What is HICS and What are HICS Forms?

HICS_LogoThe Basics of the Hospital Incident Command System (HICS) Framework

If your hospital or health system has an initiative to improve the emergency preparedness program, or if you have moved into a new role that has emergency preparedness responsibilities, you have probably been hearing a lot about the Hospital Incident Command System (HICS) framework. You may also be hearing about HICS policies, templates, plans, and forms. If you unsure what “HICS” is or where to start, this perspective is for you. This article introduces HICS and links to resources that can take you to the next level of detail.  Continue reading

A Cross-Functional Approach to Hospital Preparedness

A Cross-functional Approach to Hospital PreparednessBringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security

Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness.  Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security.  Building cohesion sounds fairly straightforward, but, in reality, it can be complex.  Continue reading

General Data Protection Regulation (GDPR)

General Data Protection Regulation - GDPRGeneral Data Protection Regulation (GDPR) is the most comprehensive personal data privacy regulation ever issued, and its implementation deadline in May 2018 is approaching quickly. With the potential fines accompanying noncompliance, GDPR has shifted the business world’s attention to privacy. However, since this regulation was issued by the European Union, there is a lot of uncertainty around how GDPR impacts US-based businesses. Bottom-line – if your business sells to or holds EU residents’ personal information, GDPR affects you. Continue reading

Avalution Opens European Headquarters in Dublin, Ireland

Avalution EuropeFor over 12 years, Avalution has been laser focused on business continuity and recently expanded into information security due to trends toward integrated risk management. Until recently, Avalution delivered consulting services and supported our Catalyst SaaS solution with resources based solely in the United States. We’ve become the leading provider of business continuity software and consulting in the US – working with 13% of the Fortune 100, including the largest American organizations in seven different industries.

We’ve become well-known for delivering business continuity and information security services that are connected to the strategy of the business, pragmatic, and reliably delivered.

In August, we expanded into the European Union by opening a new office located in Dublin, Ireland. Continue reading

CMS Emergency Preparedness Ruling

CMS Emergency Preparedness RulingPublished on September 16, 2016 by the Centers for Medicare and Medicaid (CMS), the “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers” Final Rule (81 FR 63860), commonly referred to as the CMS Emergency Preparedness Final Rule, sets requirements for health care providers and suppliers that participate in Medicare and Medicaid to develop enhanced emergency response programs.

The ruling is comprised of four best practice standards: Risk Assessment and Emergency Planning, Policies and Procedures, Communications Planning, and Training and Testing. As as a prerequisite for participation in Medicare and Medicaid, all participant facilities (providers and suppliers) are expected to be in compliance with these requirements by November 15, 2017.

Avalution has studied these new regulations to create services that tightly align with the requirements and help organizations become compliant and increase preparedness. If you’re looking for assistance with achieving compliance, please contact us.

In the meantime, let’s take a closer look at the background and ruling provisions. Continue reading

Breaking Down Silos – Evolving an Incident Command System to Include Business Continuity

Evolving an Incident Command System to Include Business ContinuityAn Effective Business Continuity Program can Enhance Your Emergency Management Capabilities and Drive Higher Levels of Preparedness Across the Organization

Many organizations that we encounter have an obligation to support the community in time of crisis, including hospitals and utilities, for example. These organizations place a heavy emphasis on emergency management, and in recent years, we’ve seen increased implementation of the standardized Incident Command System (ICS) framework, or in the case of hospitals, the Hospital Incident Command System (HICS). There are many benefits to adopting ICS or HICS, but, most importantly, it allows organizations (both government and non-government) to operate and collaborate more effectively during emergencies. Common terms, roles, and responsibilities remove barriers to cooperation, ultimately benefiting the community.

When a community is impacted by a natural or manmade crisis, we are all better off thanks to ICS and HICS. However, many organizations are discovering that these systems may fall short when it comes to an incident that does not directly impact the communities in which they operate. While placing a heavy focus on emergency management is great (and many organizations are already mature in this space), it may not prepare an organization for unplanned resource interruptions, such as IT downtime or an unexpected facility closure. So how can an organization ensure the performance of social or community responsibilities, while protecting its own operations in the event of a more isolated disruption? Enter business continuity. Continue reading

Business Continuity Planning: Centralized and Decentralized Approaches

Business Continuity Planning - Centralized and Decentralized ApproachesBroadly speaking, there are two approaches to structuring a business continuity program.

A centralized structure involves leading and executing the business continuity planning process within a single team and engaging the business as needed.

A decentralized structure involves leveraging a small number of centralized resources that offer consultative assistance and performance measurement while resources dispersed throughout the business execute the actual planning process.

Both approaches have pros and cons, so it’s critical that organizations select the appropriate approach that adheres to their organization’s overall strategy, structure, culture, and priorities. In this perspective, I’ll provide an overview of each type of structure, the attributes associated with them, and additional information to help you select the most effective method of implementing a business continuity program within your organization. Continue reading

Introducing Our Information Security Practice

Introducing Avalution's Information Security PracticeFor twelve years, Avalution has been laser focused on business continuity. We’ve become the leading provider of business continuity software and consulting in the US. We work with 13% of the Fortune 100, including the largest organizations in seven different industries.

We’ve become well known for delivering business continuity services that are connected to the strategy of the business, pragmatic, and reliably delivered.

Today, we are expanding into Information Security Management.  Continue reading

Understanding Disaster Recovery Responsibilities When Using the Cloud

Disaster Recovery Responsibilities When Using the CloudIn the wake of recent Cloud Service Provider (CSP) outages, what is your organization responsible for when it comes to complex IT architecture?

Many organizations today rely on complex IT infrastructure to support their operations, leveraging solutions ranging from internal hosting to cloud hosting to dependence on third-party systems. IT service delivery is getting more intricate, in large part due to the need to leverage different IT tools and services from a variety of providers. Cloud-based solutions, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS), promise simplicity for the end user.  However, IT service delivery and management usually becomes much more difficult due to the complexities around architecture and integrations. Therefore, IT disaster recovery planning becomes more difficult, as it must account for these complexities and coordinate with various third parties to ensure adequate coverage. Bottom-line – simply defining who is responsible for what when it comes to disaster recovery planning can be difficult. Continue reading

Understanding the Business Continuity and IT Disaster Recovery Gap

BC and ITDR GapMany business continuity professionals can attest to the tension that often occurs between the business and IT when it comes to recovery capabilities. For example, Company X recently implemented a business continuity program, including determining recovery time objectives (RTOs) for key business processes. Like all well-established business continuity programs, the business impact analysis (BIA) considered the loss of technology and helped the company develop recommended recovery time (and recovery point) objectives for technology resources. The business documented and presented these RTOs to management following the initial BIA, but never followed up with IT to ensure that the capabilities could be met.

Meanwhile, IT leveraged its own application/system list and related recovery information to prioritize applications for recovery and drive the implementation of a disaster recovery solution that was cost-effective and aligned with IT’s conclusions of business requirements for recovery (created from data outside the BIA). Both the business and IT feel confident in their work; yet, neither have communicated with the other. Given that the groups have not undergone a joint exercise (or actual disruption), neither group is aware of the underlying gap: Recovery priorities and strategies are misaligned between the business and IT.

This perspective analyzes the symptoms and root causes of the business continuity and IT disaster recovery gap and proposes solutions to close it.  Continue reading