Business Continuity Management (BCM) is vital in preparing and protecting business operations from disruptions caused by threats stemming from cyber-attack and natural disasters, as well as resource unavailability such as building loss, technology loss, staff absenteeism, and supply chain failure. A robust business continuity programme manages the likelihood and impact stemming from disruptive incidents through proactive response and recovery planning, with the objective of reducing operational downtime.
As a consultant and former BCM practitioner, I am regularly asked by senior executives, “What are the most essential aspects to focus on when launching a successful BCM Programme?” This article discusses 9 key steps to follow for success. Continue reading
As we move closer to the enforceable compliance date of May 25, 2018 for the General Data Protection Regulation (GDPR), many organizations are asking themselves if they are on track to meet the regulation requirements. Many organizations are still unsure if the regulation even applies to them. Given the severity of potential penalties for non-compliance greater of €20 million or 4% of revenue for non-compliance with core tenets of GDPR, such as violation of data subject rights or transfers of data to unauthorized third countries), this perspective covers who GDPR applies to and the key items you should explore in your organization to ensure you are prepared. Continue reading
The Basics of the Hospital Incident Command System (HICS) Framework
If your hospital or health system has an initiative to improve the emergency preparedness program, or if you have moved into a new role that has emergency preparedness responsibilities, you have probably been hearing a lot about the Hospital Incident Command System (HICS) framework. You may also be hearing about HICS policies, templates, plans, and forms. If you unsure what “HICS” is or where to start, this perspective is for you. This article introduces HICS and links to resources that can take you to the next level of detail. Continue reading
Formalizing your information security program is a critical step to drive information security capability maturation in any organization. The intent of formalizing a program is to get clear on focus and ensure everyone is on the same page about who is doing what.
From our experience, building a great information security program starts with asking the right questions. At Avalution, we build information security programs from the top down, starting with the strategy of the business and focusing on the following five key questions:
- Why do we have an information security program?
- What are we going to protect?
- How are we going to achieve it?
- Who is responsible and accountable?
- What are the results going to look like?
Let’s take a closer at each. Continue reading
Bringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security
Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness. Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security. Building cohesion sounds fairly straightforward, but, in reality, it can be complex. Continue reading
General Data Protection Regulation (GDPR) is the most comprehensive personal data privacy regulation ever issued, and its implementation deadline in May 2018 is approaching quickly. With the potential fines accompanying noncompliance, GDPR has shifted the business world’s attention to privacy. However, since this regulation was issued by the European Union, there is a lot of uncertainty around how GDPR impacts US-based businesses. Bottom-line – if your business sells to or holds EU residents’ personal information, GDPR affects you. Continue reading
For over 12 years, Avalution has been laser focused on business continuity and recently expanded into information security due to trends toward integrated risk management. Until recently, Avalution delivered consulting services and supported our Catalyst SaaS solution with resources based solely in the United States. We’ve become the leading provider of business continuity software and consulting in the US – working with 13% of the Fortune 100, including the largest American organizations in seven different industries.
We’ve become well-known for delivering business continuity and information security services that are connected to the strategy of the business, pragmatic, and reliably delivered.
In August, we expanded into the European Union by opening a new office located in Dublin, Ireland. Continue reading
Imagine entering your workplace and being met with a sign instructing you NOT to turn on your desktop computers or dock your laptops until further notice. No network access; no email; no dependent application. Unfortunately, this was the actual scenario that played out for one global law firm, DLA Piper, who fell victim to the Petya cyberattack in late June. For this law firm, the loss of email services is devastating; and their email was unavailable for over one week.
The June 2017 cyberattack, known as Petya, affected major organizations throughout many industries. Global shipping conglomerate, Maersk, has estimated quarterly losses of between $200M-$300M, due to experienced interruptions. Large manufacturing facilities were brought offline for many days while working to re-establish critical systems.
Prior to Petya, in May, WannaCry spread worldwide and infected over 200,000 computers. In both cases, infected computers had their data encrypted and hidden from its owners until a ransom was paid. Continue reading
Published on September 16, 2016 by the Centers for Medicare and Medicaid (CMS), the “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers” Final Rule (81 FR 63860), commonly referred to as the CMS Emergency Preparedness Final Rule, sets requirements for health care providers and suppliers that participate in Medicare and Medicaid to develop enhanced emergency response programs.
The ruling is comprised of four best practice standards: Risk Assessment and Emergency Planning, Policies and Procedures, Communications Planning, and Training and Testing. As as a prerequisite for participation in Medicare and Medicaid, all participant facilities (providers and suppliers) are expected to be in compliance with these requirements by November 15, 2017.
Avalution has studied these new regulations to create services that tightly align with the requirements and help organizations become compliant and increase preparedness. If you’re looking for assistance with achieving compliance, please contact us.
In the meantime, let’s take a closer look at the background and ruling provisions. Continue reading
An Effective Business Continuity Program can Enhance Your Emergency Management Capabilities and Drive Higher Levels of Preparedness Across the Organization
Many organizations that we encounter have an obligation to support the community in time of crisis, including hospitals and utilities, for example. These organizations place a heavy emphasis on emergency management, and in recent years, we’ve seen increased implementation of the standardized Incident Command System (ICS) framework, or in the case of hospitals, the Hospital Incident Command System (HICS). There are many benefits to adopting ICS or HICS, but, most importantly, it allows organizations (both government and non-government) to operate and collaborate more effectively during emergencies. Common terms, roles, and responsibilities remove barriers to cooperation, ultimately benefiting the community.
When a community is impacted by a natural or manmade crisis, we are all better off thanks to ICS and HICS. However, many organizations are discovering that these systems may fall short when it comes to an incident that does not directly impact the communities in which they operate. While placing a heavy focus on emergency management is great (and many organizations are already mature in this space), it may not prepare an organization for unplanned resource interruptions, such as IT downtime or an unexpected facility closure. So how can an organization ensure the performance of social or community responsibilities, while protecting its own operations in the event of a more isolated disruption? Enter business continuity. Continue reading