|
|
 | The Intersection of Business Continuity and Data Breach Preparedness
August 13, 2010 by Brian Zawada |
The assertion that data breach prevention and preparedness is strictly an information technology security issue could not be further from the truth. Proper planning for, and response to, a data breach event requires a multi-faceted approach, with participation from diverse elements of the organization. Although an IT Security department may be an obvious choice to lead the development of data breach incident planning, business continuity professionals possess an array of preparedness approaches, processes, skills, information and relationships that could contribute to the development of appropriate levels of preparedness to respond to this type of crisis. Furthermore, as business continuity professionals continue to seek new areas in which they can add value, data breach is an excellent opportunity.
This article presents the business case as to why business continuity professionals need to learn about this unique threat and how they can add value to the planning effort. |
 | A Word from YOUR Business Continuity Sponsor...
July 28, 2010 by Brian Zawada |
Senior-level sponsors of business continuity programs have spoken.
And here's what they wish you'd do...
As Published in the July/August 2010 Issue of Continuity Insights Magazine |
 | Twitter: Business Continuity in 140 Characters or Less
May 26, 2010 by Christopher Burton |
What do CNN, Dalai Lama, FEMA, and Avalution all have in common? All embrace social media in the form of Twitter to interact with users and share breaking news. Displaying topics ranging from H1N1 and Haiti to the best local cup of coffee, Twitter has created a new baseline for effective and efficient communication. With the ease of use and scalability that social media provides, organizations are looking to understand how social media not only fits into their marketing and branding efforts, but also their business continuity capability. |
 | PS-Prep – Myth or Fact
March 16, 2010 by Brian Zawada |
Having attended a number of conferences recently – many of which were focused on topics other than business continuity and disaster recovery – I’ve found that the amount of discussion regarding PS-PREP has increased substantially over the past 2+ years. In addition, as more and more professionals and organizational disciplines are being made aware of PS-PREP-related developments, concern and skepticism increases. And, unfortunately, because of the unknowns that remain – as well as the raw emotion on display by those adamantly opposed to this effort – few people walk away from presentations understanding what this effort is all about. The purpose of this article is to not only describe what PS-PREP is today and where we think it’s headed, but most importantly, to dispel (or possibly confirm) some of the rumors out there that may be getting in the way of organizations carefully evaluating the possible benefit that may result. |
 | Preparedness: Standard of Care Expectations May Be On The Rise
February 23, 2010 by Courtney Bowers |
There has been significant discussion regarding the ‘standard of care’ implications associated with a lawsuit against Pendleton Memorial Methodist Hospital (and their corporate parent, Universal Health Services of Pennsylvania), in which the family of Althea LaCoste, 73, “alleged that the hospital was negligent for having inadequate emergency power systems, evacuation plans and floodwater protection.”1 These allegations stemmed from the hospital’s generators failing during Hurricane Katrina, which ultimately led to the death of LaCoste (who had been admitted for congestive heart failure and was on a respirator).
So, as many have asked, why is the hospital being held accountable in what seems to be a catastrophic natural disaster in which they did not have control? |
 | Service Spotlight: Benchmarking to Support Informed Decision-Making
February 10, 2010 by The Avalution Team |
A number of organizations have halted or significantly curtailed their investments in preparedness measures over the past two years, which includes staffing and solutions investments. As the economy recovers and organizations rediscover their obligations specific to business continuity, how can those personnel with responsibility for business continuity build a business case for investment or reinvestment – time and funding? |
 | Trend Analysis: Juggling Information Security, Business Continuity and Overall Preparedness
February 09, 2010 by Christopher Burton |
Today’s business vocabulary is filled with buzzwords such as “information security”, “business resiliency”, “business continuity” and “disaster recovery”. Most professionals would agree that these concepts are all critical to the long-term success of the modern organization, but who should assume the responsibility of managing it all – or should a single role manage it all? One current trend amongst organizations of all sizes and industries is to combine information security and business continuity in an effort to safeguard against any type of business interruption. This perspective will provide you with insight into business continuity management and the current trends associated with combining business continuity with other disciplines, including information security. |
 | NFPA 1600 2010 Edition: What You Need to Know
January 28, 2010 by Jacque Rupert |
NFPA 1600 is a “Disaster / Emergency Management and Business Continuity” standard published by the National Fire Protection Association that was originally released in 1995. In January 2010, NFPA announced the release of its triennial edition of the NFPA 1600 standard. The 2010 edition has changed significantly – organizationally and in its content.
This article summarizes the major improvements in the 2010 edition of NFPA 1600, in order to assist organizations in determining how the changes will help them achieve a more comprehensive, better-performing business continuity program. |
 | Data Breaches: A Sidewalk Sale of Consumer and Personal Information
December 08, 2009 by Christopher Burton |
Data breach is a growing risk for organizations of all sizes and from all industries. The number of reported data breaches in recent years has skyrocketed, and their cost can be devastating to an organization’s reputation and finances. In addition, effectively responding to a data breach is far more complicated than simply sending a mass mailing to affected customers notifying them of the occurrence. Given the potential impact of a data breach on an organization, cross-functional awareness and preparedness are a necessary addition to an organization’s business continuity program. Continue reading to learn what a data breach is and why your organization needs to be prepared for one. |
 | Why is DRI Speaking Out Against Organizational Certification?
November 02, 2009 by Robert Giffin |
Over the last few months, DRI has spent a lot of time spreading a message of caution with regard to organizational certification. Their article on this topic was published in the last issue of DRJ (Are You Really Prepared? Who Says So?), it was the topic of a recent webinar (October 29th), and has also been the message delivered by their executive director in several small group meetings.
What’s interesting about this PR blitz is that the only business continuity standard currently available for organizational certification in the US is British Standard (BS) 25999. The federal government is developing a voluntary certification program (as mandated in law PS 110-53), but that won’t be available for some time. As a result, DRI’s motivation to encourage the status quo is unclear. |
 | What Business Continuity Planners Need To Know About Virtualization
September 22, 2009 by Robert Giffin and Stacy Gardner |
All business continuity professionals should be aware of an important new technology that is quickly changing the way many IT organizations operate. Virtualization has become increasingly popular in recent years, enabling IT organizations to reduce costs and recovery times. Avalution takes a closer look at this technology and how it can help disaster recovery. |
 | Preparation & Planning: The US Government’s Advisory on H1N1
September 17, 2009 by Christopher Burton |
With a potential wide-spread outbreak of H1N1 looming, the US Government released two resources last month to provide preparation assistance: the Report to the President on the US Preparations for 2009-H1N1 Influenza and Flu.gov’s Guidance for Businesses and Employers to Plan and Respond to the 2009/2010 Influenza Season.
The Report, provided by the President’s Council of Advisors on Science and Technology, assessed the Obama Administration’s preparations for this fall’s expected resurgence of 2009-H1N1 flu and outlined key steps officials should take in the coming weeks and months to minimize the disease’s impact.
|
 | More than Eighty Percent of Businesses are Unprepared for H1N1 Outbreak
September 15, 2009 by Christopher Burton |
The following article summarizes a recent national survey of American businesses conducted by Harvard University that was published on September 9, 2009. The complete survey can be found on the Harvard School of Public Health’s website via a link at the end of this article. |
 | Business Continuity Not Worth the Bill? You May Want to Reconsider Before It’s Too Late
August 31, 2009 by Andy Debes |
It is often difficult to explain the intricacies associated with business continuity planning to someone who has little experience or knowledge about the topic. The basic concept of business continuity can sound so simple, and in many ways it is, but the real challenges are (1) convincing them why they should care about business continuity and (2) explaining the real value of spending the time and money necessary to develop a sound program. Without being able to convey these messages, business continuity can become an area where organizations choose an easy (and cheap) approach. |
 | Get Involved in National Preparedness Month
August 19, 2009 by Susan Giffin | This September, the U.S. Department of Homeland Security (DHS) will sponsor the fourth annual National Preparedness Month (NPM). During the month of September, DHS works to encourage Americans to prepare to be “Ready” for emergencies in their homes, businesses and communities. DHS will have assistance from the public and private sector organizations who pledge their support by registering as a NPM Coalition Member. |
 | Business Continuity & The Internal Auditor
August 17, 2009 by Susan Giffin |
On Wednesday August 26th, Avalution held a one-hour webinar for internal audit professionals to discuss their role in a business continuity program and how to serve successfully in this capability.
During the webinar, our team introduced internal audit professionals to accepted business continuity practices, as well as emerging (and successful) trends that are occurring in today’s business environment. We also discussed common criticisms that can interfere with internal audit’s... |
 | Preparing for H1N1
June 19, 2009 by Brian Zawada |
This spring introduced another threat with global business continuity implications. The swine flu, or more appropriately 2009 H1N1, caused alarm among the population as this novel influenza A strain appeared for the first time, originating in rural Mexico. At the time of this writing, the 2009 H1N1 virus continues to spread worldwide, affecting seventy countries with over twenty-one thousand confirmed and probable cases in the United States as logged by the CDC. Thus far, 2009 H1N1 has a relatively low mortality rate, with symptoms resembling seasonal flu. On June 11, 2009 The World Health Organization (WHO raised its alert level to a Phase VI, indicating “increased and sustained transmission in general population”. As a result, the 2009 H1N1 is now classified as a pandemic. |
 | WHO Declares Pandemic Phase 6 – Don’t Panic, but DO PREPARE!
June 11, 2009 by Brian Zawada | The World Health Organization (WHO) raised its pandemic alert level to Phase 6, the highest alert level.
This designation means a global pandemic is under way. As of June 11th, almost 30,000 cases have been confirmed globally in 74 countries. However, on a positive note, there have not been any significant mutations in the virus thus far, and the virus has proven to be relatively stable.
What does this mean for your organization? Read this article to find out more about how your organization can best prepare and respond. |
 | Human Resource Policy Considerations During a Pandemic
May 27, 2009 by Ryan Hutton |
Since the April 2009 H1N1 outbreak, business continuity professionals around the world began the process of reevaluating their pandemic preparedness strategies. A commonly-identified preparedness activity is the evaluation of Human Resources policies. In the past, some organizations amended their policies to enable appropriate responses, others drafted amended policies but held them in reserve until a time when they may be necessary. Still others did nothing, hoping for the time to make amendments if needed. However, with the rapid spread of the April 2009 H1N1 outbreak and its origination in North America, those organizations that chose to wait because they made an assumption that they would have time were greatly impacted. |
 | Are Your Personnel “Competent” in Performing Their Business Continuity Responsibilities?
May 11, 2009 by Susan Giffin |
New and emerging business continuity standards highlight that personnel should be “competent” in performing their business continuity responsibilities. This may seem like an obvious statement but it can be an area in which organizations often forget to focus. Business continuity practitioners and their sponsors that read BS 25999-2 (which summarizes this requirement in Sections 4.2.5 and 4.3.1) often ask two questions specific to the concept of competency:
-
What exactly does “competent” mean?
-
Who does this requirement apply to in our organization? |
 | The Dangers Associated With A Template
April 01, 2009 by Brian Zawada |
Key Takeaway – Use a template to enable decentralized planning since it provides structure and consistency, as well as an outline of key concepts to address. However, establish the template as the minimum and pair the template with training to explain how the plan would be used during a disruptive event, and to enable the development of quality, detailed content.
|
 | BS 25999 Certification: 4 Myths and a Truth
March 23, 2009 by Robert Giffin |
Over the last year and a half we have met a number of organizations that thought they were prepared for BS 25999 certification, only to find key issues when BSI’s auditors arrived. As a result, we have compiled the following four myths and an important truth regarding BS 25999 certification. |
 | Managing Expanding Supply Chain Risks
March 02, 2009 by Glen Bricker |
As has been confirmed by the events of the last year, risks to an organization can come from any number of often unpredictable sources, and can result in an impact far more serious and long-lasting than anyone would have imagined. Relationships that up to now have been assumed to be secure, from banking relationships to the stability of a country’s financial system, have been called into question. |
 | How to Stay Relevant in Tough Economic Times
February 12, 2009 by Brian Zawada |
As Published in the 2009 January/February Issue of Continuity Insights Magazine
This issue’s column captures the results of a number of interviews, as well as recent experiences with executive committees charged with business continuity oversight, regarding how to justify time and resource spend on business continuity capability. Organizations that continued to address business continuity risk effectively did many of the following five activities. |
 | What Is A Management System?
January 28, 2009 by Brian Zawada |
Over the past eighteen months, many business continuity professionals learned of a new term – management system. First introduced to many of us in British Standard (BS) 25999 as a Business Continuity Management System (BCMS), the concept continues to gain traction in our profession through a number of draft organizational resilience-related standards authored by the International Standards Organization (ISO), as well as a new American standard whose development is currently being facilitated by ASIS International. |
 | Can The Right Software Get Me BS 25999 Certified?
January 19, 2009 by Susan Giffin |
With the growing popularity of BS 25999, many business continuity professionals are wondering how their planning software will support a certification effort. This is a reasonable question, because many organizations have developed their programs using the default processes built within their software. Thus, those default processes, if built correctly by the vender, should lead to easy certification. However, due to the nature of the standard, no software can deliver full, out of the box compliance in a way that ensures the business continuity program can be certified; no matter what the software vendor may advertise. |
 | How Enterprise Risk Management Can Improve Your Credit Rating
October 20, 2008 by Glen Bricker |
Recently, Standard & Poor’s announced that they will begin to evaluate Enterprise Risk Management (ERM) processes with non-financial companies in the third quarter of 2008. S&P also indicated that it will begin to consider ERM program maturity and capability in determining ratings as of the fourth quarter. |
 | Update on Title IX – Feedback Requested
October 06, 2008 by Brian Zawada |
Last week, Avalution Consulting co-sponsored the seventh plenary session of ANSI’s Homeland Security Standards Panel (HSSP). The seven-hour meeting offered attendees a number of valuable insights into how the public and private sectors would engage to implement Title IX of Public Law 110-53. Although a definitive path forward did not emerge, public and private sector participants shared ideas that will lead to an improved program implementation effort (most likely in 2009). |
 | Considering Certification?
September 13, 2008 by Brian Zawada |
Avalution continues to help a variety of organizations prepare for BS 25999 certification. Having successfully helped an organization achieve certification, as well as working with our clients during pre-assessments, our team is starting to see broad trends, including key success factors for certification as well as common roadblocks to certification. |
 | Business Continuity Myths & Facts
July 07, 2008 by The Avalution Team |
As we talk to our clients, prospective clients and others involved in the business continuity industry some consistent themes, questions, misconceptions and general commentary have emerged. In order to encourage discussion and continual improvement in the Business Continuity Management industry, Avalution has started a semi-regular column to answer - or at least spur further discussion on - key topics. |
 | FFIEC Updates the Business Continuity Standard for Banks
April 07, 2008 by The Avalution Team |
The newly-released 2008 FFIEC Business Continuity Planning booklet continues to incorporate new business continuity themes and trends. While the tables at the end of this perspective provide detailed comparisons between the 2003 and 2008 requirements, there are five broad areas of improvements the FFIEC focused on... |
 | FFIEC Expands Pandemic Planning Guidance for Financial Institutions
January 23, 2008 by Stacy Gardner |
For financial institutions waiting for more formal guidance from the Federal Financial Institution Examination Council (FFIEC) before planning for a pandemic, the time is here. The FFIEC, an interagency council that prescribes uniform standards for the United States financial industry, recently followed up the industry’s “Interagency Advisory on Influenza Pandemic Preparedness” and NCUA’s “Letter to Credit Union 06-CU-06 - Influenza Pandemic Preparedness” with new guidance. |
 | Pandemic Webinar Q&A
October 30, 2007 by The Avalution Team |
Avalution Consulting co-owners Brian Zawada and Robert Giffin recently presented a webinar, sponsored by Continuity Insights, titled "Practical Pandemic Planning For Businesses".
Many questions were submitted by the 200 participants, but due to time restraints, there was not enough time to answer them all, so the questions and our answers are listed below. |
 | Influencing Cause AND Effect
October 08, 2007 by Brian Zawada |
I was recently involved in a conversation with a group of business executives that embarked on a process to develop a business continuity program. During the initial business continuity steering committee, one executive added some thoughts regarding recent “regional” events, such as 9/11, Hurricane Katrina and the 2003 Northeast Blackout. “We couldn’t have seen any of those events coming, no one could. Although we didn’t have plans at the time, how could any business continuity plan have helped? We would have had to improvise regardless.” |
 | Introducing BS25999
September 07, 2007 by Lucine Ghazarian | British Standard 25999 is a business continuity standard that was developed by a committee of practitioners chosen by the British Standard Institute (BSI). The standard provides basic guidance and recommendations for a wide range of organizations in need of a business continuity management system (BCMS). Although 25999 is not yet certifiable, it is becoming more and more widespread, competing as a leader amongst business continuity standards due to its easy to follow framework and actionable recommendations. |
|
|
|