Business Continuity for Small Businesses – We Can Do Better!

If you have less than 500 employees, odds are you don’t have someone working full-time on business continuity.  And, unless regulations require you to perform planning in some manner, your organization may not have a business continuity plan at all! Continue reading

Moving Beyond Magnetic Tape Backups

Since individual technologies seem to change at a rapid-fire pace, it’s shocking how long magnetic tape media has survived (first used in 1951 to record computer data, it outdates hard drives and is now approaching 61 years of use!).  Although innovative new mediums (e.g., hard drives and solid-state storage) have exponentially increased speed and reduced the physical size of storage over the decades, cost and/or scaling issues left magnetic tapes as the logical disaster recovery choice for most organizations.  Recent innovations in both storage mediums and performance enablers, however, may be the catalysts necessary to finally move beyond tape.  This article will explore one alternative, electronic data vaulting and the use of virtual tape libraries, and compare its benefits and shortcomings to magnetic tape. Continue reading

Force Majeure: What is it and How Does it Relate to Business Continuity?

We see a lot of confusion specific to the topic of force majeure. Often, executive management has the belief that force majeure clauses in their contracts protect them from a wide variety of disruptive events, and thus they may not invest appropriately in business continuity plans and strategies. However, the concept of force majeure is somewhat convoluted and often includes many variables. As a result, if an organization does not plan appropriately, it may actually be left unprotected and vulnerable to claims of breach of contract in the event of a disruption.

This article explores the history of force majeure and its current state application in contract law. Continue reading

Connecting with Management and Staying Relevant

NOTE: The content of this perspective was initially presented September 13, 2011 at DRJ Fall World in a presentation titled, “Connecting with Management and Staying Relevant.” During the presentation, attendees were asked to complete a Self-Assessment Survey answering various questions regarding management involvement within their organizations’ business continuity programs. Avalution used the information gathered during that session in order to frame this perspective and offer feedback based on the recommendations presented at DRJ.

Connecting with Management and Staying RelevantManagement involvement and support is vital to the growth and ongoing success of an organization’s business continuity program. Management buy-in ensures alignment with the organization’s overall strategic direction and business objectives, and allows the program to obtain appropriate resources and visibility. Without adequate management involvement and support, a business continuity program risks losing effectiveness and alignment with business strategy, misspent or unfit resources, imbalance between capability and requirements, or in the worst case, management cutting business continuity all together because they do not see the value in the investment. Continue reading

GRC for Business Continuity Professionals

Many business continuity professionals have expressed concern and uncertainty regarding the future of business continuity and how it will ‘fit’ with newer concepts like GRC (Governance, Risk and Compliance) and ERM (Enterprise Risk Management). In truth, these different ways of managing risk and optimizing business performance could significantly affect how business continuity programs are run. But, in the end, the importance lies in managing obligations and risk in the most efficient and cost-effective manner possible so the organization can thrive and meet stakeholder expectations. This article dissects the current state of GRC and what business continuity professionals need to know and do about it. Continue reading

An Update on TC 223 and ISO 22301

Online Exclusive – as published on  | Updated June 2012

[EDITOR’S NOTE – Brian Zawada is a member of the US Technical Advisory Group to ISO Technical Committee 223. Zawada participated in the 2011 and 2012 meetings as a member of Working Group 4, the team charged with developing ISO 22301, 22313 and 22323.]

There are numerous articles and conversations currently taking place regarding ISO 22301 and ISO Technical Committee (TC) 223 in general – some based on fact, but many based on assumption and rumor. So, what’s the real story on ISO 22301 and the work being performed related to societal security?

The purpose of this article is to provide updated information to help business continuity professionals better understand the ISO TC 223 standards development efforts underway and when to expect final work product that can help your organization better prepare for disruption. Continue reading

Are We Okay?

As Published in the May/June 2011 Issue of Continuity Insights Magazine

When executives called you the day after the earthquake in Japan, could you answer that question?

On Friday, March 11, 2011, at 7:30a.m. EST, the Chief Operations Officer (COO) of a Fortune 500 company called the director of business continuity and asked a simple question: “Are we okay?” After waking up and watching the news, he saw the devastation in Japan resulting from a powerful earthquake, as well as the tsunami warnings throughout the Pacific including the U.S. mainland.

Admittedly, the business continuity director–despite the organization’s operations on the West Coast and numerous suppliers in Japan–hadn’t thought about preparing a response to such a question because the company is headquartered in the Atlanta area. He was out of harm’s way–but the organization wasn’t. Continue reading

Data Breaches On Deck for Federal Oversight (Again)

Data BreachIn December 2009, my perspective titled “Data Breaches: A Sidewalk Sale of Consumer and Personal Information” detailed the financial, reputational and regulatory implications surrounding a data breach occurrence. Since then, little has changed (other than the fact that the term “data breach” is now commonplace throughout workplaces and households due the continuous increase of breaches worldwide). Organizations around the world ranging from US Bank and Outback Steakhouse to the U.S. Air Force and Sony have experienced (or are currently experiencing) a data breach and the headache of breach notification. Despite numerous attempts to implement federal data breach notification legislation, little has been done on a national level to streamline the process.

This perspective highlights the data breach notification process and how recent legislation proposed by the Obama Administration is hoping to consolidate dozens of diverse state breach notification regulations into one integrated national plan. Continue reading

Cloud Computing: Questions Continuity Professionals Should Ask

CloudEveryone seems to be talking about “the cloud” these days. Unfortunately, that is a REALLY broad term! So, let’s take a closer look at what “the cloud” really means, and then examine some key questions that continuity professionals should ask both their organization and cloud provider when the topic of cloud-based applications and recovery comes up. Continue reading

Business Continuity: Now Required at Most Hedge Funds

hedge fund perspectiveBusiness Continuity planning is no longer just a best practice for hedge funds, as the Securities and Exchange Commission (SEC) now requires most hedge funds to maintain up to date business continuity programs. This article explains the new regulatory mandates and describes a recommended approach that hedge funds can employ to not only meet the spirit and intent of new SEC requirements, but also begin building toward business continuity readiness. Continue reading