9 Tips for Business Continuity Management Success

Business Continuity Management (BCM) is vital in preparing and protecting business operations from disruptions caused by threats stemming from cyber-attack and natural disasters, as well as resource unavailability such as building loss, technology loss, staff absenteeism, and supply chain failure. A robust business continuity programme manages the likelihood and impact stemming from disruptive incidents through proactive response and recovery planning, with the objective of reducing operational downtime.

As a consultant and former BCM practitioner, I am regularly asked by senior executives, “What are the most essential aspects to focus on when launching a successful BCM Programme?” This article discusses 9 key steps to follow for success. Continue reading

What is HICS and What are HICS Forms?

HICS_LogoThe Basics of the Hospital Incident Command System (HICS) Framework

If your hospital or health system has an initiative to improve the emergency preparedness program, or if you have moved into a new role that has emergency preparedness responsibilities, you have probably been hearing a lot about the Hospital Incident Command System (HICS) framework. You may also be hearing about HICS policies, templates, plans, and forms. If you unsure what “HICS” is or where to start, this perspective is for you. This article introduces HICS and links to resources that can take you to the next level of detail.  Continue reading

A Cross-Functional Approach to Hospital Preparedness

A Cross-functional Approach to Hospital PreparednessBringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security

Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness.  Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security.  Building cohesion sounds fairly straightforward, but, in reality, it can be complex.  Continue reading

Avalution Opens European Headquarters in Dublin, Ireland

Avalution EuropeFor over 12 years, Avalution has been laser focused on business continuity and recently expanded into information security due to trends toward integrated risk management. Until recently, Avalution delivered consulting services and supported our Catalyst SaaS solution with resources based solely in the United States. We’ve become the leading provider of business continuity software and consulting in the US – working with 13% of the Fortune 100, including the largest American organizations in seven different industries.

We’ve become well-known for delivering business continuity and information security services that are connected to the strategy of the business, pragmatic, and reliably delivered.

In August, we expanded into the European Union by opening a new office located in Dublin, Ireland. Continue reading

Ransomware Changes the Game for IT Disaster Recovery

Ransomware Changes the Game for IT Disaster RecoveryImagine entering your workplace and being met with a sign instructing you NOT to turn on your desktop computers or dock your laptops until further notice. No network access; no email; no dependent application. Unfortunately, this was the actual scenario that played out for one global law firm, DLA Piper, who fell victim to the Petya cyberattack in late June. For this law firm, the loss of email services is devastating; and their email was unavailable for over one week.

The June 2017 cyberattack, known as Petya, affected major organizations throughout many industries. Global shipping conglomerate, Maersk, has estimated quarterly losses of between $200M-$300M, due to experienced interruptions. Large manufacturing facilities were brought offline for many days while working to re-establish critical systems.

Prior to Petya, in May, WannaCry spread worldwide and infected over 200,000 computers. In both cases, infected computers had their data encrypted and hidden from its owners until a ransom was paid. Continue reading

Understanding Disaster Recovery Responsibilities When Using the Cloud

Disaster Recovery Responsibilities When Using the CloudIn the wake of recent Cloud Service Provider (CSP) outages, what is your organization responsible for when it comes to complex IT architecture?

Many organizations today rely on complex IT infrastructure to support their operations, leveraging solutions ranging from internal hosting to cloud hosting to dependence on third-party systems. IT service delivery is getting more intricate, in large part due to the need to leverage different IT tools and services from a variety of providers. Cloud-based solutions, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS), promise simplicity for the end user.  However, IT service delivery and management usually becomes much more difficult due to the complexities around architecture and integrations. Therefore, IT disaster recovery planning becomes more difficult, as it must account for these complexities and coordinate with various third parties to ensure adequate coverage. Bottom-line – simply defining who is responsible for what when it comes to disaster recovery planning can be difficult. Continue reading

Understanding the Business Continuity and IT Disaster Recovery Gap

BC and ITDR GapMany business continuity professionals can attest to the tension that often occurs between the business and IT when it comes to recovery capabilities. For example, Company X recently implemented a business continuity program, including determining recovery time objectives (RTOs) for key business processes. Like all well-established business continuity programs, the business impact analysis (BIA) considered the loss of technology and helped the company develop recommended recovery time (and recovery point) objectives for technology resources. The business documented and presented these RTOs to management following the initial BIA, but never followed up with IT to ensure that the capabilities could be met.

Meanwhile, IT leveraged its own application/system list and related recovery information to prioritize applications for recovery and drive the implementation of a disaster recovery solution that was cost-effective and aligned with IT’s conclusions of business requirements for recovery (created from data outside the BIA). Both the business and IT feel confident in their work; yet, neither have communicated with the other. Given that the groups have not undergone a joint exercise (or actual disruption), neither group is aware of the underlying gap: Recovery priorities and strategies are misaligned between the business and IT.

This perspective analyzes the symptoms and root causes of the business continuity and IT disaster recovery gap and proposes solutions to close it.  Continue reading

Breaking Down Silos – Using Common Criteria to Assess and Prioritize Risks

Breaking Down SilosAn isolated approach to business continuity (and risk management in general) is holding many organizations back.

Business Continuity is one of many disciplines that helps organizations to become more resilient – that is, to increase an organization’s capacity to adapt to evolving circumstances and survive (or even thrive) during periods of disruption or change.  Other related disciplines – such as Information Security, IT Disaster Recovery, Emergency Management, Enterprise Risk Management, and Physical Security –ultimately have the same strategic purpose.  The goals and objectives of the individual disciplines may be more focused, but if we, as practitioners of these disciplines, force ourselves to look outside the artificial walls we sometimes build around our responsibilities, we should find that we are striving for something bigger than we can deliver on our own. Continue reading

Does Practice Make Perfect?

Practice Makes PerfectEveryone has heard the popular saying “Practice Makes Perfect”. But, is this true?

I am of the belief this statement is close to the truth.

“Perfect Practice Makes Perfect” Many have heard these words from Vince Lombardi, but I always heard them, multiple times mind you, from my father.  As a typical teenager, I didn’t really comprehend the message, or realize that it applies to more than just sports.  The message my father and Vince were trying to convey is simple, “What you put in, you will get out.” Continue reading

“…Or High Water”: A Business Continuity Case Study

Water PipeThe Importance of Business Continuity and Leveraging Resource Loss Based Planning

SITUATION
On Sunday, January 8, 2017, the temperature in Cleveland, OH dropped significantly, which caused a water pipe to burst in the hallway of our building, right outside the entry to our Cleveland office.

No one was in the building at the time, and the water poured out for about 45 minutes before it was shut off. The water pooled primarily in our office space resulting in damage to floors, walls, and some equipment. When all was said and done, the total amount of water removed from our office space alone, was approximately 15,000 gallons. The rest of the water literally went down the elevator and main stairway – flooding three of the floors below. Continue reading