Tuesday, May 27, 2014

Crisis Management!


To read the whole story: http://www.thespec.com/news-story/4540411-why-did-the-duck-cross-the-road-/

For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460

Thursday, May 8, 2014

Article: The Top Five Ways To Fail Business Continuity

by Ryan Hutton and Jacque Rupert

Experienced business continuity professionals often advocate a series of accepted practices to increase the effectiveness and quality of a business continuity program. Common activities include conducting a business impact analysis (BIA), documenting plans, exercising response and recovery capabilities, and training key personnel. However, despite the close attention paid to the details of methodologies and best practices, business continuity professionals often find their programs are not as successful as they should be.

There are many factors that can contribute to a “less-than-perfect” business continuity program – or a program that truly fails to meet management expectations. Five of the most common reasons why business continuity planning initiatives fail, their consequences and what can be done to avoid them.

1. Failing to Understand the Organization
Too often, business continuity professionals attempt to enhance their program by hastily layering in tools and software applications. However, this often becomes a waste of resources because a key underlying issue is a failure to understand the organization and its key products and services.

2. Executing Methodology Instead of Managing a Program
There are a wide variety of business continuity methodologies and standards, all of which are designed to improve how organizations create and continually develop and improve their business continuity programs and practices. Although building a program based on best practices is a great starting point, without an overall strategic goal linking the activities together, it can quickly become a “check-the-box” exercise that does not provide the intended value – or result in an appropriate level of readiness.

3. Unnecessarily Using Business Continuity Jargon
As expected, business continuity jargon can be confusing to non-business continuity professionals. Jargon includes acronyms such as EOC, RTO, RPO, BIA and COOP, or common terms with different meanings such as emergency response or disaster recovery. Using these types of terms can create frustration and unnecessary barriers when trying to communicate with business and technology stakeholders.

4. Unrealistic Recovery Objectives
Many organizations request that each business unit or business process define their own recovery objectives during the analysis phase of a business continuity planning effort. However, managers often struggle to define the appropriate recovery time frame.

5. Failing to Create a Culture of Business Continuity
A business continuity program can have the best people, systems, analytic conclusions, strategies and plans, but that same program will fail if it does not have the support of the business or if the business fails to think about risk mitigation and recoverability when making day-to-day decisions.


About the Author
Ryan Hutton and Jacque Rupert are consultants with Avalution Consulting. They focus on business continuity, including program definition, risk assessment, BIAs, strategy, plan development, testing and training. They have extensive experience working with government, utilities, manufacturing and distribution. They are frequent authors, and can be reached at ryan.hutton@avalution.com and jacque.rupert@avalution.com, 


For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460.

Wednesday, May 7, 2014

Article: Business Continuity And Disaster Recovery: Big Tent Or Separate Umbrellas?

by Jim Mitchell

Perhaps I’m just a curmudgeon (a crusty, ill-tempered old man), but it irks me when someone uses the term “Business Continuity” exclusively to refer to IT planning.  Perhaps I’ve been in this industry too long.  I remember when IT planning was referred to as “Disaster Recovery”, and only business operations used the term “Business Continuity”.  Suddenly (or at least it seems sudden to me) IT specialists are throwing around the term Business Continuity as though they invented it – and as though everyone should understand what they mean.
Is Business Continuity an appropriate term for everything to do with recovery from, or response to a business disruption – to include both technology and operations?

For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460.

Tuesday, May 6, 2014

Article: Business Continuity Beyond Company Walls: When A Crisis Hits, Will Your Vendors’ Resiliency Match Your Own?

At a glance

Reliance on third parties is substantial and continues to gain momentum. Companies are increasingly migrating core and strategic functions to external providers with the objectives of improving efficiency, accelerating growth, and enabling operational transformation. This whitepaper highlights the journey to an integrated, responsive, and proactive business continuity management program that extends beyond your company's walls.

Do strategy execution discussions include the need to gain insight into your critical vendors’ resiliency and recovery capabilities? If not, are strategic goals at risk of being derailed by an unfortunate combination of unprepared vendors and insufficient internal resiliency and contingency planning?

To some degree, organizations with global supply and service chains and outsourced business processes live constantly in the cross hairs, with a near guarantee of major impacts from a natural or man-made disaster — if not today, then soon.

Read more at http://www.pwc.com/us/en/risk-assurance-services/publications/bcm-vendor-transparency-resiliency.jhtml


For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460.

Article: What Does It Mean To Be A Crisis Ready Organization?

by Andrew Griffin

There are six principles for ensuring that your organization is truly crisis ready.
Most of the work done in the name of crisis management is in fact crisis preparedness. “Are you ready to face the worst?” is a question that boards ask, regulators ask, governments ask and investors ask. They want to know that an organization and its senior management are in an advanced state of crisis preparedness. This article looks at how an organization can become ‘crisis ready’.

1. Preparing policy
Principle: Crisis management is a distinct component of an organization’s wider resilience framework.
Crisis management policy should explain how the organization thinks about and prepares for crises as a distinct component of a wider resilience framework.

2. Preparing leaders
Principle: Crisis management requires strong, effective leadership in both preparation and execution.
Crisis management requires creative decision-making, not blind rule following. Leadership therefore makes a huge difference to a crisis response, and leaders must be prepared to fulfil their role.

3. Preparing structure
Principle: Crisis management requires a clearly defined structure delineating powers between different teams.
Crisis management requires structure that empowers the right people and teams at the right levels to make, implement and communicate decisions.

4. Preparing procedures
Principle: Crisis management requires procedures that guide an organization’s crisis response.

The structure is the framework in which people and teams manage crises. Procedures are there to provide them with some rules and guidance.

Crisis procedures are not procedures in the sense familiar to those in business continuity or incident response. Crisis procedures – or a ‘crisis manual’ which I think is a more helpful term – should be a handful of pages long. It is not a step by step guide as to what to do next in any given situation, but is a set of rules within a working framework in which good decisions can be made, implemented and communicated.

5. Preparing people
Principle: Crisis management requires trained, skilled professionals to fulfil specific responsibilities.
Process is a necessary but not sufficient factor in good crisis preparedness. The rest is about people. Crisis management requires trained, skilled professionals to fulfil specific responsibilities. 

6. Preparing culture and relationships
Principle: Crisis management requires a culture that values reputation and the importance of external goodwill and relationships.
Companies that have a positive internal culture where reputation is genuinely understood and valued as a strategic asset will have a good backdrop for successful crisis management. It makes people want to exhibit the right behaviours, do their best, do the right thing and work hard for a company under pressure and scrutiny.
Culture is the internal context; goodwill and relationships provide the external context.

For the complete version of this article, you can go to this link to avail the book http://www.koganpage.com/editions/crisis-issues-and-reputation-management/9780749469924

For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460.

Article: Final Report, National Institute Of Standards And Technology (NIST) Technical Investigation Of The May 22, 2011, Tornado In Joplin, Missouri

Abstract by Erica D. Kuligowski; Franklin T. Lombardo; Long T. Phan; Marc L. Levitan

This is the final report of the National Institute of Standards and Technology (NIST) investigation of the May 22, 2011 tornado in Joplin, Missouri, conducted under the National Construction Safety Team Act. This report describes the wind field of the tornado and how the wind pressures and windborne debris damaged and destroyed thousands of buildings; the emergency communications before and during the tornado and how the public responded; the influence of tornado hazards and public response and building and designated shelter area performance on survival and injury; and areas of current building and emergency communications codes, standards and practices that warrant revision. Also described in this report is the means by which NIST reached its conclusions. NIST collected large numbers of documents, photographs, videos, and building plans; developed a computer model of the wind field of the tornado as it crossed the City of Joplin; analyzed the performance of a range of building types for life safety and functionality; interviewed many survivors of the tornado, developed an evidence‹based explanation for decisions made and actions taken by the public in response to the tornado; and analyzed the factors affecting life safety outcomes. The report outlines 47 findings related to the May 22, 2011, Joplin tornado and concludes with a list of 16 recommendations for action in areas of improved measurement and characterization of tornado hazards, new methods for tornado resistant design of buildings, enhanced guidance for community tornado sheltering, and improved and standardized emergency communications.


For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460.

News: Study Finds CISO Appointment, Business Continuity Shrinks Breach Costs

by Danielle Walker, Reporter
By appointing a CISO, breached organizations stand to fare better in their response efforts, lessening their costs by $10 per compromised record, an annual study found.
On Monday, the “2014 Cost of Data Breach Study: United States” was released, offering insight on management efforts which can improve incident response at companies. The ninth annual study, which was sponsored by IBM and conducted by the Ponemon Institute, polled 61 U.S. companies across 16 industries, after firms experienced “the loss or theft of protected personal data and then had to notify breach victims as required by various laws,” the report said.
The study found that the average number of breached records at organizations was around 29,000 records last year. Additionally, the cost of each lost or stolen record, on average, increased from $188 to $201 per record between 2012 and 2013.
The report also noted that the appointment of a CISO, and even the involvement of business continuity management (BCM) in the response process, noticeably shrunk the costs of breaches per record. For instance, having business continuity staff involved in remediation reduced costs by $13 per compromised record (as opposed $10 per record saved under CISOs), the report said.
For more information about Business Continuity, IT Disaster Recovery and Audit Training and Certification, visit www.sentryx.com or contact info@sentryx.com or call 1-800-869-8460.