have immediate impact on commuters and the public.

One provider of reliable, weather technology data is changing the way safety and emergency management professionals stay ahead of severe weather events. At Baron, a global leader in critical weather intelligence, scientists have teamed with seasoned meteorologists to develop a next generation tool, easily accessible to emergency safety managers and planners, advancing precision weather forecasting. Baron Threat Net’s web portal products offer public safety officials a comprehensive weather monitoring platform targeting street level views.

Threat Net’s high resolution, customizable mapping allows emergency managers to concentrate their attention on operational conditions impacting specific areas of concern, with user-friendly navigation and a pre-set feature allowing up to 20 site maps to be stored for future reference. How much rain has fallen, and how much is expected? Exclusive precipitation, accumulated precipitation and 24-hour accumulation forecasts keep users on top of possible flooding risks. Baron Threat Net’s Severe Threats allows simultaneous views of areas threatened by potentially damaging winds, flooding or hail. A Cloud to Ground Lightning feature shows real-time lightning strikes at street level. Using a combination of actual and forecasted products, the Road Weather/Conditions feature offers actual road condition alerts displaying a variety of concerns such as Patchy Ice, Flooded, Snow and Heavy Snow or just plain slippery road surfaces. Baron Threat Net’s complete tropical weather package tracks hurricanes and tropical storms, monitoring the latest maximum wind speeds, watches, warnings and storm surge conditions, making the information easily accessible.

Denny3To keep safety professionals informed in advance, Threat Net delivers customizable, pinpointed local alerts making officials aware of locations and assets in the path of impending, potentially dangerous, weather. Users select a location, identify the risk and choose a notification method—on screen, by email, or via push notifications to a phone—while the system, which includes patented Baron Safety Alerts and standard National Weather Service watches and warnings, automatically monitors that location. A companion app lets users access real-time weather conditions from any location, a valuable feature for safety departments sometimes short on personnel resources.

Proprietary, customized weather alerts safety management professionals can depend on

Local and regional safety managers are familiar with their area environment and the kinds of weather events making them most vulnerable. Most have been on the job for some time, and may have grown somewhat skeptical about the accuracy of long and short-term weather forecasting. They shouldn’t be. Advances in computing power, speed and forecast algorithms have dramatically improved weather forecasting technology, and today accessing that critical information is easier than ever.

That’s where Baron’s Threat Net products are making the biggest difference for safety management professionals. While traditional weather services are okay, none deliver the kinds of proprietary, customized weather alerts available through Threat Net & Pinpoint Alerting products. The proprietary alerts they provide supply pre-set custom alerting of 80 different weather conditions.

"When I'm in the field I use a lot of tools to help me navigate around severe weather, and the most reliable one is Mobile Threat Net,” says Martin Lisius, a Severe Weather Expert from Arlington, TX.

Denny4Safety personnel can receive customized forewarning of changing conditions invaluable for getting them ahead of weather events, helping them determine timing and scope of emergency response plans. And quite simply, the more advance notice officials get before dangerous weather arrives—the more accurate, granular and detailed that information—the better their response planning will be.

“Baron has a history of working with our partners to understand their needs and has developed customized alerts that pinpoint the exact timing and location of weather events that will impact our customers; many of these alerts go beyond the traditional weather warnings we are accustomed to receiving and focus on specific weather phenomena, such as hail and lightning,” says Bob Dreiswerd, Baron’s Chief Development Officer. “Baron also works with customers to develop alerts specific to their situation that focus on weather related events that directly impact their operations.”

Not your grandmother’s weather forecasts: incisive weather intelligence takes the ‘might’ out of forecasting

Baron’s suite of weather intelligence products offers safety officials user-friendly, data-informed alerts letting them know what’s actually coming, in many cases well before it arrives. The complete data set of customized tools can provide street-level road forecasts 24 hours in advance, deliver a tropical weather package tracking maximum wind speed, watches, warnings and storm surge, and even keep safety personnel informed during unpredictable emergency situations like hazmat spills or terrorism. With trains and trucks transporting hazardous materials through communities daily, Threat Net can help safety management professionals determine wind and rain conditions with potential to spread spills, smoke, gases or other toxic substances when and if spills occur.

Whether you’re a small-town mayor charged with knowing how much additional rainfall to expect in order to keep residents in the path of impending flooding safe, or an Emergency Management Coordinator like Rusty Chase of Isle of Wight County, VA, relying on Mobile Threat Net to make decisive plans based on its alerts, all safety management professionals need access to the best weather intelligence available today. “We saw dangerous weather on Mobile Threat Net and were able to give the schools adequate time to shelter children in the hallways during a tornado,” Chase says. “Had we released the kids to go home prior to my alert we would have had them on the roads and probably had injuries and fatalities.”

Relying on critical weather intelligence and customized alerts like these gives safety officials the confidence they’re using the most effective tool available for making informed planning decisions to secure the safety of their community. A recent example of the utility of Baron’s weather intelligence tools came with the arrival of Hurricane Harvey on the gulf coast. Threat Net’s live monitoring of Hurricane Harvey allowed users to prepare for the storm before it made landfall. While the storm’s impact couldn’t have been avoided, Threat Net’s prediction helped many people better prepare for Harvey’s force. When advanced technology produces weather data products capable of delivering customized advanced warnings today’s safety management professionals can depend on, why wouldn’t they?  

Fraud Frequently Asked Questions

1. What fraud issues should survivors be aware of after Hurricane Irma?
    There are a number of fraud concerns survivors need to be aware of to protect themselves:

  • Beware of individuals charging survivors a fee to apply for disaster assistance, receive a home inspection or install a blue tarp through the Blue Roof Program. THIS IS FRAUD. Federal workers NEVER solicit or accept money from applicants.
  • There are also reports of people registering for assistance using someone else’s information. If you suspect anyone of committing fraud and stealing your identity, report it to local law enforcement. You should also report it to:

a. The Department of Justice's Disaster Fraud Hotline at 866-720-5721 or email This email address is being protected from spambots. You need JavaScript enabled to view it..

b. If you discover that someone is misusing your information file a complaint with the Federal Trade   Commission through the website: IdentityTheft.gov.

c. You can also file a complaint with the OIG:

i. Online at the OIG’s website (www.oig.dhs.gov),
ii. Fax it to 202-254-4297, or
iii. Mail it to the DHS Office of Inspector General: Mail Stop 0305; Department of Homeland Security; 245 Murray Drive SW; Washington DC 20528-0305.

d. Make sure to alert the FEMA helpline to the issue as well by calling 800-621-3362.

  • Beware of robocalls from imposters. However, FEMA does plan to conduct outreach by autodialer, in some cases. If you are contacted, the phone number you should reply to is the FEMA Helpline: 800-621-3362 (FEMA).
  • Watch out for insurance related scams.

a. Notify your insurance company after a disaster.
b. Beware of imposters claiming to be FEMA representatives, asking for money to assist with the filing of federal flood claims.

2. How do I know if a FEMA representative is legitimate?

  • If you’re meeting a FEMA representative in person, ask to see their identification badge. All federal employees carry official, laminated photo IDs. FEMA shirts, hats and jackets do not make them official.
  • When a FEMA inspector comes to your damaged home, he or she will require verification of your identity, but will already have your registration number. Keep your FEMA registration number safe. Do not share it with others.
  • No federal government disaster assistance agency will call you to ask for your financial account information. If you’re unsure whether someone claiming to be a FEMA representative is legitimate, say you are hanging up and call the main FEMA helpline at 800-621-3362 to speak about the incident.

3. Do inspectors charge for an inspection?

  • Federal inspectors do not charge a fee at any time to inspect your property. FEMA and the Small Business Administration will never ask you for money.  Our inspectors never require banking information or payment in any form.
  • They also do not determine eligibility or dollar amounts of assistance.

4. What happens when a building contractor shows up, and says they were sent by FEMA?

  • FEMA does not send building or repair contractors. The job of a FEMA housing inspector is to verify damage. FEMA does not hire or endorse specific contractors to fix homes or recommend repairs.
  • If someone comes to your door and says that your home is unsafe, do not believe them and do not let them in.
  • Have an engineer, architect or building official inspect it. An unethical contractor may actually create damage to get the work.
  • When in doubt, report any suspicious behavior to your local authorities.

5. How do I hire a legitimate building contractor?
    Here are a few tips to consider when hiring a legitimate building contractor:

  • Always use a licensed local contractor backed by reliable references.
  • In Florida, contractors are required to carry general liability insurance and worker’s compensation.
  • Require a written contract with anyone you hire. Be sure to read and understand the contract. Never sign a blank contract and never pay more than half the cost of the job upfront. Be sure to get a written receipt for any payment.
  • If one estimate seems much lower than the others and sounds too good to be true, it probably is. Many unethical contractors provide low-ball bids that seem attractive. But the contractors are often uninsured and may charge substantial cancellation fees.
  • Never pay for work in full in advance. The Better Business Bureau recommends a consumer pay half or less of the contract price before the contractor begins repairs and the remaining balance once the work is complete and the owner is satisfied.

6. What should people who did not apply for disaster assistance do if they suspect that they are a victim of disaster fraud?

  • To report disaster fraud, contact The Department of Justice's Disaster Fraud Hotline at 866-720-5721 or email This email address is being protected from spambots. You need JavaScript enabled to view it..
  • Email FEMA’s Office of the Chief Security Officer (OCSO) Tip line at This email address is being protected from spambots. You need JavaScript enabled to view it..
  • You can also file a complaint with the OIG:

a. Online at the OIG’s website (www.oig.dhs.gov),
b. Fax it to 202-254-4297, or
c. Mail it to the DHS Office of Inspector General: Mail Stop 0305; Department of Homeland Security; 245 Murray Drive SW; Washington DC 20528-0305.

  • Contact the FEMA Helpline at (800) 621-3362 if you had not previously registered for FEMA assistance, and do not wish to register. They will not need to take further action. The original application will be locked to maintain a record of the potentially fraudulent file.

7. If I was a victim of disaster fraud, but I still need to apply for assistance, what should I do?

  • Contact the FEMA Helpline at (800) 621-3362 and tell them you have not previously registered for FEMA assistance and that you wish to register.

8. If I tried to apply, but the system said I have already applied, what should I do?

  • Contact FEMA’s Helpline at 1-800-621-3362.

9.  Will I need to wait until the investigation is complete, before I can register for assistance?

  • No. FEMA does not need to complete the investigation before you can have a new registration taken. However, FEMA will need to verify your identity.

10.  Is there anything else people should know?

       Unfortunately, scam artists may pose as government officials, aid workers, charitable organizations, or insurance company employees.

  • Do not respond to texts, phone calls or requests seeking your personal information. The only time you should provide personal information is during the initial application process for FEMA help or when you initiate contact with FEMA to follow up on an application. FEMA inspectors only require verification of identity. FEMA may call you by autodialer, in some cases. These calls will not request your personal information—you will only be asked to call the FEMA Helpline at 800-621-3362. 
  • Ask for identification and don’t be afraid to hang up on cold callers.
  • If you need to contact government agencies, use official information posted on their websites or in other verified sources.
  • Don’t sign anything you don’t understand or contracts with blank spaces.
Wednesday, 01 November 2017 16:42

FEMA: Fraud Frequently Asked Questions

Workplace safety is and will always be a pressing concern. According to a study conducted by the Occupational Safety and Health Administration, we’re making a significant amount of progress in that regard – from a certain perspective. In the four decades that OSHA has been working with state partners, employers and safety and health professionals around the country, worker deaths have fallen from 38 per day on average in 1970 to just 13 a day in 2015. Equally positive is the fact that worker injuries and illnesses are also way down, from 10.9 incidents per 100 workers in 1972 to just 3.0 incidents per 100 employees in 2015.

But one of the unfortunate facts about the modern era that we’re now living in is that the types of dangers that people are likely to face have evolved in a harrowing and unsettling way. People don’t have to worry about falls, being struck by objects, electrocutions or being caught in or between pieces of equipment anymore. They don’t have to worry about safety hazards that were not properly communicated or guidelines that were not adhered to.

With increasing and disappointing regularity, they’ve got to worry more and more about their own co-workers.



Tuesday, 31 October 2017 19:58

How to Spot a Potentially Violent Coworker

Thinking Outside the Box

One of the best ways to achieve ROI is to find ways to extend the use of an investment. You may have purchased software to do one thing and then found it could be optimized somewhere else. While this scenario may not happen frequently, it’s considered a victory when it does.

Emergency notification systems can easily fall into this category. We find most of our clients purchase our software in order to quickly and easily connect with employees when a critical event occurs. They want to eliminate all of the disparate communication systems in lieu of a single, integrated system that enables them to leverage one or several communication channels at the same time. They want to be able to segment their audience, pre-build their messages using templates, and in a click or two, know their message has not only been delivered, but received loud and clear. They want to be able to measure message open rates and constantly improve their emergency plans.

Well done, companies. You are prepared. But did you know you can use your emergency notification system for a whole lot more than emergencies? You can quickly increase ROI by maximizing your use of the software for any desired communication with a specific audience, internally or externally.



Imagine entering your workplace and being met with a sign instructing you NOT to turn on your desktop computers or dock your laptops until further notice. No network access; no email; no dependent application. Unfortunately, this was the actual scenario that played out for one global law firm, DLA Piper, who fell victim to the Petya cyberattack in late June. For this law firm, the loss of email services is devastating; and their email was unavailable for over one week.

The June 2017 cyberattack, known as Petya, affected major organizations throughout many industries. Global shipping conglomerate, Maersk, has estimated quarterly losses of between $200M-$300M, due to experienced interruptions. Large manufacturing facilities were brought offline for many days while working to re-establish critical systems.

Prior to Petya, in May, WannaCry spread worldwide and infected over 200,000 computers. In both cases, infected computers had their data encrypted and hidden from its owners until a ransom was paid.



In our experience consulting with universities, high schools, or elementary schools on Emergency Management preparedness, we have found a number of issues that come up on a regular basis. It does not matter if the institution is a private or a public school. Don’t wait for an event to happen to find out if your child’s school is ready.

Here are 10 questions you should ask to make sure your child’s school is ready for an emergency:



In the span of the last few decades, email has become a key communication avenue to coordinate case proceedings and counsel to a law firm’s clients and co-workers. Now more than ever, law firms are leaning on technology to deliver essential and innovative representation, but this is only possible so long as firms are connected to the internet.

Additionally, lawyers and partners may not always recognize the direct connection of their IT stance on email availability. When a technology disruption may impact access to email, it is critical to ensure proper budgeting and resources for IT systems and data protection—but this is where firms often fall short.



The connected world that we’re now living in, along with the Internet in general, has undoubtedly made our lives better in countless ways. Unfortunately, they’ve made our lives more dangerous, as well – particularly when you consider the current state of cybersecurity worldwide.

According to one study conducted by Panda Labs, there were 18 million new malware samples captured in the third quarter of 2016 alone. That number breaks down to an average of about 200,000 per day. Likewise, new and devastating techniques like ransomware are on the rise. More than 4,000 ransomware attacks occurred every day in 2016 – an increase of 300% over the previous year, according to the Computer Crime and Intellectual Property Section of the FBI.

Based on these stats, it’s easy to see why cybersecurity is such a rising concern among organizations in nearly every industry. But the most important thing for them to understand is that the hackers aren’t some group of cartoon super villains operating from a secret bunker somewhere. In truth, they don’t need to be. Cyber-attacks are far easier than that to pull off because of two unfortunate little words: Human Error.



The Problem with Emails

Emails. How many do you get each day? How often do you check them? When I say “check,” I mean read. The average time spent reading an email is 11.1 seconds and only five seconds for a text. With instant communications available via texting, instant messaging and social media, email is rapidly losing its charm, particularly amongst millennials.Email still has its place in the work environment for non-urgent messages and regular communications with vendors, customers or other businesses, but is it really the most effective way to notify employees of an urgent situation? Likely not.

There are several problems with emails, such as the sheer number of them we receive each day, (an average of 88, per one study), sending and receiving isn’t always instantaneous, and there is no guarantee the receiver will take the time to open and read it. If there is a network outage, you may never get your message across as it sits in your outbox indefinitely.

When it comes to emergencies, emails simply do not convey a sense of urgency. People assume they can get to an email whenever they get the chance, and only 30 percent of them ever get read. Few emails garner the same level of attention as a text alert or similar form of communication.



Friday, 20 October 2017 14:42


Working on cars can be quite the challenge. If you’ve got a project car that you’re hoping to get up and running, you probably want to control every aspect of what goes into it. From the engine to the tail lights, you’re willing to tackle every project head-on without any external help.

Until you get stuck on a problem that you’re not equipped to handle.

When you hit a brick wall, you can keep trying to fix the issue by yourself – which can be extremely frustrating. Or, you have the option to take your car to a master mechanic that can easily fix the issue for you.

It’s not unlike running your company. When you need IT support, what’s your best option for support? Most businesses have two distinct choices; either hire an in-house IT support employee (the DIY fix), or partner with a managed service provider (the master mechanic).

Though both options have their own pros and cons, one comes out on top for growing organizations that want to stay ahead of the curve.



One of the most important things to understand about working and operating in a healthcare environment is that emergencies are not a question of “if” – they’re a question of “when.” Events that impact patient care, employee safety and overall operations can happen suddenly and without warning. The key to continuing operations involves the ability of doctors, nurses, staff and leadership to respond to these events as quickly and as accurately as possible.

Part of success in this regard comes down to effective crisis communication – something that the Centers for Medicare and Medicaid is already emphasizing. It considers communication to be so pivotal, in fact, that it is one of the four main pillars of the CMS’ new Conditions for Participation for Emergency Planning, which MUST be in place for many types of healthcare organizations by November of 2017.

But just the ability to communicate in an emergency is not enough on its own – you need a system in place that will guarantee that the right message gets to the right people at exactly the right time, no exceptions. When it comes to accomplishing this mission-critical goal, more and more of today’s leading healthcare providers are turning to critical emergency alerting services.



Closeup view of an eighty year old senior woman's hands as she sorts her prescription medicine.

If you read our blog on a regular basis you can probably recite the mantra “Make a kit. Have a plan. Be informed.” in your sleep. You are probably familiar with the important items you should keep in your emergency kit – water, food, a flashlight, and a battery-powered radio. What you may not think about is personalizing your kit for your unique medical needs or the needs of your family. Particularly, including prescription medications and other medical supplies in your emergency kit and plans.

As a pharmacist whose job is focused on emergency preparedness and response, I want to give you 10 pointers about how to prepare your medications for an emergency so you can decrease the risk of a life-threatening situation.infographic illustrating an emergency kit.

  1. Make a list. Keep a list of all your medications and the dosages in your emergency kit. Make sure you have the phone numbers for your doctors and pharmacies.
  2. Have your card. Keep your health insurance or prescription drug card with you at all times so your pharmacy benefits provider or health insurance plan can help you replace any medication that was lost or damaged in a disaster.
  3. Keep a record. Make copies of your current prescriptions and keep them in your emergency kit and/or go bag. You can also scan and email yourself copies, or save them in the cloud. If you can’t reach your regular doctor or your usual pharmacy is not open, this written proof of your prescriptions make it much easier for another doctor to write you a refill.
  4. Start a stockpile. During and after a disaster you may not be able to get your prescriptions refilled. Make sure you have at least 7 – 10 days of your medications and other medical supplies. Refill your prescription as soon as you are able so you can set aside a few extra days’ worth in your emergency kit to get you through a disaster.
  5. Storage matters. Keep your medications in labeled, child-proof containers in a secure place that does not experience extreme temperature changes or humidity. Don’t forget to also include nonprescription medications you might need, including pain relievers, cold or allergy medications, and antacids.
  6. Rotate the date. Don’t let the medications in your emergency supply kit expire. Check the dates at least twice every year.
  7. Prioritize critical medicines. Certain medications are more important to your health and safety than others. Prioritize your medications, and make sure you plan to have the critical medications available during an emergency.
  8. Communicate a plan. Talk to your doctor about what you should do in case you run out of a medication during an emergency. If you have a child who takes a prescription medication, talk to their daycare provider or school about a plan in case of an emergency.
  9. Plan ahead. Make sure you know the shelf life and optimal storage temperature for your prescriptions, because some medications and supplies cannot be safely stored for long periods of time at room temperature. If you take a medication that needs to be refrigerated or requires electronic equipment plan ahead for temporary storage and administration in an emergency situation.
  10. Check before using. Before using the medication in your emergency kit, check to make sure the look or smell hasn’t changed. If you are unsure about its safety, contact a pharmacist or healthcare provider before using.


With the end of September’s National Preparedness Month, incident response professionals may get questions from colleagues about how their organization responds to natural disasters or other major disruptions.

Communications is an especially important element of disaster response. Small businesses may find calling trees sufficient, but larger enterprises and government agencies often depend on advanced communications and information technology.

Organizations have three options for deploying incident response communications infrastructure:



Emergencies Aren’t Biased

Small companies can fall victim to a dangerous mindset of thinking they are too small to take formal precautions against crises. They believe that fancy emergency notification systems are relegated to the companies with thousands of employees scattered around the globe. While the magnitude of the emergency may scale with the size of the company, even the smallest mom and pop company needs a plan and a system to communicate when an unexpected event occurs.

The truth is, emergencies can happen anywhere, anytime, to anyone. All we have to do is look at the crazy hurricane season we will thankfully see coming to an end in the coming weeks. Hurricanes Harvey, Irma, Maria and Nate paid no attention to whether or not the buildings they destroyed were owned by a large or small company. They didn’t care if four employees were displaced or 4,000. It was of no concern as to which streets would be impassable and how long the power would be out.



Blockchain technology related topics are gaining a lot of attention lately, most of the attention is focused on cryptocurrency such as Bitcoin.  Some predict it as the new internet revolution which could lead to new technological innovations in economics and social transformations.

Blockchain is running on a peer-to-peer network, with many distributed nodes and supporting independent computer servers globally.  Part of it is implemented without any centralized authority and has a built-in fraud protection and consensus mechanism, such as the concept of Proof-of-Work, where peer computers in nodes approve every requirement for the generation of a new set of transactions or block to be added to the database a.k.a. “Block Chain”.

It also has a built-in check and balance to ensure a set of colluding computers can’t game the system.  Blockchain also brings in an element of transparency, which reduces fraud as the entire chain is visible and auditable.






Disasters affect children differently than they do adults. Learn more about the unique needs of children during and after disasters. Just with all of the disasters in the United States alone, this issue is especially critical to help young ones cope.  The CDC has several great recommendations for the care of children at time of disaster.

Another organization, the Shenandoah Valley Project Impact, the Central Shenandoah Valley’s regional disaster preparedness and mitigation program developed a great set of children’s books both in English and Spanish to help families and their kids cope. You can download them here.



  • Children’s bodies are different from adults’ bodies.
    • They are more likely to get sick or severely injured.
      • They breathe in more air per pound of body weight than adults do.
      • They have thinner skin, and more of it per pound of body weight (higher surface-to-mass ratio).
      • Fluid loss (e.g. dehydration, blood loss) can have a bigger effect on children because they have less fluid in their bodies.
    • They are more likely to lose too much body heat.
    • They spend more time outside and on the ground. They also put their hands in their mouths more often than adults do.
  • Children need help from adults in an emergency.
    • They don’t fully understand how to keep themselves safe.
      • Older children and adolescents may take their cues from others.
      • Young children may freeze, cry, or scream.
    • They may not be able to explain what hurts or bothers them.
    • They are more likely to get the care they need when they have parents or other caregivers around.
    • Laws require an adult to make medical decisions for a child.
    • There is limited information on the ways some illnesses and medicines affect children. Sometimes adults will have to make decisions with the information they have.
  • Mental stress from a disaster can be harder on children.
    • They feel less of a sense of control.
    • They understand less about the situation.
    • They have fewer experiences bouncing back from hard situations.


This year’s hurricane season is like nothing in recent memory. With the country still reeling from Harvey, Irma, and Maria, everyone held their breath as Hurricane Nate headed toward states along the Gulf Coast this weekend. Those of us at IWCO Direct and Mail-Gard were especially anxious as a number of our colleagues and clients were making their way to New Orleans for the DMA’s &THEN Conference. Thankfully, Nate lost steam before hitting the mainland, but our team at Mail-Gard was prepared to help clients manage the print-to-mail operations of their critical communications at the drop of a hat if necessary. Today we wanted to briefly share how we prepare for a disaster declaration in advance of severe storms and natural disasters.

We start by doing our best to become meteorologists. We have a system in place to closely monitor weather patterns in regions where our clients are located in order to determine which ones may be in the path of a severe storm. We contact those clients well in advance to ensure they have our emergency declaration hotline information readily available. We also make sure our team is fully prepared to spring into action by alerting them to which clients may need to make a disaster declaration, so they can review those specific client requirements in advance. We also analyze our testing schedule to “clear the decks” so that we can devote our full energy to impacted clients.



By Pete Benoit, Enterprise Solutions Architect, iland

For veterans of the IT services industry, DR has always been a popular topic of conversation with potential clients. Those that have been around long enough will certainly remember how many of those conversations progressed.

Typically, it went something like this.

Potential Client: We’ve determined that our current IT infrastructure DR plan puts our business at risk and we are interviewing service providers to assess potential solutions.

IT Services Vendor: What are your infrastructure RPO and RTO targets?

Potential Client: Our CIO wants us to maintain a RPO/RTO of 4 hours or less.

It wasn’t that long ago that everyone in this conversation would have understood that the quote from the service provider was going to be well beyond what the client intended to spend as part of the overall IT budget. This was typical for both small and large environments. Inevitably, the parties would work backwards by decreasing the expected deliverables for the solution until an acceptable price point could be reached. Sometimes the solution met so few of the organization’s requirements, that the conversation would be abandoned with no action.

Was the CIO delusional for requesting such aggressive (for the time) SLAs? Of course not. The importance of the data and the underlying applications and infrastructure was self-evident. The reality was that, not only were the options to meet those goals extremely expensive, there was very little guarantee that it would work as planned when it came down to crunch time.

The reason for the expense was that each production resource had to be duplicated, to a certain extent, at the remote site. This infrastructure would need to be purchased or leased, co-located, upgraded and required experienced technicians to maintain. All of this in hope that it would never have to be used in a live situation.

Fast forward to the present and with the evolution of virtualized workloads, resource pools, metered billing and any to any replication technology, those RPO/RTO targets are now achievable and at a fraction of the cost. The underlying services billing model that makes this a reality consists of a reserved billing storage component for data replication and burstable billing compute resources that can be deployed on demand and be billed per hour of use.

Reserved storage provides a target storage repository sized to handle all replicated workloads plus potential growth dependent on changes in the production environment. Reserved storage is billed on a per GB per month basis. The storage reservation quantity can be increased at any time to mirror changes in the production environment.

Burst compute refers to on-demand CPU and RAM which are necessary to operate the virtual workloads during production failover or testing. Because replication is accomplished without live workloads, the burst compute resources are available on demand and no charges are incurred until the workloads are powered on. CPU is metered on average GHz of CPU used per hour. RAM is metered as average gigabytes (GB) consumed per hour. These burst compute charges are tallied and billed monthly. When testing or failback is complete, the resources are returned and the burst charges are no longer accrued.

While cost is still top of mind for IT Directors and CIOs, the conversations around solutions for IT's data protection and DR needs are drastically different. Reserved storage plus burst compute pricing for DRaaS allows IT organizations to execute a robust disaster recovery plan without having to pay for live compute resources waiting for use. The major obstacles to a credible DR solution, even for small businesses, have been mitigated by technology advances and wide spread adoption of said advances.

Once the question of cost has been addressed, the discussion moves to more important issues. How do end users connect to the DR environment once failover is complete? Does the recovery site adhere to the same security standards as my production environment? How is failback accomplished? These are just a few of many important questions not related to cost.

In conclusion, the reserved plus burst model allows customers to apply the advantages of two pricing models where it makes the most sense thereby protecting critical data without the burden of barely used, monthly infrastructure costs at the service provider location. A comprehensive solution will also provide assisted initial setup, volume discounts for storage, simplified day-to-day operations via a self-service console, straightforward network configuration, the option for customer initiated failover, as well as detailed billing, monitoring and compliance reporting.

Benoit PetePete Benoit is an Enterprise Solutions Architect at iland, currently based out of Dallas with over 20 years of experience in the IT Services industry including time with hardware vendors, VARs and IaaS providers. His career began in the US Air Force as a Communication-Computer Systems Operator before joining the private sector and moving to Texas in 1996. Pete has a wide range of industry experience as a technician, support engineer and solutions engineer and excels at customer service. A proud graduate of the University of Louisiana at Lafayette, Pete is a husband and father of two and enjoys golf and spending time with family and friends.

Case Study

OVERVIEW: Since 1933, the Jericho Fire Department has been charged with protecting its Long Island, New York community residents from the perils of fire and other emergency situations. The Department proudly provides Fire Prevention and Safety Education, Fire Suppression, Emergency Medical Services and Hazardous Materials response. Its staff of 36 dedicated employees and 94 volunteers valiantly serve the residents and businesses of the Jericho Fire District and, since its inception, the department has evolved into an all-risks emergency response agency, currently responding to about 1000 alarms each year. Together as a team they save lives, reduce property loss, and improve emergency services to meet the evolving life safety needs of citizens.

CHALLENGE/OBJECTIVE: As is the case with so many Fire Departments, maintaining control over the myriad keys kept at a firehouse can be challenging. It's critical to be able to have quick, but at the same time, controlled access to some of the keys. John O'Brien, Jericho Fire District Supervisor, chose to demo the MedixSafe Key Care Cabinet to determine if it would meet the Department's key control needs. The Department already had a MedixSafe Narcotics Cabinet/Safe in their ambulances and firehouse, which has been instrumental in securing their emergency response narcotics and making them available only to the advanced life support personnel authorized to administer them in an emergency. "It's been great," O'Brien notes. "There is no key to override it, and it provides an audit trail of who has accessed the safe and when. So when the Key Care Cabinet became available, we were eager to demo it."

KeyBox6SOLUTION: O'Brien reports that "We loved what we saw, because key control was an issue, and knowing who is in the key cabinet and when is so important. The Key Care Cabinet gives us the ability to track that, as well as the capability to restrict access to those not of the rank to have access." The MedixSafe Key Care Cabinet is electronically controlled and allows the user to not only organize their access keys, but to control them, as well. A 'key' feature that differentiates the MedixSafe Key Care Cabinet from low-end key cabinets is that it enables more secure access.

Because a single PIN can be easily compromised, dual, triple or biometric authentication credentials are required before access to the Key Care Cabinet is granted. Users can opt to go with a fingerprint and PIN combination, key card and PIN combination, or a key fob and PIN combination.

It accommodates over 1,000 individual users and provides an audit trail history of up to 50,000 events. The Key Care Cabinet is accessible via a remote Ethernet network and also has a manual key override. This ensures that the cabinet can still be accessed via a single key in the event of an electronic failure.

KeyBox3BENEFITS: The ability to control access to crucial keys is among the most significant benefits the Jericho Fire Department is reaping from the MedixSafe Key Care Cabinet. Certain keys are especially important to store, O'Brien points out, including the Department's radio keys, auxiliary vehicle keys as well as keys to the fuel pumps. "Probably the most important," he says, "Are the keys for the sirens, which always need to be found quickly." There are also outside vendors the Department works with, and some of them need access to keys, as well. "My radio repairman, for instance, needs access," he adds. "We operate the radios, but he repairs them!" O'Brien adds that the software is very easy to operate, and the overall operation is extremely user-friendly. "It's really just some data entry, and our system is wireless, which made it easy to install. All we needed was a power outlet."

"The Key Care Cabinet would benefit firehouses everywhere," he says. "It ensures the security of the most important keys, and gives you the ability to control and track who's accessed those keys. I highly recommend it."

ABOUT MEDIXSAFE: A leader in the access control cabinet market, MedixSafe began designing and manufacturing narcotics control cabinets in 2008. The first narcotics control cabinets were designed for the EMS market to be used in ambulances. Based on customer requests, MedixSafe designed and built different sized cabinets to meet their varying needs. MedixSafe caters to the key control needs of doctors, dentists, veterinarians, university research departments and schools of medicine, hospitals, the U.S. Army, U.S. Navy, pharmacies, and more. For more information, visit http://medixsafe.com/


Hackers prey on complacency like thieves checking cars in a parking lot: They don’t have to break windows if you leave the doors unlocked.

They bet organizations won’t make simple software updates, and they’re often right.

Just look at the WannaCry attacks earlier this year. The ransomware was designed to exploit a known weak spot in Windows—one for which Microsoft had issued a patch months before. Thousands of victims, who didn’t install the updates, were left with a tough choice if they didn’t have backups in place: Either pay a Bitcoin ransom to unlock their data or say goodbye to that information.

Maybe we ignore regular updates because we’re too busy, or we don’t think they’re necessary. Or we see the pop-ups so often, we don’t give them a second look before we dismiss them.

But regular updates are a crucial part of your cyber security—well worth the 15 minutes it takes to install them. Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

Patch Updates FINAL100dpi

Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

F17 01

F17 02PHOENIX, Ariz. – Fall World 2017 was another great success for Disaster Recovery Journal, marking the 57th conference for the business continuity industry’s premier event.

More than 700 attendees joined speakers, board members, and exhibitors from around the globe at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Arizona, Sept. 17-20, 2017. The three-day event featured 62 sessions, a concurrent exhibit hall with almost 100 booths, and numerous networking events.

F17 03“The venue was just very well received again this year,” said DRJ President Bob Arnold, looking over attendee evaluations after the show. “The numerous networking opportunities seemed to be very popular with attendees too. Our topics always get very high marks but the food was at a higher level than we’ve seen. JW Marriott does a good job. It’s a great venue.”

The conference took place just days after two major hurricanes and days ahead of more earthquakes and hurricanes.

“In the wake of Hurricanes Harvey and Irma, the subject was a major topic of discussion among our speakers, vendors, and attendees,” said Arnold. “We plan on covering details as lessons learned come out of these events.”

The senior advanced track was very popular with practitioners as well. This special track allows the industry’s most advanced planners to interact with C-level personnel and other advanced practitioners.

“The senior advanced track is a good balance between IT and the organizational side,” said Arnold.

F17 04DRJ Fall World 2017 gold sponsor Fusion Risk Management hosted the Monday Night Hospitality event, featuring food, drinks, dancing, and giveaways. Silver sponsors included eBRP Solutions, Firestorm, IBM Resiliency Services, Onsolve, Regus, RSA, Strategic BCP, and SunGard Availability Services. Co-sponsors included Agility Recovery, AlertMedia, Avalution Consulting, BC in the Cloud, ContinuityLogic, Fairchild Consulting, Kingsbridge Disaster Recovery, Mail-Gard, Quantivate, Recovery Planner, Rentsys Recovery Services, RES-Q Services, Ripcord Solutions, and Virtual Corporation. Business partners include Business Continuity Institute (BCI), Forrester Research, International Consortium for Organizational Resilience (ICOR), and Public & Private Businesses Inc. (PPBI).

F17 05“I want to thank all of our sponsors and exhibitors for helping us provide so many networking opportunities with attendees and vendors,” said Arnold. “We were really happy with everyone who joined us for another great show in Phoenix.”

F17 08In addition to several individual vendor drawings, attendees raked in 18 of the hottest technology items at the DRJ booth as part of the exhibit hall raffle. Grand attendance prize drawings also went to Chuck Robertson, Donna Turner, and Melanie Lightfoot Wednesday morning before the final general session. All three attendees win a free pass to a future DRJ conference.

Check out the DRJ.com Live page for more photos, tweets, and other details from DRJ Fall World 2017.

F17 10DRJ is now preparing for its next conference, DRJ Spring World 2018, which will be held March 25-28, 2018, in Orlando. Potential speakers have until Sept. 29, 2017, to submit a Call For Papers presentation.

To attend DRJ Spring World 2018, visit https://www.drj.com/springworld/.

Hotels & Travel
Pre/Post Classes
Key Contacts
ROI Toolkit

F17 13

Monday, 25 September 2017 22:35

DRJ Fall World 2017 Another Great Success

Don’t be Caught Unprepared

An emergency is defined as “a serious, unexpected, and often dangerous situation requiring immediate action.” The key word here is “unexpected.” An emergency is an emergency because it is not predictable – but it can be planned for if you understand your most likely threats.

As we are in the heart of hurricane season and have witnessed perhaps two of the worst hurricanes on record, we can all agree Harvey and Irma presented urgent situations. The good news about hurricanes, however, is that they are rarely unexpected. Thanks to modern technology, we have time to plan. We may not know what to expect, we do have certain steps we can take to ensure we come out of it alive, if not well.

The same goes for organizations designing their emergency response strategy. Not every situation can be predicted, but it’s wise to assess your current risks and make plans on how you would respond.




Hurricane Maria hit the Caribbean on Monday causing widespread damage throughout the US Virgin Islands, Dominica and Puerto Rico. Communications prior to the storm appeared clear and concise. Residents were warned to prepare and take shelter however, considering the damage left by Hurricane Irma just two weeks ago, the risk to lives and infrastructure was even higher.

Whilst news reports are showing the destruction from afar, one of the problems being faced by those affected in the Caribbean is a wide-scale loss of communications, meaning rescue operations and external aid missions are hindered, and communities face periods of time where contact with relatives and friends is impossible.

During a crisis, what are the repercussions of limited communications? Some communication outages can be repaired reasonably quickly by fixing damaged phone lines or restoring power to servers, however the long-term effects can be much more severe. If cables are damaged, major repairs can be needed which could take weeks or months to facilitate. The human effects of communications outages can also be damaging to communities by heightening a sense of panic. Whilst it’s important that members of the community can contact their colleagues, friends and family; the relief effort of emergency services must be a priority and without consistent communications, these efforts can be negatively impacted or even made impossible.

In the business continuity and resilience sector, having back-up systems and data sets is one of our key drivers. By having multiple sources of communication, for example, wireless and cable, communities and organizations are more likely to maintain access to at least one source and reduce any backlog of communications, therefore increasing the speed and effectiveness of the response effort.

At present, disaster recovery efforts appear to be heavily focussed on organizations, human welfare and infrastructure. However, the loss of communications is a problem which could be avoided. With the emergence of new technologies and a deeper understanding of these technologies, it should be possible to safeguard communications against the effects of a disaster by prioritising the implementation of multiple communication methods before a disaster becomes a crisis. 

Download the attached files

PDF documents  

The Business Continuity Institute

Climate change is seen to be one of the main challenges for the future, with the consequences of extreme weather events ranked the number one cause of business disruption.

The BCI Long-Term Planning Report, sponsored by Siemens, explores the attitudes and behaviours linked to long-term planning in the Benelux region and beyond, and considers how organizations prepare for future challenges related to climate change as well as how to they perceive their impact.

The results show the outstanding importance of long-term planning, horizon-scanning, and collaboration, as key elements when preparing for, responding to, and recovering from weather related disruptions. Download the full report and discover all the results.

Monday, 25 September 2017 15:28

BCI Continuity Planning for Climate Change

The Business Continuity Institute

2017 marks the 16th anniversary of the 9/11 terror attack. On the 11th September, 2001, two planes flew into the Twin Towers in the centre of New York, a third targeted the Pentagon in Washington DC and a fourth plane crashed in a field in Pennsylvania. The ongoing impact of the attacks is still widely spoken about today, and they brought to light the importance of planning and business continuity.

We focus, as business continuity professionals, on the importance of a variety of factors and one of the keys to embedding business continuity in your organization is staff welfare.

Staff welfare is ensuring that your staff not only feel supported during a disruption, but that they understand their roles and responsibilities during a disaster. If employees and stakeholders aren’t supported and their needs not met, can an organization guarantee that they will respond proactively to a disaster? Following the 9/11 attacks, major organizations affected have incorporated welfare plans into their BC plans.

Morgan Stanley was one of the organization’s affected by the 9/11 attacks and in the years following, talked about how their staff welfare took precedence. Within 20 minutes of the attack, most members of staff had been evacuated and within one hour of the attack, staff were relocated and backup systems were operational.

Robert Scott, COO of Morgan Stanley at the time, credits this success to their plans, exercising programmes, and personnel. By training senior managers and staff to respond to disasters, they were indeed prepared. They put the welfare of their staff above financial security and as a result, were able to resume business as soon as possible.

In an interview with the Harvard Business School, the COO stated "I am most proud that the clear, collective, first priority of senior management was the well-being of the people who work for Morgan Stanley." The resumption of their business is testimony to this approach.

Although each organization works differently and prepares for disruption in different ways, many can learn from this approach. The responsibilities of preparedness lie not only with management, but with every stakeholder associated with an organization and it is vital that business continuity and resilience professionals continue to endorse the importance of planning by demonstrating improvement through lessons learned and vigilance during times of uncertainty. 

Download the attached files

PDF documents  

The Business Continuity Institute


Mexico is waking up to widespread disruption and damage following a 7.1 magnitude earthquake.

The country is prepared for this type of disaster. All across Mexico, regular drills are practiced to ensure people are prepared for natural disasters, however this time it wasn’t a drill. The widespread damage is yet to be fully reported on and it’s likely that we won’t know the extent for days, weeks and even months, however their initial response appears proactive and positive.

In August 2017, the U.S. Department of Defense undertook an exercise designed to prepare the military and residents for a possible 7.0 magnitude earthquake. They followed their plans to the letter; escalating the disaster from local to county authorities. Once these county authorities could no longer manage the exercise scenario, it was escalated to state authorities and as a final escalation, the federal government was involved. According to Army Col. Barry Graham; “… I think it has been a great exercise and everyone has gotten something out of this training. New Mexico is very prepared because of this exercise."

Residents across the US and Mexico are also exercised regularly, undertaking drills which educate them on how to respond to a variety of scenarios. During these exercises, a 30 second warning is given and they are instructed of where to go and what to do depending on the type of disaster being exercised. This time however, there was no warning. The first the residents felt was the tremor. 

As this disaster becomes a reality with uncanny resemblance to their most recent exercise, how are local, state and federal authorities responding? Alfredo del Mazo Maza, the State of Mexico’s governor has invoked their disaster response plan; ordering schools to close and public transport to operate free of charge to allow residents to travel safely. Emergency services and volunteers are also in place working around the clock, searching the rubble for survivors. The extent of the damage and the widespread panic may hinder the recovery process, however even in the first 24 hours following the disruption, it appears that their widespread preparedness and exercising schedule will play a vital role in their recovery as a whole. 

Download the attached files

PDF documents 

The Business Continuity Institute


Having related but different disciplines work together, such as information security and business continuity, is the key for building resilience at an organizational level

Caversham, 19rd September 2017 –The Business Continuity Institute (BCI), in association with Mimecast, have published the BCI Information Security Report 2017. Cyber-attacks, such as the recent WannaCry ransomware attack, cause great disruption and financial loss, meaning organizations need to focus on collaboration as a key driver for building information security which is an important component of organizational resilience. 

The BCI Information Security Report looks to benchmark how organizations handle sensitive data and how resilient they are when it comes to data protection. The survey assessed 369 organizations in 63 countries worldwide on the different solutions and key drivers on which they build information security. 75% of organizations report the use of internet-connected devices at least once daily which demonstrates the pervasiveness of technology and how crucial it is to keep these devices secure. The results also showed that, top management commitment is pivotal in building information security across the organization. Compliance with legislation alongside organizational policies – such as staff training, company regulation etc. – and financial investment in information security, were also key drivers for information security in organizations. 

What stands out the most from the report is the concept of collaboration. Indeed, having collaboration among management disciplines and teams plays an essential role in tackling information security challenges, but it also helps when building organizational resilience. Therefore, business continuity professionals, with their expertise in dealing with disruption, should engage with related disciplines. Collaboration involved organizational change and effort, but the benefits deriving from it should be the motivation behind taking action. 

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

Wednesday, 20 September 2017 16:32

BCI Information Security Report

The Business Continuity Institute


In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis.

Our annual emergency communications survey, sponsored by Everbridge, aims to benchmark the emergency communication arrangements of organizations in different sectors worldwide. Please do support the valuable research work of the BCI by completing the survey which you can find by clicking here. As an added incentive, all respondents will be entered into a prize draw to win a £100 Amazon gift card.

Tuesday, 19 September 2017 19:22

BCI Emergency Communications Survey 2017

Dallas Area Rapid Transit (DART) & STORServer



Organization: Dallas Area Rapid Transit 

Industry: Regional transit agency 

Location: Dallas, Texas, USA 

Size: Serves more than 220,000 passengers per day



  • Upgrade older data backup appliance and software
  • Platform stability and system supportability
  • Turnkey solution that includes installation, implementation, training and maintenance support
  • Seamless integration with existing data backup configuration for its radio and CAD/AVL bus dispatch system 



STORServer EBA852 enterprise backup appliance with Storwize® V3700 20TB Disk Storage IBM TS3100 tape library


Dallas Area Rapid Transit (DART) was ready to refresh its existing data backup appliance and software to take advantage of the newest IBM Spectrum Protect™ features and STORServer’s turnkey solution. 

Since the initial implementation STORServer completed for the regional transit agency in 2010, the features of the IBM Spectrum Protect, formerly IBM® Tivoli® Storage Manager (TSM), software have been greatly enhanced, including the change of the underlying software database to DB2®. The availability of this robust DB2 database, as well as IBM Spectrum Protect’s new deduplication feature designed to reduce backup storage requirements, prompted DART to upgrade its existing data storage configuration. 

It was imperative to select the right partner for its data backup needs, as DART relies heavily on the data collected and reported by its radio and CAD/AVL bus dispatch system. The data tracks important metrics like on-time performance, which is analyzed and used in planning for scheduling, route assignments, vehicle assignments and to make other critical decisions.

“Knowing our main priority was to ensure platform stability and system supportability, STORServer carefully considered our current needs while also recommending scalable solutions that will allow us to easily accommodate potential future needs as our data backup requirements change over time,” said David Bauchert, senior control systems programmer, Dallas Area Rapid Transit.

Because the existing configuration STORServer installed and implemented had worked seamlessly with the agency’s data backup needs for this dispatch system, DART’s IT team trusted STORServer’s recommendations for this upgrade. 


The Solution

STORServer helped DART implement a new backup appliance and transition an existing tape library to serve as the disaster recovery target for its backup data:


  • Primary BackupSTORServer EBA852 – This enterprise backup appliance with SSDs enabled the agency to take advantage of new features, like deduplication, now available in IBM Spectrum Protect. The IBM Spectrum Protect database is now housed on SSDs in the appliance with faster processing power. In this configuration, 20TB of Storwize® V3700 disk storage was included. The primary backup data is kept on disk for quick restore and to take advantage of Spectrum Protect’s deduplication feature, which reduces backup storage requirements. This configuration also includes IBM Spectrum Protect Suite licensing, which offers simplified pricing and licensing with a tiered per-terabyte metric. This licensing enables the agency to have access to a suite of backup software products, including database and mail agents, along with IBM Spectrum Protect™ for Virtual Environments, should the agency need to enable that in the future.
  • Disaster Recovery:  IBM TS3100 Tape Library – This entry-level tape library, which was previously installed by STORServer in 2010, is now used for disaster recovery copy purposes. Reusing this existing library provided flexibility and reduced the costs associated with the appliance server refresh. As part of the agency’s disaster recovery plan, the tapes are taken offsite every day. Incremental backups also take place daily. The appliance server and configuration recommended by STORServer allows DART to plan for future data growth, as additional external storage can be added as needed to the appliance server. With the newest Spectrum Protect and STORServer Console (SSC) versions included as part of this upgrade, DART can now manage and move its data more efficiently. Highly scalable to future-proof the agency’s needs, Spectrum Protect also reduces backup and recovery infrastructure costs. SSC is designed to let administrators configure and manage their Spectrum Protect environment with a single, intuitive user interface. It also helps users save time, reducing daily administration tasks to less than 30 minutes per day. 


The Results 

  • Fifty-nine percent data deduplication savings for a deduplication ratio of 3:1 
  • Even as DART experienced 40 percent data growth since the implementation, the deduplication capabilities enabled them to use 38 percent less storage. 
  • Reduced overall costs for data protection by removing redundant data 
  • Data is now moved more efficiently, allowing for best implementation of data protection business practices. 
  • Automated delivery of daily reports allows for easy review and confirmation that backups have completed successfully. These reports can be individually tailored and distributed to multiple levels within the organization.


“It’s been incredibly advantageous for us, both from a cost and time perspective, to have access to IBM Spectrum Protect’s deduplication capabilities. We’ve experienced substantial savings in storage since then. Previously, we were running at 100 percent of our disk capacity, and now we are only using 26 percent of it,” added Bauchert.



STORServer is a leading provider of data protection solutions and offers the only enterprise data backup appliance that is built to order. Each backup appliance solution is tailored to the customer’s unique environment to simplify management of complex backup, archive and disaster recovery needs. STORServer’s appliances feature enterprise class data backup, archive and disaster recovery software, hardware, services and U.S.-based customer support. STORServer is proud to now offer SoftLayer® containers and DRaaS in SoftLayer virtual machines. Companies of all sizes trust in STORServer’s proven appliances to solve their most complex data protection problems. For more information on STORServer, please visit storserver.com.

storserver.com (800) 550-5121 Copyright 2017 STORServer, Inc.

IBM, IBM Spectrum Protect, DB2, Storwize, IBM Spectrum Protect Suite, IBM Spectrum Protect for Virtual Environments are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. SoftLayer is a registered trademark of SoftLayer, Inc., an IBM Company.

The Business Continuity Institute

Quite often with cyber security, the public sees what might appear to be a game of cat and mouse: the perpetrators (bad guys) attack, then the cyber security establishment (government, private companies, and so on; the good guys) defend and try to plug, patch, and repair the problem after the fact. What we are missing in this picture—what may not be reported, or underreported - is how many companies and organizations are unaffected, as well as those who may have been impacted but are hesitant to admit this and risk bad publicity.

The latest example of this is the WannaCry attack, which now looks like it came from the North Korean-affiliated Lazarus group. This attack would have been defeated if organizations simply allowed computers running Microsoft-based operating systems to install the update that would have fixed the vulnerability. With personal computers, most users allow this to operate automatically, but with corporate computers this task is generally taken care of by an IT department that often runs several versions of Windows behind.

It is interesting that, according to reports, this ransomware attack - which claims to encrypt all of users’ files and offers a payment-based decryption service to restore them - has only generated $50,000 in ransom. However, it is our guess that this number is severely underreported; we have found few people like to admit to having been a victim of this kind of attack, just as users affected by Nigerian scams often deny being victims. It’s also interesting to speculate whether people will continue to pay any ransom given that, according to reports, no one who’s paid the ransom thus far has had their files decrypted.

How can organizations break this vicious cat-and-mouse cycle? One way to effectively build and maintain organizational resilience on an enterprise level is creating a cyber security program that repels and recovers from cyber attacks, following the Four Rs of Resilience: Robustness, Redundancy, Resourcefulness, and Rapidity. For our purposes with regards to WannaCry, let’s focus on just two factors: Robustness and Redundancy.

Robustness is the ability of systems and elements to withstand disaster forces without significant degradation or loss of performance. The simple fix here is making sure all operating systems are updated, including any systems by vendors, home systems that may be used (or prevented from accessing corporate systems) and tertiary systems an organization relies on. More sophisticated solutions such as software defined perimeter would also have prevented the attack, by establishing a dark layer and credentialing process, restricting access.

Redundancy is the extent to which systems and elements or other units are substitutable or capable of satisfying functional requirements, if significant degradation or loss of functionality occur. Regular backups would remove the concern about having data encrypted or destroyed as users could just retrieve the same data from their backup.

So in short, what’s the best way to keep your personal and organizational data safe in the age of WannaCry? It may seem simple, but it’s the most basic cyber security advice for a reason: update and backup your files. Frequently.

Andrew Boyarsky and Douglas Graham are the academic director of the master’s program in enterprise risk management at the Mordecai D. and Monique C. Katz School of Graduate and Professional Studies at Yeshiva University and an advisory council member at the Katz School, respectively. The opinions expressed above are solely those of the authors and should not be attributed to Yeshiva University.

The Business Continuity Institute

Lax approaches to popular threats such as email attachments, and inadequate threat-awareness, poor work-practices and out-of-date technology, are exposing organizations to hacking, ransomware and zero-day attacks, says a report published by Glasswall Solutions.

Your employees won't protect you noted that the vast majority (82%) of respondents to a survey usually or always opened email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks. Of these respondents, 44% open these email attachments consistently every time they receive one, leaving organizations highly vulnerable to data breaches sourced to malicious attachments.

"Employees need to trust their emails to get on with their work, but with 94% of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers," said Greg Sim, CEO of Glasswall Solutions. "Conventional antivirus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom."

A large majority of workers could at least identify characteristics of a phishing attack, with 76% acknowledging that they had received suspicious attachments. However, the survey also found that 58% of respondents usually opened email attachments from unknown senders, while 62% didn't check email attachments from unknown sources, leaving businesses open to breaches from documents carrying malicious exploits hidden inside common file-types such as Word, Excel, PDFs and more.

These findings help demonstrate why cyber attacks and data breaches are such a concern for business continuity and resilience professionals, as highlighted in the Business Continuity Institute's latest Horizon scan Report. It also reinforces the theme for Business Continuity Awareness Week which highlights that cyber security is everyone's responsibility, and with a little more awareness on the right policies and procedures, we can all play a part in building a resilient organization.

"This research confirms anecdotal evidence that, although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems," said professor Andrew Martin at the University of Oxford. "Technology that's fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs."

This implicit trust in both familiar and unknown emails stands in direct contrast to the scale of threats delivered via email. Despite thousands of attacks launched every year against businesses, only 33% of respondents maintained that they had been victim of a cyber attack. And almost a quarter (24%) said they did not know if they had been attacked or not.

North American insurers lead the way in IT spending globally and will invest $73 billion in tech areas such as data analytics, cloud, and insurtech in 2017.

Digital Insurance reports that global IT spending by insurers is slated to reach $185 billion by the end of this year, according to the Celent “IT Spending in Insurance 2017” report.

After North America, insurer technology spending by region is as follows: Europe ($69 billion); Asia ($33 billion); Latin America ($5 billion); then a group of territories comprising Africa, the Middle East and Eastern Europe (around $5 billion collectively).



There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.

Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.

The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?



The Business Continuity Institute

Cyber espionage is now the most common type of attack seen in manufacturing, the public sector and education, warns Verizon's latest Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cyber criminals. Nearly 2,000 breaches were analyzed in this year’s report and more than 300 were espionage-related, many of which started life as phishing emails.

In addition, organized criminal groups have escalated their use of ransomware to extort money from victims with this year’s report showing a 50% increase in ransomware attacks compared to last year. Despite this increase and the related media coverage surrounding the use of ransomware, many organizations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyber attack.

“Insights provided in the DBIR are leveling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyber attacks and more effectively mitigate cyber risk. By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile.”

Cyber security is also a major concern for business continuity professionals, with cyber attacks and data breaches featuring as the top two threats yet again in the Business Continuity institute's latest Horizon Scan Report. It is for this reason that it was chosen as the theme for Business Continuity Awareness Week 2017 with the intention of improving an organization's overall resilience by enhancing its cyber resilience, and recognising that people are key to achieving this.

“Cyber attacks targeting the human factor are still a major issue,” says Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. “Cyber criminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”

With 81% of hacking-related breaches leveraging either stolen passwords and/or weak or guessable passwords, getting the basics right is as important as ever before. Some recommendations for organizations and individuals alike include:

  1. Stay vigilant - log files and change management systems can give you early warning of a breach.
  2. Make people your first line of defence - train staff to spot the warning signs.
  3. Keep data on a “need to know” basis - only employees that need access to systems to do their jobs should have it.
  4. Patch promptly - this could guard against many attacks.
  5. Encrypt sensitive data - make your data next to useless if it is stolen.
  6. Use two-factor authentication - this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security - not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cyber criminals who will move on to look for an easier target," concludes Sartin.

Sixty-four percent of security professionals doubt their organizations can prevent a breach to employees' mobile devices, a recent Dimensional Research survey [PDF] of 410 security leaders found.

The survey, sponsored by Check Point Software, also found that 20 percent of businesses have experienced a mobile breach, and another 24 percent don't know, or can't tell, whether they've experienced one.

Strikingly, 51 percent of respondents believe the risk of mobile data loss is equal to or greater than that for PCs.

"Perhaps the high level of concern is based on the frequency of mobile device loss or theft, as well as the limited security measures companies use to protect enterprise mobile devices," the report states.



The Business Continuity Institute


We have recently seen how quickly a crisis can impact on a business if not managed correctly by placing people at the heart of a crisis response.

The appalling treatment of a United Airlines passenger and the subsequent response from the company, showed a complete disregard for the very people who pay the wages, its customers. 

As crisis managers we all advocate the importance of plans and procedures to ensure that in the event of something going wrong, the crisis management teams responsible have a framework to guide them, however, at the heart of this has to be the right culture.

The power of the internet is immense and you only have one opportunity to set the tone of your response when something does go wrong. You should have clear processes, procedures and ways of working that staff fully understand, but most importantly you must have a culture that ensures that people are at the heart of what you do. 

If your customers are your number one priority, regardless of the nature of the incident, it is very likely your crisis managers will respond with that in mind.

I was reading an article during the past week written by Michael Balboni of Redland Strategies, and one of the keynote speakers at last year's BCI World Conference, where he highlighted the four key points to consider in your crisis communications. These points can be summarised as:

  1. Try to get out ahead of the story with statements like, "We are also concerned about the events as reported and are conducting an investigation."
  2. Whatever the message, be consistent. Changing statements leaves room for doubt on a whole bunch of aspects.
  3. Never attack the victim! Ever! The customer is the only reason that a business is in business, or a government official is in office.
  4. Respond to the internet firestorm with facts and apologies and a description of how you will try to prevent this situation from ever repeating. Never try to block people from commenting.

When you are next reviewing your ways of working and approach to crisis communications make sure you keep this in mind. Most importantly though remember: “It is not the employer who pays the wages. Employers only handle the money. It is the customer who pays the wages” --- Henry Ford.

Are you satisfied that your company culture sets the right tone to respond effectively to a major incident or crisis event?

Chris Regan is the Director of Blue Rock Risk Limited a specialist crisis and risk management consultancy. Chris works with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted by email at This email address is being protected from spambots. You need JavaScript enabled to view it. or by telephone 0117 244 0154.

The Business Continuity Institute

Ever wondered what all the different terms or acronyms relating to business continuity mean? Now the Business Continuity Institute has made it easier for you to find out with the creation of its joint BCI DRJ Glossary of Business Continuity Terms.

This new glossary is a result of merging the definitions from the ‘Business Continuity Glossary by DRJ’, the BCI’s Dictionary of Business Continuity Management Terms and the glossary in the Good Practice Guidelines.

The combined glossary contains all terms approved by the DRJ Editorial Advisory Board’s Glossary of Terms Committee, which includes representation from the BCI. This joint effort is evidence of the continuing and deepening partnership between DRJ and the BCI. The glossary is one of many resources available as part of our knowledge bank, and it can be downloaded from the BCI website.

The Business Continuity Institute

It seems impossible to think about preparedness planning without thinking about time. Time is often at the very heart of any discussion of business continuity and IT disaster recovery. Nonetheless, there are deep flaws in the continued attempts to incorporate it into preparedness planning. These flaws lead to frustrated participants, disengaged managers, wasted effort and dubious outcomes. However, these flaws are avoidable and correctable.

In the latest edition of the Business Continuity Institute's Working Paper Series, David Lindstedt asserts that time is not a target; rather, it is a constraint. While it has its place in preparedness planning, time does not warrant its central focus in our methodology or practice.

Deborah Higgins FBCI, Head of Professional Development at the BCI, commented: "I welcome this paper as it challenges our thinking associated with preparedness planning. I see this work as a fantastic opportunity for fellow professionals to share their own experiences and explore how the theoretical arguments posed in this piece translate into practice."

"I would be happy to get your feedback on this as your engagement will ultimately drive our profession forward – considering the thorny problems we face together and applying our collective expertise to improve current practice."

The paper concludes that, when considering time, "it depends” is now a perfectly acceptable answer from the planning participant, and accepting this answer allows the planning practitioner to be more receptive, adaptive, and effective. The approach enables participants to self-assess restrictions rather than relying on the practitioner to facilitate the assessment of time requirements, thus allowing the practitioner to engage at a more strategic level.

In practical terms, the professional avoids any potential confrontation with regard to discussions about time. In theoretical terms, the professional does not fall into any traps, as time is discussed only as a constraint to recovery activities, not a target that has to be set without the proper ability to do so. And in financial terms, the organization will not waste money preparing to hit targets of time that are arbitrary at best and misleading at worst.

Download your free copy of 'Our deep misunderstanding of time in preparedness planning' to understand more about the concept of time as a constraint rather than a concept when managing your business continuity management programme.

Fully 86 percent of small to medium enterprises (SMEs) have less than 10 percent of their total IT budget allocated to cyber security and 75 percent have between zero and two IT security staff members, according to the results of a recent EiQ Networks survey of more than 150 SME IT security professionals.

"One of the most striking results is how little SMEs are spending on cyber security as compared to the overall IT budget -- despite the very high risks they face daily from ransomware, phishing, and zero-day attacks, to name just a few," EiQ Networks founder and CEO Vijay Basani said in a statement.

"Without the IT security resources and expertise necessary to continually monitor, detect, and respond to security incidents, SMEs are simply exposing themselves to loss of revenue, brand equity, IP, and customer data on a daily basis," Basani added.



By Louis Imershein, VP Products and Wayne Salpietro, Director of Marketing

Permabit Technology Corp

The cloud continues to dominate IT as businesses make their infrastructure decisions based on cost and agility. Public cloud, where shared infrastructure is paid for and utilized only when needed, is the most popular model today. However, more and more organizations are addressing security concerns by creating their own private clouds. As businesses deploy private cloud infrastructure, they are adopting techniques used in the public cloud to control costs. Gone are the traditional arrays and network switches of the past, replaced with software-defined data centers running on industry standard servers.

Efficiency features make the cloud model more effective by reducing costs and increasing data transfer speeds. One such feature, which is particularly effective in cloud environments is inline data reduction. This is a technology that can be used to lower the costs of data in flight and at rest. In fact, data reduction delivers unique benefits to each of the cloud deployment models.

Public Clouds

The public cloud’s raison d’etre is its ability to deliver IT business agility, deployment flexibility and elasticity. As a result, new workloads are increasingly deployed in public clouds.  Worldwide public IT cloud service revenue in 2018 is predicted to be $127B.  

Data reduction technology minimizes public cloud costs. For example, deduplication and compression typically cut capacity requirements of block storage in enterprise public cloud deployments by up to 6:1.  These savings are realized in reduced storage consumption and operating costs in public cloud deployments.   

Consider AWS costs employing data reduction;

If you provision a 300 TB of EBS General Purpose SSD (gp2) storage for 12 hours per day over a 30 day month in a region that charges $0.10 per GB-month, you would be charged $15,000 for the storage.

With data reduction, that monthly cost of $15,000 would be reduced to $2,500.  Over a 12 month period you will save $150,000.   Capacity planning is a simpler problem when it is 1/6th its former size.  Bottom line, data reduction increases agility and reduces costs of public clouds.

One data reduction application that can readily be applied in public cloud is Permabit’s Virtual Disk Optimizer (VDO) which is a pre-packaged software solution that installs and deploys in minutes on Red Hat Enterprise Linux and Ubuntu LTS Linux distributions. To deploy VDO in Amazon AWS, the administrator provisions Elastic Block Storage (EBS) volumes, installs the VDO package into their VMs and applies VDO to the block devices represented for their EBS volumes.  Since VDO is implemented in the Linux device mapper, it is transparent to the applications installed above it.

As data is written out to block storage volumes, VDO applies three reduction techniques:

  1. Zero-block elimination uses pattern matching techniques to eliminate 4 KB zero blocks

  2. Inline Deduplication eliminates 4 KB duplicate blocks

  3. HIOPS Compression™ compresses remaining blocks 


This approach results in remarkable 6:1 data reduction rates across a wide range of data sets. 

Private Cloud

Organizations see similar benefits when they deploy data reduction in their private cloud environments. Private cloud deployments are selected over public because they offer the increased flexibility of the public cloud model but keep privacy and security under their own control. IDC predicts in 2017 $17.2B in infrastructure spending for private cloud, including on-premises and hosted private clouds.

One problem that data reduction addresses for the private cloud is that, when implementing private cloud, organizations can get hit with the double whammy of hardware infrastructure costs plus annual software licensing costs. For example, Software Defined Storage (SDS) solutions are typically licensed by capacity and their costs are directly proportional to hardware infrastructure storage expenses. Data reduction decreases storage costs because it reduces storage capacity consumption. For example, deduplication and compression typically cut capacity requirements of block storage in enterprise deployments by up to 6:1 or approximately 85%.

Consider a private cloud configuration with a 1 PB deployment of storage infrastructure and SDS. Assuming a current hardware cost of $500 per TB for commodity server-based storage infrastructure with datacenter-class SSDs and a cost of $56,000 per 512 TB for the SDS component, users would pay $612,000 in the first year. In addition, software subscriptions are annual, over three years you will spend $836,000 for 1 PB of storage and over five years, $1,060,000.

The same configuration with 6:1 data reduction in comparison over five years will cost $176,667 for hardware and software resulting in $883,333 in savings. And that’s not including the additional substantial savings in power cooling and space. As businesses develop private cloud deployments, they must be sure it has data reduction capabilities because the cost savings are compelling.

When implementing private cloud on Linux, the easiest way to include data reduction is with Permabit Virtual Data Optimizer (VDO). VDO operates in the Linux kernel as one of many core data management services and is a device mapper target driver transparent to persistent and ephemeral storage services whether the storage layers above are providing object, block, compute, or file based access.

VDO - Seamless and Transparent Data Reduction


The same transparency applies to the applications running above the storage service level. Customers using VDO today realize savings up to 6:1 across a wide range of use cases.

Some workflows that benefit heavily from data reduction are;

  • Logging: messaging, events, system and application logs

  • Monitoring: alerting, and tracing systems

  • Database: databases with textual content, NOSQL approaches such as MongoDB and Hadoop

  • User Data: home directories, development build environments

  • Virtualization and containers: virtual server, VDI, and container system image storage

  • Live system backups: used for rapid disaster recovery

With data reduction, cumulative cost savings can be achieved across a wide range of use cases which makes data reduction so attractive for private cloud deployments.

Reducing Hybrid Cloud's Highly Redundant Data

Storage is at the foundation of cloud services and almost universally data in the cloud must be replicated for data safety. Hybrid cloud architectures that combine on-premise resources (private cloud) with colocation, private and multiple public clouds result in highly redundant data environments. IDC’s FutureScape report finds “Over 80% of enterprise IT organizations will commit to hybrid cloud architectures, encompassing multiple public cloud services, as well as private clouds by the end of 2017.” (IDC 259840)

Depending on a single cloud storage provider for storage services can risk SLA targets. Consider the widespread AWS S3 storage errors that occurred on February 28th 2017, where data was not available to clients for several hours. Because of loss of data access businesses may have lost millions of dollars of revenue. As a result today more enterprises are pursuing a “Cloud of Clouds” approach where data is redundantly distributed across multiple clouds for data safety and accessibility. But unfortunately, because of the data redundancy, this approach increases storage capacity consumption and cost.

That’s where data reduction comes in. In hybrid cloud deployments where data is replicated to the participating clouds, data reduction multiplies capacity and cost savings. If 3 copies of the data are kept in 3 different clouds, 3 times as much is saved. Take the private cloud example above where data reduction drove down the costs of a 1 PB deployment to $176,667, resulting in $883,333 in savings over five years. If that PB is replicated in 3 different clouds, the savings would be multiplied by 3 for a total savings of $2,649,999.

Permabit’s Virtual Data Optimizer (VDO) provides the perfect solution to address the multi-site storage capacity and bandwidth challenges faced in hybrid cloud environments. Its advanced data reduction capabilities have the same impact on bandwidth consumption as they do on storage and translates to a 6X reduction in network bandwidth consumption and associated cost.  Because VDO operates at the device level, it can sit above block-level replication products to optimize data before data is written out and replicated.


IT professionals are finding that the future of IT infrastructure lies in the cloud. Data reduction technologies enable clouds - public, private and hybrid to deliver on their promise of safety, agility and elasticity at the lowest possible cost making cloud the deployment model of choice for IT infrastructure going forward."

Global Economic losses from disaster events almost doubled in 2016 to $175 billion from $94 billion in 2015, according to the most recent Sigma Study from the Swiss Re Institute.

Insured losses also rose steeply to $54 billion in 2016 from $38 billion in 2015, the study found. This led to a “protection gap,” as the company calls it, of some $121 billion, the difference between economic and insured losses, a figure highly indicative of the opportunity for greater insurance penetration, according to Swiss Re. “The shortfall in insurance relative to total economic losses from all disaster events…indicates the large opportunity for insurance to help strengthen worldwide resilience against disaster events,” said the report. The gap was $56 billion in 2015.

Total economic and insured losses in 2015 and 2016:



Gemalto yesterday released the findings of its Breach Level Index for 2016, which states that 1,792 data breaches worldwide led to the compromise of almost 1.4 billion data records last year, an increase of 86 percent over the previous year.

Identity theft was the leading type of data breach in 2016, accounting for 59 percent of all data breaches.

The second most common type of breach was account access based breaches, accounting for 54 percent of all breached records, a surge of 336 percent over 2015.



Wednesday, 29 March 2017 13:56

1.4 Billion Data Records Exposed in 2016

Page 2 of 2