Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 30, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (691)

AlertMedia, the fastest-growing emergency notification system provider in the world, is pleased to announce that it has been named one of the Best Places to Work in the 2017 Small Business category by the Austin Business Journal.

The honorary award recognizes companies in four categories according to size. The awards are based on confidential feedback from employees and measure the following dimensions: communication and resources, individual needs, manager effectiveness, personal engagement, team dynamics, and trust in leadership. AlertMedia was ranked the 5th best workplace within its category.

...

https://www.alertmedia.com/alertmedia-named-one-of-2017s-best-places-to-work-by-austin-business-journal/

For twelve years, Avalution has been laser focused on business continuity.  We’ve become the leading provider of business continuity software and consulting in the US.  We work with 10% of the Fortune 100, including the largest organization in 7 different industries.

We’ve become well known for delivering business continuity services that are connected to the strategy of the business, pragmatic, and reliably delivered.

Today, we are expanding into Information Security Management. 

...

http://perspectives.avalution.com/2017/introducing-our-information-security-practice/

A Primer on the New Global Privacy Law

For most organizations, the next year will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations. The GDPR has the potential to serve as a healthy, scalable, exportable regime that could become an international benchmark, but because of the effort required to report data breaches, it is absolutely essential that organizations prepare in advance.

The General Data Protection Regulation (GDPR) officially goes into effect in May of 2018 and will have an international reach, affecting any organization that handles the personal data of European Union (EU) residents, regardless of where it is processed. The GDPR adds another layer of complexity – not to mention potential cost and associated resources – to the issue of critical information asset management that so many organizations are struggling to come to terms with.

At the Information Security Forum (ISF), we consider this to be the biggest shake-up of global privacy law in decades, as it redefines the scope of EU data protection legislation, forcing organizations worldwide to comply with its requirements. This most certainly includes U.S.-based organizations. The GDPR aims to establish the same data protection levels for all EU residents and will have a solid focus on how organizations handle personal data. Businesses face several challenges in preparing for the reform, including an absence of awareness among major inner stakeholders. The benefits of the GDPR will create several compliance requirements, from which few organizations will completely escape.

However, organizations will benefit from the uniformity introduced by the reform and will evade having to circumnavigate the current array of often-contradictory national data protection laws. There will also be worldwide benefits as countries in other regions are dedicating more attention to the defense of mission-critical assets. The GDPR has the potential to serve as a healthy, scalable and exportable regime that could become an international benchmark.

...

http://www.corporatecomplianceinsights.com/gdpr-means-organization/

Thursday, 27 July 2017 14:29

What the GDPR Means for Your Organization

In the last ten years, the workplace has transitioned from stationary to mobile. As technology has advanced it’s changed the way we work, where we work, and when we work. In fact, this report by Global Workplace Analytics discovered that employees are not at their desks as much as 50-60% of the time. Many employees change locations multiple times a day, and others frequently travel or do offsite work. With the rise of staff on the go, there is an increase in external risks in addition to those that occur in the office. So how do you keep your people safe? You need a system that can adapt to people’s changing location and the changing landscape around us.

Having access to your employees’ location data can improve your ability to respond to disaster in many ways.  Location improves your emergency plan by allowing the message to get to the right people in the affected area. A robust emergency notification system should quickly find the appropriate audience based on location, only reach the people who need the message, have geofencing capabilities, and give you extended map functionalities to see the proximity of emergencies to your users and notify them of the situation immediately.

...

https://www.alertmedia.com/4-ways-location-improves-your-emergency-communication-plan/

The Business Continuity Institute

The electric grid is one of the most critical infrastructure systems for modern life, but it is also one of the most vulnerable, yet recent graduates of the Johns Hopkins University School of Advanced International Studies (SAIS) supported by Swiss Re have released a study that examines how extreme weather and other natural disasters are evolving in the Pacific Northwest, and the implications for electric infrastructure and potential economic disruption.

Lights Out: The Risks of Climate and Natural Disaster Related Disruption to the Electric Grid,” finds that climate change, expanding populations, and insufficiently diversified energy sources make the future of energy more unpredictable. The US insurance industry has already identified a $20–$55 billion annual financial loss from power outages caused by flooding, hurricanes, and extreme temperatures.

The group focused on the Pacific Northwest as an illustrative case study in climate and natural disaster related electric grid disruption. The region is prone to high-frequency, low-intensity natural disasters such as droughts and flooding, as well as being at risk of catastrophes like the Cascadian Subduction Zone (CSZ) event - an earthquake-tsunami combination that is expected to devastate the coastline from northern California to southern British Columbia. As climate change alters the seasonality of water runoffs in the Pacific Northwest, electricity generation, as well as the operation and maintenance of hydroelectric dams, face additional challenges.

“The cost of disasters has increased fourfold over the last 30 years. The total loss of $55 billion a year from unplanned electric outages in the US is more than the US government spends on all federal highways,” said Alex Kaplan, Senior Vice President of Global Partnership at Swiss Re. “We have to think not only about the physical destruction of these assets and the cost to replace them, but also the impact of the extreme weather and how it destroys economic productivity over the longer period of time.”

Adverse weather, one type of event that can lead to the disruptions outlined within this report, is the fifth greatest concern for business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report, with more than half (51%) of respondents to a global survey expressing concern about the potential of a disruption caused by such an event. Earthquakes and tsunamis were much further down in 18th place, with 25% expressing concern, although these types of event are much more region specific.

“Natural disasters and climate-related, severe weather events pose real risks to vulnerable communities and are currently costing billions in damages globally,” said Celeste Connors, a former White House official on climate change and Johns Hopkins SAIS faculty advisor. “Local governments are taking the lead in reducing this risk by investing forward in resilient infrastructure systems. New and innovative financing mechanisms and partnerships can play a key role in helping governments manage their risk.”

The Business Continuity Institute

Ransomware has soared since 2012, with criminals lured by the promise of profit and ease of implementation. The threat continues to evolve, becoming stealthier and more destructive, increasingly targeting organizations more than individuals because the potential returns are much higher.

The indiscriminate WannaCry attack in May affected more than a quarter of a million computers across 150 countries in its first few days, crippling critical infrastructure and organizations. Some organizations are still struggling to recover from NotPetya attacks in June.

The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4% compared to the previous 12 months, from 2,315,931 to 2,581,026 users around the world.

To help combat the threat, the No More Ransom initiative was launched a year ago by the Dutch National PoliceEuropolMcAfee and Kaspersky Lab. Today there are more than 100 partners, as major ransomware attacks continue to dominate the news, hitting organizations, governments and individuals all over the world. The site now carries 54 decryption tools, provided by nine partners and covering 104 types (families) of ransomware. So far, these tools have managed to decrypt more than 28,000 devices, depriving cyber criminals of an estimated €8 million in ransoms.

The success of the No More Ransom initiative is a shared success, one that cannot be achieved by law enforcement or private industry alone. By joining forces, it has enhanced the ability to take on the criminals and stop them from harming people, organizations and critical infrastructure, once and for all.

Law enforcement globally, in close cooperation with private partners, has ongoing investigations into ransomware criminals and infrastructure. However, prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place.

With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.

And How an Automated Solution Can Help You Overcome Them

In 2017, it’s time for many organizations to stop viewing risk management in silos and begin implementing a comprehensive enterprise risk management (ERM) program. Adoption is slow, however, due to some common challenges, especially when it comes to finding a consistent method of defining, assessing and reporting risk. A good automated ERM solution can help lessen the burden.

With 2017 in full swing, companies are finally beginning to abandon the historical practice of approaching risk management in silos.  Many are beginning the migration to a more integrated and consolidated enterprise-wide approach. The justification for this movement is clear: each area of risk management generates information that supplies insight to the other areas, and they have a collective impact on the technology, processes and people of an organization. Tackled individually, the requirements become unmanageable. But when carried out on a common platform, a company gains valuable perspective — the viewpoints of the board of directors and executive management become one and the same.

Despite the inefficiency of the siloed approach, many organizations have been slow to adopt a comprehensive enterprise risk management (ERM) program because of the challenges they face in doing so.  When enterprise risk management is carried out manually or even with software that isn’t efficient, the current workload consumes vast resources and time and energy.  Often, because of this, a transition to an automated system is resisted by management because it is viewed as being more difficult than simply keeping up with the current workload. Companies must change how they view the potential of their ERM and GRC systems.

Here are three of the most common challenges for chief risk officers and ERM teams, along with explanations for how an automated software solution can help your team overcome them:

...

http://www.corporatecomplianceinsights.com/3-common-challenges-erm/

Wednesday, 26 July 2017 14:16

The 3 Common Challenges of ERM

LITTLE ROCK, Ark. – The U.S. Small Business Administration is the largest source of federal recovery funds for disaster survivors and businesses, including those affected in the severe storms, tornadoes, straight-line winds and flooding between April 26 and May 19.

Low-interest disaster loans up to $200,000 are available to homeowners to repair or replace damaged or destroyed real estate. Homeowners and renters are eligible for up to $40,000 to repair or replace damaged or destroyed personal property.

Businesses of all sizes and private nonprofit organizations may borrow up to $2 million to repair or replace damaged or destroyed real estate, machinery and equipment, inventory and other business assets. SBA can also lend additional funds to businesses and homeowners to help with the cost of improvements to protect, prevent or minimize the same type of disaster damage from occurring in the future.

For small businesses, small agricultural cooperatives, small businesses engaged in aquaculture and most private nonprofit organizations of any size, SBA offers Economic Injury Disaster Loans to help meet working capital needs caused by the disaster. Economic injury assistance is available to businesses regardless of any property damage.

Interest rates on SBA loans can be as low as 3.215 percent for businesses, 2.5 percent for private nonprofit organizations and 1.938 percent for homeowners and renters, with terms up to 30 years. Loan amounts and terms are set by SBA and are based on each applicant’s financial condition.

To be considered for all forms of disaster assistance, survivors must first contact FEMA and register for disaster assistance. To register:

  • Call the FEMA Helpline at 800-621-3362. Multilingual operators are available. Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call
    800-462-7585. If you use 711 or VRS (Video Relay Service) or require accommodations while visiting a center, call 800-621-3362. The toll-free numbers are open daily from
    7 a.m. to 10 p.m.
  • Go online to DisasterAssistance.gov (also in Spanish);
  • Download the FEMA mobile app (available in Spanish) at Google Play or the Apple App Store.

There are three ways to apply to SBA after you register with FEMA:

  • Call SBA at 800-659-2955. Individuals who are deaf or hard of hearing may call
    800 877-8339.
  • Apply online using the Electronic Loan Application via SBA’s secure website at: https://disasterloan.sba.gov/ela.
  • Apply by mail: Complete a paper application and mail it to SBA at
    14925 Kingsport Road, Ft. Worth TX 76155-2243.

Until Friday at 6 p.m., FEMA and SBA are providing one-on-one assistance to disaster loan applicants at State/FEMA Disaster Recovery Centers established in Conway (McGee Center), Faulkner County; Pocahontas (site of OLD Randolph County Nursing Center), Randolph County; and Fayetteville (Executive Airport), Washington County.

The Internal Revenue Service announced on its website certain tax relief provisions resulting from the disaster declaration, including extensions of filing deadlines for estimated tax payments. Those in the disaster area are automatically granted tax relief, but individuals and businesses not in the disaster designated counties impacted in the storm may call the IRS disaster hotline at
866-562-5227 to request relief, according to the agency’s website.

For updates on the Arkansas response and recovery, follow the Arkansas Department of Emergency Management (@AR_Emergencies) on Twitter and Facebook and adem.arkansas.gov. Additional information is available at fema.gov/disaster/4318.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Before taking on any new process automation or software, it’s important to consider the third party risk associated with the new approach.

Current market pressures and constrained resources, especially people resources, combined with the need for decreased processing and response times demand that organizations look to automation for improved efficiency. But, organizations need to take into consideration the business needs and risks associated with increased automation. The following four areas are a good place to start the analysis and assessment of process automation at your organization.

...

https://www.mha-it.com/2017/07/third-party-risk/

Wednesday, 26 July 2017 14:12

Balancing Automation with Third Party Risk

For the fourth time, Strategic BCP ResilienceONE® has been named a Leader in the 2017 Gartner Magic Quadrant for Business Continuity Management Program (BCMP) Solutions, Worldwide.  This position on the report is based on our completeness of vision and ability to execute.

In their report, Gartner states: “The BCMP market is one in which most vendors offer solutions that meet the needs of their respective customers and target markets. However, how they meet customer needs is based on the solution’s application architecture, which translates to ease of configuration, navigation and reporting. The better BCMP solutions have prebuilt/configured BCM functionality out of the box, rather than building BCMP functionality with every customer implementation, which takes too much effort, time and money on the part of the customer and vendor.”1

CEO Frank Perlmutter said, “Named a leader by Gartner is distinguished honor but we believe achieving recognition in every year of this Magic Quadrant is a tribute to our software innovators and staff. We share this success with our customers. It is their day-to-day insights that allow us to continually improve ResilienceONE and offer out-of-the-box functionality and value unmatched in the industry.”

...

http://www.strategicbcp.com/blog/resilienceone-4x-leader-gartner-magic-quadrant-bcmp-software-solutions/

Page 1 of 4