Category: Business Continuity Management

Need Evidential Research on Merits of Business Continuity Planning

I agree that there is a lack of real, empirical evidence of the positive value of Business Continuity in the private sector. On the other hand, the public sector, either by directive or presumptive duty, is much further ahead in establishing continuity of operations, disaster preparedness and other risk management initiatives and plans. This is [...]

Sunday February 13th, 2011 in Business Continuity Management, Continuity of Operations Plan - COOP, Risk Management | Comments Off

“Maintaining & Auditing Business Continuity Programs- A Plan for a Municipality”

” Maintaining and Auditing a Business Continuity Program- A Plan for a Municipality“ February 12, 2011 by Andrew M. Amalfitano CONTENTS I.  Introduction.. 3 II. Plan.. 4 Key Plan Steps: 4 1. On-going. 4 2. Awareness and Launch.. 4 3. Implement. 5 4. Considerations. 5 III. Audit. 5 Standards. 6 Audit Elements. 8 Process. 8 [...]

Sunday February 13th, 2011 in Business Continuity Management, Continuity of Operations Plan - COOP, Tools, Templates, Software, Training and Exercises | Comments Off

Internal or External Auditors or Both?

Business Continuity Plan Audits can be done by internal or external individuals. There is value in each approach. In either case, the person(s) conducting the audit should be competent, impartial, and objective. When internally done, the auditor should not be from the group and should not be responsible for any of the activities being reviewed [...]

Sunday February 6th, 2011 in Business Continuity Management, Organizational Resilience, Risk Management, Training and Exercises | Comments Off

Tying Bonuses to BC Plan Goals

If an auditor determines that some license was taken in reporting of status on previous audits, it should be included as a data point in the current audit.  Generally, keeping within the scope of the audit parameters, an auditor can identify non-conformance as factual, regardless of previous attempts to smooth over data or report more [...]

Sunday February 6th, 2011 in Business Continuity Management, Organizational Resilience, Training and Exercises | Comments Off

Transparency: One AAR

When documenting the results and outcomes of a disaster exercise only one report is necessary and that is the After Action Report. In it there is ample opportunity to record, exhibit, explain, and present all findings including improvement opportunities. If a manager asked that there be two separate AAR’s, one internal and one external, I [...]

Wednesday February 2nd, 2011 in Business Continuity Management, Continuity of Operations Plan - COOP, Training and Exercises | Comments Off

Executive Presentations (of Exercise Results)

[Good] Corporate executives have long had a reputation of wanting crisp answers to specific questions. They also appreciate a fine blend of strategic thinking mixed with data-driven recommendations. When we conduct a disaster exercise, we presumably already have the buy-in of the champions. However, not everyone who will sit in on the executive presentation of [...]

Tuesday February 1st, 2011 in Business Continuity Management, Training and Exercises | Comments Off

Avoid Editorial Opinion in Your AAR

When an After Action Report is developed it should be based on facts observed and discovered during the exercise. Sometimes, editorials and opinions make their way into the feedback and documented findings that are used to create the AAR. These reports should never be altered and should be retained as originally submitted. However, not every [...]

Saturday January 29th, 2011 in Business Continuity Management, Tools, Templates, Software, Training and Exercises | Comments Off

Which BCP Standard for Your Company?

When considering which standard the BCP program at your company should be based on some look to these for consideration: ASIS SPC.1-2009, National Standard: Organizational Resilience Standard. DRII Professional Practices for Business Continuity Planners. NFPA 1600. Since BSI has not been offered for this discussion point, I believe that NFPA 1600 has the most viability [...]

Tuesday January 25th, 2011 in Business Continuity Management | Comments Off

Maintaining BC Plans

The primary issue to consider regarding business continuity plan maintenance begins with early involvement of a team of representatives from each key department or function. Early on in the process, particularly for a Continuity of Operations Plan-COOP, public sector functions throughout the city need to understand that ongoing updates and maintenance are essential to the [...]

Thursday January 20th, 2011 in Business Continuity Management, Training and Exercises | Comments Off

Manage “Stonewalling” During and Exercise

An actual disaster exercise can be quite dynamic. Just because the exercise design team planned the event down to the most finite detail does not mean that the event will go exactly as planned. People make judgments based on ever changing information and data in real life and will do the same during a disaster [...]

Saturday January 15th, 2011 in Business Continuity Management, Training and Exercises | Comments Off

Giving the Exercise Plan Out Too Soon

In general, it is not a good idea to give out the disaster exercise plan to the participants in advance of the event. I can think of one situation when it would be OK to do so: If the narrative is of a broad regional basis and the exercise clock is several days into it, [...]

Tuesday January 11th, 2011 in Business Continuity Management, Tools, Templates, Software, Training and Exercises | Comments Off

Disaster Exercise – Observing and Evaluating

Exercise activity is best observed and evaluated by individuals specifically assigned to the task of observation or evaluation. A good rule of thumb is to have enough evaluators to observe each and every key activity, inject, and response by the participants. Often, it is either cost prohibitive or simply not feasible to have more than [...]

Thursday December 30th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Leading the Disaster Exercise Design Team

Exercise design team meetings are used to orient the design team members to goals and objectives, brainstorm a story narrative, and create injects into the scenario to validate the areas being assessed. Further, the design meetings are used to prepare all aspects of the exercise event including materials like participant guides, actor and simulator team [...]

Thursday December 23rd, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Exercise Injects

Table-top disaster exercises provide a safe, low-stress environment within which participants can validate policy and procedure, consider what-if scenarios, and evaluate and assess their capabilities to manage a major incident. Key to bringing practical realism to a disaster exercise are “injects”. An inject is new data or information. The inject is provided to the participants [...]

Thursday December 23rd, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Keeping Momentum in an Exercise Design Team

Once an exercise design team has started its work, momentum is important. If good effort was made early on to include all the key players and commitment was confirmed, then the process should go smoothly. Invariably, everyday schedules or interrupts get in the way or perhaps some design team members become disenchanted or become too [...]

Thursday December 23rd, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Disaster Exercises: ‘Hard’ Incident or ‘Soft’ Event?

Whether or not an exercise is ‘hard’ or ‘soft’ often depends on the type of business or organization wishing to prepare and conduct the practice event. It could also depend on recent events in their industry or geography, and current news. Designing the narrative of a disaster exercise can be tricky. This is especially true [...]

Tuesday December 14th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Key Elements of a Disaster Exercise Narrative

A well crafted disaster exercise narrative is a critical element of any disaster training or exercise process. The narrative sets the stage for the exercise scenario. It provides background information and helps participants approach the exercise as a real and plausible event. The narrative also sets the stage and puts the players at the beginning [...]

Tuesday December 14th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Why Are We Doing This Exercise?

It can be difficult to convince an organization to take the time and incur the cost of conducting and exercise, particularly a Functional or Full-Scale exercise. I’ve sometimes heard an answer to the basic question “Why are we doing this exercise” to be “because we’ve been told we have to”. While valid, hopefully there is [...]

Sunday December 12th, 2010 in Business Continuity Management, Training and Exercises | 1 Comment »

When to Simulate and Not During an Exercise

One of the questions that often arises is the value of creating a full ‘simulation team’ versus using the ‘real’ people and functions during the exercise. There are pros and cons to each. In general, an exercise designer must consider how realistic a particular event needs to be, whether there is sufficient personnel, budget and [...]

Sunday December 12th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Obtaining Exercise Background Data

The background or preparatory data and information for continuity exercises may come from several sources. Of primary importance to the exercise designer should be a thorough understanding of the exercise objectives, scope, and participant functions. With these key elements defined, the designed can begin seeking out information necessary to begin crafting a suitable exercise plan. [...]

Sunday December 12th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Bench Strength for Disaster Exercise Teams

A disaster exercise team is arguably the most value ingredient to preparing an organization to manage and recover from a disaster. There are other important ingredients, for example resources, technology, tools, vendors, executive support, communications, etc. However, a team of dedicated individuals who work well together and who understand how to implement actions in support [...]

Monday December 6th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

“Carrots and Sticks Don’t” Always Motivate

Emergency response exercises are a very valuable learning tool and can produce great energy and enthusiasm, despite the degree of successful completion or task accomplishment. In a recent motivational talk by Dan Pink he shares the concept that businesses do not always follow established science findings related to how humans are motivated. Pink provides research [...]

Monday December 6th, 2010 in Business Continuity Management, Continuity of Operations Plan - COOP, Training and Exercises | Comments Off

We Need More than RAID-1

Backups of computer data are needed more today than ever before. In addition to common human error, our data is exposed to environmental hazards, equipment failure, and malicious attacks. The idea that disk mirroring within RAID technology is sufficient by itself to secure data is not well founded in the reality of information systems. Many [...]

Saturday October 23rd, 2010 in Business Continuity Management, Information Systems - Disaster Recovery | Comments Off

IT System or Users Own Data Backup? Be Careful….

Users are responsible for their own backup of critical data. Which method they choose is up to them, usually. More importantly, the consequences of choosing incorrectly may pose significant financial or safety issues. Or, the results may be inconsequential depending on the nature and importance of the data. Whether or not local hard drive data [...]

Saturday October 23rd, 2010 in Business Continuity Management, Information Systems - Disaster Recovery | Comments Off

Cyber Attack: Law Enforcement Helps?

Working with law enforcement can be a help and a hindrance to routine business operations. In the event of a suspected cyber attack or other information systems-based crime, law enforcement can play a helpful and crucial role. The degree of helpfulness may depend on the size, nature, or complexity of the intrusion or breach. Due [...]

Monday October 18th, 2010 in Business Continuity Management, Information Systems - Disaster Recovery | Comments Off

IT DR Plan and Business Continuity go Hand-in-Hand?

Protecting businesses and more importantly the people who work and spend time in facilities against intrusions is an important and necessary activity. We usually think of larger organizations, universities, hospitals, government facilities, banks etc as needing protection systems. In my experience, smaller entities (under 1000) rarely have the time, motivation, money, or energy to draw [...]

Saturday September 25th, 2010 in Business Continuity Management, Information Systems - Disaster Recovery | Comments Off

Business Continuity Webinar 25-AUG10

Join us for a webinar on August 25th, 2010 at 1:00 pm EDT To join the meeting: http://norwich.na5.acrobat.com/r44501939/ Call in Number: 1-866-844-6898 | Conference code: 50261753 Sponsored by the Norwich University Master of Science in Business Continuity Management Program (http://businesscontinuity.norwich.edu) and the International Consortium for Organizational Resilience (http://www.theicor.org). Continuity of Operations Planning Events such as [...]

Sunday August 8th, 2010 in Business Continuity Management, Training and Exercises | Comments Off

Compliance Programs Only As Effective as the People

I’m not a fan of vast regulations. It seems, though that when corporate leaders make mistakes, or willfully fraud, a regulation is born that is often necessary. Compliance programs are only as effective as the people implementing them. Yet, what ‘goes around’ seems to ‘come around’ and eventually it appears that most, if not all, [...]

Wednesday August 4th, 2010 in Business Continuity Management, Organizational Resilience, Risk Management | Comments Off

Overlooked Risk Realizations

Risk realization defines the ability of an organization to recognize threats, vulnerabilities and hazards and understand how those risks impact successful operations. Too often, a company may recognize risks, but may not always see or understand the complexities or interdependencies of risk on a broad or more global scale. Decisions are made at an executive [...]

Sunday July 25th, 2010 in Business Continuity Management, Risk Management | Comments Off

The Impact of Clean Energy Policies on a Company’s Energy Policies

I write this to you from the comfort of my evaporative-cooled home on a hot summer afternoon somewhere in the United States. The personal computer hums quietly in the background as I sip coffee and set the cup back down on my cup warmer. The small desk lamp lights my reference material and other incidentals [...]

Sunday July 25th, 2010 in Business Continuity Management, Risk Management | Comments Off
Uses wordpress plugins developed by www.wpdevelop.com