Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (544)

The Business Continuity Institute

 

Mexico is waking up to widespread disruption and damage following a 7.1 magnitude earthquake.

The country is prepared for this type of disaster. All across Mexico, regular drills are practiced to ensure people are prepared for natural disasters, however this time it wasn’t a drill. The widespread damage is yet to be fully reported on and it’s likely that we won’t know the extent for days, weeks and even months, however their initial response appears proactive and positive.

In August 2017, the U.S. Department of Defense undertook an exercise designed to prepare the military and residents for a possible 7.0 magnitude earthquake. They followed their plans to the letter; escalating the disaster from local to county authorities. Once these county authorities could no longer manage the exercise scenario, it was escalated to state authorities and as a final escalation, the federal government was involved. According to Army Col. Barry Graham; “… I think it has been a great exercise and everyone has gotten something out of this training. New Mexico is very prepared because of this exercise."

Residents across the US and Mexico are also exercised regularly, undertaking drills which educate them on how to respond to a variety of scenarios. During these exercises, a 30 second warning is given and they are instructed of where to go and what to do depending on the type of disaster being exercised. This time however, there was no warning. The first the residents felt was the tremor. 

As this disaster becomes a reality with uncanny resemblance to their most recent exercise, how are local, state and federal authorities responding? Alfredo del Mazo Maza, the State of Mexico’s governor has invoked their disaster response plan; ordering schools to close and public transport to operate free of charge to allow residents to travel safely. Emergency services and volunteers are also in place working around the clock, searching the rubble for survivors. The extent of the damage and the widespread panic may hinder the recovery process, however even in the first 24 hours following the disruption, it appears that their widespread preparedness and exercising schedule will play a vital role in their recovery as a whole. 

Download the attached files

PDF documents 

The Business Continuity Institute

 

Having related but different disciplines work together, such as information security and business continuity, is the key for building resilience at an organizational level

Caversham, 19rd September 2017 –The Business Continuity Institute (BCI), in association with Mimecast, have published the BCI Information Security Report 2017. Cyber-attacks, such as the recent WannaCry ransomware attack, cause great disruption and financial loss, meaning organizations need to focus on collaboration as a key driver for building information security which is an important component of organizational resilience. 

The BCI Information Security Report looks to benchmark how organizations handle sensitive data and how resilient they are when it comes to data protection. The survey assessed 369 organizations in 63 countries worldwide on the different solutions and key drivers on which they build information security. 75% of organizations report the use of internet-connected devices at least once daily which demonstrates the pervasiveness of technology and how crucial it is to keep these devices secure. The results also showed that, top management commitment is pivotal in building information security across the organization. Compliance with legislation alongside organizational policies – such as staff training, company regulation etc. – and financial investment in information security, were also key drivers for information security in organizations. 

What stands out the most from the report is the concept of collaboration. Indeed, having collaboration among management disciplines and teams plays an essential role in tackling information security challenges, but it also helps when building organizational resilience. Therefore, business continuity professionals, with their expertise in dealing with disruption, should engage with related disciplines. Collaboration involved organizational change and effort, but the benefits deriving from it should be the motivation behind taking action. 

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

Wednesday, 20 September 2017 16:32

BCI Information Security Report

The Business Continuity Institute

 

In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis.

Our annual emergency communications survey, sponsored by Everbridge, aims to benchmark the emergency communication arrangements of organizations in different sectors worldwide. Please do support the valuable research work of the BCI by completing the survey which you can find by clicking here. As an added incentive, all respondents will be entered into a prize draw to win a £100 Amazon gift card.

Tuesday, 19 September 2017 19:22

BCI Emergency Communications Survey 2017

TALLAHASSEE, Fla. – As Floridians begin the cleanup process after Hurricane Irma, the Federal Emergency Management Agency (FEMA) urges everyone to know the best way to remove debris from their property.

Don’t wait to clean up storm damage. Document damage with photos or videos.

Take care when cleaning up. Dangling power lines, flooding and other hazards remain. If trees and other debris have fallen on your private property, be sure to check with your insurance agent to determine if tree damage is covered by your policy. As you clean up, be sure to keep in mind the following information:

  • Due to the magnitude of recent disaster events, residents can move debris from their private property to public rights-of-way for pick up and removal by local governments for a limited time. Debris removal from private property is generally the responsibility of the property owner, just as before the hurricane.
  • Follow guidance from your local officials when placing debris for collection. Separate debris into six categories when disposing along the curb:
    • Electronics, such as televisions, computers or phones;
    • Large appliances, such as refrigerators, washers, dryers, stoves or dishwashers.  Be sure to seal or secure the doors so that they are not accessible;
    • Hazardous waste, such as oil, batteries, pesticides, paint or cleaning supplies. If you suspect that materials contain lead-based paint, keep them moist or contain materials in plastic bags so that the paint does not become airborne;
    • Vegetative debris, such as tree branches, leaves or plants;
    • Construction debris, such as drywall, lumber, carpet or furniture; and
    • Household garbage, discarded food, paper or packaging.
  • Place debris away from trees, poles or structures including fire hydrants and meters.
  • Remove all water-damaged materials from your home and place curbside for pickup.
  • Debris should not block the roadway.

Hurricane Irma left behind fallen trees, limbs and trash from damaged buildings on private and public property. Workers have begun picking up the tons of debris dumped on streets, highways, curbsides and from private yards. Federal and state aid will help pay for removing debris from public property.

For more Hurricane Irma recovery information, visit www.fema.gov/hurricane-irma.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

TALLAHASSEE, Fla. – If you live in one of the disaster-designated Florida counties and experienced property damage or loss directly caused by Hurricane Irma, register with the Federal Emergency Management Agency (FEMA) for disaster assistance – even if you have insurance. This can be an important step to begin the process of recovery.

You may register for assistance the following ways:

  • At www.DisasterAssistance.gov.
  • If you don’t have Internet access, you can call 800-621-3362.
  • People who have a speech disability or hearing loss and use TTY should call 800-462-7585.
  • For those who use 711 or Video Relay Service (VRS), call 800-621-3362.
  • These toll-free telephone numbers will operate from 7 a.m. to 11 p.m. (EST) seven days a week until further notice.

FEMA assistance for individuals may include grants for rent, temporary housing and home repairs to their primary residences, as well as funding for other serious disaster-related needs, such as medical, dental or funeral costs. If you have insurance, FEMA may still be able to assist with disaster-related expenses that were underinsured or not covered by your policy.

After you apply, a FEMA inspector will contact you to schedule an inspection. The inspection generally takes 30-40 minutes or less and consists of a general verification of your disaster-related losses and a review of ownership or residence records. There is no fee for the inspection.

When a FEMA housing inspector comes to visit your home, be sure they show you proper identification. All FEMA inspectors have prominent photo identification badges. If you suspect someone is posing as a FEMA housing inspector, call our toll-free Disaster Fraud Hotline at 866-720-5721, or call local law enforcement officials.

Once the inspection process is complete, your situation will be reviewed by FEMA. You will receive a letter by email or physical mail, depending on your preference, which outlines the decision about your claim. For more information about the inspection process, and documentation you will need to provide the inspector, visit the FEMA Individual Assistance Inspection Process page.

Know that you may receive a visit from more than one inspector throughout the recovery process. In addition to FEMA housing inspectors, representatives from the U.S. Small Business Administration, state and local officials and inspectors for private insurance coverage also visit neighborhoods in affected areas.

For more recovery information visit FEMA’s Hurricane Irma web page at www.fema.gov/hurricane-irma.

 A call from a FEMA inspector. A brief inspector's visit. A decision letter. If you receive a SBA loan application completing it is an important step in finding out what aid may be available to you.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

WASHINGTON – The U.S. Department of Homeland Security's Federal Emergency Management Agency (FEMA) continues coordinating the efforts of the federal family, working alongside state, Commonwealth, tribal, territorial, and local emergency responders to help address the immediate needs of survivors following Hurricane Irma.

Tens of thousands of federal workers are supporting preparedness, response, and recovery to Hurricane Irma, including more than 3,200 FEMA staff, and more than 13,000 National Guard soldiers and airmen from 22 states, in rescue, evacuation, security and support operations.

three men on a boat repair a light

Crewmembers from Coast Guard Aids to Navigation Team Jacksonville Beach make repairs to a light damaged by Hurricane Irma, Friday, Sept. 15, 2017, in Brunswick, Georgia. The ANT Jacksonville Beach crew is responsible for over 950 aids to navigation throughout northeastern Florida and southeastern Georgia. (U.S. Coast Guard photo courtesy of Aids to Navigation Team Jacksonville Beach)

The Department of Energy is coordinating with its partners to facilitate communications, provide situational awareness, and expedite restoration efforts. More than 60,000 personnel are activated from more than 250 investor-owned electric companies, public power utilities, and electric cooperatives from all corners of the United States and Canada, to support power restoration. Private sector partners estimate that power should be returned to 95 percent of customers by September 17. Restoration to severely damaged areas will take additional time.

For those in designated areas in Florida, Puerto Rico, and the U.S. Virgin Islands, registering online at www.DisasterAssistance.gov is the quickest way to register for federal assistance, including FEMA assistance.  If survivors do not have access to the internet, they may register by calling 1-800-621-FEMA (3362) or 1-800-462-7585 (TTY). If survivors use 711 relay or Video Relay Service (VRS), they should call 800-621-3362 directly.

a woman wearing a FEMA vest stands in front of a flooded home with a clipboard

FEMA disaster assistance teams go door to door in Florida after Irma.

FEMA received more than 413,000 registrations to date and has already approved $92.8 million for Hurricane Irma survivors. As it becomes safe for people to return to their homes, FEMA expects registration numbers to increase.

Federal Efforts Underway as of September 16, 2017   

  • The American Red Cross (ARC) is operationally focused on safety, shelter, food, which includes shelf-stable meals, and positioning personnel and supplies. More than 8,100 people were provided refuge from Hurricane Irma in more than 100 government and Red Cross evacuation centers across four states, Puerto Rico, and the U.S. Virgin Islands.  To date, the ARC served more than 380,000 meals and snacks. More than 3,000 Red Cross workers are responding to Irma now, with almost 350 more volunteers on the way.
     
  • The U.S. Army Corps of Engineers (USACE) currently have more than 350 personnel engaged and have received 35 FEMA Mission Assignments (MA). For Florida, USACE’s mission assignments include providing temporary power, temporary roofing, debris removal, and infrastructure assessment. For Puerto Rico and the U.S. Virgin Islands, USACE’s mission assignments include providing temporary power, temporary roofing, debris removal/technical assistance, infrastructure assessment, and a commodities management subject-matter expert.
     
  • The U.S. National Guard Bureau (NGB) is sending additional personnel to support law enforcement and security operations; they’re scheduled to arrive in the affected areas in the next four days. National Guard soldiers and airmen continue staffing critical points of distribution to deliver essential resources including food and water, and continue clearing debris to open roads in affected areas. The National Guard continues search and rescue efforts in the Keys, while route clearance, shelter operations, law enforcement support, communication restoration and essential resource distribution remain a priority as well.  The National Guard is augmenting civilian law enforcement in securing areas affected by Hurricane Irma and in helping citizens rebuild their communities.
     
  • U.S. Department of Energy (DOE) continues to work with its partners to ensure that fuel remains available in the areas impacted by Hurricanes Irma and Harvey. The fuel situation is stable, and DOE is working with its interagency and private sector partners to ensure that it remains available throughout the region. The Strategic Petroleum Reserve delivered 3.1 million barrels of crude, out of the 5.3 million authorized. A blog post about these efforts can be found here, and DOE continues to provide situational updates here.
     
  • The Federal Aviation Administration (FAA) is sending a large, mobile air traffic control tower to Key West to help increase the safety and number of operations at the damaged airport. The mobile tower is currently at Bradley Airport, Connecticut and will be en route soon to Key West, and operational mid-week.
     
  • U.S. Department of Health and Human Services (HHS) response coordinators are working with federal and U.S. Virgin Islands territory agencies to identify long-term solutions for health care in the U.S. Virgin Islands; the territory’s entire medical care system and public health system were hard hit by the storm. National Disaster Medical System and U.S. Public Health Service Commissioned Corps teams have seen more than 3,700 patients, including dialysis patients evacuated from the Caribbean islands to Puerto Rico, as well as at the St. Thomas hospital, Florida shelters, and two hospitals in the Florida Keys. The HHS continues to provide the Disaster Distress Helpline (1-800-985-5990), which remains open 24/7 for free help coping with the stress of the storm.
     
  • The Center for Disease Control and Prevention (CDC) continues to provide personnel to support the efforts in Florida and the U.S. Virgin Islands, and share information about carbon monoxide and generator safety: https://www.cdc.gov/disasters/co-materials.html. The agency is currently translating guidance material into more than ten languages for survivors.
     
  • The U.S. Coast Guard (USCG) is working with the U.S. Navy and the National Oceanic and Atmospheric Administration in Key West, Florida, to open the shipping channel from the sea buoy to the Mole Pier, to facilitate the safe movement of relief supply deliveries.  However, the port of Key West remains closed at this time. Since Sept. 12, sixteen (16) tank ships have been cleared to deliver their supplies of fuel to ports in Florida. Eight additional tank ships are expected to arrive in the coming days. Coast Guard National Strike Force crews are working with local, state and federal teams on 64 pollution cleanup responses across the storm-impacted areas.
     
  • The U.S. Department of Justice (DOJ) released a message from Attorney General Jeff Sessions to those impacted by Hurricanes Irma and Harvey. To view this release, click here or see the video. The NCDF Disaster Fraud Hotline is (866) 720-5721. The Bureau of Prisons is providing updates at www.bop.gov.
     
  • U.S. Environmental Protection Agency (EPA) continues to coordinate closely with local, state, tribal and federal partners, especially the Florida Department of Environmental Protection in response to Hurricane Irma. EPA deployed six National Priority List (NPL) Assessment Teams to Florida this week and over one third, and counting, of the NPL sites in Florida have been assessed. EPA is also exercising enforcement discretion for diesel fuel use by utility work vehicles and equipment.  Florida Governor Rick Scott issued a request that will go into effect immediately, and terminates when all diesel reserves have been used or by the end of the day on September 22, 2017, whichever comes first.
     
  • The U.S. Social Security Administration (SSA) is working with the United States Postal Service and the Department of Treasury regarding check payments to be delivered. Cycle 3 benefit payments will be delivered on September 20. They estimate approximately 5,700 checks will be issued in the areas affected by Irma. The SSA will continue to monitor the status of all check payments in affected areas.
     
  • The U.S. Postal Service (USPS) continues to restore all mail processing operations in the state of Florida, including the areas hardest hit. In the Florida Keys, delivery and retail operations have resumed today in Key Largo and Tavernier. All facilities in Puerto Rico are open except for one post office.

a photo collage of men holding the American flag

VATF1 and NYTF1 personnel w/ @forestservice force protection officers re-raised US flag above the old firehouse at Fort Christian. [U.S. Virgin Islands]

Sailors work with heavy equipment to remove debris from Naval Air Station Key West, Florida

Sailors work with heavy equipment to remove debris from Naval Air Station Key West, Florida, Sept. 15, 2017. Clean up efforts are in full swing across the Florida Keys after Hurricane Irma caused extensive damage across the state. (U.S. Coast Guard Petty Officer 2nd Class Dustin R. Williams) 

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

People who were affected by Hurricane Harvey and the subsequent floods and who live in the disaster-designated Texas counties should register for FEMA assistance even if they are covered by insurance or have registered with other agencies.

Under federal law, FEMA cannot duplicate insurance settlements or other benefits, but there are cases where insured survivors might still be eligible for FEMA help.

For example:

  • Your settlement was delayed longer than 30 days after you filed a claim.
  • The settlement does not fully cover all your losses and needs.
  • You exhausted the additional living expenses provided in your policy.
  • You cannot locate suitable rental resources in your community.

You should file your insurance claims, whether homeowner’s or flood or both, as soon as possible. And you have until Oct. 24 to register with FEMA for assistance. Here’s how:

  • Log onto DisasterAssistance.gov. Registering online is the quickest way to register for FEMA assistance.
  • Those without internet access can register by phone. Call 800-621-3362 (voice, 711 or video relay service) or 800-462-7585 (TTY). The toll-free lines remain open 6 a.m. to 10 p.m. local time seven days a week until further notice.
  • Via the FEMA app, available for Apple and Android mobile devices. To download, visit fema.gov/mobile-app.

Once you have registered, you have 12 months to let FEMA know if your insurance coverage was not enough and you want to be considered for help.

To apply for assistance, fax or mail a letter to FEMA explaining the circumstances:

FEMA Individuals and Households Program
National Processing Center
P.O. Box 10055
Hyattsville, MD 20702-8055
Fax: 800-827-8112

If you have registered with other organizations, you still need to register with FEMA if you want to be considered for FEMA assistance.

Homeowners, renters and businesses in Aransas, Bee, Brazoria, Calhoun, Chambers, Colorado, Fayette, Fort Bend, Galveston, Goliad, Hardin, Harris, Jackson, Jasper, Jefferson, Kleberg, Liberty, Matagorda, Montgomery,  Newton, Nueces, Orange, Polk, Sabine, San Jacinto, Refugio, San Patricio, Tyler, Victoria, Waller, Walker and Wharton counties may be eligible for help.

FEMA has authorized Critical Needs Assistance (CNA) for all designated counties in Texas for households with immediate or serious needs due to being displaced from their primary dwelling.

Critical needs are life-saving and life-sustaining items including, but not limited to: water, food, first aid, prescriptions, infant formula, diapers, consumable medical supplies, durable medical equipment, personal hygiene items and fuel for transportation.

To be eligible for CNA a survivor must:

  • Complete a registration with FEMA;
  • Verify identity;
  • Assert at the time of registration that they have critical needs and request financial assistance for those needs and expenses;
  • Have a pre-disaster primary residence located in a county designated for CNA; and
  • Be displaced from their pre-disaster primary residence as a result of the disaster.

CNA is currently available in the following counties: Austin, Aransas, Bastrop, Bee, Brazoria, Calhoun, Chambers, Colorado, DeWitt, Fayette, Fort Bend, Galveston, Goliad, Gonzales, Hardin, Harris, Jackson, Jasper, Jefferson, Karnes, Kleberg, Lavaca, Lee, Liberty, Matagorda, Montgomery, Newton, Nueces, Orange, Polk, Refugio, Sabine, San Jacinto, San Patricio, Tyler, Victoria, Walker, Waller, and Wharton.

Funds are delivered via direct deposit or paper check payable to the eligible applicant. Critical needs funding may take longer than usual due to the magnitude of this disaster. Once made, an eligibility determination is final.

Tuesday, 19 September 2017 18:51

FEMA Fact Sheet: Critical Needs Assistance

WASHINGTON—To support the ongoing disaster recovery, the Federal Emergency Management Agency’s (FEMA) National Flood Insurance Program (NFIP) is enhancing the flood insurance claims process, and extending the grace period for paying policy renewal premiums for insured survivors affected by Hurricane Irma.

Due to the wide-spread catastrophic damage caused by Hurricane Irma, FEMA implemented temporary changes to rush recovery money into the hands of NFIP policyholders, for repair and replacement of flood-damaged properties. FEMA also wants to ensure continuous flood insurance coverage for current NFIP policyholders affected by this storm, even if the renewed policy premium cannot be paid at this time. FEMA is directing all NFIP private insurance partners to:

  • Provide advance payments on flood claims, even before visits by an adjuster;
  • Increase the advance payment allowable for policyholders who provide photographs or video depicting flood  damage and expenses, or a contractor’s itemized estimate;
  • Waive use of the initial Proof of Loss (POL) form; and
  • Extend the grace period for payment of NFIP flood insurance policy renewal premiums to 120 days. This waiver applies to all NFIP policies, whether issued by the NFIP Servicing Agent or a Write Your Own Company, written for properties in areas in the U.S. Virgin Islands, Puerto Rico, and counties in Florida that have received a Major Disaster Declaration for Individual Assistance (IA) under the Stafford Act.

Advance Payments 

The NFIP is making it easier for policyholders to receive an advance payment for their flood claim to help them begin the process of recovery as quickly as possible. After filing a flood insurance claim, the policyholder can discuss advance payment with the insurer:

  • When a policyholder contacts his/her insurer and verifies his/her identity, he/she can receive an advance payment for up to $5,000 on a flood claim without an adjuster visit or additional documentation.  When the advance payment is issued, a letter is sent to the policyholder which explains that by accepting this payment the policyholder is certifying the damage.
  • Up to $20,000 may be advanced to a policyholder who provides photos and/or videos depicting damage, and receipts validating out-of-pocket expenses related to flood loss or a contractor’s itemized estimate. Policyholders with significant damage who have a contractor’s itemized estimate may be eligible for a larger advance payment and should discuss this with the adjuster.

Advance payments are deducted from a policyholder’s final claim settlement amount. Advance payments may only be used according to the terms of the policy. For example, if a policyholder has a building/structure flood insurance policy, the advance payment must be used to repair or rebuild the structure. Or if a policyholder has contents coverage, the advance payment must be used to repair or replace contents that were within the structure. Advance payments may not be used for temporary housing and living expenses.

If a policyholder’s property is mortgaged, the lender will also be named on the advance payment issued for a building/structure flood insurance policy. In this case, the policyholder and lender will both be required to sign the advance payment check. 

Proof of Loss Waiver

To expedite processing of NFIP claims for Hurricane Irma, the NFIP is waiving the requirement for a policyholder to submit an initial Proof of Loss (POL) document. Here’s how the expedited process will work:

  • After a policyholder files a claim, a time is set up for the adjuster to inspect the flood damaged property. The adjuster will document the damage and submit a report to the policyholder’s insurance company.
  • If additional damage is discovered or a policyholder does not agree with the payment amount, a policyholder can seek additional payment if the policy’s coverage limits have not been met. A POL will be required to seek a supplemental payment on the claim. If payment is issued based upon the adjuster’s initial report and an additional proof of loss is not submitted by the policyholder, the insurer will close the file.

If a policyholder decides to request an additional payment, which must be done by completing a POL, the policyholder will have one year from the date of filing the initial claim to submit the request to the insurance company. FEMA has informed all of its NFIP insurance partners about this process and how it will work.  NFIP policyholders are encouraged to work closely with an adjuster on this expedited process.

Grace Period Extension for Policy Renewals

To ensure that policyholders affected by Hurricane Irma can focus on recovery and continue to have flood insurance coverage, FEMA is extending the current 30-day grace period of continual flood insurance coverage to 120 days, for policies in Florida, Puerto Rico, and the U.S. Virgin Islands, that were set for renewal during the immediate response to Hurricane Irma.

Policies with an expiration date of August 7, 2017, through October 6, 2017, are eligible for the grace period extension.  Payment for those policies must be received within 120 days of the policy expiration.

The NFIP cannot pay a claim for a flood loss that occurs after a policy expiration date unless the policyholder’s insurance company receives the payment in full for renewal on or before the last day of the grace period. 

The grace period extension applies to NFIP policies covering properties in Puerto RicoU.S. Virgin Islands, and Florida counties designated under the Presidential Disaster Declaration. NFIP policyholders are encouraged to contact their insurance company and report a flood claim as soon as possible.  For any policy with a renewal date on or after October 7, 2017, the normal 30-day grace period will apply.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

While natural disasters have the unique ability to unify people, it is important to stay cognizant of scams and fraud that follow.

PropertyCasualty360 addressed potential scams in this article, noting that hurricane relief fraudsters are some of the first to appear after a storm. One way to avoid scams is to donate strictly to well-known reputable organizations such as the Red Cross or Direct Relief.  The Insurance Industry Charitable Foundation has a Hurricane Harvey disaster relief fund as well.

Affected homeowners should be wary of who they let into their home for repairs. Regulators in Florida are warning consumers not to sign Assignment of Benefits (AOB) forms to get repair work started.

...

http://www.iii.org/insuranceindustryblog/?p=5442

Thursday, 21 September 2017 18:45

DISASTER RELIEF: PREPARING FOR FRAUDSTERS

It’s easy to assume that data loss will never happen to your business. 

You’re not on the Fortune 500, so who’d want your data? And you’re not in the path of major natural disasters, so what’s the big deal? 

As far as you’re concerned, nothing is getting between you and your data — because why would it? 

Unfortunately, though, hackers and Mother Nature aren’t the only threats to your data. In fact, those are — by far — the least of your worries, and here are just a few of the reasons why.

 ...

https://continuitycenters.com/top-5-leading-causes-data-loss/

Sunday, 17 September 2017 18:44

The top 5 leading causes of data loss

The issue of causation, especially when there may be multiple causes of loss, can be a tricky one for both insureds and insurers. It comes down to what caused the loss – and in what order.

Take the example of a major catastrophe, like a hurricane, where there may be property claims arising from both wind and water. Determining the cause of loss is key to determining whether there is coverage under the terms of an insurance policy because there are two policies in play, one for wind damage and one for flood damage.

Some jurisdictions subscribe to the “efficient proximate cause doctrine” while others subscribe to the “concurrent causation doctrine”.

What’s that?

...

http://www.iii.org/insuranceindustryblog/?p=5438

Wednesday, 20 September 2017 18:43

CONCURRENT CAUSATION AND HURRICANE IRMA CLAIMS

Given modern technology demands, any form of downtime now presents problems for ongoing revenue generation. This places additional pressure on business leaders and IT departments in proving their IT disaster recovery (DR) plan’s effectiveness. In many industries, sensitive information has become increasingly regulated due to the importance in maintaining constant availability. For this reason, securing proper documentation to verify recoverability a priority.

Trouble is, not every DR solution is equal. In some scenarios, IT teams and third-party providers will take shortcuts in IT resiliency, which does nothing to truly protect technology operations. For this reason, Disaster Recovery-as-a-Service (DRaaS) has emerged as a viable option for reliable business continuity.

...

https://www.bluelock.com/blog/proving-disaster-recovery-constituents/

Sunday, 17 September 2017 18:41

Proving IT Disaster Recovery to Constituents

As a business continuity manager, you are likely to be involved in getting your colleagues to take business continuity seriously and ensure that their own departments will continue to function even in adverse conditions.

Those names in a list might make a group of people to work with, but that doesn’t necessarily mean collaboration is part of the package.

If collaboration is missing, then so the “act of working together to produce or create something” will be missing too.

Which could all too easily mean one department “ticking the box” for business continuity for itself, yet neglecting to plan to give vital support to others.

...

http://www.opscentre.com/3-ways-build-collaboration-business-continuity-management/

You may have noticed that it isn’t 2009 anymore, and the factors that define different cloud providers are more difficult to spot than they used to be.

All offer basic computing, networking and storage options.

They all also have derivative services like load balancers, databases, and queuing that allow them to sell more computing, networking and storage at a premium – and common application components you no longer have to manage.

All even have next-wave functionality built around IoT, voice-to-text (and back), AI and serverless computing.

With all that common core technology, how do you differentiate among them?

...

http://mspmentor.net/cloud-services/factors-define-different-cloud-providers

Monday, 18 September 2017 18:38

Factors That Define Different Cloud Providers

t seems clear that business architecture, as a discipline, is rapidly growing worldwide. Cutter Consortium’s business architecture experts William Ulrich and Whynde Kuehn are seeing the sophistication of how people are using business architecture expanding. They’re witnessing an escalation in both the depth and quality of how people are using business architecture and a shift in focus from how to just build a business architecture practice to how to strategically leverage business architecture to transform the business and launch it forward. Organizations are realizing that business architecture is a critical for translating strategy into execution for large scopes. Business architecture is the bridge between business direction and a coordinated set of downstream actions for business and IT required to make it real.

...

http://blog.cutter.com/2017/09/13/business-architecture-is-to-stay-heres-one-example-why/

Our Communications department has received questions from Canadian news outlets on behalf of Canadian citizens who own homes in areas affected by either Hurricane Harvey or Irma. Here are some of their questions and the answers we found.  Of course, the answers below also apply to other non-citizens who own property in the U.S.

Q: Can Canadians qualify for a Federal Emergency Management Agency (FEMA) grant?

A:  It depends. To be eligible for assistance from FEMA, at least one person in the household must be a U.S. citizen, Qualified Alien or noncitizen national with a U.S. Social Security number.

 ...

http://www.iii.org/insuranceindustryblog/?p=5434

Wednesday, 20 September 2017 18:34

INSURANCE AND DISASTER AID FOR NON-U.S. CITIZENS

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:

...

https://www.alertmedia.com/5-signs-you-need-a-mass-notification-system

Sunday, 17 September 2017 18:32

5 SIGNS YOU NEED A MASS NOTIFICATION SYSTEM

The prevailing wisdom is that if you back up your data you can recover from a ransomware attack. While this premise generally holds true, simply backing up your data no longer provides an absolute guarantee that you can recover from a ransomware attack. Here are three techniques that ransomware may use to circumvent existing backups and make your “good” backups bad.

Ransomware hackers attack corporate data by infiltrating and/or bypassing corporate firewalls with viruses that encrypt corporate data. Once encrypted, they then charge a fee for the key or keys to decrypt it. Fail to pay and corporate data may become unrecoverable.

To recover from ransomware attacks, organizations have one of two choices. Pay the fee (or ransom) or take steps to recover from an existing backup. In circumstances where an organization does not have a reliable backup and needs to recover, it has little choice but to pay the ransom and hope that the key supplied by the attacker enables them to recover. The best case scenario is that the organization has a good backup and can recover without having to pay any ransom.

...

https://www.dcig.com/2017/09/ransomware-possesses-three-techniques-turn-good-backups-bad.html

In recent months and years, many have come to question VMware’s commitment to public clouds and containers used by enterprise data centers (EDCs). No one disputes that VMware has a solid footprint in EDCs and that it is in no immediate danger of being displaced. However, many have wondered how or if it will engage with public cloud providers such as Amazon as well as how it would address threats posed by Docker.

Public cloud offerings such as are available from Amazon and container technologies such as what Docker offers have captured the fancy of enterprise organizations and for good reasons. Public clouds provide an ideal means for organizations of all size to practically create hybrid private-public clouds for disaster recovery and failover. Similarly, container technologies expedite and simplify application testing and development as well as provide organizations new options to deploy applications into production with even fewer resources and overhead than what virtual machines require.

However, the rapid adoption and growth of these two technologies in the last few years among enterprises had left VMware somewhat on the outside looking in. While VMware had its own public cloud offering, vCloud Air, it did not compete very well with the likes of Amazon Web Services (AWS) and Microsoft Azure as vCloud Air was primarily a virtualization platform. This feature gap probably led to VMware’s decision to create a strategic alliance with Amazon in October 2016 to run its vSphere-based cloud services on AWS and its subsequent decision in May 2017 to divest itself of vCloud Air altogether and sell it to OVH.

...

https://www.dcig.com/2017/09/vmware-shows-new-love-public-clouds-containers.html

With the two recent hurricanes that have devastated the Gulf states area, especially Texas and Florida, at MHA we add our thoughts and prayers to those who are displaced and experiencing loss as a result.

When water, wind, and rain become overwhelming, it illustrates exactly how fragile the works of man – including businesses – truly are. Many businesses impacted by natural disasters are small and only carry minimum – or not enough – insurance to cover property damage and business interruption. Due to this and many other factors, small businesses have a challenging time recovering from natural disasters such as hurricanes.

Because of the long-lasting and sometimes terminal effect major natural disasters like hurricanes can have on businesses, this guide is intended to assist small business owners in planning and preparing for the recovery phase of natural disasters, and for use if their business is damaged during an event. By breaking the process down into simple steps, we hope we can relieve some of the stress and uncertainty. It is important that these steps and preparations be in place before the event occurs or is bearing down.

...

https://www.mha-it.com/2017/09/natural-disaster-relief/

As Texans begin to recover from Hurricane Harvey and Floridians survey the destruction from Irma, the question looms: How do major urban centers and small communities rebuild after a catastrophic natural disaster?

To recover from a such a disaster requires a massive coordinated effort. Federal, state and local governments must lead. Philanthropy, nonprofits and the private sector will be key partners. Residents will voice their views, through community planning meetings and other venues, on how best to spend disaster-recovery dollars. With so many stakeholders and rebuilding needs, the process of restoring neighborhoods and economic activity will become emotionally and politically charged. As Brock Long, administrator of the Federal Emergency Management Agency, has already warned in Texas: "This is going to be a frustrating and painful process."

For public officials to effectively steer a recovery process and for citizens to trust in the effort, reliable, transparent information will be essential. Leaders and the public need a shared understanding of the scale and extent of the damage and which households, businesses and neighborhoods have been affected. This is not a one-time effort. Data must be collected and issued regularly over months and years to match the duration of the rebuilding effort.

...

http://www.govtech.com/data/How-Reliable-Transparent-Data-Serves-as-Essential-Tool-in-Disaster-Recovery.html

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:

...

https://www.alertmedia.com/5-signs-you-need-a-mass-notification-system

Wednesday, 13 September 2017 14:59

5 Signs You Need a Mass Notification System

An Effective Business Continuity Program can Enhance Your Emergency Management Capabilities and Drive Higher Levels of Preparedness Across the Organization

Many organizations that we encounter have an obligation to support the community in time of crisis, including hospitals and utilities, for example. These organizations place a heavy emphasis on emergency management, and in recent years, we’ve seen increased implementation of the standardized Incident Command System (ICS) framework, or in the case of hospitals, the Hospital Incident Command System (HICS). There are many benefits to adopting ICS or HICS, but, most importantly, it allows organizations (both government and non-government) to operate and collaborate more effectively during emergencies. Common terms, roles, and responsibilities remove barriers to cooperation, ultimately benefiting the community.

When a community is impacted by a natural or manmade crisis, we are all better off thanks to ICS and HICS. However, many organizations are discovering that these systems may fall short when it comes to an incident that does not directly impact the communities in which they operate. While placing a heavy focus on emergency management is great (and many organizations are already mature in this space), it may not prepare an organization for unplanned resource interruptions, such as IT downtime or an unexpected facility closure. So how can an organization ensure the performance of social or community responsibilities, while protecting its own operations in the event of a more isolated disruption? Enter business continuity.

...

http://perspectives.avalution.com/2017/breaking-down-silos-evolving-an-incident-command-system-to-include-business-continuity/

After you apply for disaster assistance from the Federal Emergency Management Agency (FEMA), you may be contacted by the U.S. Small Business Administration (SBA). If you are asked to submit an application for a low-interest SBA disaster loan, don’t hesitate.

If SBA determines you are eligible for a loan, you don’t have to accept it. If you don’t qualify for a loan, SBA will refer you back to FEMA and you could be considered for other FEMA grants for Other Needs Assistance, which covers items like disaster-related car repairs, clothing, household items and other expenses. You can’t be considered for these grants unless you complete and return the SBA loan application.

Some types of Other Needs Assistance do not depend on completing the SBA application. These include, medical, dental and funeral expenses. So it’s not necessary to submit the application for those kinds of grants.

In planning your recovery, give yourself the widest possible set of options. Submitting the application makes it possible for you to be considered for additional grants, and if you qualify for a loan you will have that resource available if you choose to use it.

Applicants may apply online using SBA’s secure website at https://disasterloan.sba.gov/ela. Applicants may receive additional disaster assistance information by visiting www.sba.gov/harvey. Applicants may also call SBA’s Customer Service Center at 800-659-2955 or email This email address is being protected from spambots. You need JavaScript enabled to view it. for more information on SBA disaster assistance. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339.

Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence. Homeowners and renters may borrow up to $40,000 to repair or replace personal property. Businesses may borrow up to $2 million for any combination of property damage or economic injury. The filing deadline to return applications for property damage is Oct. 24, 2017. The deadline to return economic injury applications is May 25, 2018.

"ROTTERDAM, HOLLAND - SEPTEMBER 5, 2010: Demonstration of handling of car crash victim by medics at the annual World Harbor Days in Rotterdam, Holland on September 5"

New York City completed a functional exercise to help the city’s hospital system prepare for emergency medical personnel to treat and transport children, like this young girl, after a catastrophic event.

Setting the Stage

Imagine this: Explosions across New York City target elementary schools. Hundreds of severely injured and traumatized children, teachers, and parents flood hospital emergency departments in the five boroughs. Municipal emergency medical services (EMS) are rushing to respond.

Fortunately this scenario wasn’t really happening – it was part of an exercise conducted on May 25, 2017. The exercise was designed to test the ability of the New York City (NYC) Healthcare System to respond to a massive surge of pediatric trauma patients, exceeding the usual resources of this large and complex healthcare system.

Identifying the Players

As a CDC Career Epidemiology Field Officer assigned to NYC, I worked with the experts in the Pediatric Disaster Coalition and the Fire Department of New York (FDNY). We designed an exercise that reflected the number of injured children who would need to go to the hospital and the type of injuries they might experience if a similar event really happened.

NYC has 62 acute care hospitals that participate in the 911 system. Of these, 16 are level 1 trauma centers designated by the NYC Department of Health  (this includes three pediatric level 1 trauma centers and 4 burn centers). A total of 28 hospitals care for pediatric patients and have, during the past seven years with the assistance of the NYC Pediatric Disaster Coalition, developed pediatric-specific components of their overall disaster plans to prepare them to receive pediatric patients from an incident like the one invented for this exercise. All 28 hospitals participated in the exercise.

Coordinating Resources

Hospitals who participated in the exercise were challenged to rapidly respond to more than 60 simulated patients with a range of injuries and conditions:

  • a 7-year-old boy unresponsive after a traumatic injury to his head

  • A toddler with burns to the face, chest, and abdomen

  • A 12-year-old distraught after witnessing another child lose arms in an explosion

Hospitals had to assess the resources that were available to care for the patients, including

  • What nursing and specialty staff could be made immediately available?

  • What medications and equipment, including imaging equipment and burn supplies, were needed to care for the children?

  • What communications and incident command processes would each hospital use to mobilize staff and other resources in the situation described in the exercise?

  • Which patients needed to be transferred to specialty hospitals to receive care for their injuries?

Coordination between FDNY and hospitals was critical to the success of this exercise – it supported interfacility transfers for patients who required specialty care or to better match hospital resources with patient needs. During the exercise, I met with FDNY leadership from EMS and Office of Medical Affairs physicians, and leaders from NYC Emergency Management and the Health Department at the Fire Department’s Operations Center. There, we tested the communications between hospitals, FDNY, and a volunteer pediatric intensive care physician who was trained to assist FDNY’s Office of Medical Affairs to prioritize patients for urgent interfacility transfers.

Measuring Success

Hospital Incident Command leadership discusses the availability of resources to make more pediatric beds available.

Hospital Incident Command leadership discusses the availability of resources to make more pediatric beds available.

This exercise revealed that 28 NYC hospitals were able to rapidly and dramatically increase their pediatric critical care capacity. It was the largest exercise NYC has done that was focused primarily on caring for injured children. During the exercise, these hospitals:

  • More than doubled the number of beds in pediatric intensive care units (PICUs) and added 1,105 pediatric inpatient beds, so children could stay in the hospital for an extended period of time

  • Opened 203 operating rooms that could treat children who needed surgery

During the exercise, we also identified some challenges, including

  • More than half of the hospitals did not have enough supplies that could be used to treat critically injured children

  • A limited number of pediatric specialists, including doctors who could perform brain surgery on children as well as ear, nose, and throat specialists

  • Hospital resources (beds, supplies, and staff) would have been further strained if the disaster scenario had also included large numbers of adults

We were able to identify ways to improve each hospital’s process and further develop our citywide plans to respond to any emergency that strains our healthcare system. As a pediatrician and a parent of two young New Yorkers, I’m grateful that so many dedicated people are working together to make sure that city and hospital plans account for the unique needs of children in disasters.

The NYC Department of Health and Mental Hygiene receives federal funds used to support state and local public health and healthcare system preparedness through the aligned Hospital Preparedness Program (HPP) – Public Health Emergency Preparedness (PHEP) cooperative agreement. NYC used HPP funds to fund the NYC Pediatric Disaster Coalition to design and conduct the exercise, and coordinate participation of hospitals in the exercise.

Read our other National Preparedness Month blogs:

Tuesday, 12 September 2017 17:52

CDC: Preparing for the Worst-case Scenario

With floodwaters at four feet and rising, a family in Houston, Texas abandoned their possessions and scrambled to their roof during Hurricane Harvey to sit with their pets and await rescue. Unable to reach first responders through 911 and with no one visible nearby, they used their cellphones to send out a call for help through a social media application called Nextdoor.

Within an hour a neighbor arrived in an empty canoe large enough to carry the family and their pets to safety. Thanks to a collaboration with Nextdoor, we learned of this and hundreds of similar rescues across Harvey’s path.

This story illustrates the power of systems like Nextdoor, an app designed to make communication between neighbors easy. Survivors in Houston have been using social media platforms such as Facebook, Nextdoor and Twitter to connect to rescuers, organize food and medical supplies, and find places for people to stay.

These stories support our findings showing that social ties can save lives during disasters. They demonstrate why social media platforms should have pride of place among our preparations for and initial assessments of disaster damage.

...

http://www.govtech.com/social/Why-Social-Media-Apps-Should-Be-In-Your-Disaster-Kit.html

It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.

While BC is crucially important anyway, it makes it easier to “sell” to sceptics if you can show that it puts more into the business than it takes out.

Yet our attention was caught by some recent figures on the impact of business continuity management on data breaches, and at the same time the effect as organisations move from traditional to next generation IT security.

Which one does more to help organisations get back to normal afterwards?

...

http://www.opscentre.com/business-continuity-management-relevant-data-breaches/

(TNS) — WASHINGTON — The devastating paths of hurricanes Irma and Harvey have stretched the Federal Emergency Management Agency to a point unlike any in recent memory as the country looks to recover from the damage caused by record-breaking winds and flooding across Florida, Southeast Texas and South Carolina, not to mention wildfires in the West.

The two storms have illustrated how the disaster agency — unable to be everywhere at once — has been forced to become more nimble. It has evolved from a command-and-control operation into coordinator that oversees and encourages help from outside groups, such as the private sector and nonprofits, and regular citizens in Houston who were called on to break out their canoes to help stranded neighbors when traditional search and rescue teams couldn't reach them.

"You didn't use to see that 10 to 15 years ago," said Katie Fox, acting deputy administrator at FEMA. "Government folks have recognized that there is a huge amount of capability out there in the population. Engaging those folks is a huge help. It often used to be seen as a hindrance that you'd have to manage."

...

http://www.govtech.com/em/disaster/Record-Breaking-Hurricanes-Stretch-and-Strain-FEMA.html

Fitness trackers that measure your heart rate, map applications that know where you are – and calculate the best route to where you’re going, sensors that monitor diagnostics on jet engines 30,000 feet in the sky; ride-hailing apps that send a vehicle to you when summoned.

Many of us are familiar with the above services, why they’re useful and can probably even name the companies that have made them famous.

The dawn of the smartphone and the proliferation of quick LTE wireless networks paved the way for mobile applications over the last several years that are ready and able to serve right from one’s pocket.

As the “old” saying goes, there’s an app for that.

...

http://mspmentor.net/networking/are-service-providers-ready-mega-services

Tuesday, 12 September 2017 17:47

Are Service Providers Ready for Mega Services?

Online reviews are no longer simply something that trendy millennials look at before going out on the town.

Online reviews are everywhere – from Angie’s List to Yelp and beyond.

They have literally transformed how individuals and organizations evaluate goods and services providers – your MSP business, included.

Recently, I received an email from one of our clients.

...

http://mspmentor.net/best-practices/how-combat-negative-reviews-and-profit-positive-ones

Today marks the 16-year anniversary of 9/11, and as we remember those who perished and honor first responders on that day, it’s worth noting that we have not had a large-scale terrorist attack on U.S. soil since then.

From a recent discussion by property underwriters Gedion Amesias and Jeri Xu at the Swiss Re Open Minds blog:

“Since 9/11, the U.S. government and four of its allies (Five Eyes alliance) have been spending tens of billions of dollars each year on counter-terrorism. Even though it’s hard to accurately estimate, there are experts that approximate the U.S. spends around $100 billion a year on counter-terrorism efforts. Successful attacks since 9/11 have been carried out by either a lone wolf or a duo, for example the 2016 cargo truck attack in Nice by one driver, and 2013 Boston Marathon bombing by a pair of brothers. Plots that involve more people are more likely to be discovered through the surveillance of their communications, so organized large-scale plots are less likely to occur.”

...

http://www.iii.org/insuranceindustryblog/?p=5430

Global freight transport is a key component in the trade of goods and materials, but new demands on the transport network are creating fresh challenges for data. Transport companies are endeavouring to meet those new demands, but are they successful? Discover how an adaptive, intelligent supply chain – built around standards – accelerates innovation and drives change.

Imagine an advanced interconnected freight transport network that connects goods safely, quickly and cost-efficiently, a network that makes different modes of transport easier to use than ever before, and provides reliable, predictable and accessible information to enable moving a product from A to B to reach its final destination.

In today’s congested world, most would agree that the e-logistics related to movement of goods is a growing field, and one that will not plateau. Companies are seeking faster and better ways to get product to market and on consumer’s shelves or in their driveways. At the same time, many would agree that demand frequently outstrips the available capacity of transport infrastructure. There can be few companies that have not experienced sporadic load disparities, slow freight movement, or high transport expenses.

...

https://www.iso.org/news/ref2214.html

With Texas still dealing with the remnants of one major hurricane and Florida about to contend with another, Thursday’s Wall Street Journal called considerable attention to hurricane deductibles:

These deductibles were widely put in place after Hurricane Katrina in 2005 and have been standard in many states for years. But they have rarely been triggered on a large scale because few hurricanes have landed in the U.S. over the past decade.

The Journal article called them “little known provisions that allow insurers to shift thousands of dollars of damage costs” onto homeowners. Most industry experts would quickly point out that this reduces premiums – by hundreds of dollars a year in hurricane-prone states like Florida.

...

http://www.iii.org/insuranceindustryblog/?p=5418

Monday, 11 September 2017 15:57

Understanding Hurricane Deductibles

Sounds obvious? When you’re knee deep in metrics, reports, and audits, it’s not always easy to remember that without people doing their jobs, nearly every organisation will rapidly cease to function.

Does that mean you need to be socially extroverted, a psychologist, and an HR expert all wrapped into one?

No, of course not. On the other hand, a passing knowledge of some key concepts about working with people may come in handy, if you want to encourage them to build business continuity into their professional activities.

...

http://www.opscentre.com/people-important-business-continuity/

(TNS) - If Hurricane Irma hits Florida as severely as forecast, aid for victims will be as urgently needed as it has been in the weeks since Hurricane Harvey.

About 70 Red Cross workers from central Ohio are stationed in Texas and Louisiana, where they are helping to run shelters, serve meals and deliver other aid to Hurricane Harvey victims. Three local workers were dispatched this week to Florida, Georgia and North Carolina in preparation for Irma, with three more set to travel to the region on Friday.

"And we expect more to be leaving in the coming days," said Jordan Tetting, spokeswoman for the Red Cross Ohio Buckeye Region. "We'll be ready to shelter 120,000 as they evacuate and we will ride out the landfall of the storm and respond from there."

...

http://www.govtech.com/em/disaster/As-Florida-and-Other-Coastal-States-Brace-for-Hurricane-Irma-Heres-How-You-Can-Help.html

(TNS) - As Irma's path continues to shift eastward, its similarities to Hurricane Hugo mount.

The latest model from the National Hurricane Center shows Irma crossing over Florida — and making landfall somewhere between the central Florida coast and South Carolina.

If that scenario holds, Irma (metaphorically speaking) could hop on Interstate 85 North and tear through Charlotte and Greensboro.

Two words: Not. Good.

...

http://www.govtech.com/em/disaster/Irma-Could-Follow-in-Hugos-Deadly-Destructive-Footsteps.html

Phil Klotzbach, lead author of the Colorado State University (CSU) hurricane forecasting team, and I.I.I. non-resident scholar delivers this perspective.

After a relatively mild start, the 2017 Atlantic hurricane season has become drastically more active over the past couple of weeks. Hurricane Harvey made landfall in Texas as a Category 4 hurricane, bringing devastating rains to the Houston metropolitan area, causing at least 70 fatalities and economic losses estimated as high as $108 billion.  Following hot on its heels, Hurricane Irma developed off of Cabo Verde and has intensified into a devastating Category 5 hurricane.  Irma has wreaked death and devastation across the northern Leeward Islands, and after brushing the northern coast of by Puerto Rico, the cyclone is tracking across the Turks and Caicos, the Bahamas, and appears headed toward Florida and the southeast United States.  While landfall of a major (Category 3+ on the Saffir-Simpson Wind Scale – maximum sustained winds of 111 mph or greater) hurricane in the United States seems likely at this point, it is important to realize that other years in the recent past brought major storms in rapid succession.

...

http://www.iii.org/insuranceindustryblog/?p=5393

The Business Continuity Institute

 

In the news, we see posts about terrorism, unstable financial markets and pandemics, however of late, natural disasters appear to be taking centre stage.

Just two weeks ago, on the 25th August, we saw the disruption caused by Hurricane Harvey in Texas. Yesterday, images of the ongoing devastation of Hurricane Irma across the Caribbean begun to emerge, and today, an earthquake off the Pacific coast of Mexico takes more lives and threatens further disruption.

For individuals, natural disasters can be catastrophic; homes are damaged, at times beyond salvage and as we see during many large-scale disasters, lives are lost.

For businesses, natural disasters are equally catastrophic and damaging. Their staff may suffer physically and mentally and it’s likely that their critical infrastructure will be damaged as well as supply chains becoming disrupted for extended periods of time. 

There are many things these organizations can do to reduce the ongoing damage relating to this type of disruption. Preparation and collaboration are key. Preparing for a natural disaster isn’t a science. There’s no right or wrong way to ensure your business can continue but by ensuring you have considered the importance of your infrastructure, people welfare of all staff, and how your supply chain will be affected, you can aim to continue business within a reasonable period of time. 

When planning, by looking at collaboration opportunities, local businesses can work with others from further afield to obtain urgent supplies. They can work closely with the community to not only continue their business but to begin repairing the affected area. These local businesses can repair homes and buildings, they can provide transport for critical supplies and help to repair critical services when they’re disrupted. 

Whilst continuing business during a disaster may seem like a low priority for communities, the reality is that the quicker businesses can start supplying products and services to the community, the quicker the area can begin to recover as a whole. Whilst planning and collaboration can’t stop a disaster from happening, business continuity professionals use it as a tried and tested method to ensure their communities are restored as quickly as possible.

Download the attached files

PDF documents 

Riverbed SteelCentral and SteelHead identifies and solves application issues and provides quick access and improved uptime for critical applications

 

SAN FRANCISCO – Riverbed Technology today announced that Rockwell Collins Interior Systems, a leader in aviation cabin design and manufacturing, is using Riverbed® SteelCentral™ and Riverbed®SteelHead™ to ensure quick access to centralized applications and to improve uptime for critical applications. According to the company, SteelHead cut the time to access applications by half while simultaneously reducing bandwidth requirements by 60% and SteelCentral delivers the intelligent analytics needed to identify and resolve application issues quickly, allowing aviation specialists to spend more time developing safer, more comfortable airplanes.

“We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

Tweet This: Riverbed helps @RockwellCollins deliver safe and comfortable aircraft interiors to travelers worldwide: http://rvbd.ly/2vuVmT7

The Interior Systems division of Rockwell Collins, operating in 50 locations worldwide, is a leader in the design and manufacture of aviation interior cabin components such as oxygen systems, comfortable seating, cabin lighting, galley systems (including food and beverage preparation), advanced lavatories, and more.

The division houses all of its major applications in a co-lo data center in the U.S. delivering them across an MPLS network to remote sites. Major applications include Oracle, three ERP systems, and two Siemens PLM Software solutions: Teamcenter and NX design. The division also relies heavily on a number of proprietary .NET applications.

After centralization, access to the data was slow across the board, especially for locations that were furthest away or with limited bandwidth. “Everything took a lot longer to respond. Engineers would click on a drawing and then wait for it to download,” explained Chris Elder, senior manager of enterprise networks and data center operations for Rockwell Collins Interior Systems. “We can’t have engineers sitting around half the day waiting for things to happen on the network.”

Customer Storyhttps://www.riverbed.com/customer-stories/rockwell-collins-interior-systems.html

With productivity taking a hit, the division decided to deploy Riverbed SteelHead WAN optimization appliances throughout most of the organization, immediately boosting application performance while simultaneously reducing WAN bandwidth requirements by 60%. Elder also decided to improve visibility into the network to more quickly identify and resolve issues. He chose Riverbed SteelCentral AppResponse, a network-based application performance management solution that is integrated with the SteelHead appliances. “I’m a big fan of Riverbed,” Elder said. “We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

The division also needed to address nagging application performance issues. “We are primarily a .NET shop,” explained Derek Turner, Senior .NET and SharePoint developer for Rockwell Collins Interior Systems. “We have 12 custom high-availability, internal and external facing .NET applications, and nine times out of 10, when I’m troubleshooting, it’s a .NET issue.”

Turner chose Riverbed SteelCentral AppInternals, which captures and analyzes all user transactions, end to end, from the user device to the back-end while capturing system metrics every second. This complete application visibility allows IT to reconstruct incidents in the detail needed to quickly diagnose problems. Powerful analytics helps pinpoint issues down to code level allowing for faster problem solving. “Now if I get a report that something is timing out, which generally means it’s taking longer than 90 seconds to respond, with the information available to me with this tool, I can isolate the offending component in minutes,” Turner said. “This is the power of SteelCentral AppInternals.”

Gone are the days when Turner faced an unknown amount of time to first recreate a problem, then identify the root cause, and finally fix the code. “I can't explain how good AppInternals really is,” he added. “There’s nothing that I can't see or explain [with it]. Having a tool like this is life changing. Our development response time to deliver a solution to the business unit has been vastly improved.”

Riverbed Delivers Solutions for Cloud and Digital World

Riverbed is delivering solutions to help companies transition from legacy hardware to a new software-defined and cloud-centric approach to networking, and improve end user experience, allowing enterprises’ digital transformation initiatives to reach their full potential. Riverbed’s integrated platform delivers the agility, visibility, and performance businesses need to be successful in a cloud and digital world. By leveraging Riverbed’s platform, organizations can deliver apps, data, and services from any public, private, or hybrid cloud across any network to any end-point.

Riverbed SteelHead™ is the industry’s #1 optimization solution for accelerated delivery and peak performance of applications across the software-defined WAN. Riverbed SteelCentral™ product family is a performance management and control suite that combines user experience, application, and network performance management to provide the visibility needed to diagnose and cure issues before end users notice a problem, call the help desk, or jump to another web site out of frustration.

Connect with Riverbed

About Riverbed

Riverbed enables organizations to modernize their networks and applications with industry-leading SD-WAN, application acceleration, and visibility solutions. Riverbed’s platform allows enterprises to transform application and cloud performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility. At more than $1 billion in annual revenue, Riverbed’s 28,000+ customers include 97% of the Fortune 100 and 98% of the Forbes Global 100. Learn more at www.riverbed.com

Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology, Inc. All other trademarks used herein belong to their respective owners.

Interstate Restoration directing resources to victims of Harvey, Irma

FT. WORTH, Texas – One of the nation’s leading disaster-recovery companies has positioned its resources in anticipation of restoration demands in both Texas and Florida.

Offering assurance to businesses already affected by or preparing to be affected by dual, massive hurricanes, Chief Executive Officer Stacy Mazur of Interstate Restoration said his company is ready to handle the unusual confluence of events.

Interstate Restoration already has 125 employees in the area devastated by Hurricane Harvey, along with 35 trucks and tractor trailers, plus about 1,500 subcontractors. Now Interstate is expanding its Florida resources, using its Boynton Beach office as a base, to help businesses get back in operation following any flooding or wind damage caused by Hurricane Irma. Interstate also has an equipment repository in Orlando, from which the company will launch operations.

“We believe we’re better positioned than anybody in the industry to fight this hurricane battle on two fronts,” said Mazur.

One of the largest concentrations of Interstate clients is in Florida, and the company recently merged with a Boynton Beach-based restoration company to increase Interstate’s capacity.

“We’re taking this (two-front challenge) seriously, with proper preparation and responsiveness,” he said.

Initially, Interstate will have more than 50 people in Florida, with more than 20 trucks and tractor trailers. Hundreds of subcontractors have already positioned themselves to join the effort.

Interstate began its preparation for Hurricane Irma last week and shared advice for clients and the general public in the path of the storm.  Mazur added a few additional items for businesses to keep in mind, with safety as a top priority:

  • Create an emergency action plan that includes instructions for both employees and customers.
  • Think about the ways you are going to communicate before the storm’s impact, during and after.
  • Download a severe-weather app onto your smartphone so you can track developments.

He added that clients in previous disaster situations have expedited recovery by posting notices on their business doors, alerting public safety officials that they should allow access to restoration companies like Interstate, and thus speeding up the recovery process.

 

About Interstate Restoration

Founded in 1998, Interstate Restoration LLC is an emergency restoration and general contractor specializing in repairing commercial property nationwide. Ft. Worth-based Interstate helps businesses recover quickly from fire, flood, and other natural and manmade disasters. This means companies and people can focus on the important stuff - like getting back to business and back to life.

Thursday, 07 September 2017 19:48

Recovering on Two Fronts:

 

Esri, the leader in spatial analytics and mapping, has created a new Hurricanes and Tropical Cyclones Story Map that identifies the potential impact of the storm through a variety maps, including:

  • Public Information Map - identifies the current and recent location of Harvey as well as forecast positions and probable track; additionally, the shaded area is called the "cone of uncertainty," the likely path of the center of Harvey.
  • Impact Summary Map - shows the storm surge by identifying locations most at risk for life-threatening inundation from storm surge; accordingly, to Esri's data, the total population at risk is 248k people, 99k households, and 10k businesses.
  • Forecast Precipitation Map – forecasts the amount of rain expected within the next 72-hour period

This map is provided by the Esri Disaster Response Program.

Thursday, 07 September 2017 19:41

Mapping the Impact of Hurricane Irma

(TNS) - As thousands of cars streamed north on Florida's roads Wednesday, carrying residents fleeing the approach of Hurricane Irma, the Category 5 storm maintained its powerful 185 mph winds on a path towards the Bahamas today and eventually, forecasters predict, a landfall Sunday afternoon on the state's southeast coast.

The latest projected track from National Hurricane Center forecasters Wednesday night had shifted east from earlier predictions on where the storm would go, based on conclusions that the system will eventually shift course from its present west-northwest trajectory and head north, along or just off Florida's east coast. However, experts underscored that the entire Florida peninsula remained within Irma's potential path, and noted that the margin of error for predictions this far out ranged from 175 to 225 miles. A shift either east or west would have dramatically different results for Florida residents, including those in Southwest Florida.

As a result, many local governments ramped up their emergency preparations, while schools set plans to close on Friday and canceled activities. Highways, gas stations and stores saw firsthand how seriously residents were taking officials' warnings. Meanwhile, mandatory evacuations began in southeast Florida.

...

http://www.govtech.com/em/disaster/Hurricane-Irmas-Path-Continues-Shift-Toward-East-Coast.html

Integrating Dangerous Goods Software into Your ERP System

Shipping hazardous materials is a complicated, time-consuming process, and today’s ever-evolving regulations make the task even more challenging. Integrating ERP and dangerous goods software systems simplifies hazmat shipping to streamline supply chain operations and maintain regulatory compliance.

Dangerous goods (DG) software should be standard for any organization that ships hazardous materials regularly. However, a recent survey shows that just having this software doesn’t automatically inspire confidence in shipping hazmat compliantly.

According to Labelmaster’s 2016 survey of DG shippers, 77 percent of participants do not consider their shipping technology to be forward-thinking, and 31 percent do not believe their companies have the right technology in place to meet emerging regulations.

In today’s rapidly changing world of regulations and complex logistics, keeping up means having the right technology and infrastructure in place. Today’s shippers should consider fully integrated DG software as a solution to help meet regulatory compliance and streamline supply chain operations.

...

http://www.corporatecomplianceinsights.com/ensuring-compliance-hazmat-regulations/

Thursday, 07 September 2017 15:43

Ensuring Compliance with Hazmat Regulations

(TNS) - Floridians hit the highways, scrambled for scarce supplies and hammered plywood over windows as a monster hurricane made landfall in the Caribbean, where it was blamed for at least four deaths.

Hurricane Irma, one of the most powerful Atlantic hurricanes, set a wild, wind-churned course toward Puerto Rico, with the U.S. mainland in its sights, probably over the weekend.

Amid an overnight assault of battering waves and 185-mph winds, two deaths were reported in French island territories, a third in Anguilla, a British territory, and a fourth in Barbuda, part of a tiny independent nation.

In Florida, Gov. Rick Scott implored constituents to obey calls to flee the storm’s path when the time came

...

http://www.govtech.com/em/disaster/Four-Deaths-Reported-as-Hurricane-Irma-Rakes-Caribbean-With-Florida-Likely-in-Crosshairs.html

Hurricane Irma begins its assault, while Texas and Louisiana begin the long road to recovery from Hurricane Harvey.

No one, of course, knows exactly what damage Irma will unleash, but it is likely to be quite different from what Harvey wrought. That’s because no two storms are alike.

Business Insider touches on the differences:

...

http://www.iii.org/insuranceindustryblog/?p=5383

Thursday, 07 September 2017 15:39

Harvey vs. Irma: Every Hurricane is Different

Fall has arrived, and Strategic BCP is once again a proud sponsor of Disaster Recovery Journal (DRJ) Fall World 2017, which will be held at the JW Marriott Desert Ridge Resort in Phoenix, Arizona on September 17-21.

At the conference, we will be hosting a “BCM Power Hour” on Mon. Sept. 18 and Tue. Sept. 19, Noon-1:00 PM PST, where lunch will served. This will feature the latest in business continuity management (BCM) automation in our ResilienceONE continuity risk management software — a 4x leader in Gartner’s Magic Quadrant and #1 in Customer Satisfaction. BC planners and risk managers will benefit from this informative and interactive session where they will be able to compare their strategies and gain new ideas to strengthen their BC/DR program. Secure your seat and register here.

Strategic BCP’s full participation at DRJ Fall World includes breakout sessions by our experts on Business Continuity and Crisis Management. One of our banking clients will also be joining a panel discussion on ERM, security and BC. We are also hosting a “Wine Down Tuesday” reception. Visit our DRJ Fall World events page here.

Attendees can follow us before, during, and after the conference on Twitter (@strategicBCP, #DRJFALL), LinkedIn, and Facebook. Visit www.strategicbcp.com or more information.

 

 

Fifty percent of employees say they are more productive and motivated when their bosses share information. In fact, 76 percent don’t trust bosses who fail to communicate. Obviously, internal communications are a big deal when it comes to employee engagement and satisfaction. Is there such a thing as too much communication?

Related: Employee Engagement Starts with Communication

With 24-hour access to news and social media, we have become a culture of instant and all-encompassing information. We are increasingly expecting to know it all, or at least thinking we deserve to. However, companies must sometimes make decisions about what information they believe to be appropriate for their employees and what could cause damage to morale, revenue, reputation, or retention.

This isn’t always easy. To tell or not to tell can be a dilemma. Disclose too much and you can have an internal crisis on your hands. Offer up too little and your employees may rebel, or at best grumble. The truth is, every situation requires different evaluation, but we can safely place certain issues into “Tell” and “Don’t Tell” buckets.

We offer up the top 4 things employees need to know and need not to know:

...

https://www.alertmedia.com/4-things-you-shouldnt-notify-your-employees-about/

WAYNE, Pa. – Sungard Availability Services® (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, has appointed Kathy Schneider as Chief Marketing Officer reporting directly to Andrew A. Stern, Sungard AS' Chief Executive Officer.

Schneider will have global responsibility for Sungard AS' marketing, market strategy and corporate communications. In this role, she will drive the company's global go-to-market approach and brand strategy to further strengthen Sungard AS' market relevance and recognition, and to accelerate revenue growth. Schneider will also represent the voice of the customer, ensuring customer experience is integral to all Sungard AS' business decisions. As such, she will assume leadership responsibility for Sungard AS' European and North American Customer Advisory Boards (CABs).

"We are delighted to welcome Kathy to the Sungard AS leadership team as our CMO," said Andrew Stern. "Kathy has extensive experience developing global marketing strategies that have helped to achieve growth for both established and emerging IT businesses. As a proven marketing leader, Kathy will help Sungard AS elevate our brand, ensure that we are developing solutions aligned with customers' evolving needs, and generate increased demand to drive growth."

Schneider joins Sungard AS after more than two decades of technology and business-to-business marketing experience at country, regional and global levels in both pre-IPO and Fortune 500 companies. Her most recent role was at Level 3 Communications, where she served as Senior Vice President, Product and Marketing, EMEA. Prior to Level 3, she led global Marketing and Communications at Criteo, a leader in digital marketing and big data. Schneider also spent 14 years at Dell Inc. where she held a variety of marketing leadership roles in the U.S. and EMEA.

"For more than 35 years, Sungard AS has been reputed as the market leader for delivering recovery solutions that keep enterprises and organizations 'always on' and able to meet their business objective," said Kathy Schneider. "Over the last several years, the company has transformed its solutions portfolio to offer fully resilient production and recovery services. I am thrilled to join Sungard AS at such a pivotal time as it continues to evolve its solutions portfolio and help customers across their entire IT deployment."

About Sungard Availability Services:
Sungard Availability Services ("Sungard AS") is a leading provider of critical production and recovery services to global enterprise companies. Sungard AS partners with customers across the globe to understand their business needs and provide production and recovery services tailored to help them achieve their desired business outcomes. Leveraging more than 35 years of experience, Sungard AS designs, builds and runs critical IT services that help customers manage complex IT, adapt quickly and build resiliency and availability. Visit Sungard Availability Services at http://www.sungardas.com/en/ or call 1-800-468-7483. Connect with us on TwitterLinkedIn and Facebook.

Sungard Availability Services is a trademark or registered trademark of SunGard Data Systems or its affiliate, used under license. The Sungard Availability Services logo by itself is a trademark or registered trademark of Sungard Availability Services Capital, Inc. or its affiliate. All other trademarks used herein are the property of their respective owners.

The Business Continuity Institute

Explore the latest business continuity and resilience trends at the inaugural BCI India Conference. Open to both new and experienced practitioners, this conference will focus on the theme of business continuity excellence through personal accountability and process effectiveness, and will feature interactive sessions, case studies, plenary addresses and thought leadership from industry experts.

The BCI would like to thank Sungard Availability Services who are the headline sponsor, Send Word Now from OnSolve who are the gold sponsor, and Emreach and Regus who are silver sponsors. Thanks are also extended to NASSCOM who are ecosystem partner, and BSI who are knowledge partner. 

Thursday, 07 September 2017 14:41

BCI India Conference Sponsors

Staff and supplies pre-positioned in Puerto Rico and U.S. Virgin Islands

WASHINGTON – The Federal Emergency Management Agency (FEMA) headquarters in Washington, D.C., its Regional Response Coordination Centers (RRCC) in New York, Philadelphia and Atlanta, and FEMA liaisons to the National Hurricane Center (NHC) in Miami, Florida, are preparing for Hurricane Irma, now a dangerous Category 5 hurricane.

According to the National Oceanic and Atmospheric Administration, Hurricane Irma could cause catastrophic damage as it passes the U.S. Virgin Islands and Puerto Rico, and potentially heads toward southern Florida.

A state of emergency has been declared by the governors in the U.S. Virgin Islands, Puerto Rico, and Florida.

Approximately 124 FEMA staff have been deployed to the U.S. Virgin Islands and Puerto Rico, with an additional 83 staff currently serving in the FEMA call center in Puerto Rico. FEMA has pre-staged meals and water in preparation for the storm, to be provided as requested by Commonwealth and territory partners.  Regional Response Coordination Centers in Atlanta, Georgia, New York, New York, and Philadelphia, Pennsylvania, are all activated with interagency partners to monitor Hurricane Irma, and respond as the storm track changes. FEMA regional and national Incident Management Assistance Teams are on the ground in Puerto Rico and the U.S. Virgin Islands, and en route to Florida.

Additional federal efforts underway

The American Red Cross began issuing hurricane preparedness messaging through the Puerto Rico and U.S. Virgin Islands media 72 hours ago, on how to prepare for a disaster like this, and steps people should take to get ready. The Red Cross is prepared to support or open shelters; potential shelter locations have been identified and can be used in areas which might be affected by the storm. They have also alerted disaster volunteers about the oncoming storm to be ready for deployment as needed.

The Environmental Protection Agency (EPA) is preparing for Hurricane Irma now, closing down offices in the storm’s path and putting out communications in English and Spanish about ways to prepare. They are working to assess and secure superfund sites ahead of the storm.

The Department of Energy (DOE) is closely monitoring the storm and responders have been pre-positioned with FEMA Incident Management Assistance Teams in Puerto Rico and St. Croix. Responders are also deployed to both the FEMA Region II and IV Coordination Centers.
The National Guard Bureau has deployed Joint Enabling Teams to the U.S. Virgin Islands.  Puerto Rico and Florida teams are currently in development. Additional resources being readied are Civil Support Teams, Joint Incident Site Communications Capability, medical, and security assets.

The National Park Service (NPS) in the U.S. Virgin Islands began closing facilities on September 1, and all employees are accounted for. NPS is in the process of pulling all its boats and reports that generators are available. In San Juan, Puerto Rico, the NPS anticipates sending personnel to the U.S. Virgin Islands to pre-stage right before the storm in order to help clear roads. This crew can self-sustain for 7 days.

The DHS National Protection and Programs Directorate (NPPD) is preparing to deploy communications representatives and other staff from Regions I and II to the U.S. Virgin Islands and Puerto Rico. Staff are also pre-positioned to support response to an East Coast event.

The Social Security Administration (SSA) has preemptively closed all of its offices in Puerto Rico and the U.S. Virgin Islands as of 11 a.m. EDT on Tuesday, September 5.  An SSA Emergency Response Team, including representatives from New York (Puerto Rico and Caribbean) and Atlanta Regional Offices, will begin meeting today to plan response and recovery efforts in Irma’s aftermath.

The United States Geological Survey USGS is in the process of planning for and installing flood sensors in potentially affected areas.

Preparedness

Now is the time for everyone in the U.S. Atlantic territories, and those living along the U.S. gulf and east coasts to prepare for this potentially catastrophic storm. Hurricane conditions are expected in the U.S. Virgin Islands and Puerto Rico Wednesday. Destructive winds, storm surge, heavy rainfall and flash flooding are possible. There is a growing chance of seeing impacts from Irma in parts of Florida later this week. 

  • Update your disaster kit. Have a three-day supply of non-perishable food, bottled water, a battery-operated radio, flashlight, extra batteries, cash, medicines, first aid kit, pet foods, and important family documents.
  • Know your evacuation routes and prepare options for overnight lodging. Storm surge can cut off evacuation routes, so do not delay leaving if an evacuation is ordered for your area. If you encounter floodwaters, remember – turn around, don’t drown.
  • Develop an emergency communication plan, which includes a phone number for a family member or friend outside the area—a point of contact—in the event of separation.
  • Download the FEMA mobile app (available in English and Spanish) for a customizable checklist of emergency supplies, maps of open shelters and recovery centers, disaster survival tips, and weather alerts from the National Weather Service. The app also enables users to receive push notifications reminding them to take important steps to prepare their homes and families for disasters. 

###

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema. Also, follow Administrator Brock Long's activities at https://twitter.com/fema_brock. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Last Updated: 
September 5, 2017 - 21:11
 
State/Tribal Government or Region: Headquarters

(TNS) - Almost before the rain started in Houston, economic prognosticators started trying to figure out how much Hurricane Harvey was going to cost.

The numbers kept mounting as the rainfall totals piled up. In the first few days of the storm, investment research firms estimated the total property damage at between $30 and $40 billion — not even approaching the toll of Hurricanes Katrina and Rita.

By Wednesday, Enki Research had pegged it at between $48 and $75 billion. Toward the end of the week, as the flood receded and its carnage became clear, many analysts were hailing Harvey as the nation's most destructive storm ever.

...

http://www.govtech.com/em/disaster/Harvey-Might-Have-Been-Fiercer-Than-Katrina-but-its-Effects-Could-Fade-Faster.html

 
Map of Hurricane Irma. Tribune News Service 2017 TNS

(TNS) - Irma continued to strengthen into a powerful storm Tuesday afternoon, with winds increasing to 185 mph, National Hurricane Center forecasters said in a 2 p.m. EDT advisory.

As the storm continued to track westward, islands in its path raced to complete last-minute preparations. The Leeward Islands are expected to get hit with “catastrophic” winds Tuesday, forecasters said, with the Virgin Islands and Puerto Rico slammed Wednesday. In Puerto Rico, the governor asked President Donald Trump to declare a state of emergency, while the electric company warned Irma’s fierce winds could leave the island without power for four to six months.

As the hurricane churns closer to the U.S. coast, its path becomes more certain, with South Florida, particularly the Keys, increasingly likely to take a hit. Tropical storm force winds could arrive as early as Friday. Gov. Rick Scott has declared a state of emergency for all 67 counties and has ordered all 7,000 members of the state’s National Guard to report to duty on Friday. Mayor Carlos Gimenez also declared a state of emergency for Miami-Dade County Tuesday afternoon in advance of the fierce storm.

...

http://www.govtech.com/em/disaster/Irmas-Winds-Reach-185-mph-as-Powerful-Storm-Churns-Toward-Florida.html

This is the conclusion to a 4-part series on Business Transformation.

Recent studies tracking the progress of digitizing enterprises indicate two key trends:

  1. The number and proportion of organizations with an enterprise-wide digital strategy has increased significantly in three years.
  2. Companies are struggling to cultivate and advance their digital strategies.

Numerous causes have been cited to explain the lag in many companies’ efforts to successfully execute their digital strategies, including leaders not being fully equipped to lead digital initiatives, resistance to change, being bound by strategic decisions made 10 to 20 years ago, and many other factors.

...

http://www.enaxisconsulting.com/ready-to-launch-building-your-digital-team-blog/

Wednesday, 06 September 2017 14:29

Ready to Launch: Building Your Digital Team

It almost seems that there are as many definitions of the “blended attack” in IT security, as there are experts willing to give them.

At one end of the scale, the blended attack is defined as a piece of malicious code using a variety of delivery methods to infect systems.

About halfway along the scale, a blended attack is defined as a combination of different malwares or virtual attacks, used in combination to attain a target. And at the other end of the scale, the blended attack “gets real” in the sense that it not only has virtual components, but can be combined with physical attacks as well.

Each case needs to be assessed for the potential impact on your organisation.

...

http://www.opscentre.com/worrying-definition-blended-attack/

Many organizations consolidate their disaster recovery and IT security recovery plans into one package without asking if this approach makes sense.

Security and disaster plans are related but they are not the same, and at MHA Consulting, we advise against combining them.

How Disaster Recovery and IT Security Recovery Plans Differ

DR and IT security recovery plans appear to be very similar. Both plans include a procedure to minimize the impact of an event. They also have procedures to recover from the event and return to production, and will likely have a process to minimize the possibility of a similar event occurring again. Yet, beyond that, disaster and IT security recovery plans are fundamentally different.

The core difference between these plans is that disaster recovery is about business continuity, while IT security is about information protection. Therefore, disaster recovery plans tend to be actionable while security plans tend to be more validation and configuration driven. Part of the recovery tasks performed to make applications or environments available include the necessary security architecture and settings.

...

https://www.mha-it.com/2017/09/separate-security-disaster-recovery-plans/

WASHINGTON—To support the ongoing disaster recovery  in Texas, the Federal Emergency Management Agency’s (FEMA) National Flood Insurance Program (NFIP) is enhancing the flood insurance claims process and extending the grace period for paying policy renewal premiums for insured survivors affected by Hurricane Harvey.

Due to the wide-spread catastrophic damage caused by Hurricane Harvey, FEMA implemented temporary changes to rush recovery money into the hands of NFIP policyholders, for repair and replacement of flood-damaged properties. FEMA also wants to ensure continuous flood insurance coverage for current NFIP policyholders affected by this storm, even if the renewed policy premium cannot be paid at this time. FEMA is directing all NFIP private insurance partners to:

  • Provide advance payments on flood claims, even before visits by an adjuster;
  • Increase the advance payment allowable for policyholders who provide photographs or video depicting flood  damage and expenses, or a contractor’s itemized estimate;
  • Waive use of the initial Proof of Loss (POL) form; and,
  • Extend the grace period for payment of NFIP flood insurance policy renewal premiums to 120 days. This applies to policies covering properties in Texas counties that are designated under the Presidential Disaster Declaration, and were set to renew July 24 through Sept. 27, 2017.

Advance Payments

The NFIP is making it easier for policyholders to receive an advance payment for their flood claim to help them begin the process of recovery as quickly as possible. After filing a flood insurance claim, the policyholder can discuss advance payment with the insurer:

  • When a policyholder contacts his/her insurer and verifies his/her identity, he/she can receive an advance payment for up to $5,000 on a flood claim, without an adjuster visit or additional documentation.  When the advance payment is issued, a letter is sent as well to the policyholder, which explains that by accepting this payment, the policyholder is certifying the damage.
  • Up to $20,000 may be advanced to a policyholder who provides photos and/or videos depicting damage and receipts validating out-of-pocket expenses related to flood loss, or a contractor’s itemized estimate. Policyholders with significant damage who have a contractor’s itemized estimate may be eligible for a larger advance payment and should discuss this with the adjuster.

Advance payments are deducted from a policyholder’s final claim settlement amount. Advance payments may only be used according to the terms of the policy. For example, if a policyholder has a building/structure flood insurance policy, the advance payment must be used to repair or rebuild the structure. Or if a policyholder has contents coverage, the advance payment must be used to repair or replace contents that were within the structure. Advance payments may not be used for temporary housing and living expenses.

If a policyholder’s property is mortgaged, the lender will also be named on the advance payment issued for a building/structure flood insurance policy. In this case, the policyholder and lender will both be required to sign the advance payment check. 

Proof of Loss Waiver

To expedite processing of NFIP claims for Hurricane Harvey, the NFIP is waiving the requirement for a policyholder to submit an initial Proof of Loss (POL) document. Here’s how the expedited process will work:

  • After a policyholder files a claim, a time is set up for the adjuster to inspect the flood damaged property. The adjuster will document the damage and submit a report to the policyholder’s insurance company.
  • If additional damage is discovered or a policyholder does not agree with the payment amount, a policyholder can seek additional payment if the policy’s coverage limits have not been met. A POL will be required to seek supplement payment on the claim. If payment is issued based upon the adjuster’s initial report and an additional proof of loss is not submitted by the policyholder, the insurer will close the file.

If a policyholder decides to request an additional payment, which must be done by completing a POL, the policyholder will have one year from the date of filing the initial claim, to submit the request it to the insurance company. FEMA has informed all of its NFIP insurance partners about this process and how it will work.  NFIP policyholders are encouraged to work closely with an adjuster on this expedited process.

Grace Period Extension for Policy Renewals

As many people remain unable to get into their homes and are facing additional financial hardships as a result of the flooding. FEMA wants to ensure that policyholders affected by flooding caused by Hurricane Harvey can focus on their immediate needs, begin to recover, and continue to have flood insurance coverage in the event of additional flooding. Effective today, the NFIP is extending the grace period for payment of renewal premiums from 30 days to 120 days.

The grace period extension applies to:

  • Policies covering properties in Texas counties designated under the Presidential Disaster Declaration; and policies with renewal dates or underpayment notices with payments due between July 24 – September 22, 2017. The NFIP cannot pay a claim for a flood loss that occurs after a policy expiration date unless the policyholder’s insurance company receives the payment for renewal on or before the last day of the grace period. 

For any policy with a renewal date on or after September 23, 2017, the normal 30-day grace period will apply.

NFIP policyholders are encouraged to contact their insurance company and report a flood claim as soon as possible. If someone is unsure if he/she has flood insurance with the National Flood Insurance Program; does not know how to contact his/her agent or company; or has an NFIP Direct policy, call 1-800-621-3362, select option 2, and speak with the NFIP call center. The TTY number is TTY 1-800-462-7585.
 

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Having a business continuity plan in place is all well and good, and an important part of preparing for any potential disruption in business, but if the plan sits on a shelf collecting dust, what good is it really doing? For a BC plan to truly thrive, it needs to be practiced, regularly.

Why Exercise

Organizations that perform well-planned exercises get better results when faced with the real event. It makes sense, but often companies fail to move forward with exercising plan implementation. When you regularly run tabletop, functional and even full scale exercises, drilling on all aspects of your plan, it becomes nearly muscle memory for your staff in the event of an actual incident.

...

http://www.missionmode.com/importance-regular-drills-practices-bc-managers/

WASHINGTON – The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) and its federal partners continue to mobilize personnel and resources to support state, local and tribal efforts throughout Texas and Louisiana. More than 21,000 federal staff are deployed in support of Tropical Storm Harvey response.

While rescue efforts continue in many areas, recovery efforts are beginning for many communities. As of August 31, 2017:

  • More than 33,800 people sought refuge in more than 240 Red Cross and partner shelters in Texas. Six shelters are also open in Louisiana serving another 450 people.
  • Many areas are inaccessible. Federal, state and local search and rescue teams continue to reach those in stranded areas. 
  • U.S. Coast Guard and the Texas National Guard are transporting supplies and volunteers where they are needed most.
  • Approximately 53,000 pounds of medical equipment and supplies have been deployed to affected areas

The top priority remains protecting lives and the safety of those in affected areas. The following commodities have been provided by FEMA to the states of Texas and Louisiana for distribution by local communities.

  • Texas
    • More than 1,900,000 meals;
    • More than 1,960,000 million liters of water;
    • More than 4,700 blankets; and
    • More than 1,400 cots
  • Louisiana:
    • More than 416,000 meals;
    • More than 414,000 liters of water

A Federal Disaster Recovery Coordinator (FDRC) is being appointed to help with long-term planning and recovery.  The FDRC oversees an assessment of impacted communities and helps to develop a recovery support strategy. That strategy helps these hard-hit communities gain easier access to federal funding, bridge gaps in assistance, and establish goals for recovery that are measurable, achievable and affordable.

FEMA has received more than 364,000 registrations for assistance, the largest registration after any single event. More than 103,000 of your neighbors have already been approved for $66.4 million in assistance with FEMA and we want to help you. 

The FEMA mobile app (in English and Spanish) provides disaster recovery tips and residents and business owners are able to register for assistance through the FEMA mobile app or www.disasterassistance.gov.

The U.S. Small Business Administration (SBA) has received 2,118 disaster loan applications primarily for homes. The SBA has fielded 5,221 calls and completed 451 property damage inspections.

Short-term housing assistance and other immediate funding is available to survivors who register.  Survivors whose homes are uninhabitable or inaccessible may have access to short-term lodging at eligible hotels. FEMA can also provide up to two months of expedited rental assistance to those eligible. When survivors register, they will also receive information on other resources in their area, including available services from other federal agencies.

For survivors who have suffered damage and have federal flood insurance, FEMA’s National Flood Insurance Program is issuing advance payments of up to $5,000 for building and contents damages prior to an adjuster’s inspection to help get funds into the hands of survivors as soon as possible.  If a policyholder has photos and receipts of out-of-pocket expenses, they may receive an advance payment of up to $10,000. As of 2:30 pm EDT on Thursday, August 31, over 51,000 claims have been submitted in Texas.

To help people affected by this disaster, FEMA has created a webpage with resources and additional information for People with Disabilities and Others with Access & Functional Needs. Information is available in the following languages: Arabic, Chinese, Korean, Spanish, Tagalog, Urdu, and Vietnamese.

More than 3,500 FEMA employees are working in support of Tropical Storm Harvey response.

Other Ongoing Federal Efforts:

The American Red Cross (Red Cross) has more than 2,000 disaster workers are on the ground, and hundreds more are enroute, including a group of highly-skilled volunteers from the Mexican Red Cross who will help support shelters, distribute aid, and connect with Spanish speaking disaster survivors inform them about support available.  Red Cross estimates that it has shelter supplies in the area for nearly 70,000 people. Red Cross is expanding its feeding operation with trailer of kitchen supplies on the ground to support eight kitchens, each able to produce 10,000 meals a day. To date, more than 250,000 meals and snacks have been served.  Red Cross continues to deliver blood and platelets to partnering hospital in flood affected areas.

The DHS Office of Civil Rights and Civil Liberties (CRCL) and FEMA have developed guidance for impacted states, localities, and other federal recipients on how to effectively communicate with the whole community and carry out their disaster-related activities in a non-discriminatory manner. The guidance is available at:  https://www.dhs.gov/publication/tips-effectively-communicating-protected-populations-during-preparedness-response-and.

The Corporation for National and Community Service (CNCS) deployed more than 450 AmeriCorps members to the region to support American Red Cross shelter and feeding operations, and FEMA’s disaster damage assessments and logistics. AmeriCorps members are also working to stand up a Volunteer Reception Center. Additional requests for AmeriCorps disaster response teams are in development. These teams are trained to provide expert manpower for shelter operations, debris removal, and volunteer and donations management.

The Environmental Protection Agency (EPA) has released a statement on the explosion at an Arkema facility in Crosby, Texas. EPA field personnel are in Unified Command coordinating seven teams identifying and evaluating potential hazards posed by orphaned containers. The teams will determine actions needed to stabilize or remove items.

The Department of Health and Human Services (HHS) has provided care to more than 500 patients through the Federal Medical Station established in Houston's George R. Brown Convention Center and two urgent care sites in nearby cities.  In addition, HHS has more than 1,000 personnel on the ground in Texas and Louisiana. Declared public health emergencies remain in effect for Texas and Louisiana to allow health care facilities to provide care unimpeded. 

The DHS National Protection and Programs Directorate (NPPD) is helping facilitate access to communications and other critical infrastructure as recovery efforts begin. Of note, NPPD is supporting critical emergency communications through multiple avenues: Emergency responders placed 1,599 Government Emergency Telecommunication Service (GETS) calls on Tuesday, August 29, 2017. NPPD has posted a US-CERT alert on Potential Hurricane Harvey Phishing Scams attempting to take advantage of efforts to provide humanitarian assistance to hurricane survivors. Deployed NPPD workers are helping to maintain or establish coordination with owners and operators of priority facilities to determine their facility status.

The U.S. Small Business Administration (SBA) announced that as of Aug. 31, the SBA will offer an automatic 12-month deferment of principal and interest payments for SBA-serviced business loan and disaster loans that are in “regular servicing” status for residents and businesses in the declared counties. 

The U.S. Army Corps of Engineers (USACE) is working in partnership to support the local, state, and federal response to Hurricane Harvey.  USACE has more than 150 personnel engaged and operating in coordination with county, state, and FEMA partners.  USACE is focused on flood mitigation and reservoir operations, temporary emergency power, debris technical assistance, navigation restoration, and infrastructure assessments.

The U.S. Coast Guard (USCG) is working with the National Oceanic and Atmospheric Administration (NOAA) Office of Coast Survey and the USACE to conduct a survey of navigational aids in the greater Houston Metro Area. In addition, the Coast Guard captain of the port is opening certain ports and waterways in Brownsville (no restrictions) and in Corpus Christi (with restrictions).  Mariners are advised that although some channel surveys have been conducted, the Coast Guard has not completed channel surveys in all inlets, harbors, and channels to confirm safe transit.

The Department of Defense (DoD) Defense Logistics Agency (DLA) is providing more than 645,000 gallons of fuel in several locations. The DoD active-duty military personnel have rescued/assisted more than 1,200 people to date. USNORTHCOM deployed 73 helicopters, three C-130s, and eight para-rescue teams for search and rescue and evacuation. Approximately 6,300 active-duty military personnel are deployed to the affected area. DoD has stood up three additional Incident Support Bases (ISB) at Fort Hood, Joint Base San Antonio, and Naval Air Station Joint Reserve Base Fort-Worth to support forward distribution of supplies and equipment to the affected area.

The Federal Communications Commission (FCC) continues to monitor the status of communications networks, and is coordinating with providers and government partners on communications status and restoration in the affected areas. Visit www.fcc.gov/harvey for a daily communications status report for areas impacted by this storm as well as additional resources, including tips for communicating during an emergency.

The Federal Trade Commission (FTC) has information for people who want to help Hurricane Harvey survivors, and for those who are dealing with and recovering from, the storm’s long-term effects.  The FTC warns consumers to be cautious of charity scams, and to do research to ensure that your donation will go to a reputable organization that will use the donation as promised. For survivors, the FTC provides a few points to consider in a personal disaster recovery plan.

The Department of Agriculture (USDA) is providing assistance through their Supplemental Nutrition Assistance Program (SNAP) and waiving some regulations to make food more accessible, especially to school children and seniors. In addition, the USDA approved the state of Texas to designate schools not directly impacted by the Hurricane to serve as disaster organizations and shelters so that USDA foods can be used for congregate feeding, providing critical food assistance to those in need. USDA foods include a variety of canned, fresh, frozen, and dry products which include fruits, vegetables, meats, and whole grains.

The U.S. Department of Education has activated its emergency response contact center in response to the devastating impacts of Hurricane Harvey.  The Department’s K-12 and Higher Education stakeholders who are seeking informational resources should contact the Department toll free at 1-844-348-4082 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

The U.S. Food and Drug Administration (FDA) is advising people that food, medicine, and medical devices should be thrown out if they have come in contact with flood water or stored improperly during a power outage. The FDA is also identifying regulated facilities affected by the storm to assess any risk.

The Department of Energy’s (DOE) Secretary of Energy has authorized the Strategic Petroleum Reserve (SPR) to negotiate and execute two emergency exchange agreements with the Phillips 66 Lake Charles Refinery. This decision will authorize a total of 400,000 barrels of sweet crude oil and 600,000 barrels of sour crude oil to be drawn down from SPR’s West Hackberry site and delivered via pipeline to the Phillips 66 refinery. DOE continues to provide situation reports at https://www.energy.gov/oe/downloads/hurricane-harvey-situation-reports-august-2017 and has added a page to report gas price gouging: https://www.energy.gov/hurricane-harvey-report-gas-price-gouging.   

The Internal Revenue Service (IRS) issued a warning about possible fake charity scams emerging due to Hurricane Harvey and encourages taxpayers to seek out recognized charitable groups for their donations. Visit www.irs.gov for additional information about tax relief in disaster situations.

The National Guard Bureau (NGB) is working aggressively to assist and coordinate maximum support for the affected states. The National Guard is also aggressively assisting with response efforts, including evacuation and search/rescue efforts.  Video of 106th Rescue Wing, NYANG is available at: https://www.dvidshub.net/video/546792/106th-rescue-wing-new-york-air-national-guards-hurricane-harvey-rescue-b-roll.

The U.S. Social Security Administration is coordinating with the U.S. Postal Service (USPS) for 46 alternative pick up points in the impacted areas around Houston where individuals can pick up benefit checks. A press release identifies the pick-up points by zip code of where individuals can go. For beneficiaries with Direct Express cards, Comerica will be waiving fees for all cardholders impacted by Harvey, even if they have been evacuated to another area out of danger.

The U.S. Citizenship and Immigration Services (USCIS) has emailed the options available to USCIS customers affected by natural disasters and other extreme situations.  This information is available on the USCIS Special Situations web page at https://www.uscis.gov/humanitarian/special-situations and details how natural events can affect USCIS applications, petitions, or immigration status.  The USCIS recommends that volunteers print this web page and include in any information packets they are handing out to those affected by Hurricane Harvey. For information about USCIS office closures, visit www.uscis.gov or call their National Customer Service Center line at 1-800-375-5283 for further information or assistance with rescheduling appointments.

The U.S. Department of Interior has more than 100 employees deployed to support the state of Texas through eight FEMA mission assignments. United States Geological Survey (USGS) employees from Texas, Arkansas, Louisiana, Mississippi, and Oklahoma have been deployed in 17 crews to repair the large number of damaged gages and take high water measurements. The USGS is facilitating the International Charter activation, including cataloging of multiple space-based imagery products.  

In addition, DOI agencies, including the National Park Service, US Fish and Wildlife Service, and USGS are supporting FEMA Search and Rescue Task Forces by locating and providing dozens of shallow water boats – 90 boats in total – and are prepared to fill additional resource needs as identified. Ten Unmanned Aircraft System (UAS) pilots from these agencies, the Bureau of Land Management, and the Office of Aviation Services are guiding drones to locate people in need of help and survey damage. 

The Bureau of Safety and Environmental Enforcement Hurricane Response Team continues  to monitor Gulf of Mexico oil and gas activities and issue daily public updates on the oil and gas production that has been shut-in as a result of the storm. The agency is beginning to inspect platforms being brought back on-line to ensure safety requirements.

The U.S. Office of Personnel Management (OPM) has approved a special solicitation of Federal employees at the workplace to support the victims of Hurricane Harvey.  This special solicitation, which ends September 29, 2017, will allow Federal employees and military personnel to assist the disaster relief efforts with cash or check donations outside the normal Combined Federal Campaign.   Additional information can be found at:  https://www.opm.gov/news/releases/2017/08/opm-approves-special-solicitation-to-support-harvey-victims/.

The U.S. Postal Service (USPS) provided additional information on how customers displaced by Hurricane Harvey can retrieve Treasury checks they receive, via U.S. Mail.  This includes checks from the Social Security Administration, Veterans Administration (VA) checks, and checks from the Office of Personnel Management (OPM) and the Railroad Retirement Board.

USA.gov and GobiernoUSA.gov continues to support federal agency messaging efforts on our home pages and we’re compiling federal agency updates and messaging on rapidly growing Hurricane Harvey pages found at https://www.usa.gov/hurricane-harvey and https://gobierno.usa.gov/huracan-harvey. They continue to use social media to promote life safety messages, and are beginning to push recovery information, information on how to help survivors, and applying for FEMA disaster relief jobs.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

WASHINGTON – The Federal Emergency Management Agency (FEMA) is raising awareness that Hurricane Harvey disaster survivors, and their friends and family, must be alert for false rumors, scams, identity theft, and fraud. Although many Americans are working hard to help their neighbors now, during chaotic times, some will always try to take advantage of the most vulnerable. 

To dispel some of the false rumors circulating on the internet and social media, FEMA created a dedicated website to address some of the most common themes. Remember, if it sounds too good to be true, it probably is. Visit https://www.fema.gov/hurricane-harvey-rumor-control to get the most accurate information from trusted sources.

Here is how to protect yourself, or someone you care about, from disaster fraud:

  • Federal and state workers do not ask for, or accept, money. FEMA staff will never charge applicants for disaster assistance, home inspections, or help filling out applications. Stay alert for false promises to speed up the insurance, disaster assistance, or building permit process.
     
  • In person, always ask to see any FEMA employee ID badges. FEMA Disaster Survivor Assistance teams may be in impacted communities providing information and assisting survivors with the registration process or their applicant files.
     
  • A FEMA shirt or jacket is not proof of identity. All FEMA representatives, including our contracted inspectors, will have a laminated photo ID. All National Flood Insurance Program adjusters will have a NFIP Authorized Adjuster Card with their name and the types of claims they may adjust.
     
  • If you are unsure or uncomfortable with anyone you encounter claiming to be an emergency management official, do not give out personal information, and contact local law enforcement.
     
  • If you suspect fraud, contact the FEMA Disaster Fraud Hotline at 866-720-5721 or report it to the Federal Trade Commission at www.ftccomplaintassistant.gov
     
  • More information on disaster-related fraud is available at the Texas Attorney General’s Office website at texasattorneygeneral.gov/cpd/disaster-scams or call -800-252-8011.
     
  • In Louisiana, disaster-related fraud information is available on the State Attorney General’s Office website at http://www.agjefflandry.com or contact the National Center for Disaster Fraud’s hotline at 1-866-720-5721.

##

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

The media will bring you the facts. Houston has been hit by one of the largest storms of the century. Despite this catastrophe, Houstonians have come together demonstrating compassion for their neighbors in need.

The community at large has come together like never before. #HoustonStrong has begun to trend on Twitter, offering up numerous examples through pictures and videos of what it means to be a strong Houstonian. The hashtag was made in honor of the city of Houston’s collective birthday. This hashtag highlights the resilient spirit of the city and its citizens throughout the many years of its existence. People from all over Houston and beyond are volunteering to help in the relief of victims caught in the path of the storm.

Multiple posts have shown evidence of people from around Texas bringing their boats to the Houston area to assist in amateur search and rescue operations. Other posts show more personal stories, one being of a Houston officer purchasing emergency supplies and food for victims of the tremendous flooding (this might be a good spot to put a link to the source). The Cowboys and Texans have officially canceled their Thursday preseason game so players can return to Houston to further help their community.

While official government funding for the relief effort is still being debated, others have taken up the mantel in an unprecedented way. Both MLB Texas teams, the Astros and the Rangers, have pledged $4 million and $1 million, respectively, in showing their support for Houston during this difficult time.
in addition to organizations and citizens, celebrities have also contributed to humanitarian efforts with their money and time. Kim Kardashian West, for example, has donated $500,000 to the relief of Houstonians. Despite how you may personally feel about certain celebrities, their contribution and their compassion for those in need have made a difference for the people in Texas.

The hashtag isn’t exclusively for content showing humans helping humans; it also includes anything that inspires hope for the people affected by the storm. The spread of positive news has inspired those in Texas and around the nation of the hope that still lingers on the horizon. Clear skies have opened up over Houston as the storm has started to migrate to southwestern Louisiana, and the sun is shining down on a different Houston, a damaged but still standing one.

Through this crisis, we have seen the resilient spirit of the American people, the unquestionable durability that America is known for. Houston is a shining example of how different people can come together and help one another. We now have confirmation that everything is indeed bigger in Texas, even their hearts.

http://resqdr.com/hurricane-harvey-houstonstrong/

Friday, 01 September 2017 15:01

Hurricane Harvey and #HoustonStrong

NEW YORK – CA Technologies (NASDAQ:CA), today announced it has been named a Leader in the prestigious “The Forrester Wave™: Continuous Delivery and Release Automation, Q3 2017” report by Forrester Research. The report evaluates 15 of the most significant continuous delivery and release automation vendors.

New #ForresterWave names @CAinc @Automic "Leader" in continuous delivery& release automation http://bit.ly/2x7JVAD

Tweet this

Vendors were evaluated on 26 criteria on their ability to support major DevOps processes for continuous delivery and release automation, including: integration with CI tools, package creation and modeling, pipeline modeling and governance, API coverage, vulnerability rectification and out-of-the-box integrations.

“We are delighted to be named a Leader in Forrester’s latest Continuous Delivery and Release Automation Wave report,” said Ayman Sayed, president and chief product officer, CA Technologies. “We believe this achievement testifies to CA Technologies success in empowering enterprises with the speed and agility they need to achieve continuous delivery and adopt digital transformation as an important strategic initiative.”

Per the report, Forrester states, “Automating the movement and deployment of infrastructure, middleware, and applications through testing is a key pain point for I&O teams today. CDRA [Continuous Delivery and Release Automation] tools remove errors from manual deployment and release processes by standardizing and automating the movement of applications between environments; this is a critical step in the delivery pipeline of applications and has a direct impact on customer experience.”1

According to the report, “CA Continuous Delivery Director and CA Automic Release Automation demonstrated good pipeline management across all pipeline stages, movement of complete releases including applications, infrastructure and middleware, remediation of vulnerabilities, defect tracking, and out-of-the-box integrations with a broad range of third party solutions including configuration management, database management tools and testing tools.”2

CA Continuous Delivery Director and CA Automic Release Automation received the highest scores possible in the deployment flexibility, deployment scenario support, advanced model creation and deployment, pipeline health and orchestration, scalable governance, planned enhancements, consulting, training and support, and innovation in delivery models and pricing criteria.

CA Automic Release Automation is the most flexible, yet scalable release automation product on the market. It is also environment agnostic, making CA Technologies uniquely positioned to help transform any enterprise for the digital age.

To learn more, visit:
CA Automic Release Automation: https://automic.com/products/application-release-automation
CA Continuous Delivery Director: https://www.ca.com/us/products/ca-continuous-delivery-director.html

1 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

2 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

Tweet this: New #ForresterWave recognizes @CAinc @Automic as a “Leader” in continuous delivery & release automation: LINK @Automic #DigitalTransformation

Follow Automic Software

Automic Blog
Latest News
Join the Conversation
Join us on LinkedIn

About CA Technologies

CA Technologies (NASDAQ:CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business in every industry. From planning, to development, to management and security, CA is working with companies worldwide to change the way we live, transact, and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at www.ca.com.

Follow CA Technologies

Twitter

Social Media Page

Press Releases

Blogs

Legal Notices

Copyright © 2017 CA, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Derived from the old proverb “a chain is only as strong as its weakest link”, this axiom was top of mind for me this past weekend as I prepared to lift a 20-foot section of trunk and root ball from a downed cottonwood that was blocking my creek. I carefully examined each link of the 40 feet of logging chain, I examined the winch mechanism of my “come-a-long” (read manual) winch, I searched for the right tree to which to attach my winch, I cleared the ground around me to have ample foot room, and thought through my “escape route” should the chain break.

On one of my many breaks, I started thinking about how this old adage can impact your cyber security strategies. (Yes, I really do think about this stuff all the time, even when covered in mud, creek water, and sweat!) ‘You are only as strong as your’ weakest link is something that should be on the mind of every CISO, CIO and Risk Manager.

Hackers are getting smarter. They are attacking the weakest link.

...

https://www.bluelock.com/blog/strong-weakest-link/

Thursday, 31 August 2017 20:31

You are only as strong as your weakest link

(TNS) — As scientists, engineers, and victims of Harvey try to grasp exactly how a storm got that big and destructive, some say that there might never be one answer — but that climate change, sea rise, sprawl, and randomness all converged with a vengeance on Houston.

“They are mysterious unto themselves,” William Sweet, a National Oceanic and Atmospheric Administration oceanographer, said of storms like Harvey and Sandy.

“Climate change aside, rare events happen,” Sweet said. “Oftentimes it’s not very well understood that your area might be prone to these major events. Just because you haven’t seen a storm like it in 30, 50 years doesn’t mean they aren’t prone to occur. If your region is prone to these kind of events, you need to be prepared.”

...

http://www.govtech.com/em/disaster/Five-Reasons-Harvey-Has-Been-so-Destructive---its-Not-Only-About-Climate-Change.html

Ideally, business continuity means no discontinuity.

Interruptions are prevented or avoided, and the business keeps ticking, no matter what the circumstances.

But as savvy business people know, such perfection is rarely achievable and even if it is, the costs can be astronomical.

Excellence may be a better goal, but does this mean that the occasional BC imperfection is acceptable – and if so, to what degree?

...

http://www.opscentre.com/business-continuity-prevention-detection-repair/

(TNS) - The biggest rainstorm in the history of the U.S. mainland made a second landfall Wednesday on the Gulf Coast, slowly moving away from Houston and dousing southeast Texas and southwest Louisiana.

While Tropical Storm Harvey no longer has the power of the Category 4 hurricane that slammed the Gulf Coast late Friday — it is expected to weaken as it moves north toward Mississippi and Tennessee — the National Hurricane Center warned of continued “catastrophic and life-threatening” flooding.

The Texas National Guard has made more than 8,500 rescues and 26,000 evacuations, Texas Gov. Greg Abbott said at a news conference Wednesday.

...

http://www.govtech.com/em/disaster/The-Worst-is-Not-Yet-Over-for-Southeast-Texas-Governor-Declares.html

Whew! I’m safe! I’m in the cloud, I don’t need a disaster plan!

Please don’t agree with me. I had chills just writing that. Look, it is very exciting to be out of the datacenter business. No more worries about cabinets, cables, or cooling. No more pesky power issues, counting rack units, or server procurement. 100% software defined datacenter, baby! It’s a dream and the conclusion of a many-year strategy for many. Or perhaps you’re one of the new, hip kids living the dream with containers and continuous integration.

Sure, many clouds can offer uptime SLAs, security, and features that many individual businesses could not duplicate, and we can assume, if you are now all-in-cloud, that your business uptime requirements are met when the cloud meets their SLA. However, the most important questions to ask is: “Is the business uptime requirement met if my provider doesn’t meet their SLA?” And, if they broke the uptime SLA, you’re out of guarantees. Is the business willing to risk uptime based on that SLA?

...

https://www.bluelock.com/blog/im-cloud-now-dont-need-disaster-recovery/

AUSTIN – The Centers for Medicare and Medicaid Services (CMS) issued a November 15, 2017 deadline requiring all Medicaid and Medicare providers and suppliers to have an emergency preparedness plan in place for their facility. These new rules can mean changes to familiar processes and procedures – causing headaches and added stress for healthcare compliance professionals.

But the good news is these guidelines are designed to make healthcare facilities safer, more efficient, and better at communicating around emergency situations. Meeting the program requirements may seem overwhelming, but the best way to approach the new regulations is to find a way to make them work best for your organization and to find a solution you can implement quickly and easily. New technologies such as AlertMedia’s emergency mass notification system can assist you in a big way.

1. Build an Emergency Plan

This is the first item the CMS regulations address and the best place to start when building a CMS compliance strategy. Begin with researching relevant material that will apply to your facility such as local emergency requirements and important emergency personnel contact information.The assessment checklist published by CMS recommends gathering the following information:

  • Copies of any state and local emergency planning regulations or requirements
  • Facility personnel names and contact information
  • Contact information of local and state emergency managers
  • A facility organization chart
  • Building construction and Life Safety systems information
  • Specific information about the characteristics and needs of the individuals for whom care is provided

CMS guidelines requires your emergency plan also include a Continuity of Operations Plan (COOP) for hazardous situations. CMS specifies that facilities should develop this plan with an all hazards approach taking into consideration events such as hurricanes, floods, tornadoes, fire, bioterrorism, pandemic, etc. If the event could disrupt the flow of your facility’s service in any way, it must be planned for.

Collaborate with local emergency services, analyze all hazards, discuss with suppliers, and set up a hierarchy for decision criteria for your emergency plans.

2. Put in Place Policies & Procedures

This portion of the requirements should be specific to your organization and based on the facility’s risk assessment and emergency plan. Policies and procedures must be reviewed and updated on an annual basis.

The key to fulfilling this requirement is to fully develop and document your emergency policies and procedures with a schedule for review, update, and maintenance built in to remain compliant. Build policies and procedures that work for your organization and make ongoing compliance as easy as possible.

3. Develop an Emergency Communications Plan

Proper communication before, during, and after an emergency is the key to your emergency preparedness plan. It will inform employees, patients and visitors of the situation at hand and where and what they should be doing during the event. But communicating on this scale can be a logistical nightmare.

Your organization must gather, store and update a large amount of contact information to communicate efficiently during an emergency situation. A comprehensiveemergency notification systemcan help you gather and maintain this data in a safe, efficient manner, making it a great option to use for your compliant communications plan.

AlertMedia, the fastest-growing emergency mass notification system provider in the world, has helped numerous healthcare organizations meet the Emergency Communications Plan regulations included in the CMS guidelines. Organizations use AlertMedia’s web and mobile applications to interact with their audience from any device, over any communication channel – such as voice call, text, native mobile apps, email, social media, and Slack – keeping their people safe and informed with just a few clicks.

4. Training & Testing Program

To meet the training and testing portion of the new CMS Guidelines your facility must provide:

  1. Initial training for new and existing staff in emergency preparedness policies and procedures
  2. Annual refresher training so that staff can demonstrate knowledge of emergency procedure

This section in the emergency preparedness guidelines allows for a more tailored approach that works best for your facility and the hazards your organization specifically faces. The purpose of this requirement is to ensure that the processes you've put in place work well, are fully compliant, and are understood by the members of your team. If you've put solid systems in place, you’ll simplify your program training and testing.

Summary

The new CMS guidelines are designed to ensure patients, visitors, personnel and government officials are safe and informed during natural and man-made critical events. Improved emergency communications help ensure the safety of your facility and your people. One of the best technological investments your healthcare facility can make in preparation for these new guidelines is a multi-layered mass communication system like the AlertMedia platform. You can keep your people safe when you keep them informed.

About AlertMedia

As a mass communications and monitoring company, AlertMedia helps hundreds of global organizations securely and effectively monitor threats, streamline notifications, and improve employee safety. The company’s cloud-based platform delivers communications that protect organizations, improve operations, and mitigate loss from any location, at any time, using any device. For more information, call (800) 826-0777 or visit www.alertmedia.com.

The Business Continuity Institute

On Friday 25th August 2017, Hurricane Harvey hit Texas, in the USA. The natural disaster has brought record levels of rainfall causing widespread flooding.

The level of disruption in Houston has hit unprecedented levels, affecting health, homelessness and economy. Hospitals have had to be evacuated, homes have become damaged and uninhabitable and businesses have been forced to close. With widespread power cuts, emergency services have been relying on backup systems to continue offering care to those most in need.

Could anything be done better at this stage of the crisis? Looking back to 2005 and Hurricane Katrina, in New Orleans; evacuation led to congestion, lack of resources resulted in poor health and social care, and widespread panic lead to looting and damage to businesses. More than a decade later, New Orleans still hasn’t recovered. Their population is significantly lower than pre-Katrina and their businesses still struggle to trade.

12 years on however, the military are on site to reduce disruption to people and businesses in the affected areas of Texas. Supplies and generators have been shipped in, and engineers are onsite in an effort to restore Houston’s critical infrastructure whilst evacuation efforts are planned and prioritised around those most at risk. On the surface, the response effort appears more coordinated.

Whilst the efforts will continue to focus on the safety of residents, the effects on businesses will not be clear until much later. It does seem that businesses were better prepared with emergency response and business continuity plans already in place. Renovation and restoration organizations prepared for the storm by safeguarding their stocks and have put a lockdown on service inflation in the area. Farmers and traders worked tirelessly to protect their crops and although not a failsafe approach, have managed to bring at least some of their produce to safety. Local businesses have invoked their disaster recovery plans and are preparing to repair damage in disrupted areas as soon as possible, however with supply chains disrupted and entry roads blocked, this is likely to be a lengthy and difficult task.

At this early stage, it would seem that lessons were learned relating to preparedness, however whether the response has been proactive enough to ensure the regeneration and continuity of Houston and affected areas will only be seen over time.

Download the attached files

PDF documents  

Companies today know they need to fully and effectively leverage all data—including the increasing digitization of human communications and the data being generated by everything from light bulbs to smartphones. They know they must capture a wide variety of data, store it in a way that makes it accessible, and query it based on the rapidly changing needs of the business. They also know that they can’t get by with rigid, predetermined schemas . What they are finding, however, is that this is much easier said than done.

What’s standing in their way? Many things, unfortunately; but there are five big challenges that companies must overcome in order to fully exploit their data along with partner data, and other external data sources.

...

http://www.datacenterknowledge.com/archives/2017/08/29/five-challenges-companies-must-overcome-make-use-data/

“89 percent of IT leaders are planning in implementing more cloud-based disaster recovery in the next year.” -Lauren Cooke, 

Within the decade, the adoption of cloud computing and hybrid-cloud computing applications in organizations has risen exponentially. Businesses are realizing the cost effectiveness of having business continuity and disaster recovery cloud-based solutions. From enterprise to small business, 75 percent of teams recognize the cloud’s ability to offer them offsite backups and stronger business continuity. (source)

...

http://www.bcinthecloud.com/2017/08/bcdr-in-the-cloud-are-you-behind-the-curve/

Wednesday, 30 August 2017 14:33

BC/DR in the Cloud, Are You Behind the Curve?

An architectural risk assessment is not a penetration test or merely a vulnerability scan. It is an engineering process with the aim of understanding, defining, and defending all the functional output from customers, line workers, corporate staff, and client-server interactions. Architectural risk assessments include ethical hacking, source code review, and the formation of a new network design.

As Fred Donovan wrote in the Cutter Consortium Executive Update, Architectural Risk Assessment: Matching Security Goals to Business Goals, “Performed correctly, [an architectural risk assessment] will empower the technology staff and enable the business to focus less on security and more on customers.”

According to Donovan, the first step of an architectural risk assessment is to conduct interviews with line workers — the people who interact daily with customers. These line workers who know many of the issues — without understanding the technical details — that may negatively affect customer interaction with a running application. This knowledge will benefit the redesign of the network architecture.

...

http://blog.cutter.com/2017/08/29/conducting-an-architectural-risk-assessment-step-1/

Establishing your business continuity strategy starts with considering your organization’s objectives, legal and regulatory requirements, personnel, and products or services, along with your customers and clients. Before jumping in to identify and develop your strategy and plans for business continuity, there are some preparations you can perform to help you successfully implement a functional program. These are:

  • Seek support from senior management.
  • Engage a competent third-party BCM consultant.
  • Develop a basic plan if nothing exists.
  • Appoint your BCM team.
  • Perform a business impact analysis (BIA).
  • Develop the BC strategy.
Seek Support from Senior Management

Without management support and engagement, it is difficult for a BC program to provide value and succeed in its goals. Management should form a steering committee to assist with funding and facilitation of cross-departmental issues. Providing regular status updates and reports on the added value of the program will help you garner support and understanding from senior management.

...

https://www.mha-it.com/2017/08/business-continuity-strategy/

It’s a common misconception many businesses have that sever weather incidents won’t drastically change the way they operate even if this unexpected severe weather occurs in their geographic area. However, according to FEMA, this simply isn’t the case. In fact, FEMA estimates 40% of all businesses are forced to close immediately after a disaster and another 25% of businesses will fail within one year. Knowing these sobering statistic begs us to take a closer look at exactly how severe weather may impact your business.

Building Damage/Loss of Facilities

The most obvious way severe weather can hit home is when it causes structural damage to your company’s building or even destroys the facility all together. Whether it’s a flood, tornado, hurricane, fire, or any other terrible act of mother nature, losing the place your staff reports to every day to perform their work has a tangible impact on your business operations. You’ll need a plan in place for backup facilities and/or remote work options.

...

http://www.missionmode.com/closer-look-severe-weather-can-disrupt-business/

(TNS) — Heeding orders not to evacuate but instead to shelter in place, hundreds of Houston residents found themselves trapped in their homes Monday as floodwaters from Tropical Storm Harvey rose around them.

“We have no power, no water. We’re flooded in. We need help,” said Dana Godfrey, 46, who was stranded with her 24-year-old son in an apartment complex surrounded by water in the Lake Houston neighborhood. “They never told us to evacuate. It’s never flooded over here.”

Godfrey said she was terrified over reports that robbers were casing homes in flooded areas. Her calls to overwhelmed emergency services had failed to yield any response by Monday evening. Across the city, residents were reporting 911 calls that went unanswered, or being put on long holds, then told that emergency personnel could not immediately be dispatched.

...

http://www.govtech.com/em/disaster/They-Were-ordered-Not-to-Evacuate-Now-Many-Families-in-Houston-Find-Themselves-Trapped-in-their-Homes.html

FEMA may provide Transitional Shelter Assistance (TSA) to applicants who are unable to return to their pre-disaster primary residence because their home is either unihabitaable or inaccessible due to a Presidentially-declared disaster. TSA is intended to reduce the number of disaster survivors in congregate shelters by transitioning survivors into short-term accomodations through direct payments to lodging providers. TSA does not count toward an applicant’s maximum amount of assistance available under the Individuals and Households Program (IHP).

TSA is funded under Section 403 of the Stafford Act and is subject to a state cost-share. The State may request that FEMA authorize the use of TSA for the declared disaster in specific geographic areas.

The affected state, territorial, or tribal government may request TSA. This form of assistance may be considered when the scale and projected duration of the declared incident results in an extended displacement of disaster survivors. The state, territorial, or tribal government, in coordination with FEMA, identifies areas that are inaccessible or that incurred damage which prevents disaster survivors from returning to their pre-disaster primary residence for an extended period of time.

Under TSA, disaster survivors may be eligible to stay in an approved hotel or motel for a limited period of time and have the cost of the room and taxes covered by FEMA. For those who are eligible, FEMA will authorize and fund, through direct payments to participating hotels/ motels, the use of hotels/motels as transitional shelters.  The applicant is responsible for all other costs associated with lodging and amenities, including, but not limted to  incidental room charges or amenities, such as telephone, room service, food, etc.

The initial period of assistance will be 5-14 (adjustable to 30 days, if needed) days from date of TSA implementation. FEMA, in conjunction with the state, territorial, or tribal government, may extend this period of assistance, if needed,  in 14-day intervals for up to six months from the date of disaster declaration.

Individuals and households who are not eligible for TSA will be referred to local agencies or voluntary organizations for possible assistance.

Individuals and households may be eligible for TSA, if:

  • Register with FEMA for assistance
  • Pass identity and citizenship verification
  • Their pre-disaster primary residence is located in a geographic area that is designated for TSA
  • As a result of the disaster, they are displaced from their pre-disaster primary residence
  • They are unable to obtain lodging through another source

FEMA provides eligible applicants access to a list of approved hotels in their area, and applicants may choose to stay at any approved hotel or facility identified by FEMA. The list of approved hotels is available at http://www.femaevachotels.com/index.php or the FEMA Helpline. FEMA provides applicants with access and functional needs additional assistance in locating approved hotels to meet their needs.

FEMA bases the amount of TSA on the maximum lodging rate plus taxes for the locality, as identified by the General Services Administration (GSA).

Extending TSA

When FEMA extends TSA eligible applicants are allowed to remain in transitional sheltering through the end of the extended interval if they are otherwise eligible for IHP Assistance, or both

of the following apply:

  • FEMA is currently considering the applicant’s eligibility for Temporary Housing Assistance or is waiting for documentation from the applicant needed to consider eligibility
  • They meet other conditions of eligibility established by FEMA and the coordinating state, territorial, or tribal government

Ending TSA

  • If an applicant who is receiving TSA is approved for Rental Assistance, their TSA-eligibility will terminate at the end of the 14-day interval.
  • Applicants who are not eligible for IHP Assistance may only remain in transitional sheltering until their TSA interval expires.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 29 August 2017 17:11

FEMA: Transitional Shelter Assistance

FEMA may provide financial assistance to individuals and households who, as a result of the disaster, have immediate or critical needs because they are displaced from their primary dwelling. Immediate or critical needs are life-saving and life-sustaining items including, but not limited to: water, food, first aid, prescriptions, infant formula, diapers, consumable medical supplies, durable medical equipment, personal hygiene items, and fuel for transportation. Critical Needs Assistance (CNA) is awarded under the Other Needs Assistance provision of the Individuals and Households Program (IHP) and is subject to a state cost share. It is a one-time $500 payment per household. The State must request that FEMA authorize CNA in a disaster for specific geographic areas that are expected to be inaccessible for an extended period of time (i.e., seven days or longer). The eligibility period for CNA corresponds to the standard registration period for IHP, which is 60 days from the date of the Presidential disaster declaration.


Individuals and households may be eligible for CNA if all of the following have been met:

  • A registration is completed with FEMA;
  • The applicant passes identity verification;
  • At registration, the applicant asserts that they have critical needs and requests financialassistance for those needs and expenses;
  • Their pre-disaster primary residence is located in a county that is designated for CNA; an
  • The applicant is displaced from their pre-disaster primary residence as a result of the disaster.

###


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 29 August 2017 17:09

FEMA: Critical Needs Assistance

Once upon a time, IT security was all about building the highest wall possible to keep attackers out and corporate users and systems safe.

Collaboration, cloud computing, and data mobility changed all that.

Although the list of bad actors may not have changed, their methods have and so have the relative levels of risk associated with each one. Insider threats are now only equalled in diversity and range by cyber terrorists. It’s time to take the insider threat seriously.

Key cyber threat sources can be categorised as nation states, cyber criminals, cyber terrorists, hacktivists, hackers, competitors, and insiders.

...

http://www.opscentre.com/rise-rise-insider-threat-it-security/

Broadly speaking, there are two approaches to structuring a business continuity program.

A centralized structure involves leading and executing the business continuity planning process within a single team and engaging the business as needed.

A decentralized structure involves leveraging a small number of centralized resources that offer consultative assistance and performance measurement while resources dispersed throughout the business execute the actual planning process.

...

http://perspectives.avalution.com/2017/business-continuity-planning-centralized-and-decentralized-approaches/

WASHINGTON – The compassion and generosity of the American people is never more evident than during and after a disaster. It is individuals, non-profits, faith- and community-based organizations, private sector partners, and governmental agencies working together that will most effectively and efficiently help survivors cope with the impacts of Tropical Storm Harvey.

Please follow a few important guidelines below to ensure your support can be the most helpful for Tropical Storm Harvey disaster survivors.

TO DONATE TO RELIEF EFFORTS

The most effective way to support disaster survivors in their recovery is to donate money and time to trusted, reputable, voluntary or charitable organizations.

Cash donations offer voluntary agencies and faith-based organizations the most flexibility to address urgently developing needs. With cash in hand, these organizations can obtain needed resources nearer to the disaster location. This inflow of cash also pumps money back into the local economy and helps local businesses recover faster.

Please do not donate unsolicited goods such as used clothing, miscellaneous household items, medicine, or perishable foodstuffs at this time. When used personal items are donated, the helping agencies must redirect their staff away from providing direct services to survivors in order to sort, package, transport, warehouse, and distribute items that may not meet the needs of disaster survivors.

Donate through a trusted organization.  At the national level, many voluntary-, faith- and community-based organizations are active in disasters, and are trusted ways to donate to disaster survivors. Individuals, corporations, and volunteers, can learn more about how to help on the National Voluntary Organizations Active in Disaster (NVOAD) website.

In addition to the national members, The Texas Voluntary Organizations Active in Disaster (Texas VOAD) has a list of vetted disaster relief organizations providing services to survivors.  Texas VOAD represents more than three dozen faith-based, community, nonprofit and non-governmental organizations.    

TO PERSONALLY VOLUNTEER IN THE DISASTER AREAS

The State of Texas is asking volunteers to not self-deploy, as unexpectedly showing up to any of the communities that have been impacted by Hurricane Harvey will create an additional burden for first responders.

The National VOAD has also noted the situation may not be conducive to volunteers entering the impacted zone and individuals may find themselves turned away by law enforcement.

To ensure volunteer safety, as well as the safety of disaster survivors, volunteers should only go into affected areas with a specific volunteer assignment, proper safety gear, and valid identification.

At this time, potential volunteers are asked to register with a voluntary or charitable organization of their choice, many of which are already in Texas and supporting survivors on the ground.

The National and Texas VOAD websites are offering links to those who wish to register to volunteer with community- and faith-based organizations working in the field.

Most importantly, please be patient. Although the need is great, and desire to help strong, it is important to avoid donating material goods or self-deploying to help until communities are safe and public officials and disaster relief organizations have had an opportunity to assess the damage and identify what the specific unmet needs are.

Volunteer generosity helps impacted communities heal from the tragic consequences of disasters, but recovery lasts much longer than today. There will be volunteer needs for many months, and years, after the disaster, so sign up now.

Tropical Storm Harvey is still dangerous, with the potential to impact additional areas of Texas and Louisiana. As the situation changes, needs may also change in these areas. Continue monitoring traditional and social media channels to learn more.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

This has been quite the extraordinary week with the solar eclipse (amazing) on August 21 followed only a few days later by Hurricane Harvey (horrific), which is causing "epic, catastrophic" flooding in Houston, Texas,  the 4th most populated city in the US. 

The path of the hurricane can be viewed here. 

To emphasize the significance of this natural disaster, which has been called a one in a 500 year flood, major news sites such as The Washington Post, The Wall Street Journal, and The New York Times, have all removed their paywalls, which is also being already referred to as the worst natural disaster to ever hit Texas.

You may ask, why worry about what is happening in Texas? First of all, this natural disaster hits "close to home." As an academic,  I know many faculty at universities in Texas and to see some closing down, making tough decisions as to what to do with students, and when to reopen,  reminds me of Hurricane Sandy back in October 2012 when my daughter was a college freshman and her college (as did many in the affected areas of the Northeast) closed, and she could not even make it back to Amherst because there was no public transportation due to fuel shortages. A niece of mine had just started her freshman year at Tulane University in New Orleans when Hurricane Katrina struck but she had had sufficient warning that she was able to get a flight back to Kansas and that university was closed for an entire semester. And my daughter had spent the summer before her senior year of college as an intern researcher at the marvelous Lunar and Planetary Institute, which is located in Houston. I remember her flying from Sweden where she was visiting me when I had an appointment as a Visiting Professor at the University of Gothenburg and flying then to Houston, which had had some rain, and I was worried at that point about flooding. Now, because of Hurricane Harvey, there are very few passable roads in the surrounding Houston area, flights are halted at both Houston airports (how would crews and workers even make it there?), hospitals are without power and running water, and folks are being told to shelter in place and to bring axes to their attics so that they can break through attics to the rooftops to be rescued. 911 operators are overwhelmed with calls.

...

http://annanagurney.blogspot.com/2017/08/hurricane-harvey-texas-and-all-of-us.html

Tuesday, 29 August 2017 16:51

Hurricane Harvey, Texas, and All of Us

Protect your health and safety, follow state, local and tribal official instructions to shelter in place or evacuate

WASHINGTON – The federal government’s emergency responders continue to respond to states, local communities, and tribes as impacts continue across southeast Texas.

FEMA’s priority continues to be protecting the lives and well-being of those in affected areas; the federal government is focusing on search and rescue and first responder operations to ensure people who need help get assistance.   

FEMA urges those in the affected areas to follow the instructions of state, local, and tribal officials, including instructions to shelter in place or evacuate. Evacuees should not return to evacuated areas until they are told by local officials that it is safe to do so.

Federal resources are positioned closer to the impacted areas of Texas and Louisiana, and are ready to provide assistance as needed and requested by federal, state, local and tribal partners.

As of last night, FEMA had more than 900 Urban Search and Rescue (US&R) personnel working to save lives in south Texas.

Commodities are being strategically located at Incident Support Bases (ISB) near the impacted areas. As of yesterday, more than 1,000,000 liters of water, 1,000,000 meals, 20,520 tarps, and 70 generators are at the ISBs and staging areas in Texas and Louisiana. FEMA is providing around-the-clock staffing at its distribution center in Fort Worth, Texas, and is shipping additional commodities to ISBs and staging areas.

The overall federal response includes:

  • The National Emergency Medical Services activated a contract for 100 ambulances and 15 air ambulances for advanced and basic life support, and are staged in San Antonio, Texas.
  • Mobile Emergency Response Support (MERS) personnel and equipment are on the ground in Texas and Louisiana to support the states with secure and non-secure voice, video and information services for emergency response communications needs. The following teams and assets are on the ground in Texas:
    • 65 MERS personnel
    • 10 mobile communication office vehicles in support of US&R, IMAT, ISB, and survivor assistance.
  • The Incident Management Assistance Teams are in place at the Texas and Louisiana state emergency operations centers in Austin, Texas and Baton Rouge, Louisiana, to support requests for federal assistance. Additional teams continue to deploy as the response continues.
  • The National Business Emergency Operations Center remains activated and is facilitating critical life-saving and life-safety information to private sector stakeholders as they are communicating with employees in the impacted area and preparing to send additional relief supplies.
  • The National Flood Insurance Program has General Adjusters situated in Texas and Louisiana to support initial damage assessments and assist with positioning adjuster resources.
  • FEMA has more than 1,800 FEMA employees deployed in support of the response. They are supplemented by an additional 341 U.S. Department of Homeland Security (DHS) employees deployed as part of our surge capacity force. These surge capacity individuals begin rapid strike training today, and will be in the field shortly.

Ongoing Support and Preparedness Efforts:

The American Red Cross (ARC) continues to mobilize massive relief efforts to provide shelter, food and comfort. More than 1,800 people took refuge Saturday night in 34 Red Cross and community shelters in Texas.  In Louisiana, one shelter is open with 8 people there Saturday night.  Red Cross is directing people in need of shelter to call 1-800-REDCROSS (1-800-733-2767), visit http://www.redcross.org or download the Red Cross App.  Local officials can also provide information on shelters. Anyone who plans to stay in a Red Cross shelter should bring prescription medications, extra clothing, pillows, blankets, hygiene supplies, other comfort items and important documents. Bring any special items for children, such as diapers, formula and toys, or for family members who have unique needs. Red Cross is also directing people in life-threatening situations who need rescue to call 9-1-1 or the U.S. Coast Guard at (281) 464-4851.

The U.S. Army Corps of Engineers (USACE) has three divisions and five districts actively involved in the response. USACE has deployed liaison officers and subject matter experts to state and FEMA facilities to provide technical assistance, and a Prime Power Planning and Response Team, which includes temporary power restoration assets to the immediate vicinity. Additionally, USACE districts in affected areas continue flood-fighting activities such as stockpiling and issuing flood-fighting materials (sandbags and materials/fabrics that keep soil in place) to local government entities, and monitoring flood risk reduction projects in an effort to mitigate the effects of flooding in the area.

The Bureau of Safety and Environmental Enforcement is working with industry and state and federal agencies, to report the evacuation of offshore oil and gas platforms and rigs due to the storm. Personnel have been evacuated from 89 production platforms and four drilling rigs.

The U.S. Coast Guard (USCG) has over 420 personnel conducting operations in South Texas.  The Coast Guard had confirmed rescues of 2,000 multi-person cases in the Houston and Galveston area, with 16 helicopters in the air and 8 more inbound. The Coast Guard also has an additional nine teams onsite doing shallow water rescues. More information on USCG rescue operations is available on their website at:  http://www.news.uscg.mil/.

The Corporation for National and Community Service (CNCS) deployed more than 225 AmeriCorps members to the region to support American Red Cross shelter and feeding operations, and FEMA’s disaster damage assessments and logistics. These teams are trained to provide expert manpower for shelter operations, debris removal, and volunteer and donations management.

The Department of Defense (DoD) Defense Logistics Agency (DLA) is deploying the DLA Distribution Expeditionary depot package to FEMA’s ISB at Randolph Air Force Base, near Seguin, Texas.  DoD will provide a Search and Rescue (SAR) package to include two SAR planners, nine SAR rotary wing aircraft, two fixed wing aircraft, pararescue teams, and associated command and control elements. These SAR assets are deploying to Joint Reserve Base, Fort Worth, Texas. The DoD Defense Logistics Agency provided Logistics Management and Resource Support to include 11 generators, 50,000 gallons of motor fuel, and 50,000 gallons of diesel fuel.

The U.S. Northern Command is providing a Defense Coordinating Officer with supporting staff element (DCO/DCE) to support DoD regional knowledge, requirements validation, and liaison services, including State/Emergency Preparedness Liaison SEPLO/EPLO Teams as necessary.  DoD also provided Randolph-Seguin as an ISB/Federal Staging Area to support forward distribution of supplies/equipment to the affected area.

The U.S. Department of Energy (DOE) responders remain active at its sites in Washington D.C. and Texas. DOE is continuing to assess the situation, impact and needs in affected areas, and is continuing to provide situation reports at https://www.energy.gov/oe/downloads/hurricane-harvey-situation-reports-august-2017. Patience will be essential, since it may take time to both complete damage assessments, and for energy repair crews to begin their critical work of restoring energy supplies to affected communities. DOE is also working closely with the Energy Information Administration to assess any potential impacts to oil and natural gas from Tropical Storm Harvey.

The U.S. Environmental Protection Agency (EPA) Administrator Scott Pruitt, in coordination with DOE’s Secretary Rick Perry, yesterday requested to expand Texas’s emergency fuel waiver signed on Saturday. The waiver now includes the four-county Dallas-Fort Worth reformulated gasoline (RFG) area, the 98-county area required to use low volatility fuel, and the 110-county area required to use Texas Low Emission Diesel (TxLED).  The waiver helps ensure an adequate supply of gasoline is available in the affected areas until normal supply to the region can be restored.  EPA is continuing to actively monitor the fuel supply situation as a result of the storm, and is ready to act expeditiously if extreme and unusual supply circumstances exist in other areas.

The Federal Communications Commission (FCC) continues to monitor the status of communications networks and is coordinating with providers and government partners on communications status and restoration in the affected areas. The FCC released its first communication status report for areas impacted, the information is available at www.fcc.gov/harvey.

U.S. Department of Health and Human Services (HHS) Secretary Tom Price declared a public health emergency for Texas on Saturday to allow health care facilities to provide care unimpeded. In addition, HHS has more than 500 personnel on the ground in Texas and Louisiana and more than 1,000 on alert. They deployed approximately 53,000 pounds of medical equipment and supplies to support medical and public health needs in the affected areas. HHS helped arrange for evacuation of three Texas hospitals Saturday, and has begun working with state and local agencies to assess damage and needs of mental health centers, dialysis centers, pharmacies, and other critical health infrastructure.

The Department of the Interior (DOI) is expanding its support activities through six mission assignments, including the U.S. Geological Survey providing advance support, real-time field measurements, and daily reporting of water heights via deployed storm-tide sensors to help public officials assess storm damage, discern between wind and flood damage, and improve computer models used to forecast future floods. USGS is also supporting collection of remote-sensed imagery, updating coastal change forecasts based on storm surge forecasts, and liaising with the Texas State Emergency Operations Center.

The National Park Service (NPS) and Office of Aviation Services are expanding search and rescue activities, including use of Unmanned Aerial Systems (drones) for search and rescue operations and to provide imagery for identifying high priority search areas.

The National Guard Bureau (NGB) has over 1,000 service members in the region ready to move in for various assessment, search and rescue, and recovery missions, with approximately 3,000 service members activated last night.  NGB is closely coordinating with the Texas and Louisiana National Guard to ensure all requirements are met for forces and equipment. Guard members in Texas are prepared to support civil authorities by saving lives, preventing injuries and protecting property. NGB has also been messaging safety on social media at https://twitter.com/ChiefNGB.

The U.S. Postal Service is updating employees, residential and commercial customers through telephone call centers, traditional and social media. They are maintaining emergency operations centers to assess and direct resources and assets for mail support.  They have security and damage assessment of facilities underway, and are reviewing conditions for restoration of service on a case by case basis.  

The U.S. Department of Transportation (DOT) Operating Administrations are actively monitoring Hurricane Harvey and its impacts.   DOT has proactively issued emergency declarations to remove restrictions in order to hasten the delivery of emergency equipment and supplies to the region.   All of the Department’s administrations are poised to support the State of Texas with post storm recovery efforts.

The USA.gov and GobiernoUSA.gov are supporting federal agency messaging efforts on the USA.gov & GobiernoUSA.gov home pages and compiling federal agency updates and messaging on Tropical Storm Harvey pages, found at https://www.usa.gov/hurricane-harvey and https://gobierno.usa.gov/huracan-harvey.


 ###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

(TNS) - Bobby Lopez first tried calling 911 at about 3 a.m. Sunday.

The floodwaters that had gushed into his parents’ Houston garage were rising. The table where his mother, a partially blind and diabetic 60-year-old, sat with Lopez’s father and their 3-year-old grandchild would soon be engulfed.

He’d tried driving to them in his truck, but the roads were impassable.

Lopez said he tried calling again, and each time, he was told that dozens of people were ahead in line for help. His parents, too, had dialed 911.

So Lopez did what countless others have done in the wake of a storm that has devastated a region and overwhelmed emergency dispatchers: He took to social media in hopes that someone — anyone — would see the plea and come to his family’s rescue.

...

http://www.govtech.com/em/disaster/When-911-Failed-Them-Desperate-Harvey-Victims-Turned-to-Social-Media-for-Help.html

How would you rate your organization’s GDPR readiness? Hanzo CEO and Chairman Kevin Gibson offers five questions every compliance officer should be considering ahead of next May’s deadline for GDPR compliance. Specializing in heavily regulated industries, Hanzo is the world leader in the legally defensible capture, preservation and analysis of web and social content. Herein Kevin provides some concrete guidance on compliance in the face of the data protection regulations.

On May 25, 2018, the European Union (EU) will see a seismic shift in data security practices as the General Data Protection Regulation (GDPR) takes effect. Proactively working toward GDPR compliance before the deadline may be the difference between smooth or choppy waters, as any failure to comply with GDPR exposes organizations to fines of up to €20 million (US $23.5 million) or 4 percent of global revenue — whichever is higher. This is true not only for organizations headquartered in the EU, but also for any entity around the world whose business involves providing goods and services to EU citizens and therefore is privy to their personally identifiable information (PII).

Knowing the answers to five key questions will prove essential to becoming and remaining GDPR compliant and avoiding both fines and potential loss of business.

...

http://www.corporatecomplianceinsights.com/5-questions-compliance-asking-gdpr/

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

However, IT also brings its own risks of interruption and breakdown. These can then compromise the continuity of an entire organisation.

Consultancy firm EY published a report a little while back. Here’s an overview of some of the main drawbacks in using IT, with a few pertinent updates:

...

http://www.opscentre.com/is-it-getting-in-the-way-of-business-continuity/

Industry experts assert that because the manipulation and communication of information is now a core function of most organizations, comprehensive data management strategies are vital. But despite being mission critical, the data center often remains siloed –  a necessary, but not strategic, business service.

However, in an economic landscape defined by digital disruption, and where businesses are transforming at lightning speed, this is finally set to change. The innovations revolutionizing business – cloud computing, social media, mobile apps, the “big data” explosion and on-demand services – can only be delivered from purpose-built highly efficient data centers.

Getting the data center strategy right means that companies have an intelligent and scalable asset that enables choice and growth. But getting it wrong means their entire business could fail. For data center managers across the world, the pressure is unprecedented.

...

http://www.datacenterknowledge.com/archives/2017/08/24/why-business-continuity-is-the-final-word-in-the-build-vs-buy-debate/

 

Tropical Storm Harvey could be a hurricane with wind speeds of at least 111 mph and is expected to hit Texas Friday. Widespread flooding is a risk for Texas and neighboring states as public safety groups and communities prepare.

Esri, the leader in spatial analytics and mapping, has created a new Hurricanes and Tropical Cyclones Story Map that identifies the potential impact of the storm through a variety maps, including:

  • Public Information Map - identifies the current and recent location of Harvey as well as forecast positions and probable track; additionally, the shaded area is called the "cone of uncertainty," the likely path of the center of Harvey.
  • Impact Summary Map - shows the storm surge by identifying locations most at risk for life-threatening inundation from storm surge; accordingly, to Esri's data, the total population at risk is 248k people, 99k households, and 10k businesses.
  • Forecast Precipitation Map – forecasts the amount of rain expected within the next 72-hour period

This map is provided by the Esri Disaster Response Program.

The Business Continuity Institute

More of us are moving to cities than ever before, especially in the developing world, and this migration to urban centres and the growth of cities results in more complex challenges in urban planning such as traffic management, sanitation and healthcare, thus requiring smarter management. In the latest edition of the Business Continuity Institute's Working Paper Series, Gianluca Riglietti offers an overview of smart cities today, exploring the opportunities as well as the challenges they bring.

In the paper, Gianluca concludes that cyber resilience strategies will have to be implemented in order to mitigate the risks that could disrupt a smart city, and that business continuity is also necessary, alongside other management disciplines such as information security, to ensure ensure they operate smoothly. The analysis has shown that there is ground for collaboration and an overlap in terms of good practice across disciplines.

"This technology-driven approach is not always well received," says Patrick Alcantara, Research & Insight Lead at the Business Continuity Institute. "The reliance on connective technology raises questions related to resilience given its susceptibility to outage, failure or breach. Gianluca Riglietti’s paper addresses these concerns and provides an excellent foundation to explore how smart cities can change our lives. Using business continuity principles as a framework for building cyber resilience, he suggests a way forward for managing these smart cities."

Download your free copy of 'Exploring business continuity implications of smart cities vulnerable to cyber attack' to understand more about smart cities and the complexity of making them more cyber resilient.

The Business Continuity Institute

The Association of Banks in Singapore (ABS) recently conducted a large-scale industry-wide exercise for the financial sector involving simulated terrorist and cyber attacks (code-named Exercise Raffles) to test their business continuity arrangements.

The exercise was the fifth in the Exercise Raffles series with 139 financial institutions including banks, finance companies, insurers, asset management firms, securities and brokerage firms, financial market infrastructures, industry associations, the Singapore Exchange as well as the Monetary Authority of Singapore (MAS) participating in the Exercise.

The Exercise was also conducted with the support of the Ministry of Home Affairs, the Singapore Police Force, the Ministry of Communications and Information, the Cyber Security Agency of Singapore and the building and facilities management from approximately 50 buildings.

Mr Ho Kai Weng, Chief Executive of the General Insurance Association, said: “Recent developments in many countries around the world have highlighted the danger from cyber and physical threats. This exercise has emphasised the importance for the general insurance industry to collaborate in sharing information, undertaking active discussions and testing threat response and business continuity plans.”

During the Exercise, financial institutions practised established crisis management and contingency plans in response to simulated scenarios on terrorist attacks and cyber attacks that had disrupted operations and resulted in the unavailability of financial services.

Mrs Ong-Ang Ai Boon, Director of ABS, said: “The Exercise was valuable and provided an opportunity to practise coordination amongst the financial institutions, including crisis responses and sharing of information. The exercising of communication and co-ordination between financial institutions and authorities was intense and challenging. There are good lessons that the industry gained which will contribute towards enhancing the responsiveness and resilience of Singapore’s financial sector.”

Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.

Ms Pauline Lim, Executive Director of LIA Singapore added that, “As Singapore strives towards achieving our Smart Nation ambition, it also becomes increasingly critical for us to ensure that the level of protection we provide members of the community, and the integrity of our systems are not compromised. Today’s exercise highlights the importance of being crisis response-ready, and it is heartening to note the level of preparedness and swift actions of life insurers in effectively tackling the simulated crisis.”

thunderstorm 1761849 1920

You’ve finally got the right executive management team in place. Sales are at all all-time high, projections are better, and you’re running on all cylinders. Your CIO has provided an efficient platform to support the business. You are prepared to stifle the competition.

You and your team have thought of everything. However, there may be one consideration that you are missing. How will you deal with the inevitable discontinuity that may confront your business? Terrorism, weather conditions, civil disturbances, and fire are among the considerations that may force you to have alternate plans in place. If you leave the office at the end of business on Monday evening, and the workplace is not available on Tuesday morning, how will you conduct business? How will you interface with your customers, and more importantly, how will you prevent them from directing themselves to your competition? The answer is obvious, and rather simple. You need to have a business continuity plan, and to maintain an alternate site to do business in the event of a disruption. If you’re not doing the following, you are putting your company in real jeopardy.

During more than a dozen years in which I served as senior vice president of operational risk management at AXA Equitable, an insurance giant, we were faced with eight significant crises. Five of these involved loss of use of a principal facility. The major culprit was weather, but I was sure that we had appropriate plans in place to deal with any eventuality. Fortunately, we were able to sustain the business with no interruption in all these instances due to extensive prior planning.

Here are five key considerations to building a strong business continuity plan:

1. Conduct a business impact analysis

What are the core functions of your firm that have little or no tolerance for downtime? Obviously, your customer-facing functions fall within this category, but there are also a host of financial functions which do as well. At the conclusion of this analysis you should determine the number of “seats” to allocate to each critical business area. Remember that support functions such as Procurement, Facilities, and Human Resources can be critical in sustaining business operations, and also in the process of getting you back on your feet.

2. Identify a business continuity plan (BCP) strategy

You’ve identified the critical pieces of your operation. Now it’s time to be able to staff these functions at an alternate location. For example, if you’ve determined that your treasurers department needs to be allocated 24 workstations, you’ve got to build these “seats” at an alternate location, appropriately geographically dispersed from your primary location. The desktop at each seat must be individually imaged with the applications and software to enable that function to perform.

Determine whether you want to host your own BCP plan, or outsource. Outsourcing is generally more expensive. We hosted our own plan. I preferred self-hosting because we were operating in a company owned facility, with our own equipment. We had complete control of the space, and also the quality of the data residing on the desktops. I felt that we controlled our own destiny.

Again, ensure that your BCP site is a proper distance from your primary site. It should also be supported by a generator. On 9/11, a number of Wall Street firms found that their BCP sites, also located in Downtown NYC locations, were not inhabitable due to an area-wide lockdown in the aftermath of the tragedy. Ensure that you have a transportation plan to get employees to the recovery site.

3. Practice, practice, practice ...

The only thing worse than not having a plan, is having one, and not being able to properly execute. In 2004, NYC hosted the Republican National Convention. The two largest hotels in the city were occupied by a large number of convention delegates. Based upon reports that the delegates may be targeted at these locations, and the residual impact due to our proximity, a determination was made to run the business for two weeks from our recovery site. The feared protests never materialized, but in the end, we conducted an exercise which validated our crisis management and BCP programs. On an annual basis, we conducted an all-hands BCP drill. This continued to validate the functionality of our plan, and contributed to the overall “buy-in.”

I’ve often told my employees that we were in the business of sales. Our job was to convince our internal business folks to supporta mandate of preparedness in addition to their core responsibilities. This mindset ultimately became part of our culture.

4. Develop a remote access program

This is a great complement to your recovery site. It enables you to bring more people back to work quickly. Do an inventory of those employees who are assigned laptops. For employees not assigned laptops, remote access software enables employees to mirror a workplace computer via their home desktop. This is also a useful strategy for instances where employees are not able to travel due to weather or other conditions.

5. Communications

I believe that communication is the single most important aspect of crisis management. Effective communication helps to control the intensity of a crisis. Employees can be directed, and kept in the loop with an automated notification system, such as Onsolve or Everbridge. Crisis managers, who previously depended on manual process, can now use a tool, GroupDoLists, which serves as a repository for all BCP and CM documentation. It pushes out tasking to team members during a crisis, and reports their progress in real time. An effective way to keep executive management in the loop on their smartphone or laptop.


A 26-year career in the Secret Service has infused a mindset of preparedness. The keys to success in this discipline are advanced preparations, training, and the smart use of technology. I strongly believe that companies seeking a competitive edge must be prepared to deal with unforeseen events. Every move a business makes is transparent today. Customers watch how your company is handled in a crisis. If your company fumbles a disaster, your customer may decide to shop elsewhere.

Author Info:
Dowling PeterPeter Dowling, 26-year veteran of the Secret Service, 12 years in operations risk management with AXA. Today, Dowling works as a special advisor to the CEO for GroupDoLists, Powered By Centrallo.

The Business Continuity Institute

Employer confidence in the UK economy has moved into negative territory, according to the latest JobsOutlook survey by the Recruitment and Employment Confederation (REC). The net balance fell from +6% last month to -3% in the latest report, as a third of employers (31%) now expect the economy to worsen, while only 28% expect it to improve.

On a positive note, employers are still looking to hire, with one in five (19%) planning to increase their permanent headcount in the next three months. Confidence in making hiring and investment decisions remains positive with a net balance of 10%, but is at its lowest for the past year. The study also showed that four in ten (40%) employers have no spare capacity and would need to recruit to meet additional demand.

Kevin Green, Chief Executive at REC, commented: “This drop in employer confidence should raise a red flag. Businesses are continuing to hire to meet demand, but issues like access to labour, Brexit negotiations and political uncertainty are creating nervousness. Employers in the construction sector are especially concerned as they rely heavily on EU workers to meet the growing demand for housing and to support the government’s infrastructure plans.

"The added factor of dropping consumer confidence is putting some businesses on edge. If people reduce their spending, businesses will be impacted. The government must do more to create an environment where businesses have clarity. That means clearly laying out what Brexit plans look like and how employers can keep recruiting the people they need from the EU.”

Cisco partners will be able to resell Veeam backup products beginning this fall, Veeam announced in a new blog post.

The move is set to become official in early October, when Veeam is added to the Cisco Global Price List.

“This will enable Cisco and its resellers to deliver Veeam Availability solutions as easily and simply as any Cisco hardware or software product,” Veeam co-president and CEO Peter McKay wrote in the blog post.

...

http://mspmentor.net/vendor-relations/cisco-adding-veeam-global-price-list-october

Although it seems that enterprises are flocking to the cloud for their IT needs, data storage in particular, a new survey from DataCore Software suggests that a good number of organizations are running into trouble during the transition.

"Challenges and false starts with technologies have introduced reluctance in the industry to fully commit to software-defined, hyperconverged or a hybrid data storage infrastructure," wrote Paul Nashawaty, product evangelist and director of Technical Marketing at DataCore Software, in a blog post. "Until recently, the promise of cloud, ease of use, and faster application performance have fallen short of expectations."

Some of those expectations include storage services that don't break the budget.

...

http://www.enterprisestorageforum.com/storage-management/enterprises-encounter-cloud-storage-cost-and-management-challenges.html

According to Webster, resiliency is:

1. the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress
2. an ability to recover from or adjust easily to misfortune or change

I think that the word has more depth to it which can best be seen by looking at some examples that history provides us with.

To me, resiliency is defined as General Washington and his exhausted men, many of which didn’t even have shoes, dealing with brutal winters and endless setbacks and still managing to defeat the British in the decisive battle at Yorktown to win the Revolutionary War. Washington and his men’s’ resiliency won that war.

...

http://resqdr.com/resiliency/

Thursday, 24 August 2017 14:41

Resiliency

The Business Continuity Institute

There is considerable room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters, according to a study conducted across Austria, England and Romania. The study, published in the journal Risk Analysis, provides a detailed look at different public and private incentives for risk reduction and their association with actual risk reduction behaviour.

"Currently neither insurance nor governments successfully encourage risk reduction. Increased and more targeted efforts particularly from local authorities will be important, and have the capacity to change the picture. This will be exceedingly important considering extreme events from climate change," says IIASA researcher Susanne Hanger, who led the study. "This in turn is important for insurance to remain viable and for governments to not overspend on disaster aid."

The study also finds little support for the idea that compensation for flood damage make people less likely to take personal risk reduction measures, such as taking actions to prepare for an eventual flood or installing structures or technologies that can help protect homes from damage. Instead, the study finds that neither private insurance nor public compensation after a disaster is linked to less risk reduction at an individual level.

In Austria for instance, post-disaster relief is available from the government in the form of a catastrophe fund. Yet Austrians had taken more structural measures to protect their homes (45%) than Romanians (23%) or the English (19%), who have less access to public assistance after disasters. For awareness and preparedness measures, Austrians were equally likely to have taken awareness and preparedness measures compared to the English and Romanians.

While the researchers found no link between post-disaster compensation and reduced individual preparation, they did find a connection between public infrastructure measures such as flood dams, which may be linked to a sense of increased safety. In both England and Austria, the researchers found that public risk reduction infrastructure, such as dams and levees, were associated with a lower rate of individual investment in risk reduction measures.

Interestingly, in Romania neither insurer nor government efforts showed any effect on household risk reduction behaviour. Hanger speculates that this may be a result of insufficient public capacity to provide this kind of support. In England, the study shows that national efforts by the UK government to inform the public about disaster risk reduction have reached many households, which is positively associated with preparedness. In Austria, where national level information efforts are limited, households respond almost exclusively to local awareness raising and support.

Across all countries, the researchers find room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters. Instead of increasing efforts to privatize all flood risk insurance, Hanger says, "We need to better coordinate public and private schemes in order to design not only efficient, but also socially just and politically feasible solutions."

Key Considerations to Facilitate Smooth M&As

As the list of cybersecurity breaches grows daily and headlines grow more shocking – think Home Depot, Target, Anthem, Yahoo!, WannaCry – the importance of cybersecurity in M&A due diligence has correspondingly increased. Do you want to purchase a company that’s been compromised? How would you know even know if it’s been breached? 

Corporate directors have cited the importance of cybersecurity for M&A targets as increasingly significant, according to 77 percent of a recent study’s respondents, but it continues to be treated generally, putting companies at risk.

At the highest level, buyers should ask the following questions as it relates to cybersecurity during the due diligence process:

...

http://www.corporatecomplianceinsights.com/5-hidden-pitfalls-cybersecurity-due-diligence/

In last week’s blog, we discussed why you should invest in a business continuity (BC) program. One point we made was that insurance against loss is typically not enough, so the additional value provided by a business continuity plan and program are needed. It’s important to know the differences between business continuity and insurance, and why insurance should be a part, but not the entirety of your business continuity plan.

The Difference Between Business Continuity and Insurance

Before we consider the differences, it is relevant to understand that business continuity is a form of insurance. The insurance we are comparing BC to is a contract of coverage where a party agrees to indemnify or reimburse another party for a defined loss under specific and defined conditions.

...

https://www.mha-it.com/2017/08/business-continuity-and-insurance/

Rackspace, one of the major forces behind the open source cloud infrastructure project OpenStack, this week announced general availability of its new Rackspace Private Cloud, which is built on the VMware Cloud Foundation virtual stack.

The new Rackspace Private Cloud enables scalable, software-defined data center (SDDC) capabilities, including compute, storage networking and security.

A hosted model allows customers to hand off their IT infrastructure operations and take advantage of around the clock Rackspace support for help with migration, architecture, security and overall operation.

...

http://www.datacenterknowledge.com/archives/2017/08/22/rackspaces-private-cloud-built-on-vmware-now-in-ga/

(TNS) — In 1992, we were glued to our transistor radios or battery-powered TVs as weatherman Bryan Norcross guided us during and in the aftermath of the devastating Hurricane Andrew. Old school? You bet. Now, when another hurricane strikes, a whole army of technology will attempt to take his place.

In the early 1990s, the World Wide Web was in its infancy and the Miami Herald and other media companies weren’t online yet. Cellphones weren’t prevalent, and they sure weren’t smart. And social media? Facebook and Twitter weren’t even around for a test drive in the 2004-05 hurricanes.

Today, the experts get the lights back on, the cellphones ringing and the internet connections restored with the help of COWS (Cell on Wheels), drones and other smart technology to pinpoint problems and speed recovery.

...

http://www.govtech.com/em/disaster/When-the-Next-Hurricane-Strikes-Much-More-Technology-Will-be-on-Our-Side.html

Many companies boast about having a culture of innovation, but, as Cutter Consortium Fellow Steve Andriole writes, they in fact don’t. Instead of breaking free of their cultural constraints to truly innovate, they continue innovate in the past; that is, toward business models, processes, and technologies that are anchored solidly in the 20th century. To break through and become truly innovative Andriole advises organizations study what the best innovators have done and try to repeat their successes by following the formulas that have worked for the most successful innovators.

So what do the best companies do? How do they make the list of most innovative companies? In The Heart of Innovation: Best Practices from the Best Companies, Andriole offers a list of some of the best practices, especially as they apply to digital transformation:

...

http://blog.cutter.com/2017/08/22/wondering-what-are-the-best-innovation-practices/

Investing in private data centers isn’t as much of a priority for IT organizations as it was just several years back. That’s a takeaway from IT researcher Computer Economics’ annual IT Spending and Staffing Benchmarks report, which for 28 years has taken a deep-dive into the financial and strategic management of information technology. For this year’s study, more than 200 IT organizations were surveyed during the first half of 2017.

According to the report, data centers now have the lowest priority for new spending among a list of five categories. Top priority is given to the development of business applications, a category in which 54 percent of respondents plan increased spending. However, only 9 percent have plans to increase data center spending, which the study attributes to increasing reliance on cloud infrastructure, cloud storage, and SaaS, a conclusion borne out by 32 percent of respondents indicating they plan increased spending on network infrastructure.

“As a sign of the data center’s demise as a priority, end-user technology, including PCs and printers, has passed the data center, and for the first time data center is the spending category with the lowest priority,” the report said.

...

http://www.datacenterknowledge.com/archives/2017/08/22/survey-on-prem-data-centers-lowest-investment-priority-for-it-shops/

If you’re a business owner, you have a lot on your plate. Managing day-to-day business operations along with strategy for growth can leave you spent. Adding concern about infrastructure capabilities to your list of to-dos can be overwhelming. Simply put, is time spent worrying about changing infrastructure needs the most productive use of your time?

Utilizing an MSP who specializes in infrastructure as a service can minimize technology spend, provide scalability and agility, and enhance your business offerings. When your business grows, you should be able to enjoy the fruits of your labor rather than worry about whether or not your technology can keep up with demand. Trusting your infrastructure needs to a team of experts who are well versed in scalability allows you freedom to focus on growth.

What motivates you to consider trusting an MSP with your infrastructure needs? Most commonly, companies look to an MSP to cut costs, manage capacity, scale solutions, and provide disaster recovery and business continuity.

...

https://continuitycenters.com/use-managed-infrastructure-reach-new-heights/

The Business Continuity Institute

The UK's top firms and charities urgently need to do more to protect themselves from online threats, with 1 in 10 FTSE 350 companies operating without a response plan for a cyber incident, and only 6% of businesses completely prepared for new data protection rules, according to the UK Government's FTSE 350 Cyber Governance Health Check.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68%) despite more than half saying cyber threats were a top risk to their business (54%).

There has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53% up from 33%) and more than half of businesses having a clear understanding of the impact of a cyber attack (57% up from 49%).

Separate research which looked at cyber security in charities has found that third sector organizations are just as susceptible to cyber attacks as those in the private sector, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities. Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.

Minister for Digital Matt Hancock said: "We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right. These new reports show we have a long way to go until all our organizations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training. Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre."

Where charities recognised the importance of cyber security, this was often due to holding personal data on donors or service users, or having trustees and staff with private sector experience of the issue. Charities also recognised those responsible for cyber security need new skills and general awareness among staff needs to raise.

Helen Stephenson CBE, Chief Executive at the Charity Commission for England and Wales, said: "Charities have lots of competing priorities but the potential damage of a cyber attack is too serious to ignore. It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation. Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security."

The Horizon Scan Report, published by the Business Continuity Institute, showed that it didn't matter whether an organization was private, public or third sector, by and large they will all share the same risks, and the greatest of those being cyber attacks.

Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.

Between cognitive biases, errors in processes, and poor enterprise alignment, there’s lots to get wrong!

We can’t claim to be encyclopaedic on the subject, but if you’re a risk manager, a business continuity manager or just a manager trying to avoid accidents, here are three categories of pitfalls to watch out for.

...

http://www.opscentre.com/risk-assessment-pitfalls-watch/

Tuesday, 22 August 2017 15:08

Risk Assessment Pitfalls to Watch Out For

I’ve spent much of my career focused on enterprise backup, recovery and disaster recovery. Two big shifts in the market have taken many vendors and IT professionals by surprise: First, new application platforms are not just cloud-first, but often touch multiple clouds. Second, ransomware attacks against these same platforms are emerging as a very significant threat.

Prevention is a critical part of an overall protection strategy to combat ransomware. But given the rapidly evolving threat, it’s likely that even organizations with strong security technology and policies will be affected.

While CIOs and IT administrators evaluate the strategies and dangers posed by these attacks, there are additional steps to help ensure protection through data backup. Backup strategies won’t necessarily prevent an attack from occurring, but can serve as a crucial last line of defense enabling organizations to destroy all affected data and then restore it from a backup taken before the data was infected.

...

http://www.datacenterknowledge.com/archives/2017/08/21/face-ransomware-cloud-data-safe/

In a 2017 survey across six major industries, 51% of executive leadership and IT managers rated ransomware as the biggest security threat to their organizations. Why is this?

A single ransomware attack can halt an organization with sophisticated encryption methods that lock computers and make data inaccessible. When IT departments and business leaders don’t act fast in this scenario, they risk losing sensitive information and assuming a significant reputational impact if news of the breach leaks to the public.

So how does Disaster Recovery-as-a-Service (DRaaS) fit into ransomware mitigation? Bluelock has created a white paper on the subject that explains how. With tips to recover from any cybersecurity breach, readers will learn how to manage risk, ensure recovery and—most importantly—establish a strategy to secure data for the future. Read it here.

...

https://www.bluelock.com/blog/resolve-ransomware-draas/

Monday, 21 August 2017 20:44

How Do You Resolve Ransomware with DRaaS?

In our Data Center Destinations series, From the Racks takes a look at locations that are thriving hubs for data center innovation and construction. These places are grabbing the attention of data center providers and enterprises.

Previously, we’ve discussed the data center draw to Toronto and Ashburn, Virginia. For this spotlight, we’re looking at Chicago – one of the liveliest and most active data center markets in the U.S. 

What’s Driving Demand?

Because it is the third largest city in the U.S. and serves as headquarters for several Fortune 500 companies, it’s not a surprise that Chicago is a featured data center destination. And with so many large industries thriving in the area (e.g. financial services, telecom, healthcare, insurance, tech, etc.), minimal latency is a necessity. This, in turn, is driving both downtown and suburban expansion for data centers.

...

http://blog.dft.com/spotlight-on-the-dynamic-chicago-data-center-ecosystem-data-center-destinations

The Business Continuity Institute

The risk of a data breach is increasing in the retail industry as retailers accumulate more and more personal information on their customers as part of their ‘Big Data’ initiatives. As such, the number of retail businesses reporting data breaches to the Information Commissioner's Office has doubled in just one year, jumping from 19 in 2015/16 to 38 in 2016/17, says law firm, RPC.

The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in store mean that even a small multiple retailer will be gathering exactly the kind of data that hackers will be looking for, and the retail industry is beginning to feel the pressure to invest more heavily in cyber security.

The regulatory burden and financial risks involved in a data breach will increase substantially when the General Data Protection Regulation (GDPR) comes into force in May 2018. These rules will make reporting breaches mandatory. As companies are not currently required to report every attack they suffer, the actual number of data breaches in the retail sector is likely to be even higher.

Jeremy Drew, Partner at RPC, comments: “Retailers are a goldmine of personal data but their high profile nature and sometimes ageing complex systems make them a popular target for hackers. There are so many competing pressures on a retailer’s costs at the moment – a rise in the national minimum wage, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

Jeremy Drew added: “As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained. No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”

(TNS) - In anticipation of a large influx of visitors through the solar eclipse Monday, area emergency response organizations and health-care providers are finalizing areawide plans to respond to potential emergency situations.

“This is fairly unprecedented, uncharted territory,” said Brady Dubois, Mosaic Life Care medical center president. “We are absolutely hopeful that it’s a Y2K-type event and nothing ends up happening, but we know that if we don’t prepare for it, then we are not going to be able to handle it if it happens.”

Mosaic Life Care, Buchanan County, Mo., Emergency Management and other area health-care providers have spent almost the last year coordinating large-scale plans to respond to emergency medical situations through the end of the solar eclipse Aug. 21. Much of the additional response will start over the weekend.

...

http://www.govtech.com/em/disaster/Eclipse-Emergency-Response-a-Region-Wide-Effort.html

The Business Continuity Institute

By 2100, two in three people living in Europe may be affected by weather-related disasters, according to a study published in The Lancet Planetary Health which sheds light on the expected burden of climate change on societies across Europe.

The study analyses the effects of the seven most harmful types of weather-related disaster - heatwaves, cold snaps, wildfires, droughts, river and coastal floods, and windstorms - in 28 European Union countries, as well as Switzerland, Norway and Iceland. The projected increases were calculated on the assumption of there being no reduction in greenhouse gas emissions and no improvements to policies helping to reduce the impact of extreme weather events (such as medical technology, air conditioning, and thermal insulation in houses).

"Climate change is one of the biggest global threats to human health of the 21st century, and its peril to society will be increasingly connected to weather-driven hazards," says lead author Dr Giovanni Forzieri of European Commission Joint Research Centre in Italy. "Unless global warming is curbed as a matter of urgency and appropriate measures are taken, about 350 million Europeans could be exposed to harmful climate extremes on an annual basis by the end of the century."

The study estimates that heatwaves would be the most lethal weather-related disaster, and could cause 99% of all future weather-related deaths, increasing from 2,700 deaths a year between 1981-2010 to 151,500 deaths a year in 2071-2100.

It also projects substantial increases in deaths from coastal flooding, which could increase from six deaths a year at the start of the century to 233 a year by the end of the century.

Comparatively, wildfires, river floods, windstorms and droughts showed smaller projected increases overall, but these types of weather-related disaster could affect some countries more than others. Cold snaps could decline as a result of global warming, however the effect of this decline will not be sufficient to compensate for the other increases.

Due to projected increases in heatwaves and droughts, the effect is likely to be greatest in southern Europe where almost all people could be affected by a weather-related disaster each year by 2100, projected to cause around 700 deaths per every million people each year.

Comparatively, in northern Europe, one in three people could be affected by a weather-related disaster each year, resulting in three deaths per every million people each year.

Climate change is likely to be the main driver behind the potential increases, accounting for 90% of the risk while population changes such as growth, migration and urbanisation account for the remaining 10%.

"This study contributes to the ongoing debate about the need to urgently curb climate change and minimise its consequences. The substantial projected rise in risk of weather-related hazards to human beings due to global warming, population growth, and urbanisation highlights the need for stringent climate mitigation policies and adaptation and risk reduction measures to minimise the future effect of weather-related extremes on human lives." adds Dr Forzieri.

Adverse weather, which includes such events as heatwave, featured fifth in the list of concerns that business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report. Climate change is not yet considered an issue however, as only 23% of respondents to a global survey considered it necessary to evaluate climate change for its business continuity implications.

Politics in career progression, in investments, in enterprise projects – but in business continuity as well?

You might think that business continuity was immune to such ideas – Either a business is functioning properly (BC works) or malfunctioning, possibly to the extent of breakdown (BC needs to be fixed). Yet the planning and processes of business continuity itself are subject to internal political pressure. Here are a couple of things you might reflect on, so that at least you can BC manage around them, even if you can’t prevent them.

Long-standing business continuity vulnerabilities can be difficult to handle, when their longevity is due to senior managers deliberately turning a blind eye.

Putting such risks into the spotlight can be seen as a threat to the credibility and reputation of those who chose to ignore it. The only way to address such risks correctly may be to gather suitable data, and present it to those who need to know or who should know better, being ready to take it to higher levels if necessary.

...

http://www.opscentre.com/politics-interfering-business-continuity/

(TNS) — An earthquake early warning system that could give residents up and down the West Coast precious extra seconds to prepare for impending shock waves has taken a step forward.

The U.S. Geological Survey has awarded $4.9 million to six universities and nonprofits governed by universities to support the ShakeAlert earthquake early warning system, according to a news release.

Also, the USGS purchased nearly $1 million in new equipment to expand and improve the system.

ShakeAlert is a product of the USGS Advanced National Seismic System, a federation of national and regional earthquake monitoring networks throughout the country, including networks along the West Coast and Nevada.

...

http://www.govtech.com/em/disaster/US-Geological-Survey-Makes-Moves-to-Expand-Improve-Earthquake-Early-Alert-System-EM.html

In the third piece of our Business Continuity 101 Series, we delve into why organizations invest in business continuity, dispelling common BC misconceptions, and explaining value-based BC investment.

A common point of confusion for new BCM practitioners is the why and how of implementing a business continuity (BC) program. What are, or should be, the drivers for implementation and on-going, continual improvement? Most organizations consider business continuity as a form of insurance or a cost to be minimized. We agree that BC is related to insurance; it is there to ensure that an organization remains whole during an emergency event. We would say that costs associated with BC should be appropriate. There is no reason to overspend on recovery solutions, but it is risky to underspend as well. BC should be implemented as any other function that is not profit generating.

...

https://www.mha-it.com/2017/08/why-organizations-invest-in-business-continuity/

BATON ROUGE, La. — A public-private partnership continues to help Louisiana communities recover from the August 2016 floods and become better prepared for future disasters.

The partnership includes members of the private sector, local and state governments and various federal agencies. Recovery accomplishments include:

  • The Louisiana Disaster Recovery Alliance created a guide of available resources to help families and communities recover from the August 2016 floods. The alliance is a group of philanthropic organizations and state and federal recovery partners.
  • The state created the Louisiana Supply Chain and Transportation Council to make the state’s transportation systems more resilient. The council consists of officials from state and federal agencies, academic institutions and private sector leaders.
  • The state also launched the Louisiana Housing Heroes initiative. This governor-championed initiative identifies landlords, property owners and managers in disaster-designated parishes who agree to make affordable homes, apartments and other housing units available to displaced flood survivors.  
  • Recovery partners continue to meet with communities to help them implement resiliency and recovery strategies.

The partnership’s various federal agencies work with communities to address recovery challenges. Specialists have coordinated with community leaders and recovery partners to find solutions to housing needs, rebuilding the economy and infrastructure, preserving heritage and maximizing resiliency.

Below are the federal agencies consulting with affected communities and what they’re helping with:

  • Community planning and capacity building, FEMA;
  • Economic recovery, U.S. Department of Commerce;
  • Health and social services issues, U.S. Department of Health and Human Services;
  • Housing, U.S. Department of Housing and Urban Development;
  • Infrastructure systems, U.S. Army Corps of Engineers; and
  • Natural and cultural resources, U.S. Department of Interior.

 

With just a few months remaining to become compliant with the Centers for Medicare and Medicaid Services (CMS) emergency preparedness regulations, healthcare providers and suppliers are ramping up their efforts to ensure their organizations will meet the CMS emergency preparedness deadline of November 15, 2017. Is your facility ready?

To be compliant with the new emergency preparedness guidelines, CMS requires that your plan consists of four integral parts:

  1. Emergency Preparedness
  2. Communications
  3. Policies and Procedures
  4. Training and Testing

This blog will focus on the communications section of these guidelines and how your organization can work towards compliance in a way that is most beneficial for your facility.

...

https://www.alertmedia.com/cms-guidelines-communications-plan

Security incidents within law firms have been growing as a threat because cybercriminals are recognizing the pivotal role firms play in housing sensitive client information for legal proceedings. Because of this, attackers have begun to target the legal industry with unprecedented force. Even the largest and most prestigious firms with best-of-breed cybersecurity solutions are no longer immune to intrusions.

Clients and auditors have recognized this increased attention on the legal industry, and have begun to pressure their law firms for more evidence of protection and recoverability. For example, a recent survey* of the legal industry found that 42% of respondents stated an increase in client concerns about IT operations and data retention, and 51% agreed that audits and regulations are an increasing pressure. Law firms must now provide proof to these constituents of a robust cybersecurity stance.

For this reason, Bluelock now offers a Cyber Threat Health Review, a professional service engagement for law firms seeking to mitigate risk from ransomware and other cyber threats. This review is a low-commitment, high-impact analysis of current data protection technology and policies designed to minimize data loss and operational downtime. It covers the core components of the firm’s threat protection, detection and recovery response strategies.

With over a decade of experience helping clients maintain and protect critical workloads, Bluelock’s expert team reviews existing security practices with a specific focus on how to respond to threats. Organizations that engage in the service receive face-to-face education and practical guidance to increase resilience and protect customer confidence.

The Cyber Threat Health Review process includes the following steps:

  1. Survey and Interviews: Relevant information is collected via surveys and phone interviews
  2. Onsite Education: Our team provides education to staff and executives for best practices
  3. Detailed Analysis: Our team reviews policies and technology for gaps and opportunities
  4. Onsite Delivery of Action Plan: Details risk profiles and action plan from our analysis

For more information, visit https://www.bluelock.com/cyber-health/.

* “2016 IT Disaster Recovery Planning and Preparedness Survey.” ALM and Bluelock, October 2016.

...

https://www.bluelock.com/blog/bluelock-now-offers-cyber-threat-health-review-law-firms/

The Business Continuity Institute

When the United Kingdom exits the European Union, the four freedoms that currently exist will be no more. The free movement of goods, services, capital and people will probably be gone, and more restrictions will be placed on their movements across borders. The free movement of people is the primary reason that many people voted to leave the European Union in the first place.

With mainland Britain, it is relatively easy to be restrictive with what comes in and out of the country as there are no borders with another country so anything or anyone coming in or out is funnelled through a specific location – airport, port or station. In Northern Ireland however, which obviously will exit the EU, the situation is slightly more problematic as the country shares a land border with the Republic of Ireland stretching over 300 miles (or 500 kilometres depending on what side of the border you are on).

There are now many different possibilities for what could happen to this border in a post-Brexit world, and these range from the status quo with people free to cross without any restriction, to a hard border with checkpoints at all the crossings, although building a wall might be a little bit extreme. With the former, this undermines the whole point of Brexit which was to end the free movement of people between the EU and the UK, and so prevent too many people from entering the UK. With the latter, it will undermine the peace process brought about by the Good Friday Agreement that sought to remove border infrastructure and checkpoints that were symbolic of threat of violence that existed during The Troubles.

A middle option that has been suggested is a soft border between the north and the south, but a hard sea border. This would effectively keep Northern Ireland within the EU, but out of the UK, so is not likely to be a preferred option for any Unionists who will see this as a stepping stone toward reunification with the south.

A hard border between the north and the south may not be an issue for big businesses who I'm sure will find an adequate solution regardless of the outcome. The issue will mostly be with the small businesses situated near the border that rely on trade with the other side of the border – a local market in which the border, for now, is an irrelevance. Figures suggested that 80% of trade across the Irish border is carried out between SMEs.

Organizations on both sides of the border need to consider how the different options would affect them and then consider what measures they could put in place to lessen the impact. Organizations need to monitor the negotiations closely to see how the potential for disruption is developing to ensure that they are ready to face any challenges that come their way.

Of course it is also worth noting that this is not just an issue for the Irish border, it will also become an issue at the border between Spain and Gibraltar where people routinely cross on a daily to trade or work on the other side of the border. Arguably it will be more problematic in this situation as tensions are slightly greater between the two countries on either side of the border.

So what steps has your organization taken to prepare itself for Brexit?

Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Wednesday, 16 August 2017 15:39

BCI: Controlling the Irish border after Brexit

The Business Continuity Institute

Such is the high calibre of the Business Continuity Institute’s research output, that its latest publication – the 2017 Cyber Resilience Report – is to be used as part of the teaching programme by Cranfield University, the UK’s only exclusively postgraduate university, and a global leader for education and transformational research in technology and management.

The BCI’s Cyber Resilience Report, a study of the cause and consequence of cyber disruptions affecting organizations across the globe, will be used as part of the teaching programme for the MSc in Cyber Defence and Information Assurance. The report will form the basis of in-class and online discussions as part of the degree’s focus on real-life issues.

Dr Ruth Massie MBCI, Programme Director for the Cyber Masters Programme and long standing Member of the BCI, said: “It’s important that students get the opportunity to understand not just the causes of cyber related interruptions but the size and scale of the consequences. This report gives students the opportunity to understand and discuss these issues in a leadership context.”

“This is an encouraging demonstration of the high regard with which our research is held,” said Deborah Higgins FBCI, Head of Professional Development at the BCI. “We know that people working in the industry value our research, but to have it featured within the teaching programme of such a prestigious university as Cranfield helps reaffirm our status as a thought leader in the field.”

Cranfield’s MSc in Cyber Defence and Information Assurance is designed to develop professionals who can effectively manage and exploit the threats and opportunities of cyberspace at the organizational level. The course specifically focuses on responses to serious present and emerging threats in the information domain, and is aimed at mid-career professionals who need a broad understanding of cyber leadership.

The Business Continuity Institute

The importance of managing internal threats to win at cyber security has been emphasised in a study by Haystax Technology and SANS which found that 40% of respondents to their survey rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced.

Furthermore, Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey revealed that nearly half (49%) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.

"We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it," said Haystax CEO, Bryan Ware. "Existing tools aren't smart enough, or don't have the context needed to identify malicious insiders. What's needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers."

Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders. A third of survey respondents (34%) have these tools and technology, but have not used them operationally and more than a third (38%) of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.

"It is misleading to see that 60% of respondents said they had not experienced an insider attack," said SANS instructor and survey report author, Eric Cole, PhD. "The rest of our data indicates that organizations still are not effective at detecting insider threats, so it's clear that most either didn't notice threats or attacks, or didn't realize those incidents involved malicious insiders, or outsiders using compromised insider credentials."

(TNS) — “I don't know where my husband is! Where is he?" screamed Kay Kay McDermott, blood streaming down her face from a large laceration as emergency responders helped her from the wreckage of a train at the Lamy train station one morning last week. Meanwhile, her husband, Stacy McDermott, gritted his teeth against the pain of a fractured leg; some of the bone had forced its way through the skin.

Fortunately, the injuries of the Edgewood couple were nothing more than special-effects makeup and the "wreckage" was actually a fully functional and intact Rail Runner Express car.

The pair were among around 100 actors that assisted with an emergency preparedness exercise involving the New Mexico, Ohio, Oklahoma and Louisiana National Guards and local, state and federal agencies in Lamy on Tuesday.

...

http://www.govtech.com/em/training/As-Real-as-Possible-Emergency-Preparedness-Exercise-Hones-Rescue-Skills.html

For Denali Advanced Integration, the stakes couldn’t be higher.

A massive former client – Columbia Sportswear Company – is accusing the Redmond, Wash.-based reseller and IT services provider of hacking into its systems to access emails and other data that Denali could use to win more business from the apparel maker.

Denali says that Columbia has yet to hand over enough information for the services provider to determine the scope of any intrusion.

If it did occur, Denali said, it was the work of a rogue former chief technology officer and that the company had no knowledge of what was going on.

...

http://mspmentor.net/technology/msp-fights-costly-fraud-lawsuit-its-insurer-bolts

Cutter Consortium Senior Consultant Pete Kaminski has been looking at the business risks posed by software, and how to mitigate them. He gives context to the issue this way:

“Driving business risk down is just smart business. Software-related business risk is an increasing portion of business risk, so knowing how to assiduously reduce software risk has become part and parcel of today’s business reality. Fortunately, there is an array of tools and methods that you can apply across your portfolio of software assets and development projects to manage software risk, which we’ll explore in this Executive Update. Industrializing software risk management is critical for organizations in the digital age. It unleashes the “smarts” in developers so that they can work on the difficult parts of building and delivering applications for the future, while ensuring current, past, and future risk is baked out of applications, putting both human intelligence and software intelligence to their best use.

“Risk can be measured and mitigated at two complementary levels: the component level and the overall system level. There are powerful static code analysis tools available for both levels. Choice of analysis type depends on where the system is within its development and operation lifecycle of the software portfolio.

...

https://blog.cutter.com/2017/07/11/9648/

People, products, processes, and partners are the four “P”s of IT service design in a lifecycle model for IT services, but is there something missing?

The IT service design stage is part of a lifecycle, such as the five-phase lifecycle of service strategy, service design, service transition, service operation, and continual service improvement.

At the design stage, needs and requirements (gathered during the previous strategy phase) are translated into corresponding IT services. But is there a mechanism to ensure that those services will then in turn satisfy the users for which they are destined? Designing in an additional “P” feature could help.

The idea for the additional “P” feature comes from the world of supply chain. When enterprises make and ship goods and services to end-customers, they may use the “perfect order rate” as a measure of success.

...

http://www.opscentre.com/cthe-four-no-five-ps-service-design/

The Agile methodology has been touted for years as a software development approach. Since its inception, various industries have adopted Agile principles beyond that original scope.  For these not-so-traditional undertakings, each organization must apply Agile principles in the context of its organization and selectively jettison those characteristics of the method that aren’t fit-for-purpose.

Just as Agile practice has diverged from its origins, there has also been a shift in Analytics: specifically, predictive and prescriptive analytics from the Technology-to-Energy industries.  Where many industries  have utilized Big Data platforms and data science algorithms for years, oil & gas is only beginning to realize their power.

...

http://www.enaxisconsulting.com/the-path-to-victory-agile-for-analytics-blog/

Tuesday, 15 August 2017 14:49

The Path to VICTORY: Agile for Analytics

Oracle is now offering its Exadata database technology on bare-metal servers available as a cloud service.

The Exadata Database Machine is an appliance that usually lives in the customer’s own data center. It integrates Oracle’s database software, servers, storage, and network connectivity, all meant to make it easier for enterprises to deploy and manage on-premises.

The company initially launched Oracle Exadata Cloud two years ago, allowing its customers to take advantage of Exadata as a cloud service. But over the course of the past year or so, it has upgraded, modernized, and expanded its cloud infrastructure, building a new cloud platform to improve performance and allow it to better compete against Amazon Web Services, Microsoft Azure, and other top cloud providers.

And today Oracle announced that Exadata Cloud is now available on this next-generation cloud infrastructure.

...

http://www.datacenterknowledge.com/archives/2017/08/14/oracle-supercharges-cloud-database-bare-metal-servers/

“I don’t know who you are. I don’t know what you want. If you are looking for ransom, I can tell you I don’t have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.” – Liam Neeson, Taken, 2008

 

The last few months have seen two serious and destructive “ransomware” attacks that significantly affected the operations of several major organizations worldwide. May’s “Wannacry” and June’s “NotPetya” attack affected millions of staff and caused significant damage – as was their intention.

Ransomware costs for 2017 are estimated in the billions, with a “B”. Not to mention the danger posed by critical systems being down at organizations such as health systems and nuclear power plants.

The attacks are becoming more frequent and more sophisticated with each incident. We will never be able to stop the criminals from striking, so it is imperative that we use all the skills at our disposal to thwart them. What can we do?

...

http://www.bcinthecloud.com/2017/08/dont-be-a-victim-of-ransomware-detect-protect-and-recover/

The Business Continuity Institute

Organizations are now less confident in their ability to recover from an incident, according to a new study conducted by Databarracks, which suggests that contributing factors include a lack of testing, budgetary constraints and the growing cyber threat landscape.

The Data Health Check report found that almost one in five organizations surveyed (18%) "had concerns" or were "not confident at all" in their disaster recovery plan; an increase from 11% in 2015 and 15% in 2016. Organizations are increasingly making changes to their cyber security policies in response to recent cyber threats (36 per cent this year, up from 33% last year), yet only a quarter (25%) have seen their IT security budgets increased. Small businesses are particularly affected with just 7% seeing IT security budgets increase. 

Financial constraints (34%), technology (24%) and lack of time (22%) are the top restrictions when trying to improve recovery speed. Fewer organizations have tested their disaster recovery plans over the past 12 months – 46% of respondents had not tested in 2017, up from 42% in 2016.

Peter Groucutt, managing director of Databarracks, commented on the results: "It isn't surprising that confidence in disaster recovery (DR) plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren't effective.

"What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve your preparedness and organizational confidence.

Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity, and by extension - disaster recovery, programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.

The Business Continuity Institute

6 in 10 organizations view their employees as the biggest threat to successful GDPR adherence and 4 in 10 believe that their current IT systems could also pose compliance risks, according to a GDPR awareness survey conducted by bluesource. The study also highlighted that, even though half (50%) are taking steps to prepare for GDPR compliance, nearly a third (30%) still believe that the regulations won’t affect them, and a fifth (20%) are not sure what to do next.

Over 80% of respondents stated that, with the deadline for GDPR compliance rapidly approaching, they are facing a major challenge, including increased security and governance around cloud environments such as Office 365 and shadow IT. 80% of those surveyed felt that big tech vendors have a responsibility to ensure that their own systems will meet GDPR regulations, as well as those of their customers, but are unsure how this will be achieved.

The increased financial impact of fines and the expected frequency of their enforcement, is a major concern for most surveyed. An overwhelming 90% indicated that a non-compliance fine would result in huge reputational damage for their organization and a loss of trust from customers, suppliers and staff.

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

On a more positive note, 45% of those surveyed have already nominated a member of a specific departmental function, including legal, compliance and IT security, to be solely dedicated to privacy and GDPR initiatives. However, 20% haven’t considered selecting a nominated person yet and 35% believe that finding a suitably qualified and experienced individual will be a challenge.

Sean Hanford, information governance consultant at bluesource, commented: " Our research across UK organizations indicates that there still remains a gap between GDPR awareness and action. There must be a swift attitude change towards data protection and staff clearly require better skills, so they become more data savvy."

With urban populations worldwide swelling, there’s an urgent need to calculate the sustainable performance of the buildings that we live and work in. But the variety and complexity of methods available can seem overwhelming. This is where ISO 21930:2017 comes into play. 

The latest edition of ISO 21930:2017, Sustainability in buildings and civil engineering works – Core rules for environmental product declarations of construction products and services, will help assess the eco-friendliness of a building or infrastructure projects using a common method for expressing environmental product declarations (EPD).

An EPD for a construction product is a transparent declaration of its life-cycle impact (incorporating raw material production, construction, operation, maintenance and decommissioning). This in turn provides the information needed to assess the environmental impacts of an entire building or civil engineering works. What’s key about EPDs is that they provide a transparent, independent and reproducible analysis of the environmental impacts of construction products and give detailed information with sound data and figures. As a “sustainability passport”, EPDs form the basis for designing green buildings and other civil engineering works.

...

https://www.iso.org/news/ref2211.html

Plenty of CEOs “check the box” on compliance. The drill goes something like this: Once a year, the CCO presents the written compliance plan at a board meeting or C-suite retreat. After scanning the checklist of do’s and don’ts, the CEO basically feels satisfied the bar has been met. Time to move on to the next agenda item.

But does checking the box truly protect the company from risk? Does it enhance its business or propel its growth strategy? The likes of Amazon, Apple and Dollar Shave Club have earned kudos for building cultures permeated by a sharp focus on customer service, right down to the smallest interaction. In the same way, regulated companies need to make sure that compliance permeates the organization. The benefits go beyond risk management: A true culture of compliance feels open and honest to everyone it touches; it leads to higher morale, easier recruiting and retention, happier customers and, ultimately, higher productivity. (If this sounds like an overstatement, imagine how it would feel to be at an outfit scandalized by endless sexual harassment claims or embroiled in accusations of “Enron accounting.”) Developing a culture of compliance requires effort, but the concepts are straightforward:

...

http://www.corporatecomplianceinsights.com/5-strategies-infuse-compliance-companywide/

Friday, 11 August 2017 14:34

How the CEO Can Support Compliance

State and local governments are struggling to deal with a number of cybersecurity threats. Tight budgets, lack of talent in the workforce and the constantly evolving nature of threats are a few reasons why the challenge is mounting. But cybersecurity cannot go neglected. State and local agencies store massive amounts of sensitive constituent data such as Social Security numbers, health care records and driver license numbers. And without a secure infrastructure, the public transportation systems, electric grids and water plants powering our nation’s cities remain vulnerable.

Complex attacks like malware pose a particularly large risk for state and local governments. Such attacks could cast a wide net aimed to negatively impact as many people as possible, or they could be targeted threats designed to attack a specific individual or organization. Both the reputational and financial impact that a cyberattack can have on a state and local entity can cause irreparable damage.

...

https://gcn.com/articles/2017/08/09/dns-security.aspx

The Business Continuity Institute

When a major flood event occurs it is often attributed to climate change, however, a single event is not proof, and so far it has been unclear whether climate change has a direct influence on large scale river flooding across Europe. A study conducted by TU Wien along with 30 European partners has now shown that the timing of the floods has shifted across much of Europe.

The study, led by Prof. Guenter Bloeschl from the Institute of Hydraulic Engineering and Water Resources Management at TU Wien, showed that climate change has had a real impact on flood events in some regions, and this has been seen by a shift in the timing of floods over the years, dramatically in some areas. Depending on the cause of the flood events, they occur earlier in some regions, and later in others.

"In flood research, we are often concerned with the annual probability of the occurrence of floods," says Prof Guenter Bloeschl from TU Wien. "By observing their magnitudes one can estimate a one hundred-year flood as a high-water event that occurs with a probability of 1% in any one year. If one only examines the magnitude of flood events, the role of the climate can be masked by other effects. Land use change by urbanisation, intensifying agriculture and deforestations are other factors affecting flood events."

In order to understand the connection between climate and floods, Bloeschl and his team looked closely at the timing of the flood events in different regions of Europe. "The timing of a flood provides information about its likely cause," says Bloeschl. For example, in much of north-west Europe and the Mediterranean, floods occur more frequently in the winter, when evaporation is low and precipitation is intense. In Austria, on the other hand, the highest magnitude floods are associated with summer downpours. In north-eastern Europe, the risk of flooding is at its highest in spring because of snow melt. The timing at which floods occur is thus much more directly related to the climate, in contrast with the absolute magnitude of the flood event.

Flood data from all over Europe have been meticulously compiled, screened and statistically analysed. These show that the floods in Europe have indeed shifted considerably over the last 50 years: "In the north-east of Europe, Sweden, Finland and the Baltic States, floods now tend to occur one month earlier than in the 1960s and 1970s. At that time, they typically occurred in April, today in March," says Guenter Bloeschl. "This is because the snow melts earlier in the year than before, as a result of a warming climate."

In parts of northern Britain, western Ireland, coastal Scandinavia and northern Germany, on the other hand, floods now tend to occur about two weeks later than they did a couple of decades ago. Later winter storms are likely to be associated with a modified air pressure gradient between the equator and the pole, which may also reflect climate warming. The study sheds light on the complexity of flood processes in north-western Europe; on the Atlantic coasts of western Europe, 'winter' floods in fact typically occur earlier, in the autumn, as maximum soil moisture levels are now reached earlier in the year. In parts of the Mediterranean coast, flood events occurring later in the season are aligned with the warming of the Mediterranean.

"The timing of the floods throughout Europe over many years gives us a very sensitive tool for deciphering the causes of floods," says Guenter Bloeschl. "We are thus able to identify connections that previously were purely speculative."

Adverse weather, which can lead to the conditions that can cause flooding, featured fifth in the list of concerns that business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report. Climate change is not yet considered an issue however, as only 23% of respondents to a global survey considered it necessary to evaluate climate change for its business continuity implications.

The growing average age of populations is not always a burden on society, it can be a rewarding opportunity to enrich communities and our world as a whole. Increasingly, governments and local authorities are seizing the gift of longevity to imagine social infrastructure differently – and new areas of standardization are in the pipeline ready to help.

We are not getting any younger and neither is the worldʼs population. The number of older people has exploded in recent years and we are approaching an era where words like “aged societies” are becoming a reality. In fact, by 2050 it is expected that many countries will be classed as “super-aged societies”, meaning that more than 21 % of the population is over 65; and by 2030, the number of people in the world aged 60 years and above will have grown by 56 %).

Adapting to this trend poses economic, social and political challenges and may increase the dependency of older citizens on those of working age. This regularly conjures up doomsday scenarios of workforce shortages, the financial collapse of pension and health systems, mass loneliness and insecurity.

...

https://www.iso.org/news/Ref2170.htm

Thursday, 10 August 2017 15:15

How to adapt to ageing societies

LITTLE ROCK, Ark. – Would you invest $400 for a chance to get back up to $250,000? How about $1,000 or $2,000? Still sound like a good deal?

Putting it another way, would you risk losing your $250,000 home in a flood because you didn’t buy a preferred or standard risk National Flood Insurance Program policy usually costing from $400-$2,000 a year? Just a few inches of water can cause thousands of dollars in damage to walls, floors, furniture, carpets and appliances.

Everyone lives in a potential flood zone. You do not have to live near water. Floods can also be caused by melting snow, hurricanes, water backups from overloaded sewage systems, or broken water mains.

For example, in January of 2008, an irrigation canal built in 1906 breached and flooded 400 homes in the middle of the Nevada desert not far from Reno. Many of the residents of the small town of Fernley learned of the canal’s existence the hard way.

Flood insurance can help you avoid the financial consequences of these events.

Some people are under the impression that FEMA will come in after a flood and fix everything. That isn’t what Congress designed FEMA to do. FEMA gives grants to provide essential repairs and replace essential items such as a water heater to make your house safe for occupancy.

The average grant from FEMA is less than $5,000. FEMA doesn’t replace your big screen TV, buy dishwashers and home entertainment equipment, or cover ceiling stains from roof leaks. FEMA may assist in repairing a disaster-damaged subfloor if it is not structurally sound, but flooring on its own may not affect habitability. FEMA may pay to replace a broken window, but does not cover blinds and drapes.

FEMA assistance comes after FEMA, state and local officials assess damage from storms. If there is enough damage, the state will ask the President to issue a Major Presidential Disaster Declaration. If approved, this opens the federal pocketbook to fund FEMA’s disaster assistance, which may include SBA low-interest disaster loans for businesses of all sizes, homeowners, renters and most private nonprofit organizations.

This process may take weeks from the storm event, but flood insurance policyholders don’t have to wait and can file claims for damage right away.

Policy limits for homeowners are up to $250,000 for the structure; for homeowners and renters, up to $100,000 for contents. Policies are available to condominium associations and unit owners, renters and business owners. Businesses can get up to $500,000 in coverage for structures and an equal amount for contents.

In Arkansas, National Flood Insurance Program policyholders were able to file claims beginning April 25, well in advance of the June 15 disaster declaration. NFIP immediately began making advance partial payments based on identified areas of damage and insurance adjuster estimates. For both pre- and post-declaration periods, advance payments now total more than $2.4 million, with more than $23 million paid out on 494 claims.

Some people believe in flood insurance, but start and stop it. Flood insurance has to be in place 30 days before a flood strikes, so policyholders hoping they can guess when that will be are taking a big risk. Weather can change quickly and insurance companies report they are seeing more frequent claims stemming from a variety of weather types.

Most homeowner insurance policies don’t cover flooding. Flood insurance kicks in when two or more acres of normally dry land, or two or more properties, (at least one of which is your property), are flooded.

Flood insurance premiums in moderate and low-risk areas may be only a few hundred dollars. A quarter of flood insurance claims come from consumers who live in those low-risk areas.

More than 85 private companies offer flood insurance backed by the federal government. Residents have to live in a community participating in the NFIP and maintaining floodplain ordinances regulating building in flood-hazard areas.

A FEMA Helpline is available for potential policyholders and those with policies to get answers to questions about flood insurance. Call 800-621-3362 and select Option 2. Multilingual operators are available. Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call 800-462-7585. Users of the 711 or VRS (Video Relay Service), call 800-621-3362.

For updates on the Arkansas response and recovery, follow the Arkansas Department of Emergency Management (@AR_Emergencies) on Twitter and Facebook and adem.arkansas.gov. Additional information is available at fema.gov/disaster/4318.

 

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The Business Continuity Institute

More than one-third of businesses have experienced a ransomware attack in the last year, and more than one in five (22%) of these impacted businesses had to cease operations immediately, according to a study by Malwarebytes.

The Annual State of Ransomware Report found that the impact of ransomware on SMEs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMEs that experienced a ransomware attack, one in five (22%) reported that they had to cease business operations immediately, and 15% lost revenue.

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise. Osterman’s findings demonstrate that SMEs are suffering in the wake of attacks, to the point where they must cease business operations. To make matters worse, most of them lack the confidence in their ability to stop an attack, despite significant investments in defensive technologies. To be effective, the security community must thoroughly understand the battles that these companies are facing, so we can better protect them.”

Most organizations make addressing ransomware a high priority, but still lack confidence in their ability to deal with it. 75% of organizations surveyed place a high or very high priority on addressing the ransomware problem. Despite these investments, nearly one-half of the organizations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.

For many, the source of ransomware is unknown and infections spread quickly. For 27% of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices. For 2% of organizations surveyed, the ransomware infection impacted every device on the network.

SMEs in the US are being hit harder than SMEs in Europe by malicious emails containing ransomware. The most common source of ransomware infections in US-based organizations was related to email use. 37% of attacks on SMEs in the U.S. were reported as coming from a malicious email attachment and 27% were from a malicious link in an email. However, in Europe, only 22% of attacks were reported as coming from a malicious email attachment. An equal number were reported as coming from malicious link in an email.

Most SMEs do not believe in paying ransomware demands. 72% of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cyber criminals’ ransom demands, about one-third lost files as a result.

Current investments in technology might not be enough. Over one-third of SMEs claim to have been running anti-ransomware technologies, while about one-third of businesses surveyed still experienced a ransomware attack.

With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Connectivity in the pockets of first responders and mobile team members

By Glen Denny, Baron Services, Inc.

One of the biggest challenges in weather forecasting has always been alerting people who are away from home of severe weather threats. The radio was for years the primary viable method of doing so, but a radio can only give listeners so much pertinent information, such as county-wide watches and warnings. This kind of information can be helpful to some degree for people who find themselves out and about when weather hits, as it can be used as a basic indicator of danger and the need for mobile listeners to find shelter in a safe place. However, there are numerous shortcomings to radio-delivered weather reporting. Radio’s main shortcoming, which is responsible for all of the missing links in radio-delivered weather, is the medium of the radio itself. Radio is a purely aural medium, for one. Radar, one of the most essential weather data tools, is practically irrelevant to the medium of radio, as radar obviously offers a purely visual delivery of weather data. Radio is also a non-specific medium. Via radio, a set amount and set kind of weather information is broadcast to a wide-ranging listening area. The amount and kind of information cannot be customized or altered in any way to fit the specific interests or needs of listeners located within a specific region of the listening area of the station.

The Mobile Solution to Weather

The solution to the problem of effective on-the-go weather forecasting came with the advent of smart phones and mobile radar apps. Smart phones are now a near ubiquitous technology in the United States (and most of the rest of the world, too), so the majority of people in the present day who find themselves out and on the go during a time when they need weather information can access that information on their smart phone. AccuWeather, the Weather Channel, and other weather data providers all have their own mobile apps which people can download and use to this end.

However, the current mobile weather application landscape is still not 100% effective. Weather apps like those provided by The Weather Channel and AccuWeather offer extensive data and radar, but, like most weather apps, they still mostly deliver non-specific, commodity data. Apps such as these can give the user a 10-day forecast, current radar and projected radar of their surrounding area, and of course, can send the user notifications of National Weather Service (NWS) watches and warnings as they occur. This kind of information is mostly sufficient for general users. However, users in areas of frequent inclement weather, or professional users involved in emergency response or planning for schools, hospitals, businesses, and governments will find this kind of limited weather data lacking for their purposes.

A New Class of Mobile Monitoring

Baron1A new generation of advanced weather apps, such as Baron’s Threat Net mobile app, are the kind of product these kinds of users need to do their jobs well and to keep safe. Apps in this new generation are focused on providing hyper-local, one-to-one critical weather intelligence to advanced users and lay-users alike. Baron’s Threat Net Mobile app, for example, features detailed data and visual monitoring on precipitation and forecasted road conditions and hazards, (a Baron-exclusive product featuring advanced data on severe weather threats such as damaging winds, hail, and flooding), a monitoring system that displays real-time cloud-to-ground lightning strikes at street level, and storm vectors enabling accurate storm tracking up to an hour in advance. These and other similarly advanced weather monitoring products have more value than commodity weather data in that they are in-depth, specific, and customizable. A good example of this is another feature of Baron’s Threat Net Mobile app called Critical Weather Indicators. This Baron exclusive product highlights to users in real-time the most dangerous storm situations near their location, effectively warning users of possible severe weather threats before they happen. The alerts from the NWS, while certainly valuable to many people, don’t work in this way. NWS alerts are aimed at the widest possible audience in order to ensure the safety of as many people as possible during inclement weather. Apps like Baron’s, however, are aimed at each individual’s safety and efficacy in keeping others in their area safe. For example, Baron’s mobile alerts will notify users who are in the actual path of a storm of its imminent arrival, will warn users of nearby lighting strikes, and could point out the possible flooding of a nearby river based on projected rainfall. Because these alerts are based on algorithms and aren’t required to be approved by at the NWS, they arrive well before the storm or other threat has, which is a feature commodity weather apps lack.

If we revisit the mediums of radio and commodity weather apps discussed earlier, we can see how large an advantage these advanced weather apps have on any other method of delivering weather data to people on the go. Imagine a severe storm is approaching a town. A mobile user in this town away from home using a radio to monitor the weather will not have much of an idea where a nearby severe storm is in relation to her exact location, and as a result will be able to do little in terms of creating a specific plan. A commodity mobile app user will be able to see where the storm currently is and where it might be in an hour, but she will have to pick herself out on the map (which likely displays a large area) and project the storm’s long-term path herself, planning accordingly based on this information. A user who has an advanced app, like Baron Threat Net mobile, will be notified of the storm in advance if it is heading towards and projected to hit her exact location. This user can also learn what kind of specific threats this imminent storm may bring to her exact location, such as high winds, hail, heavy rain, or a possible tornado (determined by Baron’s Critical Weather Indicators).

Advanced Apps are Perfect for Public Safety

The above description shows how much more pertinent information can be delivered via an advanced mobile app compared to other methods, which is what makes these advanced apps so appropriate for both professionals and laypeople, and also so appropriate for use by organizations such as schools, hospitals, businesses, and governments. Schools, for instance, could benefit largely from an advanced mobile app like Baron’s in many situations. If weather hits while students are being transported to an event off campus or even simply being brought home in the afternoon, having each bus equipped with an advanced mobile app could aid in coordination with the schools’ center of operations, and could allow school staff on the busses to make the right decisions to ensure the safety of the students being transported. Hospitals could use such apps in a similar way. A hospital operation center could, in times of severe weather, rely on its individual mobile employees, such as individuals driving ambulances or helicopters, to make decisions best for them and their patients while in the field during critical weather situations. For businesses and local governments, the same idea applies. The mobile parts of these organizations, if equipped with advanced weather apps like Baron’s, could be more reliably responsible for their own safety during severe weather, taking some of the burden off of their home bases, and most importantly, keeping themselves out of dangerous situations.

Advanced mobile apps like Baron Threat Net mobile are clearly the most effective medium through which to deliver important weather information in critical situations, because the data delivered via these apps is specific, hyper-local, in depth, and customizable. All of these characteristics added up equate to mobile apps which can be useful to anyone, and can be especially useful to professional users involved in public safety, such as in hospitals, schools, local governments, and businesses.

A common point of confusion for new BCM practitioners is the difference between business continuity and disaster recovery. Though people often think these are synonyms, the distinction is that business continuity relates to business functions and relocation efforts while disaster recovery relates to the technical recovery of applications or systems. Disaster recovery is a component of business continuity. Let’s look at how business continuity and disaster recovery provide solutions.

...

https://www.mha-it.com/2017/08/disaster-recovery-vs-business-recovery/

No colocation data center has been built in San Francisco since the early 2000s, when hosting company AboveNet (now defunct) built the city’s now famous data center at 365 Main Street. That building is now owned by Digital Realty Trust, and together with Digital’s other San Francisco facility, at 200 Paul Avenue, it is one of only a handful of commercial data centers in the city.

At least one property, close to 200 Paul, has been marketed for data center development by various real estate agents over the years, but no-one has bitten, and the building at 1828 Egbert Avenue remains a commercial storage facility.

San Francisco is a notoriously difficult city to build in and has some of the country’s highest electricity rates. It’s also difficult for PG&E, the utility that serves the area, to provide the kind of multi-megawatt energy feeders in the city a data center would require. Bay Area’s data center cluster is in Silicon Valley; that’s where virtually all of the region’s server-farm construction has taken place over the last two decades.

...

http://www.datacenterknowledge.com/archives/2017/08/09/exclusive-san-francisco-to-see-its-first-data-center-build-in-more-than-a-decade/

The Business Continuity Institute

Nearly all (96%) of small to medium-sized enterprises (100 to 499 employees) in the US, UK, and Australia believe their organizations will be susceptible to external cyber security threats in 2017, according to a study by Webroot. Yet, although businesses recognise the growing threats, 71% still admit not being ready to address them.

Cyber Threats to Small and Medium-Sized Businesses in 2017 showed that IT decision makers (ITDMs) at small to medium-sized businesses are most worried about new forms of malware infections (56%), mobile attacks (48%), and phishing attacks (47%). ITDMs estimate a cyber attack in which their customer records or critical business data were lost would cost an average of $579,099 in the US, £737,677 in the UK, and AU$1,893,363 in Australia.

Nearly two-thirds of ITDMs believe it would be more difficult to restore their company’s public image than to restore employee trust and morale.

Addressing the growing threat, 94% of ITDMs plan to increase their annual IT security budget in 2017, compared to 2016.

Businesses currently manage IT security in various ways. One-fifth of businesses have in-house employees whose responsibilities include IT security. 37% use a mix of in-house and outsourced IT security support, while only 23% have a dedicated in-house IT security professional or team.

The current cyber security landscape and lack of preparedness of small- to medium-sized businesses represent a big opportunity for managed security providers (MSPs). Among businesses who do not currently outsource IT security support, 80% will likely use a third-party cyber security provider in 2017.

Charlie Tomeo, Vice President of Worldwide Business Sales at Webroot, commented; “This study illustrates the general lack of preparedness for security around the globe. Small to medium-sized businesses face just as many threats as larger ones, but are often at a disadvantage because of their lack of resources. Given the recent spate of ransomware attacks, it is crucial for these companies to shore up their security and lean on the expertise of an MSP for a solution to combat threats from multiple vectors.”

To stay healthy, should you get your jabs or eat your vegetables?

While you may wonder what this has to do with business continuity, this question sums up emerging differences in approaches to keeping organisations running without interruption.

Specifically, resiliency engineering is the “eat your vegetables” approach, in which you prepare people, processes, and systems for general ongoing healthiness and as some would put it, “stretchiness” to accommodate surprises.

By comparison, business continuity preparations that are designed to protect against specific threats are more of a “get your jabs” (as in injections for vaccination) approach. So, does resilience engineering do better than specific “jabs” and if so how?

...

http://www.opscentre.com/business-continuity-resiliency-engineering/

From Buzzfeed, a back-to-school headline you may not have considered: Is Your School In A Flood Zone?

For example, a Salt Lake City rainstorm just caused a flash flood that damaged many properties, including East High School where Disney’s High School Musical was filmed.

According to a report from the Pew Charitable Trusts and consulting firm ICF, some 6,444 public schools across the United States that serve nearly 4 million students are located in the 100 counties with the highest composite flood scores.

...

http://www.iii.org/insuranceindustryblog/?p=5219

Tuesday, 08 August 2017 15:27

Back-To-School flood safety

Climate Report

After 9/11, I was asked by the Baltimore City Health Commissioner to help prepare the city for a radiation terrorism event, because my entire career up until that point had been in radiation-based medical imaging. I didn’t know anything about public health preparedness at the time, but I found it very fulfilling to work with the city health department and other first responders, especially fire and police. Public health preparedness science and research is more than multi-disciplinary, it’s trans-disciplinary, which is what makes it fun.

Master the Vocabulary

Connecting behavioral and social science

The Johns Hopkins Center for Public Health Preparedness has a particular interest in the mental and behavioral health challenges that people, organizations, and jurisdictions face during and after disasters. If you look at the disaster literature you will see references to dysfunction, which can be caused by either physical or psychological trauma. After a disaster, the number of people with psychological trauma exceeds the number of people with physical injury by as much as 40 to 1, but there is much more research and emergency response focus on the physical effects of a disaster rather than the psychosocial effects. Our interest and expertise in the behavioral science of disasters was the main reason that CDC’s Office of Public Health Preparedness and Response asked us to work on an innovative model and index to measure resilience in the United States.

Understanding resilience in disasters

You can think about resilience on two levels – on the individual level and at the community level. For individuals, we are interested in three things: psychological resistance before a disaster, resilience during a disaster, and recovery after the disaster. Resilience at this level reflects the ability of someone to spring back after experiencing trauma from a disaster. We think about community resilience like an ecosystem. In any ecosystem there is a minimum requirement for the system to successfully function and survive. The same is true for a community. So when we think about community resilience, we must not only think about the ability of a community to return to its pre-event level of functioning, but also assess how that community is working at its lowest point after a disaster and determine if that is a level where it can still function successfully – or even at all.

Modeling resilience

Example of COPEWELL model output showing overall pre-disaster resilience for all US counties.
Example of COPEWELL model output showing overall pre-disaster resilience for all US counties.

We approached our colleagues at the University of Delaware Disaster Research Center, who are experts in the sociological factors in disasters that lead to emergent collective behavior. This phenomenon refers to a group of every-day people coming together to aid the formal emergency response. The COPEWELL (“Composite of Post-Event Well-Being”) project was born out of this collaboration between experts in the psychological and sociological impacts of disasters on individuals and communities, along with experts in engineering, modeling, public health and healthcare, and other domains.

We realized that a static model with a single score for resilience would not capture the way a system changes over time and the many interrelated parts that make up a community. We came up with a system dynamics model, which allowed us to input different factors that characterize a community, including housing, communication, healthcare, and transportation. We then throw a disaster at the model and see how the community responds. Depending on the type of natural disaster or public health emergency, how a community functions plays out differently over time. For example, a pandemic usually builds slowly and reaches a peak before gradually decreasing, while a severe weather event spikes quickly and exponentially decreases. Different communities have different inherent characteristics that determine how well they can resist the negative effects of an event and how quickly they can recover. What is unique about COPEWELL is that it is a whole community model, not just a public health model, and looks at how the community functions over time, which allows you to derive a measure of resilience.

Putting the data to work

The COPEWELL model has been used to predict resilience after a disaster in all 3,100+ counties in the United States. We’ve also explored using the model at a more granular level, including at the neighborhood level in New York City. Experts are working on a web-based platform for the model that stakeholders such as government leaders and public health officials can use in their communities.

In addition to supporting the project, CDC has provided technical assistance and expertise to translate and apply the model in practice. Once more fully validated, the results from the model can be used to help identify and evaluate interventions to improve community resilience and accelerate recovery after a disaster.

Learn more

Posted on by Jon Links, Professor, Johns Hopkins Bloomberg School of Public Health

Another high-profile corporate hack puts cybersecurity back into the spotlight as thieves made off with 1.5 TB of data from HBO, including scripts of upcoming Game of Throne episodes.

The bad news for financial institutions is that this elevated focus on cybersecurity will make meeting their cyber-security regulatory mandates only more challenging as more jurisdictions ramp up their cyber-security requirements.

The laws are changing all the time as New York, Colorado, and Connecticut enhance their cybersecurity laws, said Chad Pinson, managing director at Stroz Friedberg during a panel discussion hosted by the US Securities and Exchange Commission and FINRA. “It is hard to keep up with what those different states require.”

...

https://marketsmedia.com/cybersecurity-compliance-tougher/

Tuesday, 08 August 2017 15:18

Cybersecurity Compliance Gets Tougher

The Business Continuity Institute

Ransomware attacks continued their rise in the first half of 2017, up by 50% over the first half of 2016. Hacking and malware attacks (of which ransomware attacks form a growing part), continue to be the leading cause of breaches, accounting for 32% in a study conducted by Beazley.

However, the Beazley Breach Insights also found that accidental breaches caused by employee error or data breached while controlled by third party suppliers continue to be a major problem, accounting for 30% of breaches overall, only slightly behind the level of hacking and malware attacks. In the healthcare sector these accidental breaches represent, by a significant margin, the most common cause of loss at 42% of incidents.

This continuing high level of accidental data breaches suggests that organizations are still failing to put in place the robust measures needed to safeguard client data and confidentiality. Since 2014, the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing. As more stringent regulatory environments become the norm, this failure to act puts organizations at greater risk of regulatory sanctions and financial penalties.

Unintended disclosures caused 26% of breaches during the first half of 2017 in the higher education sector. While slightly down on the 28% recorded in 2016, this still represents a quarter of all breaches which could be mitigated through more effective controls and processes. Hacks and malware accounted for nearly half of higher education data breaches in the first six months of 2017 (43%), roughly even with the 45% of breaches caused by hacking in the same period in 2016. Of these, 41% were due to phishing.

It is findings like these, and the disruptive impact that a cyber security incident can have on an organization, that demonstrate why cyber attacks and data breaches are such major concerns for business continuity and resilience professionals. The Business Continuity Institute's latest Horizon Scan Report identified them as the top two threats to organizations with 88% and 81%, respectively, of respondents to a global survey expressing concern about the prospect of such an event occurring.

Unintended disclosure such as misdirected faxes and emails or the improper release of discharge papers continued to drive the majority of healthcare losses, leading to 42% of industry breaches during the first half of 2017 equal to the proportion of these breaches in the industry in 2016. Hacks and malware accounted for only 18% of healthcare data breaches in the first six months of 2017, compared to 17% in 2016.

At first glance, professional services firms appear to have greater internal controls in place with unintended breaches accounting for 14% of all incidents, well below the average for the period in question. However, the trend is tracking adversely, up from 9% on the first half of 2016. Firms in the sector were not immune to hacking and malware attacks, with these incidents accounting for 44% of breaches in the time period compared to 53% in the forst six months of 2016.

Katherine Keefe, global head of BBR Services, said: “Unintended breaches account for one-third of all data breach incidents reported to Beazley and show no signs of abating. They are a persistent threat and expose organizations to greater risks of regulatory sanctions and financial penalties. Yet, they can be much more easily controlled and mitigated than external threats. We urge organizations not to ignore this significant risk and to put more robust systems and procedures in place.”

Keeping online payments secure is a vital concern for businesses dealing with valuable company data on a daily basis. These B2B transactions have traditionally required a lot of time and resources to manage effectively, so it is not surprising that we have recently seen a shift towards VAN (Virtual Account Number) payments led by Online Travel Agencies (OTAs). This digital travel transformation is simplifying, streamlining and increasing security for B2B payments between OTAs and their suppliers, boosting industry growth and changing the way it operates for the better.

What is a Virtual Account Number?

A VAN is an automatically generated, 16-digit card number, created at the point of sale or booking. It operates in exactly the same way the account number on the front of a plastic credit card does and is accepted anywhere that currently supports online Mastercard payments. However, the difference between a VAN and a credit card number is that with VAN payments, a new, unique number is generated for each individual transaction, making it a highly secure method of payment. Companies using VAN payments can place restrictions on its usage, limiting spending, time frame and supplier choice, giving the business a greater amount of control over its finances.

The benefits of VAN payments

The benefits that virtual account numbers bring to B2B payments are threefold. The most important of course being the increased data security offered by choosing such a method. Whilst traditional account numbers may be used by multiple OTAs, memorised by numerous individuals and stored unsafely on devices, leaving companies exposed to the threat of data theft, the one-off randomisation of a generated VAN keeps data secure throughout the sales process, reducing the risk of fraudulent behavior or supplier default.

The second benefit addresses company control. VAN payments allow transaction data to be customised and tracked throughout the booking process, giving businesses a clear audit trail without additional interruptions to the payment interface. Because VAN payments are universal to most suppliers, all payments can be traced on the same system and integrated into existing workflows making it easy to find detailed information on each transaction.

Finally, and perhaps most transformative when it comes to company operations, is the benefit of simplicity. VANs simplify payments online by offering automatic reconciliation meaning payment delays are a thing of the past. Manual reconciliation of purchases and payment statements can be a drain on company time and resources, not to mention the threat of human error. By removing this aspect from the payment process, VANs can keep suppliers happy and free up admin time for better uses, helping to streamline the business.

How OTAs have embraced this digital transformation

Given the benefits of virtual accounts, it is easy to see why OTAs are one of the leading industries when it comes to using VAN payments. Booking holidays online has become the norm for many people around the world with online travel sales projected to grow from $530 billion+ in 2015 to $760 billion+ by 2019. This 2015 figure accounts for 53% of all travel bookings globally and that number will only go up. OTAs are a booming industry, acting as an intermediary between customers and suppliers and by using VAN payments, they are able to ensure the transaction is secure and seamless for all parties involved. VANs are used for booking airline flights, hotels and car rentals as well as many other travel purchases, and the VAN payment method ensures that the needs of these multiple customers and suppliers are met with guaranteed immediate payment processing, faster transaction times and to-the-minute offers. The reduced administration of using virtual account numbers facilitates the industry growth as there are less IT security staff required, saving companies time and money.

It is doubtless that VAN payments are the future of B2B online transactions, so much so that there is currently a push for future developments that incorporate even more flexibility in the process. They are transforming the digital landscape for industries like Online Travel Agencies and it is likely this influence will spread to other B2B organisations operating multiple supplier transactions in the near future.

Monday, 07 August 2017 14:27

VAN Payments Improve Data Security

(TNS) - When wildfires, floods, tornadoes and terrorist events disrupt cellphone communication systems at the moment they are most needed, that’s when a more than 100-year-old technology still holds its own.

Amateur radio operators, often called “ham radio operators” regularly volunteer their skills and expertise to coordinate responses in emergencies like the Boston Marathon bombing and when Hurricane Katrina devastated New Orleans.

There are more than 725,000 licensed amateur radio operators in the United States. Those that were providing support for the 2013 Boston Marathon became a key communication link when cellphone systems became overloaded after bombs exploded near the finish line killing three and injuring hundreds.

...

http://www.govtech.com/em/disaster/Local-Ham-Radio-Operators-Step-up-in-Good-Times-and-Bad.html

Both clients and regulatory bodies now expect an always-on law firm, and with this comes the challenges of remaining competitive and performing due practice in cybersecurity. Modern availability and resiliency expectations demand a comprehensive approach to mitigate the threats of downtime, yet this is easier said than done.

The Problem with Insurance

In many recent legal publications, cyber insurance in particular has been getting a lot of attention due to the increased prevalence of security breaches. However, this specific form of insurance isn’t fully mature yet and policies need to be reviewed carefully. Be sure to ask what the insurance provider will cover and under what circumstances, since there’s no need to invest in something that won’t benefit your firm, especially in a time of crisis.

...

https://www.bluelock.com/blog/draas-takes-law-firms-dr-beyond-insurance/

The Business Continuity Institute

Almost one in six (16%) SMEs have fallen victim to a cyber attack in the last 12 months, equating to more than 875,000 nationwide, according to the findings of a study conducted by Zurich. Businesses in London are the worst affected with almost a quarter (23%) reporting that they have suffered a breach within this period.

The SME Risk Index found that, of businesses that were affected, more than a fifth (21%) reported that it cost them over £10,000 and one in ten (11%) said that it cost more than £50,000.

Yet, despite the volume of attacks and potential losses, the survey of over 1,000 UK SMEs showed that business leaders are not committing to investing significantly in cyber security in the coming year. Almost half (49%) of SMEs admitted that they plan to spend £1,000 or less on their cyber defences in the next 12 months, while almost a quarter (22%) don’t even know how much they will spend.

The results show that for businesses of all sizes robustness of cyber security defences is now a genuine concern for winning and maintaining business contracts. A quarter (25%) of medium sized businesses (between 50 and 249 employees), reported that they have been directly asked by a current or prospective customer about what cyber security measures they have in place. This was also true of one in ten (11%) small businesses (less than 50 employees).

As a result, business leaders are reporting that strong cyber security is providing an opportunity to stand out from competitors with as many as one in 20 (5%) claiming to have gained an advantage over a competitor because of stronger cyber security credentials.

Small businesses are not exempt from the disruptions that all organizations face, and the latest Horizon Scan Report published by the Business Continuity Institute highlights that organizations of all sizes generally share the same concerns.

Paul Tombs, Head of SME Proposition at Zurich, comments: “While recent cyber attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it’s important to remember that small and medium sized businesses need to protect themselves too. The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses.

“While the rate of attacks on SMEs is troubling, it also shows that there is an opportunity for businesses with the correct safeguards and procedures in place to leverage this as a strength and gain an advantage.”

...but it’s not as easy as you think

 

By ERIK POUNDS

Whether for functional need, budgetary alignment, or due to top-down pressure, all companies will move to the public cloud at some level. If an organization has less than, say, 50 terabytes of data to manage, it’s easy to move everything there. For those of you in this boat, you can stop reading this article and proceed directly to the cloud, and collect $200.

For those with hundreds of terabytes, even petabytes, of data this is challenging and unrealistic. The business value of public cloud infrastructure is desirable, but when there are such large volumes of data, it’s hard to get there. “Lift and shift” strategies to mimic on-site infrastructure in the cloud are not often viable when petabytes of data are involved, and many businesses need to keep at least some data on the premises. Luckily the utilization of public and private infrastructure does not have to be an either/or decision.

fig1

Figure 1: The business dynamics of public infrastructure are desirable, but with so much data to manage, it’s hard to figure out how to get there.

Fortunately, you can realize many of the business benefits of the public cloud in your own data centers. Elimination of silos, data that’s globally accessible, and pay-as-you-grow pricing models are all possible on-premises, behind your firewall. The “hybrid cloud” approach is not simply having some apps running in your data center and other apps running in Amazon or Google. Workflows do not have to wholly reside within either private or public infrastructure – a single workflow can take advantage of both. True hybrid cloud is when public and private resources can be utilized whenever it’s best for the application or process.

Here are four key steps to accelerate your journey to the cloud.

Step 1: Go Cloud-Native

Storage is the primary inhibitor preventing movement towards the public cloud and cloud architectures in general. Data is siloed – stuck in separate repositories – and locked down by specific access methods required by specific applications. This makes it impossible, or at least extremely expensive, to effectively manage, protect, share, or analyze data.

“Classic” applications use older protocols to access data, while newer cloud-native applications use unique interfaces. Converting everything to cloud-native format will save much time, money, and headache in the long run. This does not have to be a massive project; you can start small and progress over time to phase out last generation’s technology.

fig2

Figure 2: Start on your journey to the cloud by leveraging cloud-native storage on-premises.

Once you’re cloud-native, not only is your data ready to take advantage of public cloud resources, but you immediately start seeing benefits in your own environment.

Step 2: Go According to Policy

fig3

Figure 3: Use policies to place data where it’s needed, across private and public cloud.

On-premises data on cloud-native storage can be easily replicated to the public cloud in a format all your applications and users can work with. But remember, we’re talking about hundreds of terabytes or more, with each data set having different value and usability.

Data management policies in the form of rules help decide where data should be placed based on the applications and users that need it – parts of your workflow behind your firewall and other parts in the public cloud. For example, you may be working with hundreds of terabytes of video, but would like to take advantage of the massive, on-demand processing resources in Google Cloud Platform for transcoding jobs instead of local hardware. Set a policy in your cloud storage software to replicate that on-prem video to the public cloud, then let Google do all the work, and set a policy that says move the transcoded assets back down when complete for the next step in the flow.

fig4

Don’t worry – the cloud data management software “views” the entire infrastructure as a single pool, universally accessible, regardless of the kind of storage or location.

Step 3: Go Cloud to Cloud

Policies help automate and orchestrate services to your applications based on business requirements (e.g. cost, capacity, performance, and security), according to the different capabilities of your on-premise or cloud resources. This also means data is efficiently discoverable and accessible across multiple clouds – the cloud data management platform considers the differences in services provided by the different clouds and moves or copies data to the right one.

fig5

When data is organized by storage silo or tracked by databases that only a single application has access to, the data can most often only be utilized that single application or a small number of users. Instead start to use metadata as the organizing principle for your data, which is enabled by cloud-native storage. When metadata sits right alongside the data it’s representing, it can be globally indexed and made available to many applications and groups of users.

As an example, data may be generated in a research lab that you manage, but the analysis can occur in Google Cloud platform. Then, the data is synched to Amazon Web Services when the results are ready to be shared to outside researchers and customers.

Step 4: Go Deep

When data placement policies enable a true hybrid cloud workflow, not constrained by physical infrastructure, you can unlock more capabilities. You can start to use metadata – the data about the data – as what we call the organizing principle. Cloud-native data holds its own metadata right alongside it, not in a separate database only its own specific application can read. Your metadata can now be globally indexed and made available to many applications and groups of users. This allows you to perform large-scale analysis projects (etc., some examples needed).

Whether you like it or not, you will be in the cloud in some capacity. Follow these steps to not only make the transition to public infrastructure hassle-free, but to bring many of the business dynamics of cloud – pricing based on consumption, massive scalability, collaboration, etc. – into your datacenter and increase the value of your data.

 

Erik Pounds is head of product marketing at SwiftStack (www.swiftstack.com).

Friday, 04 August 2017 20:30

You WILL go to the cloud

Back in 2004 at the RSA Security Conference, Bill Gates was campaigning for the replacement of the password by two-factor authentication or some other secure mechanism. inar dapibus leo.

In 2012, the Trustwave 2012 Global Security Report indicated that 80% (four out of five) of security incidents were linked to the use of weak administrative passwords. In 2016, the aftermath of the breach of 500 million Yahoo accounts in 2014 was still being felt, as stolen access credentials were used to compromise other accounts for which the Yahoo account holders were using the same passwords and credentials. Why do passwords still exist?

In a word, it’s about convenience – passwords are easy (too easy) to handle and use. Even the more complicated ways of constructing passwords can be made relatively easy to use for the password owner.

...

http://www.opscentre.com/will-take-kill-off-password/

There are so many conversations around cloud, moving to various types of cloud services, and how to leverage the power of hybrid. But, it’s important to note just how much cloud services – and hybrid, in particular, have been growing and where they are impacting your business. A recent WSJ article points out that CIOs are knitting together a new IT architecture that comprises the latest in public cloud services with the best of their own private data centers and partially-shared tech resources. Demand for the so-called hybrid cloud is growing at a compound rate of 27%, far outstripping growth of the overall IT market, according to research firm MarketsandMarkets.

Here’s the big factor to consider: The cloud will be distributed with 60% of IT done off-premises and 85% in multi-cloud by 2018.

So where are you on that journey? And how ready are you for a multi-cloud environment? Most of all, do you fully realize what the biggest benefits of moving into a hybrid architecture are?

...

http://www.datacenterknowledge.com/archives/2017/08/03/are-you-ready-for-a-multi-cloud-future/

Friday, 04 August 2017 15:01

Are You Ready for a Multi-Cloud Future?

The Business Continuity Institute

There is a continued challenge in securing our organizations from malicious attachments, dangerous file types, impersonation attacks, as well as spam, with nearly a quarter emails being delivered to users’ inboxes still being deemed 'unsafe'. This is according to a report published by Mimecast which indicates the need for organizations to enhance their cyber resilience strategies for email with a multi-layered approach that includes a third-party security service provider.

The Email Security Risk Assessment notes that the risks to email remain whether delivered to a cloud-based, on-premises, or to a hybrid email environment. Email remains the top attack vector for delivering security threats such as ransomware, impersonation, and malicious files or URLs. Attackers motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds and in several recent cases, sabotage with data being permanently destroyed.

To date, Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days. More than 45 million emails were inspected, all of which had passed through the incumbent email security system in use by each organization and, of these, almost a quarter (24%) were deemed 'unsafe'. These assessments have uncovered more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments and 9,677 impersonation emails to date.

When the data was sliced by incumbent email security vendor, the report found that even some of the top email cloud players were missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security. Notably these cloud vendors are leaving organizations vulnerable by missing millions of spam emails and thousands of threats and allowing them to be delivered to the users’ email inboxes. Many organizations have a false sense of security believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.

It is findings like these, and the disruptive impact that a cyber security incident can have on an organization, that demonstrate why cyber attacks and data breaches are such major concerns for business continuity and resilience professionals. The Business Continuity Institute's latest Horizon Scan Report identified them as the top two threats to organizations with 88% and 81%, respectively, of respondents to a global survey expressing concern about the prospect of such an event occurring.

“To achieve a comprehensive cyber resilience strategy, organizations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” said Ed Jennings, chief operating officer at Mimecast. “These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.”

10 Considerations for Executives and Directors

When a good reputation is difficult to build and easy as pie to destroy, it’s a business imperative to manage the company’s reputation carefully. Jim DeLoach outlines five critical areas leadership must pay close attention to, and 10 factors total that can be critical in managing reputation risk.

With today’s electronic and social media, the news cycle reporting on the downward spiral of a once-proud organization that has suffered severe reputation impairment is not a pleasant one to watch. Unfortunately, such news events capture our attention all too frequently, leaving an indelible impression about a company’s reputation and brand image.

Applied to a business, “reputation” represents an interpretation or perception of an organization’s trustworthiness or integrity. While the truth ultimately prevails over the long term, reputation can be based on false perceptions in the near term. If accurate over time, reputation provides a barometer of how an organization is likely to respond in a given situation. However one defines reputation, everyone agrees it’s a precious enterprise asset and recognizes a reputation that has been damaged beyond repair.

...

http://www.corporatecomplianceinsights.com/managing-reputation-risk/

Thursday, 03 August 2017 14:47

Managing Reputation Risk

Don’t get us wrong, simply telling somebody how wonderful he or she is unlikely to guarantee business continuity!

However, with the emphasis in business continuity so often laid on technology, tools, and processes, it’s worth pausing for a moment to consider the human aspect. Whereas machines and systems don’t need or respond to recognition of how well they’re doing, the situation is different for people.

Heavily quantified and codified approaches quickly break down when it comes to encouraging staff to make sure that resources are in place to meet business goals without interruption. Here are a few guidelines to help ensure continuity of human endeavour!

Unlike programs and formal processes for systems, flexible guidelines are a better bet for praising people. Indeed, effective employee recognition is more of an art than a science. It’s crucial to understand that praise, when deserved, sincere, and properly expressed, for contributions to business continuity can accomplish two things.

...

http://www.opscentre.com/use-praise-business-continuity/

Thursday, 03 August 2017 14:45

The Use of Praise in Business Continuity

(TNS) - An independent analysis of San Jose’s (Calif.) response to the devastating Coyote Creek flood in February gives the city high marks in how it handled recovery efforts, but says an inadequate initial response indicates the city didn’t learn lessons from a similar flood two decades before.

The report — commissioned by the city and done by emergency management consultant Witt O’Brien — states that while “San Jose overall performed very well,” it “relied too heavily on flood projection data” from the water district and was “unnecessarily caught off guard, placing residents in a potentially dangerous situation.”

But Brad Gair of Witt O’Brien commended the city for taking responsibility for its early shortcomings and rapidly moving into recovery efforts. He praised the city’s assistance programs for “compassion, tenacity and ingenuity,” and for creating internal and external collaborations.

...

http://www.govtech.com/em/disaster/San-Jose-Flood-Response-An-A-in-Aftermath-F-in-Foresight.html

(TNS) - There was a common theme Tuesday morning at the Westport Marina public boat launch. There, the military was displaying the tactics, personnel and equipment to be used if, and when, the “big one” hits:

“Man, I hope we never have to use it, but I sure am glad it’s there if we do.”

An effective disaster relief plan has many moving parts. Personnel and equipment from the Army, Navy, Marines, U.S. Coast Guard and National Guard all come together to form a cohesive team that can provide anything from food, water and medical supplies to heavy construction equipment to clear roads in the aftermath of a disaster.

...

http://www.govtech.com/em/disaster/Preparedness-Cooperation-on-Display-at-Westport-Disaster-Response-Drill.html

Many software companies today talk up the virtues of buying all the components of a primary business software platform from a single vendor. On the surface, this sounds like a reasonable approach. After all, with the entire solution coming from a single vendor one would expect that each component should integrate well with the overall platform and, if there is a problem, IT has that “one throat to choke.”

In some situations, buying the entire solution from a single vendor probably does make sense: If IT is looking for software to meet a relatively straightforward need, such as video conferencing or file sharing, an out-of-the-box, single vendor solution is typically a smart choice.

But if the organization is dealing with a complex problem – like running a real estate business or managing a global supply chain – there is no single silver bullet. Each organization needs a solution that meets its unique needs and, to achieve that, they need a platform that can incorporate innovation no matter who is producing it. In today’s fast-paced business environment, innovation gives organizations a serious competitive advantage and an open system is the only way to fully take advantage of it.

...

http://www.datacenterknowledge.com/archives/2017/08/02/rise-open-software-platform/

Thursday, 03 August 2017 14:43

The Rise of the Open Software Platform

According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.

“We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it,” said Haystax CEO, Bryan Ware. “Existing tools aren’t smart enough, or don’t have the context needed to identify malicious insiders. What’s needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers.”

Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders.

...

https://www.helpnetsecurity.com/2017/08/02/malicious-insiders-threat-vector/

The Business Continuity Institute

40% of organizations say they are not able to measure incident response, and even Verizon was notably slow in responding to a potential data breach last month, according to a new study by Demisto.

The State of Incident Response 2017 is a study of how incident response teams investigate potential cyber attacks, and the results were not particularly encouraging. IT departments face a high volume of incidents – 350 per week on average – and one of the underlying factors for the lack of preparedness for these incidents is staffing. Approximately four in 10 (40%) respondents say they have more incidents than their staff can handle.

The vast majority of respondents (90%) say they struggle to find skilled security staff. Moreover, it takes an average of nine months to properly train new hires. All of that combines with a significant turnover of staff as one-third of security staff will leave within three years.

“One goal for this unique study was to gain better insights into how to address future threats by determining today’s major pain points for organizations,” said Rishi Bhargava, Demisto vice president of marketing “Incident response must continue to evolve to meet current and emerging threats. The key to effective incident response is having the right combination of people, technology and processes. However, this study revealed that many organizations are far from having this right combination.”

The study found that most companies do incident response in-house - 41% is fully in-house, while 42% is in-house with the help of consultants. Only one in 100 (1%) companies fully outsourced their security operations, while 15% partially outsourced.

Dallas Area Rapid Transit (DART) & STORServer

 

PROFILE 

Organization: Dallas Area Rapid Transit 

Industry: Regional transit agency 

Location: Dallas, Texas, USA 

Size: Serves more than 220,000 passengers per day

 

Needs

  • Upgrade older data backup appliance and software
  • Platform stability and system supportability
  • Turnkey solution that includes installation, implementation, training and maintenance support
  • Seamless integration with existing data backup configuration for its radio and CAD/AVL bus dispatch system 

 

Solutions:

STORServer EBA852 enterprise backup appliance with Storwize® V3700 20TB Disk Storage IBM TS3100 tape library

 

Dallas Area Rapid Transit (DART) was ready to refresh its existing data backup appliance and software to take advantage of the newest IBM Spectrum Protect™ features and STORServer’s turnkey solution. 

Since the initial implementation STORServer completed for the regional transit agency in 2010, the features of the IBM Spectrum Protect, formerly IBM® Tivoli® Storage Manager (TSM), software have been greatly enhanced, including the change of the underlying software database to DB2®. The availability of this robust DB2 database, as well as IBM Spectrum Protect’s new deduplication feature designed to reduce backup storage requirements, prompted DART to upgrade its existing data storage configuration. 

It was imperative to select the right partner for its data backup needs, as DART relies heavily on the data collected and reported by its radio and CAD/AVL bus dispatch system. The data tracks important metrics like on-time performance, which is analyzed and used in planning for scheduling, route assignments, vehicle assignments and to make other critical decisions.

“Knowing our main priority was to ensure platform stability and system supportability, STORServer carefully considered our current needs while also recommending scalable solutions that will allow us to easily accommodate potential future needs as our data backup requirements change over time,” said David Bauchert, senior control systems programmer, Dallas Area Rapid Transit.

Because the existing configuration STORServer installed and implemented had worked seamlessly with the agency’s data backup needs for this dispatch system, DART’s IT team trusted STORServer’s recommendations for this upgrade. 

 

The Solution

STORServer helped DART implement a new backup appliance and transition an existing tape library to serve as the disaster recovery target for its backup data:

 

  • Primary BackupSTORServer EBA852 – This enterprise backup appliance with SSDs enabled the agency to take advantage of new features, like deduplication, now available in IBM Spectrum Protect. The IBM Spectrum Protect database is now housed on SSDs in the appliance with faster processing power. In this configuration, 20TB of Storwize® V3700 disk storage was included. The primary backup data is kept on disk for quick restore and to take advantage of Spectrum Protect’s deduplication feature, which reduces backup storage requirements. This configuration also includes IBM Spectrum Protect Suite licensing, which offers simplified pricing and licensing with a tiered per-terabyte metric. This licensing enables the agency to have access to a suite of backup software products, including database and mail agents, along with IBM Spectrum Protect™ for Virtual Environments, should the agency need to enable that in the future.
  • Disaster Recovery:  IBM TS3100 Tape Library – This entry-level tape library, which was previously installed by STORServer in 2010, is now used for disaster recovery copy purposes. Reusing this existing library provided flexibility and reduced the costs associated with the appliance server refresh. As part of the agency’s disaster recovery plan, the tapes are taken offsite every day. Incremental backups also take place daily. The appliance server and configuration recommended by STORServer allows DART to plan for future data growth, as additional external storage can be added as needed to the appliance server. With the newest Spectrum Protect and STORServer Console (SSC) versions included as part of this upgrade, DART can now manage and move its data more efficiently. Highly scalable to future-proof the agency’s needs, Spectrum Protect also reduces backup and recovery infrastructure costs. SSC is designed to let administrators configure and manage their Spectrum Protect environment with a single, intuitive user interface. It also helps users save time, reducing daily administration tasks to less than 30 minutes per day. 

 

The Results 

  • Fifty-nine percent data deduplication savings for a deduplication ratio of 3:1 
  • Even as DART experienced 40 percent data growth since the implementation, the deduplication capabilities enabled them to use 38 percent less storage. 
  • Reduced overall costs for data protection by removing redundant data 
  • Data is now moved more efficiently, allowing for best implementation of data protection business practices. 
  • Automated delivery of daily reports allows for easy review and confirmation that backups have completed successfully. These reports can be individually tailored and distributed to multiple levels within the organization.

 

“It’s been incredibly advantageous for us, both from a cost and time perspective, to have access to IBM Spectrum Protect’s deduplication capabilities. We’ve experienced substantial savings in storage since then. Previously, we were running at 100 percent of our disk capacity, and now we are only using 26 percent of it,” added Bauchert.

 

ABOUT STORSERVER 

STORServer is a leading provider of data protection solutions and offers the only enterprise data backup appliance that is built to order. Each backup appliance solution is tailored to the customer’s unique environment to simplify management of complex backup, archive and disaster recovery needs. STORServer’s appliances feature enterprise class data backup, archive and disaster recovery software, hardware, services and U.S.-based customer support. STORServer is proud to now offer SoftLayer® containers and DRaaS in SoftLayer virtual machines. Companies of all sizes trust in STORServer’s proven appliances to solve their most complex data protection problems. For more information on STORServer, please visit storserver.com.

storserver.com (800) 550-5121 Copyright 2017 STORServer, Inc.

IBM, IBM Spectrum Protect, DB2, Storwize, IBM Spectrum Protect Suite, IBM Spectrum Protect for Virtual Environments are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. SoftLayer is a registered trademark of SoftLayer, Inc., an IBM Company.

If you’re new to disaster recovery or risk mitigation, you might be overwhelmed with business continuity terminology. To start, what is business continuity? If you’re not sure, don’t worry. We’re going to cover the definition of business continuity, what business continuity planning is, what’s included in a business continuity management program, how to manage a continuity plan, and the four-step business continuity process.

If you are still reading this, then business continuity or risk management is a topic of thought or concern for you. Perhaps a recent audit has revealed that your organization may be vulnerable during a crisis or emergency event. No matter the reason, having some type of business continuity planning in place is appropriate for all organizations regardless of revenue, size or industry. The planning and level of effort may vary depending on your needs, but you should make every effort to have something in place. So, what is business continuity and where do you start?

...

https://www.mha-it.com/2017/08/what-is-business-continuity/

Getting the most out of ISO 26000, the world’s first and most widely used International Standard for social responsibility, is the aim of a new guidance document just published.

In its seven years of existence, ISO 26000 has become one of the key references for implementing social responsibility practices in any organization. It has been adopted nationally in 80 countries across more than 20 languages and was one of the sets of guidelines upon which the European Commission built its corporate social responsibility (CSR) strategy.

Now, a newly published International Workshop Agreement – IWA 26, Using ISO 26000 guidance on social responsibility in management systems – helps organizations reap even greater benefits from the standard using the management systems standard (MSS) approach.

With ISO 26000 being developed before the introduction of ISO’s “high-level structure” for MSSs, designed to bring consistency among all management systems within an organization, this IWA will help users of management systems standards more effectively integrate social responsibility into their business.

...

https://www.iso.org/news/ref2198.html

The new European General Data Protection Regulation goes into effect next May and applies to any company, anywhere in the world, that collects sensitive data about European customers or employees. GDPR also comes with onerous breach notification requirements and high penalties for failing to comply, and data center operators may become prime targets for regulators’ enforcement efforts once the new rules kick in.

“Data center providers are an important piece in the GDPR compliance chain as they have ownership of the physical assets where information is stored,” said Jose Casinha, CISO at OutSystems, an enterprise software company based in Atlanta, Georgia.

“The data center is ‘where the rubber meets the road’ for many aspects of GDPR,” said Ken Krupa, enterprise CTO at MarkLogic Corp.

Often, it’s only the people who manage the infrastructure who really understand where all the copies of the data are, he said, especially when things like high availability, disaster recovery, and backups are taken into account.

...

http://www.datacenterknowledge.com/archives/2017/08/01/what-europes-gdpr-means-for-data-center-operators/

The Business Continuity Institute

The UK lags behind many other major economies in the adoption of collaborative working technology, which could impact business productivity, according to a global study conducted by Polycom. Collaborative technologies include video and teleconferencing, instant messaging and file sharing tools.

The study found that 46% of UK workers use collaborative tools daily. This is far lower than many leading economies, including Russia (61%), Australia (55%), Singapore (54%), United States (53%), Canada (51%) and France (49%).

Emerging economies Brazil (82%) and India (72%) lead collaborative technology adoption, while a culture of presenteeism in Japan limits the ability to work remotely there.

The UK government enabled flexible working for all in June 2014. Despite the UK trailing in adoption of collaborative technology, there is clearly a demand for the ability to work remotely and business people well understand the benefits of such a culture.

Nearly two-thirds (64%) of the UK now works remotely at some point, Polycom finds, with 38% of people using email 'considerably less' in favour of the phone or instant messaging. Those aged 30-44 are most likely to ditch email, possibly because it is the format they have used most during their career and know how much time email can take to manage effectively.

"Embracing collaborative working technology and flexible working practices can benefit organizations from a business continuity and resilience perspective," said David Thorp, Executive Director of the Business Continuity Institute. "By having processes in place that allow people to work flexibly during 'business as usual', it makes it far easier to enable them to work flexibly during an emergency."

“In the UK, many organizations maintain a legacy ‘nine-to-five’ culture while others are going through a process of digital transformation, so may be exploring the viability of remote working for their workforce,” says Jeremy Keefe, UK&I and Benelux Area Sales Vice President, at Polycom. “To enable staff to work effectively from home, organisations need to equip staff with the technology that connects them with colleagues, generate working from home policies and update them as culture and technology evolves, and provide guidelines to staff.”

The Business Continuity Institute

More than a third (35%) of SMEs in the UK are increasingly concerned about their ability to gain funding in the run up to Brexit, a study by Hiscox has revealed. Recent economic and political uncertainty has adversely affected business confidence, and caused concern for the future as the UK’s withdrawal from the EU becomes nearer. This concern should come as no surprise, as 38% of the 500 businesses surveyed admitted to accessing EU funding.

Despite many funding options being made available to new businesses, 36% of business owners said a lack of choice was the most common single challenge they faced when looking for funding. Moreover, 28% of businesses cited a lack of eligibility as the reason holding them back from obtaining finance, and a further 25% said market competition was their key challenge.

Surprisingly, what emerged from the survey was that one in five businesses (20%) are still unaware of the variety of funding options available to them. Despite the arrival of new finance options for start-ups like crowdfunding and peer-to-peer loans, most small businesses still turn to banks. Three-quarters of businesses surveyed used bank loans for funding over the last five years. Other popular funding choices were EU funding and equity funding (both received by 38% of businesses over the last five years).

Almost a third (31%) of businesses surveyed said economic uncertainty had been the biggest factor impacting their growth in the last five years. In fact, 18% more businesses found economic uncertainty affected their growth than competition within their own industry (13%).

Steve McGerr, Head of Direct Commercial at Hiscox, commented: "With a Scottish independence referendum, election uncertainty and a vote on EU membership, it’s been a turbulent few years for the British economy. In light of this, it’s perhaps unsurprising that the unpredictability of Britain’s economic health has been a key issue for businesses."

Another cause of concern for the UK's businesses is the availability of skilled workers, with 10% of businesses facing obstructions to their growth due to a lack of skilled personnel. With the Institute for Public Policy Research finding that employers in Britain are currently spending over £6 billion less on training per year than the EU average, and the prospect of visa complications for foreign workers following Brexit, the growing skills’ gap could further hinder business growth in the UK.

LITTLE ROCK, Ark. — Many Arkansans lost important items in the severe storms between April 26 and May 19, including documents the Arkansas Department of Emergency Management and FEMA need to process disaster assistance applications.

If papers are gone – such as birth certificates, Social Security cards, driver’s licenses, tax records, insurance policies, etc.— many can be replaced by contacting sources of information, such as vital records offices, Social Security agencies, insurance offices and other organizations or agencies.

Disaster survivors need to provide proof of citizenship, proof of property ownership or rental occupancy, Social Security numbers and other personal information when registering for disaster assistance. But documentation can be submitted after applying for assistance. The deadline to register is only two weeks off—Aug. 14. Below are some sources to replace lost documents

  • Proof of address/residency: Contact your local utility company to obtain a recent bill.
  • Birth certificates: In Arkansas, contact the Arkansas Department of Health Vital Records. Go to healthy.Arkansas.gov for information, or call 501-661-2336 or 800-637-9314. The office has a high volume of requests; expect delays.
  • Copies of insurance policies: Contact your insurance agent or the insurance company.
  • State income tax records and replacement driver’s licenses or vehicle titles: Visit any state revenue office (Arkansas Department of Finance and Administration). Visit dfa.arkansas.gov online for downloadable numbers of each agency. Numbers vary by county.
  • Social Security cards: Call the U.S. Social Security office at 800-772-1213, Monday through Friday, 7 a.m. to 7 p.m. EDT. For TTY users the number is 800-325-0778, or log onto ssa.gov/ssnumber for more information.
  • Medicare cards: Phone: 800-772-1213 or go to ssa.gov
  • Federal tax records: Call the Internal Revenue Service at 800-829-1040, Monday through Friday, 7 a.m. to 10 p.m. EDT, or log onto irs.gov.
  • SNAP Card (Food Stamps): Arkansas Department of Human Services, 501-682-1001 or http://humanservices.arkansas.gov/Pages/default.aspx
  • Military Records: National Archives, 866-272-6272, Option 1, or archives.gov
  • National Archives Records: 866-272-6272, archives.gov/preservation/records-emergency/public.html
  • Green Card replacement: Phone: 800-375-5283 or go to uscis.gov/ Click on “green card” at left on the home page
  • Real Estate and property records (mortgage documents, deeds, etc.): Contact a real estate agent, escrow agent or your mortgage company.
  • Medical and prescription records: Medical and prescription records are tracked electronically; contact your doctor or clinic.
  • Saving family records: The National Archives (archives.gov) has detailed technical information on how to salvage flood-damaged records and other information of interest to disaster survivors.

To register with FEMA:

  • Call the FEMA Helpline at 800-621-3362. Multilingual operators are available. Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call
    800-462-7585. If you use 711 or VRS (Video Relay Service), call 800-621-3362. The toll-free numbers are open daily from 7 a.m. to 10 p.m.
  • Go online to DisasterAssistance.gov (also in Spanish)
  • Download the FEMA mobile app (available in Spanish) at Google Play or the Apple App Store.
  • Help is available in most languages, and information on the registration process is available in ASL at fema.gov/media-library/assets/videos/111546.

There are three ways to apply to SBA after you register with FEMA:

  • Call SBA at 800-659-2955. Individuals who are deaf or hard of hearing may call
    800 877-8339.
  • Apply online using the Electronic Loan Application via SBA’s secure website at: https://disasterloan.sba.gov/ela.
  • Apply by mail: Complete a paper application and mail it to SBA at
    14925 Kingsport Road, Ft. Worth TX 76155-2243.

For updates on the Arkansas response and recovery, follow the Arkansas Department of Emergency Management (@AR_Emergencies) on Twitter and Facebook and adem.arkansas.gov. Additional information is available at fema.gov/disaster/4318.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) - Gov. Rick Scott declared a state of emergency for 31 Florida counties including Broward, Palm Beach and Miami-Dade as Tropical Storm Emily made landfall on Florida’s Gulf Coast on Monday morning.

The storm, which formed suddenly on Monday morning just off Tampa, wasn’t expected to directly affect South Florida but forecasters said it could dump several inches of rain.

The state of emergency was in effect for 31 counties including Pinellas, Hillsborough, Manatee, Sarasota, Charlotte and Lee. The declaration “gives the state the flexibility to work with local governments to ensure that they have the resources they may need,” said a statement from Scott’s office.

...

http://www.govtech.com/em/disaster/Tropical-Storm-Emily-Triggers-State-of-Emergency-for-31-Florida-Counties.html

The Business Continuity Institute

IT security professionals predict that DDoS attacks will get larger and more significant in the year ahead, and are already preparing for attacks that could disrupt the UK’s Brexit negotiations and cause outages worldwide, according to new research from Corero Network Security.

More than half (57%) of respondents to their survey believe that the UK’s Brexit negotiations will be affected by DDoS attacks, with hackers using DDoS to disrupt the negotiations, or using DDoS attacks as a camouflage technique while they seek to steal confidential documents or data.

Many in the industry expect to see a significant escalation of DDoS attacks during the year ahead, with some (38%) predicting that there could even be worldwide internet outages during 2017. But reassuringly, the vast majority of security teams (70%) are already taking steps to stay ahead of these threats, such as putting business continuity measures in place to allow their organizations to continue operating in the event of worldwide attacks.

Despite continued discussions about nation state attackers, security professionals believe that criminal extortionists are the most likely group to inflict a DDoS attack against their organisations, with 38% expecting attacks to be financially motivated. By contrast, just 11% believe that hostile nations would be behind a DDoS attack against their organisation.

This financial motivation explains why almost half of those surveyed (46%) expect to be targeted by a DDoS-related ransom demand over the next 12 months. Worryingly, 62% believe it is likely or possible that their leadership team would pay.

“Despite continued advice that victims should not pay a ransom, a worrying number of security professionals seem to believe that their leadership teams would still consider making a payment in the event of an attack,” said Ashley Stephenson, CEO of Corero Network Security. "Corporations need to be proactive and invest in their cyber security defences against DDoS and ransomware to protect themselves against such extortion.”

While high-bandwidth DDoS attacks continue to dominate the headlines, security professionals are also worried about the smaller, low-volume DDoS attacks of less than 30 minutes in duration. These ‘Trojan Horse’ DDoS attacks typically go un-mitigated by most legacy DDoS mitigation solutions but are frequently used by hackers as a distraction mechanism for additional attacks.

According to the survey results, less than a third (30%) of IT security teams have enough visibility into their networks to mitigate attacks of less than 30 minutes. A much larger volume of respondents (63%) are also worried about the hidden effects of these attacks on their networks, such as undetected data theft – particularly with the GDPR deadline fast-approaching, where organizations could be fined up to 4% of global turnover in the event of a data breach.

With websites being of such vital importance to many organizations, losing that website, even for a short period of time, can be severely damaging and could result in lost business. It is perhaps no surprise that business continuity professionals consider cyber attack to be their number one concern according to the latest Horizon Scan Report published by the Business Continuity Institute.

A Compliance Officer’s Role in Mitigating This Risk

Mobile computing presents a unique set of challenges to compliance officers. Our devices are truly omnichannel and not just dedicated to one aspect of our lives.  No organization can be fully compliant with data protection regulations when its staff carry personal devices with sensitive information on them; many of these devices are likely to be stolen or compromised at some point.

Mobile computing presents unique challenges to compliance officers in banking – challenges that may not be fully understood, in part because of the high number of factors involved and their potential for complex interaction.  Factors including multiple devices being used for both work and personal reasons; mixed use of corporate, private and public networks; and known vulnerabilities in mobile software and hardware.  A full list of all potential risks would be the product of all possible interactions of the factors.  Compliance officers have a big role to play in considering and dealing with the human, process and technological aspects of these risks and their mitigations.

People increasingly expect to be using their own devices for work – from connecting to corporate networks, systems and services via VPNs from home desktops and laptops to loading work email accounts onto personal smartphones to accessing other forms of work collaboration such as instant messaging, VOIP, portals, blogs, wikis, groupware, etc. from multiple devices, including tablets and wearables. The boundaries between work and personal are not just blurred, nor have they evaporated; instead, they are irrelevant.

...

http://www.corporatecomplianceinsights.com/many-compliance-challenges-mobile-computing/

Even as the fight against malware escalates, viruses, worms, Trojans, rootkits and ransomware lurk as threats every time we boot up or login.

For most small-business users, anti-malware software lives locally on each computer itself or as a suite on a local area network. A database of known malware definitions is a critical part of that software. That database resides with the software and needs to be updated to provide optimal protection.

To make computer- and network-based anti-malware protection operate effectively, solution providers need to:

...

http://mspmentor.net/blog/four-reasons-why-cloud-security-boosts-anti-malware-peace-mind

The Business Continuity Institute

UK SMEs are under prepared to respond to a crisis scenario, despite their awareness that security threats are rising and 44% expecting to face some form of attack in the near future. This is the key finding of research commissioned by Arthur J. Gallagher that focused on evaluating business resilience.

Understanding security risks: how SMEs can build a culture of resilience revealed that 43% of respondents admitted to having no contingency plans for a crisis or not knowing what those plans were. Furthermore, only 30% have insurance in place that would respond to a security crisis - such as terrorism, cyber extortion, sabotage, product tamper or emergency repatriation - with a further 40% not knowing if they have insurance cover or not.

The research also highlighted a very clear gap in perception between the threats SMEs face and their level of preparedness. More than two thirds (68%) of SMEs questioned believe they are resilient and well-equipped to deal with a security crisis despite their planning and insurance protection levels showing otherwise.

There is, however, a widespread understanding that threat levels are growing, with one in five (19%) UK SMEs having faced an external security threat in the past two years while more than double that number (44%) believes they could face a threat in the coming 12 to 18 months. More than a quarter (27%) of those asked said they specifically expect to suffer cyber extortion in the near future.

When comparing responses between SME leaders and those of larger organizations, the research clearly showed that many SMEs feel they are too small to be targeted, with only 17% having tried to assess their exposure. But the nature and effect of today’s low frequency high impact security threats - such as terrorism and cyber extortion - is often non-targeted. Large security cordons, for example, prevent access to premises, while mass ransomware attacks mean smaller firms are often more vulnerable than large organizations.

Small businesses are not exempt from the disruptions that all organizations face, and the latest Horizon Scan Report published by the Business Continuity Institute highlights that organizations of all sizes generally share the same concerns.

Paul Bassett, Managing Director of Gallagher’s Crisis Management practice, said: “It is vital for SMEs to build a culture of crisis resilience. Their growing awareness of an overall increase in security threats needs to be matched by actions that will help them mitigate and manage their own vulnerability to those risks. Our research shows education is key; clearly, there is a disconnect between the current level of planning by SMEs and how resilient they believe themselves to be, creating a false sense of security.

“Many evidently feel they are too small to be targeted but today’s fast-evolving security threats are often not targeted at any particular company or industry. Exposure to the risk of non-damage business interruption - where no physical loss has been suffered but you aren’t able to trade - is a particular area of concern. That could be experienced because of proximity to a terrorist incident or an indiscriminate cyber extortion attack, for example.”

The Business Continuity Institute

Organizations across the globe mistakenly believe they are in compliance with the upcoming General Data Protection Regulation (GDPR), according to a study by Veritas.

The 2017 GDPR Report revealed that almost one-third (31%) of respondents said that their enterprise already conforms to the legislation’s key requirements. However, when those same respondents were asked about specific GDPR provisions, most provided answers that show they are unlikely to be in compliance. In fact, upon closer inspection, only 2% actually appear to be in compliance, revealing a distinct misunderstanding over regulation readiness.

The findings of the report show that almost half (48%) of organizations who stated they are compliant do not have full visibility over personal data loss incidents. Moreover, 61% of the same group admitted that it is difficult for their organization to identify and report a personal data breach within 72 hours of awareness – a mandatory GDPR requirement where there is a risk to data subjects. Any organization that is unable to report the loss or theft of personal data – such as medical records, email addresses and passwords – to the supervisory body within this timeframe is breaking with this key requirement.

Restricting former employee access to corporate data and deleting their systems credentials helps to stem malicious activity and ensure that financial loss and reputational damage are avoided. Yet, a staggering 50% of so-called compliant organizations said that former employees are still able to access internal data. These findings highlight that even the most confident organizations struggle to control former employee access and are potentially susceptible to attacks.

Under the GDPR, EU residents will have the right to request the removal of their personal data from an organization’s databases. However, Veritas’ research shows many organizations that stated they already are in compliance will not be able to search, find and erase personal data if the 'right to be forgotten' principle is exercised.

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

Of the organizations that believe they are GDPR-ready, one-fifth (18%) admitted that personal data cannot be purged or modified. A further 13% conceded that they do not have the capability to search and analyze personal data to uncover explicit and implicit references to an individual. They are also unable to accurately visualize where their data is stored, because their data sources and repositories are not clearly defined.

These shortcomings would render a company non-compliant under the GDPR. Organizations must ensure that personal data is only used for the reasons it was collected and is deleted when it’s no longer needed.

Veritas’ research also found that there is a common misunderstanding among organizations regarding the responsibility of data held in cloud environments. Almost half (49%) of the companies that believe they comply with the GDPR consider it the sole responsibility of the cloud service provider (CSP) to ensure data compliance in the cloud. In fact, the responsibility still lies with the organization, as the data controller, to ensure that the data processor (the CSP) provides sufficient GDPR guarantees. This perceived false sense of protection could lead to serious repercussions once the GDPR is enacted.

“The GDPR dictates that multi-national corporations take data management seriously. However, the latest findings show confusion over what’s needed to comply with the regulation’s mandatory provisions. With the implementation date looming ever closer, these misconceptions need to be eradicated fast,” said Mike Palmer, executive vice president and chief product officer, Veritas.

“With regulations like the GDPR you have to understand what data you have in your organization. But you must also know how to take action on it and how to classify it so that policy can be applied accordingly. These are the fundamentals of compliance and the findings today should be used to educate businesses about the mistaken beliefs that could put an organization out of business.”

Vigilant Assessment and Comprehensive Security Also Needed

According to Cybersecurity Ventures, the worldwide cost of cybercrime will grow from $3 trillion in 2015 to $6 trillion by 2021. This includes damage and destruction of data, stolen money, lost property, intellectual property theft and other areas. In an era where the likelihood of cyberattack is high, turning a blind eye can have disastrous consequences. Cyber insurance can soften the financial blows, but it works best in conjunction with an enterprise-wide culture of security, a comprehensive risk management program, and a carefully maintained security stance.

Public agencies and organizations around the world are making cyber risk their top priority. Insuring companies against data breaches is becoming a massive industry even as its promising role and impact in security operations continues to unfold. North American policyholders dominate the market, but Europe and Asia are expected to grow rapidly over the next five years due to new laws (e.g., EU data privacy regulations) and significant increases in targeted attacks, such as ransomware. Various experts predict the $3 billion global cyber insurance market will grow two-, three- or even four-fold by 2020.

...

http://www.corporatecomplianceinsights.com/cyber-insurance-critical-protecting-cybercrime/

Talk about the long arm of the law! The European Union’s General Data Protection Regulation, or EU GDPR for short, aims to protect the privacy of the personal data of European citizens, wherever that data is processed, or wherever the organisation collecting or processing the data is based.

So, for example, if your Sydney or Melbourne based ecommerce enterprise sells online to consumers resident in any of the European member states (there are 28 of them), you must respect the EU GDPR too. If you do not, the consequences could be serious.

The General Data Protection Regulation shows how thinking about data and security has evolved in the digital age. Geographical boundaries have been supplemented by digital boundaries. Personal data is a new virtual domain that straddles physical country borders and that carries with it its own rules of conduct.

...

http://www.opscentre.com/even-australia-europes-new-data-regulation-affect-business/

(TNS) - On a typical day, students and teachers fill the halls of Shirley C. Heim Middle School in Stafford County. But on Wednesday morning, hordes of residents playing the role of survivors of an EF3 tornado strike filed off a bus and crowded into the school, which served as an emergency shelter for the day.

Volunteers greeted the survivors at the entrance, directed them to sign in and fielded numerous questions, including where to take those with life-threatening injuries and whether dogs could be taken into the shelter.

The events at the school were part of a countywide full-scale mass-care exercise involving more than 200 participants and multiple local and state agencies. County participants included the school system and departments including Human Services, Social Services, Fire and Rescue, Community Emergency Response Team, Stafford Emergency Management Communications, Sheriff’s Office, Animal Control, and Parks, Recreation and Community Facilities.

...

http://www.govtech.com/em/disaster/Mass-Care-Exercise-Tests-Staffords-Disaster-Readiness.html

The Business Continuity Institute

While the majority of organizations in Singapore believe that cyber security is important and seek guidance from IT security experts, almost all (91%) of them are still at the early stages of security preparedness, according to a survey conducted by Quann and IDC. The survey identified significant gaps in security device deployment, cyber awareness, resources and preparedness for attacks, making these organizations vulnerable to cyber attacks.

Mr. Foo Siang-tse, Managing Director at Quann, said: “The findings are worrying but they don’t come as a surprise. Many companies are simply not investing enough in IT security, despite the obvious threats. The lack of investment in security infrastructure, professional services and employee training makes them extremely vulnerable. The recent WannaCry and Petya ransomware incidents are just the tip of the iceberg. Companies need to recognise that having a comprehensive security plan, comprising detection systems, robust processes and equipped individuals are critical in enabling them to detect threats early and mitigate their impact.”

The Quann IT Security End User Study 2017 found that, while basic IT security features such as firewalls and antivirus are widely deployed by Singapore organizations, more than half (56%) of them do not have Security Intelligence and Event Management Systems to correlate and raise alerts for any anomalies in a timely manner. 54% do not have a Security Operations Centre (SOC) or a dedicated team to proactively monitor, analyse and respond to cyber security incidents that are flagged by the systems. The lack of proper monitoring systems and processes means that anomalies picked up by security devices could go unattended and malware may reside and cause damage within corporate networks for long periods.

The survey also found that 40% of Singaporean respondents either do not have incident response plans to protect their organization’s networks and critical data in the event of a cyber attack. Only one-third (33%) of them exercise their incident response plans.

Cyber criminals usually target non-IT employees who are seen as the weakest link in cyber security. However, only 33% of the Singapore organizations require all employees from the CEO down to take part in IT security awareness training.

Many organizations (75%) do not have a dedicated IT security budget and planning process. Most respondents said that they have a security lead but they are not a dedicated resource and have other responsibilities at the same time. They also do not have round-the-clock security support, with 32% having security support only during work hours, and 25% only during the work week.

Cyber security is also a major concern for business continuity professionals, with cyber attacks and data breaches featuring as the top two threats yet again in the Business Continuity institute's latest Horizon Scan Report. 88% and 81%, respectively, of respondents to a global survey expressed concern about the potential for a disruption caused by one of these events.

With cyber attacks evolving at an unprecedented speed, there is a need for organizations to invest in security resources, increase the frequency and expand the reach of IT security training to keep pace with the cyber threats.

The survey also reveals a low level of engagement from senior leadership in formulating IT security strategies. The majority (91%) of respondents consult security executives, but only 16% of them will invite the executives to Board meetings and involve them in risk assessment.

Mr. Simon Piff, Vice President of IDC Asia/Pacific’s IT Security Practice, said: “Not all C-Suites in Asia are fully conversant with the fundamentals of a robust cyber security strategy and the appropriate investments. Cyber security investments are akin to military spending – we do it in the hope that we would never have to use the tools. They need to understand that this is not a business ROI with immediate, visible returns. However, the consequences of not taking a proactive approach now could lead to legal disputes, customer dissatisfaction, and even loss of jobs and careers at all levels in the organization.”

The Business Continuity Institute

The NotPetya ransomware attack which struck a month ago, on the very day the Business Continuity Institute launched its Cyber Resilience Report, is still affecting many organizations, with the Federation of Small Businesses (FSB) reporting that it has serious concerns over the continuing impact on TNT's small business customers. The attack has been debilitating for some small firms who remain in the dark over when and if they can expect their goods to be delivered.

The share price of TNT's parent company - FedEx - fell last week when it announced that it expects a "material" financial impact as a result of the NotPetya cyber attack. FedEx said in a statement that “we cannot yet estimate how long it will take to restore the systems that were impacted, and it is reasonably possible that TNT will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted by the virus.”

The Guardian Newspaper highlighted the case of Peter Blohm, an antique dealer from Aberystwyth, who was one of those caught up the TNT chaos, and has been trying to find out what happened to a consignment of art that left Switzerland on the 11th July and was due to be delivered soon after.

Peter told the Guardian that “TNT tell me they have had no computer systems since the end of June and there is no estimate for when their systems will be fixed. This means there are many thousands of parcels which have, like mine, been waiting for weeks to be processed by hand with pen and paper. The staff sound harassed, but cannot estimate when my parcel will be delivered, because they simply do not know.”

Mike Cherry, FSB National Chairman, said: “There are small businesses in a total state of paralysis, a month on from the attack, because their business relies on transporting goods through TNT. For a small business, this kind of disruption can be crippling and threaten their survival. Small business customers need accurate, clear and frequent updates from TNT to help them with their own contingency planning and a commitment to provide redress to those small businesses who have lost out.

“This is a stark reminder of the danger posed by cyber crime and how it can strike down smaller businesses indirectly, having a much wider impact on the economy. It serves as a major wake up call on the need to tackle and prevent the growing threat of cyber crime right across the business community."

AlertMedia, the fastest-growing emergency notification system provider in the world, is pleased to announce that it has been named one of the Best Places to Work in the 2017 Small Business category by the Austin Business Journal.

The honorary award recognizes companies in four categories according to size. The awards are based on confidential feedback from employees and measure the following dimensions: communication and resources, individual needs, manager effectiveness, personal engagement, team dynamics, and trust in leadership. AlertMedia was ranked the 5th best workplace within its category.

...

https://www.alertmedia.com/alertmedia-named-one-of-2017s-best-places-to-work-by-austin-business-journal/

For twelve years, Avalution has been laser focused on business continuity.  We’ve become the leading provider of business continuity software and consulting in the US.  We work with 10% of the Fortune 100, including the largest organization in 7 different industries.

We’ve become well known for delivering business continuity services that are connected to the strategy of the business, pragmatic, and reliably delivered.

Today, we are expanding into Information Security Management. 

...

http://perspectives.avalution.com/2017/introducing-our-information-security-practice/

A Primer on the New Global Privacy Law

For most organizations, the next year will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations. The GDPR has the potential to serve as a healthy, scalable, exportable regime that could become an international benchmark, but because of the effort required to report data breaches, it is absolutely essential that organizations prepare in advance.

The General Data Protection Regulation (GDPR) officially goes into effect in May of 2018 and will have an international reach, affecting any organization that handles the personal data of European Union (EU) residents, regardless of where it is processed. The GDPR adds another layer of complexity – not to mention potential cost and associated resources – to the issue of critical information asset management that so many organizations are struggling to come to terms with.

At the Information Security Forum (ISF), we consider this to be the biggest shake-up of global privacy law in decades, as it redefines the scope of EU data protection legislation, forcing organizations worldwide to comply with its requirements. This most certainly includes U.S.-based organizations. The GDPR aims to establish the same data protection levels for all EU residents and will have a solid focus on how organizations handle personal data. Businesses face several challenges in preparing for the reform, including an absence of awareness among major inner stakeholders. The benefits of the GDPR will create several compliance requirements, from which few organizations will completely escape.

However, organizations will benefit from the uniformity introduced by the reform and will evade having to circumnavigate the current array of often-contradictory national data protection laws. There will also be worldwide benefits as countries in other regions are dedicating more attention to the defense of mission-critical assets. The GDPR has the potential to serve as a healthy, scalable and exportable regime that could become an international benchmark.

...

http://www.corporatecomplianceinsights.com/gdpr-means-organization/

Thursday, 27 July 2017 14:29

What the GDPR Means for Your Organization

In the last ten years, the workplace has transitioned from stationary to mobile. As technology has advanced it’s changed the way we work, where we work, and when we work. In fact, this report by Global Workplace Analytics discovered that employees are not at their desks as much as 50-60% of the time. Many employees change locations multiple times a day, and others frequently travel or do offsite work. With the rise of staff on the go, there is an increase in external risks in addition to those that occur in the office. So how do you keep your people safe? You need a system that can adapt to people’s changing location and the changing landscape around us.

Having access to your employees’ location data can improve your ability to respond to disaster in many ways.  Location improves your emergency plan by allowing the message to get to the right people in the affected area. A robust emergency notification system should quickly find the appropriate audience based on location, only reach the people who need the message, have geofencing capabilities, and give you extended map functionalities to see the proximity of emergencies to your users and notify them of the situation immediately.

...

https://www.alertmedia.com/4-ways-location-improves-your-emergency-communication-plan/

The Business Continuity Institute

The electric grid is one of the most critical infrastructure systems for modern life, but it is also one of the most vulnerable, yet recent graduates of the Johns Hopkins University School of Advanced International Studies (SAIS) supported by Swiss Re have released a study that examines how extreme weather and other natural disasters are evolving in the Pacific Northwest, and the implications for electric infrastructure and potential economic disruption.

Lights Out: The Risks of Climate and Natural Disaster Related Disruption to the Electric Grid,” finds that climate change, expanding populations, and insufficiently diversified energy sources make the future of energy more unpredictable. The US insurance industry has already identified a $20–$55 billion annual financial loss from power outages caused by flooding, hurricanes, and extreme temperatures.

The group focused on the Pacific Northwest as an illustrative case study in climate and natural disaster related electric grid disruption. The region is prone to high-frequency, low-intensity natural disasters such as droughts and flooding, as well as being at risk of catastrophes like the Cascadian Subduction Zone (CSZ) event - an earthquake-tsunami combination that is expected to devastate the coastline from northern California to southern British Columbia. As climate change alters the seasonality of water runoffs in the Pacific Northwest, electricity generation, as well as the operation and maintenance of hydroelectric dams, face additional challenges.

“The cost of disasters has increased fourfold over the last 30 years. The total loss of $55 billion a year from unplanned electric outages in the US is more than the US government spends on all federal highways,” said Alex Kaplan, Senior Vice President of Global Partnership at Swiss Re. “We have to think not only about the physical destruction of these assets and the cost to replace them, but also the impact of the extreme weather and how it destroys economic productivity over the longer period of time.”

Adverse weather, one type of event that can lead to the disruptions outlined within this report, is the fifth greatest concern for business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report, with more than half (51%) of respondents to a global survey expressing concern about the potential of a disruption caused by such an event. Earthquakes and tsunamis were much further down in 18th place, with 25% expressing concern, although these types of event are much more region specific.

“Natural disasters and climate-related, severe weather events pose real risks to vulnerable communities and are currently costing billions in damages globally,” said Celeste Connors, a former White House official on climate change and Johns Hopkins SAIS faculty advisor. “Local governments are taking the lead in reducing this risk by investing forward in resilient infrastructure systems. New and innovative financing mechanisms and partnerships can play a key role in helping governments manage their risk.”

The Business Continuity Institute

Ransomware has soared since 2012, with criminals lured by the promise of profit and ease of implementation. The threat continues to evolve, becoming stealthier and more destructive, increasingly targeting organizations more than individuals because the potential returns are much higher.

The indiscriminate WannaCry attack in May affected more than a quarter of a million computers across 150 countries in its first few days, crippling critical infrastructure and organizations. Some organizations are still struggling to recover from NotPetya attacks in June.

The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4% compared to the previous 12 months, from 2,315,931 to 2,581,026 users around the world.

To help combat the threat, the No More Ransom initiative was launched a year ago by the Dutch National PoliceEuropolMcAfee and Kaspersky Lab. Today there are more than 100 partners, as major ransomware attacks continue to dominate the news, hitting organizations, governments and individuals all over the world. The site now carries 54 decryption tools, provided by nine partners and covering 104 types (families) of ransomware. So far, these tools have managed to decrypt more than 28,000 devices, depriving cyber criminals of an estimated €8 million in ransoms.

The success of the No More Ransom initiative is a shared success, one that cannot be achieved by law enforcement or private industry alone. By joining forces, it has enhanced the ability to take on the criminals and stop them from harming people, organizations and critical infrastructure, once and for all.

Law enforcement globally, in close cooperation with private partners, has ongoing investigations into ransomware criminals and infrastructure. However, prevention is no doubt better than cure. Internet users need to avoid becoming a victim in the first place.

With the infected computers or networks becoming unusable until a ransom has been paid or the data has been recovered, it is clear to see why these types of attack can be a concern for business continuity professionals. The latest Horizon Scan Report published by the Business Continuity Institute revealed cyber attacks as the number one concern.

And How an Automated Solution Can Help You Overcome Them

In 2017, it’s time for many organizations to stop viewing risk management in silos and begin implementing a comprehensive enterprise risk management (ERM) program. Adoption is slow, however, due to some common challenges, especially when it comes to finding a consistent method of defining, assessing and reporting risk. A good automated ERM solution can help lessen the burden.

With 2017 in full swing, companies are finally beginning to abandon the historical practice of approaching risk management in silos.  Many are beginning the migration to a more integrated and consolidated enterprise-wide approach. The justification for this movement is clear: each area of risk management generates information that supplies insight to the other areas, and they have a collective impact on the technology, processes and people of an organization. Tackled individually, the requirements become unmanageable. But when carried out on a common platform, a company gains valuable perspective — the viewpoints of the board of directors and executive management become one and the same.

Despite the inefficiency of the siloed approach, many organizations have been slow to adopt a comprehensive enterprise risk management (ERM) program because of the challenges they face in doing so.  When enterprise risk management is carried out manually or even with software that isn’t efficient, the current workload consumes vast resources and time and energy.  Often, because of this, a transition to an automated system is resisted by management because it is viewed as being more difficult than simply keeping up with the current workload. Companies must change how they view the potential of their ERM and GRC systems.

Here are three of the most common challenges for chief risk officers and ERM teams, along with explanations for how an automated software solution can help your team overcome them:

...

http://www.corporatecomplianceinsights.com/3-common-challenges-erm/

Wednesday, 26 July 2017 14:16

The 3 Common Challenges of ERM

LITTLE ROCK, Ark. – The U.S. Small Business Administration is the largest source of federal recovery funds for disaster survivors and businesses, including those affected in the severe storms, tornadoes, straight-line winds and flooding between April 26 and May 19.

Low-interest disaster loans up to $200,000 are available to homeowners to repair or replace damaged or destroyed real estate. Homeowners and renters are eligible for up to $40,000 to repair or replace damaged or destroyed personal property.

Businesses of all sizes and private nonprofit organizations may borrow up to $2 million to repair or replace damaged or destroyed real estate, machinery and equipment, inventory and other business assets. SBA can also lend additional funds to businesses and homeowners to help with the cost of improvements to protect, prevent or minimize the same type of disaster damage from occurring in the future.

For small businesses, small agricultural cooperatives, small businesses engaged in aquaculture and most private nonprofit organizations of any size, SBA offers Economic Injury Disaster Loans to help meet working capital needs caused by the disaster. Economic injury assistance is available to businesses regardless of any property damage.

Interest rates on SBA loans can be as low as 3.215 percent for businesses, 2.5 percent for private nonprofit organizations and 1.938 percent for homeowners and renters, with terms up to 30 years. Loan amounts and terms are set by SBA and are based on each applicant’s financial condition.

To be considered for all forms of disaster assistance, survivors must first contact FEMA and register for disaster assistance. To register:

  • Call the FEMA Helpline at 800-621-3362. Multilingual operators are available. Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call
    800-462-7585. If you use 711 or VRS (Video Relay Service) or require accommodations while visiting a center, call 800-621-3362. The toll-free numbers are open daily from
    7 a.m. to 10 p.m.
  • Go online to DisasterAssistance.gov (also in Spanish);
  • Download the FEMA mobile app (available in Spanish) at Google Play or the Apple App Store.

There are three ways to apply to SBA after you register with FEMA:

  • Call SBA at 800-659-2955. Individuals who are deaf or hard of hearing may call
    800 877-8339.
  • Apply online using the Electronic Loan Application via SBA’s secure website at: https://disasterloan.sba.gov/ela.
  • Apply by mail: Complete a paper application and mail it to SBA at
    14925 Kingsport Road, Ft. Worth TX 76155-2243.

Until Friday at 6 p.m., FEMA and SBA are providing one-on-one assistance to disaster loan applicants at State/FEMA Disaster Recovery Centers established in Conway (McGee Center), Faulkner County; Pocahontas (site of OLD Randolph County Nursing Center), Randolph County; and Fayetteville (Executive Airport), Washington County.

The Internal Revenue Service announced on its website certain tax relief provisions resulting from the disaster declaration, including extensions of filing deadlines for estimated tax payments. Those in the disaster area are automatically granted tax relief, but individuals and businesses not in the disaster designated counties impacted in the storm may call the IRS disaster hotline at
866-562-5227 to request relief, according to the agency’s website.

For updates on the Arkansas response and recovery, follow the Arkansas Department of Emergency Management (@AR_Emergencies) on Twitter and Facebook and adem.arkansas.gov. Additional information is available at fema.gov/disaster/4318.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Before taking on any new process automation or software, it’s important to consider the third party risk associated with the new approach.

Current market pressures and constrained resources, especially people resources, combined with the need for decreased processing and response times demand that organizations look to automation for improved efficiency. But, organizations need to take into consideration the business needs and risks associated with increased automation. The following four areas are a good place to start the analysis and assessment of process automation at your organization.

...

https://www.mha-it.com/2017/07/third-party-risk/

Wednesday, 26 July 2017 14:12

Balancing Automation with Third Party Risk

For the fourth time, Strategic BCP ResilienceONE® has been named a Leader in the 2017 Gartner Magic Quadrant for Business Continuity Management Program (BCMP) Solutions, Worldwide.  This position on the report is based on our completeness of vision and ability to execute.

In their report, Gartner states: “The BCMP market is one in which most vendors offer solutions that meet the needs of their respective customers and target markets. However, how they meet customer needs is based on the solution’s application architecture, which translates to ease of configuration, navigation and reporting. The better BCMP solutions have prebuilt/configured BCM functionality out of the box, rather than building BCMP functionality with every customer implementation, which takes too much effort, time and money on the part of the customer and vendor.”1

CEO Frank Perlmutter said, “Named a leader by Gartner is distinguished honor but we believe achieving recognition in every year of this Magic Quadrant is a tribute to our software innovators and staff. We share this success with our customers. It is their day-to-day insights that allow us to continually improve ResilienceONE and offer out-of-the-box functionality and value unmatched in the industry.”

...

http://www.strategicbcp.com/blog/resilienceone-4x-leader-gartner-magic-quadrant-bcmp-software-solutions/

Information Insight, Executive Alignment and Lower Costs

GDPR is rapidly approaching, and companies should begin to prepare for May 2018, when the regulations go into effect. Companies can actually benefit from early preparation to comply with GDPR—the benefits of which range from a competitive advantage through greater insight into data to greater alignment between business units and lower total costs. HPE’s Joe Garber explores three key benefits of preparing now for GDPR.

Early preparation for compliance with the European Union General Data Protection Regulation (GDPR) can deliver a wide range of benefits to organizations. These can range from securing a competitive advantage through greater insight into data to greater alignment between sometimes-competing business units to lower total costs.

At the core of GDPR – which becomes effective in May of 2018 – is the question of how organizations collect, manage and protect EU citizens’ and residents’ personal data.  Organizations are paying closer attention to GDPR than previous regulations of its kind because of the significant risks of noncompliance.  The most serious infractions, including not respecting the individual rights of data subjects, incur substantial fines (of the greater of 4 percent of global revenue or €20 million).  On top of this, there are also risks of legal action and lost customer confidence.

...

http://www.corporatecomplianceinsights.com/3-hidden-values-preparing-early-gdpr/

Wednesday, 26 July 2017 14:09

3 Hidden Values of Preparing Early for GDPR

In the wake of recent Cloud Service Provider (CSP) outages, what is your organization responsible for when it comes to complex IT architecture?

Many organizations today rely on complex IT infrastructure to support their operations, leveraging solutions ranging from internal hosting to cloud hosting to dependence on third-party systems. IT service delivery is getting more intricate, in large part due to the need to leverage different IT tools and services from a variety of providers. Cloud-based solutions, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS), promise simplicity for the end user.  However, IT service delivery and management usually becomes much more difficult due to the complexities around architecture and integrations. Therefore, IT disaster recovery planning becomes more difficult, as it must account for these complexities and coordinate with various third parties to ensure adequate coverage. Bottom-line – simply defining who is responsible for what when it comes to disaster recovery planning can be difficult.

Information Technology Disaster Recovery (ITDR) managers are tasked with orchestrating and managing ITDR across the entire landscape of hosted solutions. At first, this may not seem too daunting, as it’s easy to think of SaaS and other cloud-hosted systems as “someone” else’s responsibility. However, over the past year, we’ve seen the world’s best cloud service providers experience downtime. The Amazon S3 service disruption on February 28, 2017 made nationwide news, even though the total downtime was less than six hours. Last October, dozens of popular, frequently-used websites were unavailable after hackers unleashed a DDoS attack on the servers of a major DNS host. The most recent and widespread ransomware attack forced many companies to rely on (or establish on the fly) workaround procedures for critical systems. Hundreds of organizations were impacted in some way by these outages.

...

http://perspectives.avalution.com/2017/understanding-disaster-recovery-responsibilities-when-using-the-cloud/

Before Investing, Understand Compliance Risk

The life sciences industries attract all types of buyers, including many from other sectors.  With billions in liability at stake each year, understanding and mitigating compliance risk is critical to achieving desired returns.

If you are head of business development for a large life sciences company or you make portfolio decisions for a health care investment firm, you can’t afford not to understand compliance.  According to Public Citizen, federal and state fines and settlements cost drug makers $35.7 billion between 1991 and 2015 – nearly $13 billion of which was in just the last four years surveyed.  In 2016, the DOJ announced that Olympus would pay $646 million for making illegal payments to doctors and hospitals in the U.S. and abroad, the largest amount ever paid by a medical device company.  The enforcement landscape is evolving, and managing compliance risk is essential to making good deals.  Here are some examples where buyers could have been smarter about health care compliance before compliance problems reduced the value of investments.

...

http://www.corporatecomplianceinsights.com/buyer-beware-3-times-buyers-smarter-compliance/

(TNS) - Financial losses from fires in Oahu high-rises were more than 12 times greater in buildings without sprinklers than in buildings with them, according to Honolulu Fire Department data covering a decade of blazes.

While the actual damage amounts were relatively small, the dramatic difference in losses between the two types of buildings is likely to fuel the debate on whether the city should require old residential high-rises to install automatic sprinkler systems.

Mayor Kirk Caldwell proposed such a law following the recent Marco Polo fire, which claimed three lives and damaged more than 200 units in the 46-year-old building.

...

http://www.govtech.com/em/disaster/No-Sprinkler-Systems-More-Costly-Damage.html

The Business Continuity Institute

In 2014, the UK experienced what was described as extensive flooding, and while the BCI’s Central Office wasn’t directly impacted, or at least water didn’t access the building, it did prove to be disruptive in terms of staff getting to work. Several employees were forced to work from home for a few days as the roads they would normally have taken to get to work were under water.

That winter a succession of storms hit the UK leading to record rainfall and flooding in many regions. The south-east was affected quite badly with many towns, particularly those along the River Thames, experiencing severe flooding. But it was the south-west that was worse hit as much of Somerset was underwater for over a month. December 2015 brought more bad weather to the UK when Storm Desmond hit the north-west causing widespread flooding and storm damage.

The Met Office in the UK claim that, by their very nature, extreme events like this are rare, but how rare are they exactly? The Met Office decided that a novel research method was needed to quantify the risk of extreme rainfall within the current climate, and came up with the UNprecedented Simulated Extremes using Ensembles (UNSEEN) method which has been used as part of the recent UK Government National Flood Resilience Review (NFRR)+ when the Met Office was asked to estimate the potential likelihood and severity of record-breaking rainfall over the UK for the next 10 years.

The good news is that we are now better able to predict the weather. The bad news is that the forecast isn’t very good. The research carried out by the Met Office found that, for England and Wales, there is a 1 in 3 chance of a new monthly rainfall record in at least one region each winter.

In the south-east there is a 7% risk of a monthly record extreme in any given winter during the next few years. Across the whole of England and Wales that risk rises to 34% chance of an extreme event happening in at least one of those regions each year. Furthermore, the research indicated that there was a 30% that these events could break existing records by up to 30%.

What does this mean for business continuity and resilience professionals? In the first instance it means that there’s a very good chance of an extreme weather event hitting somewhere in England and Wales, but where? The 2014 storms largely affected the south of country while the 2014 storms affected the north. So while one part of the country was badly affected, many other places were not.

How do business continuity and resilience professionals determine what level of investment is required to protect against the impact of such events? How do you balance the level of investment required with probability of the event occurring? Presumably similar discussions take place on the other side of the Atlantic. We know with a great deal of certainty that a hurricane will, in all likelihood, hit the eastern seaboard of the US each year, but where? Should you invest heavily when there is a very good chance that the severe weather won’t actually affect your region?

Of course the other argument is that organizations shouldn’t be preparing for specific events anyway and it doesn’t really matter whether a storm hits. What matters is that the organization has a plan in place to deal with loss of building, loss of IT, loss of staff etc, regardless of what the cause is.

What is for sure is that business continuity professionals should be using data like this to help inform their own horizon scanning process and get a get a clearer understanding of what their overall risk exposure is, which can then be incorporated into the development of their business continuity programme.

How does your organization prepare for such events and what tools do you use to assess the threat?

Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Tuesday, 25 July 2017 14:37

BCI: Preparing for a storm

Nearly every day you read about a new malicious attack on computer networks of vital businesses around the world, and the attacks do not seem to be slowing down. 

According to reports, malware volume skyrocketed in 2016--more than 800 percent when compared to 2015--and that number coninues to rise.

The most recent attack, WannaCry, targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin currency. The attack reportedly locked hundreds of thousands of computers in more than 150 countries, and demanded a $300 payment to restore the encrypted files.

...

http://mspmentor.net/blog/securing-weakest-link-educate-end-users-about-cyber-risks

5 Key Changes on the Way

Although nearly a year away, the EU’s new General Data Protection Regulation (GDPR) is fast-approaching for multinational companies, and the clock is ticking to ensure compliance. The changes coming will have far-reaching implications for global businesses: any company operating in the EU must comply or face steep financial penalties.

It’s hard to believe that we’re now less than one year out from the implementation of a major change to data protection laws in Europe: The General Data Protection Regulation, or GDPR.  It is the result of four years’ work by the European Union (EU) to standardize privacy laws and protect residents of the EU from the misuse of their personal data and data breaches in an increasingly digital world.

Most of the personal data protection laws in the EU haven’t been updated since the 1995 Data Protection Directive. In 1995, only one percent of the European population was using the internet. Now, not only is the majority of the global economy digital, but many companies are operating globally and processing personal data across borders. The EU Parliament established the GDPR framework as a way to update and harmonize the laws specific to the usage of millions of individuals’ data.

...

http://www.corporatecomplianceinsights.com/need-know-gdpr/

Monday, 24 July 2017 15:15

What You Need to Know about GDPR

For retailers, the specter of big data is one that is constantly looming. Companies are working hard delving into the omni-channel arms race as they try to fend off behemoths like Amazon. Some companies are going so far as to deploy massive amounts of resources into developing their own big data solutions in an attempt to go toe-to-toe with the retail giant.

The natural question that retailers face is what exactly they need to build in-house vs. what they can, and probably should, outsource to vendors.

With the proliferation of the software-as-a-service (SaaS) model, it’s becoming increasingly simpler and faster to deploy new solutions in an enterprise setting. This naturally results in ever-increasing innovation in the industry, as old solutions are easily replaced with the more novel and more effective ones in mere weeks.

...

http://www.datacenterknowledge.com/archives/2017/07/21/big-data-technology-house-vs-outsource/

The Business Continuity Institute

Global economic losses resulting from natural disasters during the first half of 2017 were estimated at US$53 billion – 56% lower than the 10-year average of US$122 billion, and 39% lower than the 17-year average of US$87 billion. This is according to Aon Benfield's Global Catastrophe Recap: First Half of 2017 Report. Meanwhile, insured losses were preliminarily estimated at US$22 billion – 35% lower than the 10-year average of US$34 billion, and 12% lower than the 17-year average of US$25 billion.

According to the report, the severe convective storm peril was the costliest disaster type on an economic basis (nearly US$26 billion) during the first half of 2017, comprising 48% of the loss total. The majority of these losses (US$23 billion) were attributable to events in the United States. These types of events also caused the majority of insurance losses (US$17+ billion), comprising 78% of the loss total, and with nearly US$16 billion attributable to widespread hail, damaging straight-line winds, and tornadoes in the US.

Natural disasters claimed at least 2,782 lives during the first half of 2017, the lowest figure since 1986 and significantly below the long-term (1980-2016) average of 40,867. Flooding was the deadliest peril during the period, being responsible for at least 1,806 deaths.

Steve Bowen, Impact Forecasting director and meteorologist, said: "The financial toll from natural catastrophe events during the first six months of 2017 may not have been historic, but it was enough to lead to challenges for governments and the insurance industry around the world. This was especially true in the United States after the insurance industry faced its second-costliest first half on record following a relentless six months of hail-driven severe weather damage. In fact, nearly eight out of ten monetary insurance payouts for global disasters were related to the severe convective storm peril. Other events – such as Cyclone Debbie in Australia, flooding in China and Peru, wildfires in South Africa, and a series of windstorms in Europe – led to notable economic damage costs. As we enter the second half of the year, much of the focus will be on whether an El Niño officially develops. Such an event could have a prominent influence on weather patterns and associated disaster risks."

The report highlights that the US recorded 76% of the global losses sustained by public and private insurance entities during the first half of 2017, while EMEA (Europe, Middle East and Africa) and Asia-Pacific (APAC) each accounted for 10%.

Around 42% of the global economic losses during this time period were covered by insurance, above both the near- and medium-term average of 32% and due to the fact that the majority of losses occurred in the US However, insurance take-up rates continued to grow in other areas, notably Asia-Pacific (APAC) and the Americas.

Adverse weather has consistently been a top ten threat for business continuity and resilience professionals, according to the Business Continuity Institute’s annual Horizon Scan Report. In the latest edition, more than half of respondents to a global survey expressed concern about the prospect of this type of disruptive event materialising. When you analyse the results further to only include respondents from countries where these types of events are relatively frequent, countries such as the United States, the level of concern increases considerably.

The Business Continuity Institute

IT professionals believe that compliance and regulation and the unpredictable behaviour of employees will have the biggest impact on data security, according to a survey commissioned by HANDD Business Solutions.

The UK study found that 21% of respondents say regulations, legislation and compliance will be one of the two greatest business challenges to impact data security. The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline in less than 12 months. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.

HANDD CEO and Co-Founder, Ian Davin, commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”

Worryingly, 41% of those surveyed assign the same level of security resources and spend for all company data, regardless of its importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organization. A robust data classification system will see all data tagged with markers defining useful attributes, such as sensitivity level or a retention requirement and ensuring that an organization understands completely which data requires greater levels of protection.

While 43% of those surveyed think that employees are an organization’s greatest asset, more than a fifth (21%) believe that the behaviour of employees and their reactions to social engineering attacks, which can trick them into sharing user credentials and sensitive data, also poses a big challenge to data security.

Danny Maher, CTO at HANDD, commented: “Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organization.”

Storage is also a key problem area, with more than a third (35%) citing that ensuring data is stored securely, and whether it's on premise or in the cloud, as their biggest challenge and most likely to keep them awake at night. A data record’s classification will enable a company to make these decisions, automatically and definitively dictating its location and whether an encryption policy should apply.

Having stored data to comply with its security policy, an organization must ensure that an access management system is in place, which understands roles and responsibilities and allows users to see only the information that they need. In HANDD’s survey, less than half (45%) of IT professionals are confident that they have an identity access management process in place which dictates that users must have different privileges depending on their roles and responsibilities, while 15% have no access management system in place at all.

Data breaches, and the disruptive impact they can have on an organization, are the second greatest concern for business continuity and resilience professionals, according to the Business Continuity Institute's latest Horizon Scan Report. 81% of respondents to a global survey expressed concern about the prospect of a breach occurring, making it essential that organizations have mechanisms in place to reduce the chances of a breach occurring, and also have plans in place to respond to such an incident and help lessen its impact.

As large organizations continue to downsize and startups and SMBs look to make every IT dollar stretch, desktop as a service (DaaS) is set to take off. With some researchers forecasting 28.7 percent CAGR for DaaS, managed service providers (MSPs) should take a look at channel programs in this area of the market as it makes inroads into legacy enterprises. Many startups are already familiar with the Google suite of desktop applications, but other alternatives exist in the market, some of them more competitively priced and with better performance characteristics that would have more appeal to the traditional desktop market.

What do MSPs need to know about reselling these cloud apps to their customers? And what objections must they overcome when seeking to displace the gold standard Microsoft Office on-premises enterprise suite? Let’s look at how some other cloud office groupware stack up.

...

http://mspmentor.net/cloud-services/desktop-service-emerges-msp-growth-opportunity

(TNS) - Lake County, Ill., Officials are warning residents who've been fighting floodwaters for more than week now that the fight isn't over yet.

"If you've sandbagged, don't take those out yet," said Mike Warner, executive director of the Lake County Stormwater Management Commission. "Let's get past the next rainfall and think about taking them out next week."

The National Weather Service told county officials they could get a range of 1 to 3 inches of rain through this weekend, with some areas hit with strong rains Wednesday night and into Thursday morning. The Des Plaines River could handle 1 inch without a problem, but 3 inches could spell more woes for nearby buildings and streets.

...

http://www.govtech.com/em/disaster/Flood-Risk-Remains-as-More-Rainfall-Could-Push-Swollen-rivers-Back-Up.html

Our earlier post Working with nature to build resilience to hurricanes discussed how insurers look to natural infrastructure like coastal wetlands and mangrove swamps to mitigate storm losses.

The Mesoamerican Reef, which runs south for some 700 miles from the tip of the Yucatán Peninsula protects coastal communities and property by reducing  the force of storms, but its corals require continued repairs.

For every meter of height the reef loses, the potential economic damage from a major hurricane triples, according to The Nature Conservancy (TNC).

...

http://www.iii.org/insuranceindustryblog/?p=5189

In business continuity management, should you start with what you want or with what you have? While business continuity is frequently a goal-driven activity, there is a contrarian point of view that says, “improve on what you have, rather than aiming for something you don’t have”.

Is either point of view superior to other? If so, which one should you choose?

There are “for and against” arguments to be made in both cases. In the objectives-driven case, you know where you want your organisation to be, and therefore anything that diverges from that happy state is an issue to be resolved. This assumes that you also have realistic, relevant goals, and ways of measuring how well you achieve them.

...

http://www.opscentre.com/objectives-capabilities-business-continuity-start/

We’ve mentioned multiple times that implementing a BCM program can be challenging and at times painful. No one likes to point out their business’s vulnerabilities. Many times the investment of time and dollars to do just that can feel like a burden. We’ve seen our clients struggle with this during the implementation and maintenance of their programs. Many times the ongoing investment can be even more difficult. It helps to identify and assess both the tangible and intangible benefits of your initial and continuing investment in the BCM program. Identifying the benefits of a business continuity program helps you define benchmarks and see the light a the end of the proverbial BCM tunnel. We’ll take a look at the more commonly known benefits of a business continuity program. Then, we’ll walk you through some benefits you might not have thought of.

...

https://www.mha-it.com/2017/07/benefits-of-a-business-continuity-program/

  
 
The Business Continuity Institute

An earthquake reaching a magnitude of 6.7 on the Richter Scale has hit the Aegean Sea between the Greek island of Kos and the Turkish resort of Bodrum. The earthquake, with its epicentre at a depth of about 10k according to the US Geological Survey, struck at 01:31 local time on Friday, and has reportedly killed two people and left hundreds of others injured.

Turkey’s Disaster and Emergency Management Presidency has reported at least 20 aftershocks since the initial earthquake, and at least five of those registered over 4.0, with the largest reaching 4.6.

According to the US Geological Survey, a earthquake of this magnitude (6.0-6.9 on the Richter Scale, classed as strong) can cause damage to a moderate number of well-built structures in populated areas, but earthquake-resistant structures should survive with slight to moderate damage. Poorly designed structures could receive moderate to severe damage. There will be strong to violent shaking in epicentral area, and it can be felt in wider areas up to hundreds of kilometers from the epicentre.

The region is no stranger to these types of events with an earthquake registering 7.6 occurring near Izmit in the north-west of Turkey in August 1999 killing about 17,000 people, while in September of the same year an earthquake registering 6.0 struck near Athens killing 143 people. In October 2011, an earthquake registering 7.1 occurred in eastern Turkey, near the city of Van, which left about 600 people dead.

Wow - terrifying to wake up to massively shaking room at 6.7 #earthquake on #Kos - thank god no one hurt, just shaken

— Tom Riesack (@QuietConsultant) July 20, 2017

While ensuring that employee and stakeholder safety is paramount, organizations need to ensure they are prepared for such events, certainly those in regions where earthquakes are a distinct possibility. Earthquakes may not feature highly in the Business Continuity Institute's latest Horizon Scan Report, partly because they are very region specific, but there were still a quarter of business continuity and resilience professionals who expressed a concern about the possibility of their organization being disrupted by one.

Organizations must consider what would happen if they are affected by an earthquake, or any other type of disruption, what impact could that disruption have, could anything be done to prevent or reduce the risk, and how would they respond and recover. Furthermore they need to consider how they would communicate with their employees and stakeholders to ensure they are kept informed, and kept safe.

The Business Continuity Institute

 

Canadian businesses are lagging in their risk management approach and are more vulnerable to disruption when compared to their global counterparts, according to a report published by PwC Canada.

Managing risk from the front line revealed that 66% of Canadian respondents (vs 75% globally) had mandatory ethics and compliance training for all employees. When new risks emerge, less than 33% of Canadian businesses (vs 50% globally) reported periodic staff education about new or existing potential risks.

The report also found that future areas of risk and disruption for Canadian businesses will be in technology advancements (70% disruption predicted to 55% disruption globally), human capital (49% compared to 40%) and operations (37% to 26%). 

While Canadian businesses acknowledged that a big part of addressing their vulnerability to risk can be accomplished by moving risk management to the 'front line', many business operations are keeping risk management at the 'second line' (risk management/compliance) or 'third line' of service (internal audit).Respondents indicated that a lack of sufficient resources (skilled people) is the primary factor in preventing a shift in risk management to the first line.

The report reiterates that risk management from the second and third line does not give upper management a clear understanding of their own vulnerabilities. This type of risk management structure has resulted in an inability to manage risks effectively and adapt over time. 

"While Canadian businesses have made some progress when it comes to risk vulnerability, there is still a lot of work that needs to be done in order to catch up with their global competitors," said Kishan Dial, Partner, Risk Assurance, PwC Canada. "By moving risk management to the front line, the organization's leadership will obtain a greater understanding of the risks to their operations and enhance their capacity to manage risks in an agile and proactive way." 

The report makes three key recommendations for addressing business vulnerability:

  1. Shift duties and assign responsibilities: Each line of service should have a defined role regarding risk decisions, monitoring, oversight and assessment of vulnerabilities.
  2. Define risk appetite: Organizations must define risk appetite and leverage the technical tools available to them, including aggregation tracking and reporting.
  3. Establish a risk reporting system: Reporting structures should enable the first line of service, but also require the second and third line to monitor the first line's effectiveness.

"In order to address current and future challenges, Canadian firms must commit to strong risk management structures and processes in order to excel in an ever-evolving economy of the future," adds Dial.

Page 1 of 3