Avalution Opens European Headquarters in Dublin, Ireland

Avalution EuropeFor over 12 years, Avalution has been laser focused on business continuity and recently expanded into information security due to trends toward integrated risk management. Until recently, Avalution delivered consulting services and supported our Catalyst SaaS solution with resources based solely in the United States. We’ve become the leading provider of business continuity software and consulting in the US – working with 13% of the Fortune 100, including the largest American organizations in seven different industries.

We’ve become well-known for delivering business continuity and information security services that are connected to the strategy of the business, pragmatic, and reliably delivered.

In August, we expanded into the European Union by opening a new office located in Dublin, Ireland. Continue reading

My Business Continuity Predictions for 2017 and Beyond

Business Continuity in 2017 and BeyondWith 2017 well underway, I wanted to take the time to reflect on 2016 and also look ahead to predict the way in which our business continuity profession will continue to mature in 2017 and beyond.

In many ways, this “top five” list is aspirational – that being my hopes for our profession as we solve some entrenched challenges and work to add more value to the organizations we serve. Continue reading

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity Professionals?

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity ProfessionalsAs published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.

One of the latest threats to organizations is something termed “ransomware”.  Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money.  You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar.  If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more.  And, after you do, I have a question for you to consider:

If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?

This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading

I’ve Been Assigned Executive Responsibility for Business Continuity – Now What?

15 Key Questions Executives Should Ask to Better Understand the Program’s Current-State and Next Steps

So, you’ve just been assigned responsibility of your organization’s business continuity program.

I’m sure many thoughts are running through your head right now, ranging from “What is business continuity?” to “What do I need to do first?” (among others). However, you’re in the right place to find answers to these questions, and many more. Continue reading

The Simplest Business Continuity Plan Assessment Approach Ever

Although plan documentation isn’t the only business continuity planning outcome, and absolutely should not be the sole focus during a program assessment, it’s certainly an important one.  Plans are one of the first things customers and auditors ask to review because these documents should summarize the response and recovery approach used by the business following the onset of a disruptive incident, as well as a summary of the resources needed to deliver products and services.  If asked to evaluate a plan, what’s the best approach, and what elements and content should you expect to see?  The purpose of this perspective is to outline a simple, straightforward plan assessment approach. Continue reading

How to Establish an Early Warning System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.

Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading

Does Your Business Continuity Management System Have “Issues”?

Part of Avalution’s Conforming to ISO 22301 Series

ISO 22301 is the first standard to employ the new ISO format for management systems standards, which involves a considerable amount of “templatized” management system content across ten clauses.  Because this format, language, and many of the requirements are new to most business continuity professionals, it’s important to review and consider the intent associated with some of the content and concepts. Continue reading

ISO 22301’s Relationship to BS 25999-2 and Other Standards

Similar to other management systems standards, ISO 22301 is based on the ‘Plan-Do-Check-Act’ model that seeks to improve – in a continual manner – the effectiveness of the organization’s performance through proficient planning, implementation, supervision, review and maintenance.

As such, it is only proper that we discuss the relationship of ISO 22301 with other management systems standards.  The following summary offers a high-level comparison between ISO 22301 and another widely-adopted management systems standard, British Standard (BS) 25999-2 (2007).  Continue reading

Organizational Resilience: What it could, or should, mean in the standards landscape

As Posted in the Digital Edition of Continuity Insights Magazine

Admittedly, I wrote this article to better get my mind around the swirling debate regarding the concept of organizational resilience and what it means – or better yet, what it should mean – to business continuity, risk management and security professionals.  I am a member of the US Technical Advisory Group to ISO Technical Committee (TC) 223, which is charged with developing the ISO 22323 standard (Societal Security — Management system for resilience in organizations — requirements and guidance for use). Continue reading

What Does Effective Business Continuity Management Look Like?

I recently read a column in the Disaster Recovery Journal where the editor interviewed John Copenhaver regarding Standards, Resilience and the Future of Business Continuity Management (BCM). John made the following statement when asked about the importance of standards:

“However, while these things matter [how to get the attention of top management, what methodologies to use, what the right terminology is and so on], they are not necessarily the root cause of why we as a profession are not as effective as we might be. I think that there are deeper problems to address, such as what does effective BCM looks like, where is the discipline heading and where will it be in five years time?”

I thought the question regarding “what does effective BCM look like” was intriguing. It’s such a basic question, but, as I continued to think about it, I could see why a simple answer isn’t that easy to give. Continue reading